hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.0
codeql/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_good.py
Rasmus Lerchedahl Petersen bf8bfd91cd Python: Add inline query test
2023-09-07 10:22:30 +02:00

20 lines
454 B
Python
Raw Permalink Blame History

from flask import Flask, request
from flask_pymongo import PyMongo
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
mongo = PyMongo(app)
@app.route("/")
def home_page():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
return mongo.db.user.find({'name': safe_search}) #$ result=OK
# if __name__ == "__main__":
# app.run(debug=True)
Reference in New Issue View Git Blame Copy Permalink