Open
Description
Running semgrep on pygoat
❯❱ python.django.security.injection.request-data-write.request-data-write
Found user-controlled request data passed into '.write(...)'. This could be dangerous if a malicious
actor is able to control data into sensitive files. For example, a malicious actor could force
rolling of critical log files, or cause a denial-of-service by using up available disk space.
Instead, ensure that request data is properly escaped or sanitized.
Details: https://sg.run/0Q6j
59┆ log_code = request.POST.get('log_code')
60┆ api_code = request.POST.get('api_code')
61┆ dirname = os.path.dirname(__file__)
62┆ log_filename = os.path.join(dirname, "playground/A9/main.py")
63┆ api_filename = os.path.join(dirname, "playground/A9/api.py")
64┆ f = open(log_filename,"w")
65┆ f.write(log_code)
⋮┆----------------------------------------
60┆ api_code = request.POST.get('api_code')
61┆ dirname = os.path.dirname(__file__)
62┆ log_filename = os.path.join(dirname, "playground/A9/main.py")
63┆ api_filename = os.path.join(dirname, "playground/A9/api.py")
64┆ f = open(log_filename,"w")
65┆ f.write(log_code)
66┆ f.close()
67┆ f = open(api_filename,"w")
68┆ f.write(api_code)
We don't have an existing transformer that aligns with this. Could we just wrap arguments to open and write with escape or some other sanitization func?