hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
30fff1cf8b23e57d32417e4d89b516b0180d5810
codeql/python/ql/test/experimental/query-tests/Security/CWE-943/pymongo_test.py
Rasmus Wriedt Larsen 30fff1cf8b Python: Merge pymongo NoSQL tests
2022-04-07 16:04:25 +02:00

29 lines
632 B
Python
Raw Blame History

from flask import Flask, request
from pymongo import MongoClient
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
client = MongoClient()
@app.route("/bad")
def bad():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
return client.db.collection.find_one({'data': json_search})
@app.route("/good")
def good():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
return client.db.collection.find_one({'data': safe_search})
if __name__ == "__main__":
app.run(debug=True)
Reference in New Issue View Git Blame Copy Permalink