File tree Expand file tree Collapse file tree
python/ql/test/experimental/query-tests/Security/CWE-943 Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -30,7 +30,7 @@ def get_db_find():
3030 safe_search = sanitize (json_search )
3131
3232 retrieved_db = db .get_db ()
33- data = retrieved_db ["Movie" ].find ({'name' : safe_search })
33+ return retrieved_db ["Movie" ].find ({'name' : safe_search })
3434
3535# if __name__ == "__main__":
3636# app.run(debug=True)
Original file line number Diff line number Diff line change @@ -11,7 +11,7 @@ def home_page():
1111 unsafe_search = request .args ['search' ]
1212 json_search = json .loads (unsafe_search )
1313
14- data = mongo .db .user .find ({'name' : json_search })
14+ return mongo .db .user .find ({'name' : json_search })
1515
1616# if __name__ == "__main__":
1717# app.run(debug=True)
Original file line number Diff line number Diff line change @@ -13,7 +13,7 @@ def home_page():
1313 json_search = json .loads (unsafe_search )
1414 safe_search = sanitize (json_search )
1515
16- data = mongo .db .user .find ({'name' : safe_search })
16+ return mongo .db .user .find ({'name' : safe_search })
1717
1818# if __name__ == "__main__":
1919# app.run(debug=True)
Original file line number Diff line number Diff line change @@ -21,22 +21,6 @@ def connect_find():
2121 db = me .connect ('mydb' )
2222 return db .movie .find ({'name' : json_search })
2323
24- @app .route ("/connection_connect_find" )
25- def connection_connect_find ():
26- unsafe_search = request .args ['search' ]
27- json_search = json .loads (unsafe_search )
28-
29- db = connect ('mydb' )
30- return db .movie .find ({'name' : json_search })
31-
32- @app .route ("/get_db_find" )
33- def get_db_find ():
34- unsafe_search = request .args ['search' ]
35- json_search = json .loads (unsafe_search )
36-
37- db = me .get_db ()
38- return db .movie .find ({'name' : json_search })
39-
4024@app .route ("/connection_get_db_find" )
4125def connection_get_db_find ():
4226 unsafe_search = request .args ['search' ]
Original file line number Diff line number Diff line change @@ -23,15 +23,6 @@ def connect_find():
2323 db = me .connect ('mydb' )
2424 return db .movie .find ({'name' : json_search })
2525
26- @app .route ("/connection_connect_find" )
27- def connection_connect_find ():
28- unsafe_search = request .args ['search' ]
29- json_search = json .loads (unsafe_search )
30- safe_search = sanitize (json_search )
31-
32- db = connect ('mydb' )
33- return db .movie .find ({'name' : json_search })
34-
3526@app .route ("/subclass_objects" )
3627def subclass_objects ():
3728 unsafe_search = request .args ['search' ]
@@ -40,15 +31,6 @@ def subclass_objects():
4031
4132 return Movie .objects (__raw__ = safe_search )
4233
43- @app .route ("/get_db_find" )
44- def get_db_find ():
45- unsafe_search = request .args ['search' ]
46- json_search = json .loads (unsafe_search )
47- safe_search = sanitize (json_search )
48-
49- db = me .get_db ()
50- return db .movie .find ({'name' : safe_search })
51-
5234@app .route ("/connection_get_db_find" )
5335def connection_get_db_find ():
5436 unsafe_search = request .args ['search' ]
Original file line number Diff line number Diff line change @@ -11,7 +11,7 @@ def home_page():
1111 unsafe_search = request .args ['search' ]
1212 json_search = json .loads (unsafe_search )
1313
14- data = client .db .collection .find_one ({'data' : json_search })
14+ return client .db .collection .find_one ({'data' : json_search })
1515
1616# if __name__ == "__main__":
1717# app.run(debug=True)
Original file line number Diff line number Diff line change @@ -13,7 +13,7 @@ def home_page():
1313 json_search = json .loads (unsafe_search )
1414 safe_search = sanitize (json_search )
1515
16- data = client .db .collection .find_one ({'data' : safe_search })
16+ return client .db .collection .find_one ({'data' : safe_search })
1717
1818# if __name__ == "__main__":
1919# app.run(debug=True)
You can’t perform that action at this time.
0 commit comments