hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
792f302bd4dee4c7558e2ce5bbea7edb51f9896f
codeql/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/JinjaSsti.py
Rasmus Wriedt Larsen 0336c76871 Python: Rename template injection tests
2023-08-17 15:45:04 +02:00

31 lines
765 B
Python
Raw Blame History

from django.urls import path
from django.http import HttpResponse
from jinja2 import Template as Jinja2_Template
from jinja2 import Environment, DictLoader, escape
def a(request):
# Load the template
template = request.GET['template']
t = Jinja2_Template(template)
name = request.GET['name']
# Render the template with the context data
html = t.render(name=escape(name))
return HttpResponse(html)
def b(request):
import jinja2
# Load the template
template = request.GET['template']
t = jinja2.from_string(template)
name = request.GET['name']
# Render the template with the context data
html = t.render(name=escape(name))
return HttpResponse(html)
urlpatterns = [
path('a', a),
path('b', b)
]
Reference in New Issue View Git Blame Copy Permalink