Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 5bc5925 commit 27a7d09Copy full SHA for 27a7d09
2 files changed
python/ql/src/Security/CWE-022/examples/tainted_path.py
@@ -11,7 +11,6 @@
11
12
def user_picture1(request):
13
"""A view that is vulnerable to malicious file access."""
14
- base_path = '/server/static/images'
15
filename = request.GET.get('p')
16
# BAD: This could read any file on the file system
17
data = open(filename, 'rb').read()
python/ql/src/Security/CWE-078/examples/command_injection.py
@@ -20,5 +20,4 @@ def command_execution_safe(request):
20
if request.method == 'POST':
21
action = request.POST.get('action', '')
22
#GOOD -- Use a whitelist
23
- subprocess.call(["application", COMMAND[action]])
24
-
+ subprocess.call(["application", COMMANDS[action]])
0 commit comments