hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
security-severities3
codeql/python/ql/test/query-tests/Security/CWE-601/test.py
Rasmus Wriedt Larsen 7afe3972d8 Revert "Merge pull request #5171 from RasmusWL/restructure-queries" 
This reverts commit 8caafb3710, reversing
changes made to ec79094957.
2021-02-17 16:32:53 +01:00

84 lines
1.9 KiB
Python
Raw Permalink Blame History

from flask import Flask, request, redirect
app = Flask(__name__)
@app.route('/')
def hello():
target = request.args.get('target', '')
return redirect(target, code=302)
# Check for safe prefixes
@app.route('/ok')
def ok():
untrusted = request.args.get('target', '')
safe = "https://safe.com/"
safe += untrusted
return redirect(safe, code=302)
@app.route('/ok2')
def ok2():
untrusted = request.args.get('target', '')
safe = "https://safe.com/" + untrusted
return redirect(safe, code=302)
@app.route('/ok3')
def ok3():
untrusted = request.args.get('target', '')
safe = "https://safe.com/{}".format(untrusted)
return redirect(safe, code=302) # FP
@app.route('/ok4')
def ok4():
untrusted = request.args.get('target', '')
safe = f"https://safe.com/{untrusted}"
return redirect(safe, code=302) # FP
@app.route('/ok5')
def ok5():
untrusted = request.args.get('target', '')
safe = "https://safe.com/%s" % untrusted
return redirect(safe, code=302) # FP
@app.route('/const-str-compare')
def const_str_compare():
target = request.args.get('target', '')
if target == "example.com/":
return redirect(target, code=302)
# Check that our sanitizer is not too broad
@app.route('/not_ok1')
def not_ok1():
untrusted = request.args.get('target', '')
unsafe = untrusted + "?login=success"
return redirect(unsafe, code=302)
@app.route('/not_ok2')
def not_ok2():
untrusted = request.args.get('target', '')
unsafe = "{}?login=success".format(untrusted)
return redirect(unsafe, code=302)
@app.route('/not_ok3')
def not_ok3():
untrusted = request.args.get('target', '')
unsafe = f"{untrusted}?login=success"
return redirect(unsafe, code=302)
@app.route('/not_ok4')
def not_ok4():
untrusted = request.args.get('target', '')
unsafe = "%s?login=success" % untrusted
return redirect(unsafe, code=302)
Reference in New Issue View Git Blame Copy Permalink