mirror of
https://github.com/github/codeql.git
synced 2025-12-20 10:46:30 +01:00
16 lines
528 B
Python
16 lines
528 B
Python
import flask
|
|
import pickle
|
|
import marshal
|
|
|
|
from flask import Flask, request
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
@app.route("/")
|
|
def hello():
|
|
payload = request.args.get("payload")
|
|
pickle.loads(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=pickle $decodeUnsafe=
|
|
pickle.loads(payload, encoding='latin1') # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=pickle $decodeUnsafe=
|
|
marshal.loads(payload) # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=pickle $decodeUnsafe=
|