❯❱ python.django.security.injection.request-data-write.request-data-write
Found user-controlled request data passed into '.write(...)'. This could be dangerous if a malicious
actor is able to control data into sensitive files. For example, a malicious actor could force
rolling of critical log files, or cause a denial-of-service by using up available disk space.
Instead, ensure that request data is properly escaped or sanitized.
Details: https://sg.run/0Q6j
59┆ log_code = request.POST.get('log_code')
60┆ api_code = request.POST.get('api_code')
61┆ dirname = os.path.dirname(__file__)
62┆ log_filename = os.path.join(dirname, "playground/A9/main.py")
63┆ api_filename = os.path.join(dirname, "playground/A9/api.py")
64┆ f = open(log_filename,"w")
65┆ f.write(log_code)
⋮┆----------------------------------------
60┆ api_code = request.POST.get('api_code')
61┆ dirname = os.path.dirname(__file__)
62┆ log_filename = os.path.join(dirname, "playground/A9/main.py")
63┆ api_filename = os.path.join(dirname, "playground/A9/api.py")
64┆ f = open(log_filename,"w")
65┆ f.write(log_code)
66┆ f.close()
67┆ f = open(api_filename,"w")
68┆ f.write(api_code)
We don't have an existing transformer that aligns with this. Could we just wrap arguments to open and write with escape or some other sanitization func?
Running semgrep on pygoat
We don't have an existing transformer that aligns with this. Could we just wrap arguments to open and write with escape or some other sanitization func?