hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.1
codeql/python/ql/test/query-tests/Security/CWE-730-RegexInjection/re_good.py
Rasmus Lerchedahl Petersen 1c7982b319 Python: Move query tests over
2021-09-14 13:29:21 +02:00

46 lines
1.0 KiB
Python
Raw Permalink Blame History

from flask import request, Flask
import re
app = Flask(__name__)
@app.route("/direct")
def direct():
"""
A RemoteFlowSource is escaped by re.escape and then used as
re'search pattern
"""
unsafe_pattern = request.args['pattern']
safe_pattern = re.escape(unsafe_pattern)
re.search(safe_pattern, "")
@app.route("/compile")
def compile():
"""
A RemoteFlowSource is escaped by re.escape and used as re.compile's
pattern which also executes .search()
"""
unsafe_pattern = request.args['pattern']
safe_pattern = re.escape(unsafe_pattern)
compiled_pattern = re.compile(safe_pattern)
compiled_pattern.search("")
@app.route("/compile_direct")
def compile_direct():
"""
A RemoteFlowSource is escaped by re.escape and then used as re.compile's
pattern which also executes .search() in the same line
"""
unsafe_pattern = request.args['pattern']
safe_pattern = re.escape(unsafe_pattern)
re.compile(safe_pattern).search("")
# if __name__ == "__main__":
# app.run(debug=True)
Reference in New Issue View Git Blame Copy Permalink