mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
37 lines
921 B
Python
37 lines
921 B
Python
|
|
import os.path
|
|
|
|
from flask import Flask, request
|
|
app = Flask(__name__)
|
|
|
|
@app.route("/path1")
|
|
def path_injection():
|
|
path = request.args.get('path', '')
|
|
f = open(os.path.join(os.getcwd(), path))
|
|
|
|
@app.route("/path2")
|
|
def path_injection():
|
|
# Normalized, but not checked
|
|
path = request.args.get('path', '')
|
|
npath = os.path.normpath(os.path.join(os.getcwd(), path))
|
|
f = open(npath)
|
|
|
|
SAFE = "/tmp/scratch_area/"
|
|
|
|
@app.route("/path3")
|
|
def safe_path():
|
|
# Normalized, but check doesn't reach open().
|
|
path = request.args.get('path', '')
|
|
npath = os.path.normpath(os.path.join(os.getcwd(), path))
|
|
if npath.startswith(SAFE):
|
|
pass
|
|
f = open(npath)
|
|
|
|
@app.route("/path4")
|
|
def safe_path():
|
|
# Normalized, and checked properly
|
|
path = request.args.get('path', '')
|
|
npath = os.path.normpath(os.path.join(os.getcwd(), path))
|
|
if npath.startswith(SAFE):
|
|
f = open(npath)
|