Files
codeql/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/app_unsafe.py
2026-06-19 12:22:40 +01:00

25 lines
608 B
Python

from flask import Flask, session
app = Flask(__name__)
aConstant = 'CHANGEME1' # $ Source
app.config['SECRET_KEY'] = aConstant # $ Alert
app.secret_key = aConstant # $ Alert
app.config.update(SECRET_KEY=aConstant) # $ Alert
app.config.from_mapping(SECRET_KEY=aConstant) # $ Alert
app.config.from_pyfile("config.py")
app.config.from_object('config.Config')
@app.route('/')
def DEB_EX():
if 'logged_in' not in session:
session['logged_in'] = False
if session['logged_in']:
return app.secret_key
else:
return app.secret_key, 403
if __name__ == '__main__':
app.run()