hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
aeisenberg/codeql-action-main
codeql/python/ql/test/query-tests/Security/CWE-079/reflected_xss.py
Rasmus Wriedt Larsen 7afe3972d8 Revert "Merge pull request #5171 from RasmusWL/restructure-queries" 
This reverts commit 8caafb3710, reversing
changes made to ec79094957.
2021-02-17 16:32:53 +01:00

29 lines
702 B
Python
Raw Permalink Blame History

import json
from flask import Flask, request, make_response, escape
app = Flask(__name__)
@app.route("/unsafe")
def unsafe():
first_name = request.args.get("name", "")
return make_response("Your name is " + first_name) # NOT OK
@app.route("/safe")
def safe():
first_name = request.args.get("name", "")
return make_response("Your name is " + escape(first_name)) # OK
@app.route("/unsafe/json")
def unsafe_json():
data = json.loads(request.data)
return make_response(json.dumps(data)) # NOT OK
@app.route("/safe/json")
def safe_json():
data = json.loads(request.data)
return make_response(json.dumps(data), 200, {'Content-Type': 'application/json'}) # OK, FP
Reference in New Issue View Git Blame Copy Permalink