codeql/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/http_test.py at ebe29dd14341d5cf3e81fe00f2f5ba7369ca958c · yoff/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
from http.server import HTTPServer, BaseHTTPRequestHandler
import urllib.parse

class VulnerableHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        parsed_path = urllib.parse.urlparse(self.path)
        params = urllib.parse.parse_qs(parsed_path.query)
        input_value = params.get("input", [""])[0]
        # Unsafe: Directly including user input in headers
        self.send_response(200)
        try:
            self.send_header("X-Info", input_value) # BAD
        except Exception as e:
            print(f"[!] Header injection failed: {e}")
        self.end_headers()
        self.wfile.write(b"Hello world!")


# if __name__ == "__main__":
#     print("Serving vulnerable app on http://127.0.0.1:8080")
#     httpd = HTTPServer(("127.0.0.1", 8080), VulnerableHandler)
#     httpd.serve_forever()