hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
aibaars/drop-duplicate-query
codeql/python/ql/test/query-tests/Security/CWE-209/test.py
Rasmus Lerchedahl Petersen b36e0d0be7 Python: target SSA variable rather than Cfg node 
also add "INTERNAL: Do not use."
also give test functions different names
2021-03-08 08:04:42 +01:00

59 lines
1.2 KiB
Python
Raw Permalink Blame History

from flask import Flask, request, make_response
app = Flask(__name__)
import traceback
def do_computation():
raise Exception("Secret info")
# BAD
@app.route('/bad')
def server_bad():
try:
do_computation()
except Exception:
return traceback.format_exc() #$ exceptionInfo
# BAD
@app.route('/bad/direct')
def server_bad_direct():
try:
do_computation()
except Exception as e: #$ exceptionInfo
return e
# BAD
@app.route('/bad/traceback')
def server_bad_traceback():
try:
do_computation()
except Exception as e: #$ exceptionInfo
return e.__traceback__
# GOOD
@app.route('/good')
def server_good():
try:
do_computation()
except Exception:
log(traceback.format_exc()) #$ exceptionInfo
return "An internal error has occurred!"
#BAD
@app.route('/bad/with-flow')
def server_bad_flow():
try:
do_computation()
except Exception:
err = traceback.format_exc() #$ exceptionInfo
return format_error(err)
def format_error(msg):
return "[ERROR] " + msg
#Unrelated error
@app.route('/maybe_xss')
def maybe_xss():
return make_response(request.args.get('name', ''))
Reference in New Issue View Git Blame Copy Permalink