hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
rc/1.23
codeql/python/ql/test/query-tests/Security/CWE-079/reflected_xss.py
Rasmus Wriedt Larsen 8476bc7d42 Python: correctly handle flask.make_response 
Fixes https://github.com/Semmle/ql/issues/1572

Adjust mock so it's more aligned with what the flask code actually does. Tests
were passing before, even though we didn't handle the case in real code :\
2019-11-11 17:24:36 +01:00

14 lines
359 B
Python
Raw Permalink Blame History

from flask import Flask, request, make_response, escape
app = Flask(__name__)
@app.route('/unsafe')
def unsafe():
first_name = request.args.get('name', '')
return make_response("Your name is " + first_name)
@app.route('/safe')
def safe():
first_name = request.args.get('name', '')
return make_response("Your name is " + escape(first_name))
Reference in New Issue View Git Blame Copy Permalink