mirror of
https://github.com/github/codeql.git
synced 2025-12-19 18:33:16 +01:00
50 lines
796 B
Python
50 lines
796 B
Python
import os.path
|
|
|
|
from flask import Flask, request
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
def source():
|
|
return request.args.get("path", "")
|
|
|
|
|
|
def normalize(x):
|
|
return os.path.normpath(x)
|
|
|
|
|
|
@app.route("/path")
|
|
def simple():
|
|
x = source()
|
|
open(x) # $result=BAD
|
|
|
|
|
|
@app.route("/path")
|
|
def normalization():
|
|
x = source()
|
|
y = normalize(x)
|
|
open(y) # $result=BAD
|
|
|
|
|
|
@app.route("/path")
|
|
def check():
|
|
x = source()
|
|
if x.startswith("subfolder/"):
|
|
open(x) # $result=BAD
|
|
|
|
|
|
@app.route("/path")
|
|
def normalize_then_check():
|
|
x = source()
|
|
y = normalize(x)
|
|
if y.startswith("subfolder/"):
|
|
open(y) # $result=OK
|
|
|
|
|
|
@app.route("/path")
|
|
def check_then_normalize():
|
|
x = source()
|
|
if x.startswith("subfolder/"):
|
|
y = normalize(x)
|
|
open(y) # $result=BAD
|