hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 06:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc8dc611967bcad660f5191f7b6bcbcbf26cebbf
codeql/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_good.py
Owen Mansel-Chan 91b6801db1 py: Inline expectation should have space before $
2026-03-04 13:11:38 +00:00

28 lines
621 B
Python
Raw Blame History

from flask import Flask, request
from flask_mongoengine import MongoEngine
from mongosanitizer.sanitizer import sanitize
import json
app = Flask(__name__)
app.config.from_pyfile('the-config.cfg')
db = MongoEngine(app)
class Movie(db.Document):
title = db.StringField(required=True)
Movie(title='test').save()
@app.route("/subclass_objects")
def subclass_objects():
unsafe_search = request.args['search']
json_search = json.loads(unsafe_search)
safe_search = sanitize(json_search)
return Movie.objects(__raw__=safe_search) # $ result=OK
# if __name__ == "__main__":
# app.run(debug=True)
Reference in New Issue View Git Blame Copy Permalink