From d5950f4afd80e193eddc042e09356a95112df71a Mon Sep 17 00:00:00 2001 From: circleci Date: Mon, 24 Jun 2019 13:59:30 +0000 Subject: [PATCH 1/8] Added js_error_20195924015930.js, py_xss_20195924015930.py, py_error_20195924015930.py --- py_error_20195924015930.py | 46 ++++++++++++++++++++++++++++ py_unittest_20195924015930.py | 15 +++++++++ py_xss_20195924015930.py | 11 +++++++ static/js/js_error_20195924015930.js | 10 ++++++ 4 files changed, 82 insertions(+) create mode 100644 py_error_20195924015930.py create mode 100644 py_unittest_20195924015930.py create mode 100644 py_xss_20195924015930.py create mode 100644 static/js/js_error_20195924015930.js diff --git a/py_error_20195924015930.py b/py_error_20195924015930.py new file mode 100644 index 0000000..bfe6a63 --- /dev/null +++ b/py_error_20195924015930.py @@ -0,0 +1,46 @@ +import lxml + +class C20195924015930(): + "This is an example class" + a = 10 + def func(self): + print('Hello Example') + +# Output: 10 +print(C20195924015930.a) + +# Output: +print(C20195924015930.func) + +# Output: 'This is my second class' +print(C20195924015930.__doc__) + +# Code Injection +def GET(self): + get_input = web.input() + param1 = get_input['param1'] if 'param1' in get_input else None + if (param1): + x = eval(param1) + return "I'm vulnerable" + +# CWE-759 +def storePassword(userName,Password): + hasher = hashlib.new('md5') + hasher.update(Password) + hashedPassword = hasher.digest() + + # UpdateUserLogin returns True on success, False otherwise + return updateUserLogin(userName,hashedPassword) + + +def calc(number,times): + program = 'a = 5\nb=10\nprint("Sum =", a+b)' + exec(program) + for x in range(0, 3): + print("We're on time %d" % (x)) + y = 1 + while True: + if(y%2 ==0): + print("To infinity and beyond! We're getting close, on %d now!" % (y)) + y += 1 + return number*times \ No newline at end of file diff --git a/py_unittest_20195924015930.py b/py_unittest_20195924015930.py new file mode 100644 index 0000000..9c92fdf --- /dev/null +++ b/py_unittest_20195924015930.py @@ -0,0 +1,15 @@ +from django.test import TestCase + + +from py_error_20195924015930 import C20195924015930 + +class TestModel01(TestCase): + + def test_01(self): + x = C20195924015930() + self.assertIs(x.a,10) + + + def test_02(self): + x = C20195924015930() + self.assertIs(x.calc(7,3),21) \ No newline at end of file diff --git a/py_xss_20195924015930.py b/py_xss_20195924015930.py new file mode 100644 index 0000000..83b98c4 --- /dev/null +++ b/py_xss_20195924015930.py @@ -0,0 +1,11 @@ +from flask import Flask, request, make_response, escape + +app = Flask(__name__) +@app.route('/unsafe') +def unsafe(): + first_name = request.args.get('name', '') + return make_response("Your name is " + first_name) +@app.route('/safe') +def safe(): + first_name = request.args.get('name', '') + return make_response("Your name is " + escape(first_name)) \ No newline at end of file diff --git a/static/js/js_error_20195924015930.js b/static/js/js_error_20195924015930.js new file mode 100644 index 0000000..ac1f616 --- /dev/null +++ b/static/js/js_error_20195924015930.js @@ -0,0 +1,10 @@ +function hello() { + let a = "dummy" + return "Hello"; +} + +function world() { + password a = "dummy" + let b = "line" + return "World"; +} \ No newline at end of file From 148b8c12b8940020c9198bef638302308d1f4595 Mon Sep 17 00:00:00 2001 From: circleci Date: Mon, 24 Jun 2019 14:22:54 +0000 Subject: [PATCH 2/8] Fixed Python and Javascript errors --- py_error_20195924015930.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/py_error_20195924015930.py b/py_error_20195924015930.py index bfe6a63..fcb0c23 100644 --- a/py_error_20195924015930.py +++ b/py_error_20195924015930.py @@ -1,9 +1,10 @@ -import lxml +#import lxml class C20195924015930(): "This is an example class" a = 10 - def func(self): + @classmethod + def funct(self): print('Hello Example') # Output: 10 @@ -20,8 +21,8 @@ def GET(self): get_input = web.input() param1 = get_input['param1'] if 'param1' in get_input else None if (param1): - x = eval(param1) - return "I'm vulnerable" + x = ast.literal_eval(param1) + return "I'm not vulnerable"+x # CWE-759 def storePassword(userName,Password): @@ -32,10 +33,9 @@ def storePassword(userName,Password): # UpdateUserLogin returns True on success, False otherwise return updateUserLogin(userName,hashedPassword) - def calc(number,times): - program = 'a = 5\nb=10\nprint("Sum =", a+b)' - exec(program) + print("Sum =", a+b) + #no need for exec for x in range(0, 3): print("We're on time %d" % (x)) y = 1 From 3e75bf8b0615803bb1482e56cbe837d3ddb0c004 Mon Sep 17 00:00:00 2001 From: circleci Date: Thu, 4 Jul 2019 09:24:54 +0000 Subject: [PATCH 3/8] Fixed Python and Javascript errors From 79d74aa63f348bc33f4e1aac8c74870a03b66915 Mon Sep 17 00:00:00 2001 From: circleci Date: Wed, 17 Jul 2019 13:19:55 +0000 Subject: [PATCH 4/8] Fixed Python and Javascript errors From 493430c836c5fc884f112730e5b0520e0a26bdd1 Mon Sep 17 00:00:00 2001 From: circleci Date: Fri, 19 Jul 2019 17:12:14 +0000 Subject: [PATCH 5/8] Fixed Python and Javascript errors From cabd351d6f775a01ab45f458ed27ace6105d8633 Mon Sep 17 00:00:00 2001 From: hjrocha Date: Thu, 8 Aug 2019 13:41:24 +0100 Subject: [PATCH 6/8] Fixed Python and Javascript errors From af931883e5fa7f7f112a0f900e2a3abf7f3e02a6 Mon Sep 17 00:00:00 2001 From: "codacydemo@codacy.com" Date: Fri, 9 Aug 2019 16:26:22 +0000 Subject: [PATCH 7/8] Fixed Python and Javascript errors From ceed33f4b9264d3112ac167d07313c70b2be2d79 Mon Sep 17 00:00:00 2001 From: "codacydemo@codacy.com" Date: Mon, 12 Aug 2019 07:51:46 +0000 Subject: [PATCH 8/8] Fixed Python and Javascript errors