hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c945ece80ddcb1535e583c1ab039dbadd38b4d62
codeql/python/ql/test/query-tests/Security/CWE-079/reflected_xss.py
Rasmus Lerchedahl Petersen a757a69f36 Python: Add example FP
2020-12-08 17:02:05 +01:00

29 lines
702 B
Python
Raw Blame History

import json
from flask import Flask, request, make_response, escape
app = Flask(__name__)
@app.route("/unsafe")
def unsafe():
first_name = request.args.get("name", "")
return make_response("Your name is " + first_name) # NOT OK
@app.route("/safe")
def safe():
first_name = request.args.get("name", "")
return make_response("Your name is " + escape(first_name)) # OK
@app.route("/unsafe/json")
def unsafe_json():
data = json.loads(request.data)
return make_response(json.dumps(data)) # NOT OK
@app.route("/safe/json")
def safe_json():
data = json.loads(request.data)
return make_response(json.dumps(data), 200, {'Content-Type': 'application/json'}) # OK, FP
Reference in New Issue View Git Blame Copy Permalink