Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(iast): taint parameter name and header name in fastapi
Browse files Browse the repository at this point in the history
avara1986 committed Jan 23, 2025
1 parent cef509b commit 3558be3
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions utils/build/docker/python/fastapi/main.py
Original file line number Diff line number Diff line change
@@ -512,7 +512,7 @@ async def view_iast_source_header_value(table: typing.Annotated[str, Header()] =

@app.get("/iast/source/parametername/test", response_class=PlainTextResponse)
async def view_iast_source_parametername_get(request: Request):
param = [key for key in request.query_params if key == "user"]
param = [key for key in request.query_params.keys() if key == "user"]
if param:
_sink_point(id=param[0])
return "OK"
@@ -521,8 +521,8 @@ async def view_iast_source_parametername_get(request: Request):

@app.post("/iast/source/parametername/test", response_class=PlainTextResponse)
async def view_iast_source_parametername_post(request: Request):
json_body = await request.form()
param = [key for key in json_body if key == "user"]
form_data = await request.form()
param = [key for key in form_data.keys() if key == "user"]
if param:
_sink_point(id=param[0])
return "OK"

0 comments on commit 3558be3

Please sign in to comment.