hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.7.6
codeql/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_good.py
${sleep,5} 51a6140258 Change variable name to correct sanitized input variable 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2021-07-13 14:04:06 -04:00

28 lines
601 B
Python
Raw Permalink Blame History

from flask import Flask, request
import mongoengine as me
from mongoengine.connection import get_db, connect
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
class Movie(me.Document):
title = me.StringField(required=True)
Movie(title='test').save()
@app.route("/connect_find")
def connect_find():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
db = me.connect('mydb')
return db.movie.find({'name': safe_search})
# if __name__ == "__main__":
# app.run(debug=True)
Reference in New Issue View Git Blame Copy Permalink