hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6c1337791ec66c9ac1e9d14510b4a8c24ad165a7
codeql/python/ql/test/query-tests/Security/CWE-094/code_injection.py
Rasmus Wriedt Larsen 7afe3972d8 Revert "Merge pull request #5171 from RasmusWL/restructure-queries" 
This reverts commit 8caafb3710, reversing
changes made to ec79094957.
2021-02-17 16:32:53 +01:00

23 lines
535 B
Python
Raw Blame History

from flask import Flask, request
app = Flask(__name__)
@app.route("/code-execution")
def code_execution():
code = request.args.get("code")
exec(code) # NOT OK
eval(code) # NOT OK
cmd = compile(code, "<filename>", "exec")
exec(cmd) # NOT OK
@app.route("/safe-code-execution")
def code_execution():
foo = 42
bar = 43
obj_name = request.args.get("obj")
if obj_name == "foo" or obj_name == "bar":
# TODO: Should not alert on this
obj = eval(obj_name) # OK
print(obj, obj*10)
Reference in New Issue View Git Blame Copy Permalink