Merge pull request #7 from r2c-CSE/vuln-1

nnayar-r2c · web-flow · commit 568653a5b037 · 2023-05-19T09:49:50.000+01:00
Create vuln-1.py
diff --git a/vuln-1.py b/vuln-1.py
@@ -0,0 +1,23 @@
+import os
+import flask
+
+app = flask.Flask(__name__)
+
+
+@app.route("/route_param/<route_param>")
+def route_param(route_param):
+
+    # ruleid:dangerous-os-exec
+    os.execl("/bin/bash", "/bin/bash", "-c", route_param)
+
+    return "oops!"
+
+
+# Flask true negatives
+@app.route("/route_param/<route_param>")
+def route_param2(route_param):
+
+    # ok:dangerous-os-exec
+    os.execl("static")
+
+    return "ok!"
