hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
rc/1.24
codeql/python/ql/test/library-tests/web/flask/test.py
Rasmus Wriedt Larsen 3ad43f32b6 Python: Add flask xss examples to flask tests
2019-11-12 10:36:10 +01:00

47 lines
1.0 KiB
Python
Raw Permalink Blame History

import flask
from flask import Flask, request, make_response
app = Flask(__name__)
@app.route("/")
def hello():
return "Hello World!"
from flask.views import MethodView
class MyView(MethodView):
def get(self, user_id):
if user_id is None:
# return a list of users
pass
else:
# expose a single user
pass
the_view = MyView.as_view('my_view')
app.add_url_rule('/the/', defaults={'user_id': None},
view_func=the_view, methods=['GET',])
@app.route("/dangerous")
def dangerous():
return request.args.get('payload')
@app.route("/dangerous-with-cfg-split")
def dangerous2():
x = request.form['param0']
if request.method == "POST":
return request.form['param1']
return None
@app.route('/unsafe')
def unsafe():
first_name = request.args.get('name', '')
return make_response("Your name is " + first_name)
@app.route('/safe')
def safe():
first_name = request.args.get('name', '')
return make_response("Your name is " + escape(first_name))
Reference in New Issue View Git Blame Copy Permalink