File tree Expand file tree Collapse file tree 1 file changed +19
-0
lines changed
python/ql/test/query-tests/Security/CWE-943-NoSqlInjection Expand file tree Collapse file tree 1 file changed +19
-0
lines changed Original file line number Diff line number Diff line change @@ -43,5 +43,24 @@ def bad3():
4343 cursor = collection .find_one ({"$where" : f"this._id == '${ event_id } }) #$ result=BAD
4444
4545
46+ @app .route ("/bad4" )
47+ def bad4 ():
48+ client = MongoClient ("localhost" , 27017 , maxPoolSize = 50 )
49+ db = client .get_database (name = "localhost" )
50+ collection = db .get_collection ("collection" )
51+
52+ decoded = json .loads (request .args ['event_id' ])
53+
54+ search = {
55+ "body" : decoded ,
56+ "args" : [ "$event_id" ],
57+ "lang" : "js"
58+ }
59+ collection .find_one ({'$expr' : {'$function' : search }}) # $ result=BAD
60+
61+ collection .find_one ({'$expr' : {'$function' : decoded }}) # $ result=BAD
62+ collection .find_one ({'$expr' : decoded }) # $ result=BAD
63+ collection .find_one (decoded ) # $ result=BAD
64+
4665if __name__ == "__main__" :
4766 app .run (debug = True )
You can’t perform that action at this time.
0 commit comments