hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
yo-h/java15
codeql/python/ql/test/query-tests/Security/CWE-502/unsafe_deserialization.py
Taus Brock-Nannestad 52dc905037 Python: Fixup CWE-502 tests.
2020-11-02 11:44:00 +01:00

22 lines
412 B
Python
Raw Permalink Blame History

import flask
import pickle
import yaml
import marshal
from yaml import SafeLoader
from flask import Flask, request
app = Flask(__name__)
@app.route("/")
def hello():
payload = request.args.get("payload")
pickle.loads(payload) # NOT OK
yaml.load(payload) # NOT OK
yaml.load(payload, Loader=SafeLoader) # OK
marshal.loads(payload) # NOT OK
import dill
dill.loads(payload) # NOT OK
Reference in New Issue View Git Blame Copy Permalink