Skip to content

Create codeql_issue_testruleset2.py#7

Open
apsscolari wants to merge 2 commits intomainfrom
apsscolari-patch-2
Open

Create codeql_issue_testruleset2.py#7
apsscolari wants to merge 2 commits intomainfrom
apsscolari-patch-2

Conversation

@apsscolari
Copy link
Copy Markdown
Contributor

@apsscolari apsscolari commented Feb 5, 2025

attempting to reproduce issue when two workflows are enabled, default and setup

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 5, 2025
View reviewed changes
codeql_issue_testruleset2.py
@app.route("/direct")
def direct():
unsafe_pattern = request.args["pattern"]
re.search(unsafe_pattern, "")

Check failure

Code scanning / CodeQL

Regular expression injection

This regular expression depends on a [user-provided value](1) and is executed by [re.search](2).
codeql_issue_testruleset2.py
@app.route("/compile")
def compile():
unsafe_pattern = request.args["pattern"]
compiled_pattern = re.compile(unsafe_pattern)

Check failure

Code scanning / CodeQL

Regular expression injection

This regular expression depends on a [user-provided value](1) and is executed by [re.search](2).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@apsscolari @github-advanced-security