mirror of
https://github.com/github/codeql.git
synced 2025-12-18 09:43:15 +01:00
808af28618
Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python. The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly. This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call. This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix. The databases can be downloaded from the links bellow. ``` https://file.io/qrMEjSJJoTq1 https://filetransfer.io/data-package/a02eab7V#link ```
10 lines
206 B
Python
10 lines
206 B
Python
|
|
import flask
|
|
from js2py import eval_js, disable_pyimport
|
|
|
|
bp = flask.Blueprint("app", __name__, url_prefix="/")
|
|
|
|
@bp.route("/bad")
|
|
def bad():
|
|
jk = flask.request.form["jk"]
|
|
jk = eval_js(f"{jk} f()") |