Name	Name	Last commit message	Last commit date
parent directory ..
webapp	webapp
.dockerignore	.dockerignore
Dockerfile	Dockerfile
README.md	README.md
compose.dev.yml	compose.dev.yml
compose.yml	compose.yml
dev-entrypoint.sh	dev-entrypoint.sh
dev-supervisor.py	dev-supervisor.py
requirements.txt	requirements.txt
run.py	run.py

Name

Last commit message

Last commit date

Confusion & Inconsistent Interpretation

Running the Examples

All examples in this category share a single Docker Compose environment:

cd vulnerabilities/python/flask/confusion
docker compose up -d

# View logs
docker compose logs -f

# Stop and clean up
docker compose down

The application will be available at http://localhost:8000.

Input Source — Source precedence bugs occur when different code paths read the "same" logical input from different locations (path vs. query vs. body vs. headers vs. cookies).
Authentication — Authentication confusion occurs when the code that verifies identity examines a different value than the code that acts on identity.
Authorization — Authorization confusion happens when the code that checks permissions examines a different resource or identity than the code that performs the action.
Cardinality — Cardinality confusion occurs when one part of the code treats a parameter as a single value while another treats it as a list. The parser, validator, and business logic disagree on whether you sent one item or many.
Normalization — Character normalization confusion happens when two code paths apply different string transformations to the same logical input.