Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(iast): taint parameter name and header name in fastapi
Browse files Browse the repository at this point in the history
avara1986 committed Jan 23, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent cef509b commit 3558be3
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions utils/build/docker/python/fastapi/main.py
Original file line number Diff line number Diff line change
@@ -512,7 +512,7 @@ async def view_iast_source_header_value(table: typing.Annotated[str, Header()] =

@app.get("/iast/source/parametername/test", response_class=PlainTextResponse)
async def view_iast_source_parametername_get(request: Request):
param = [key for key in request.query_params if key == "user"]
param = [key for key in request.query_params.keys() if key == "user"]
if param:
_sink_point(id=param[0])
return "OK"
@@ -521,8 +521,8 @@ async def view_iast_source_parametername_get(request: Request):

@app.post("/iast/source/parametername/test", response_class=PlainTextResponse)
async def view_iast_source_parametername_post(request: Request):
json_body = await request.form()
param = [key for key in json_body if key == "user"]
form_data = await request.form()
param = [key for key in form_data.keys() if key == "user"]
if param:
_sink_point(id=param[0])
return "OK"

0 comments on commit 3558be3

Please sign in to comment.