From 8ff9c5d7243a2d42987dbe674b7499e2980c0159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ferm=C3=ADn=20Gal=C3=A1n=20M=C3=A1rquez?= Date: Fri, 4 Oct 2024 19:39:39 +0200 Subject: [PATCH] Fix code scanning alert no. 2: Reflected server-side cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- scripts/accumulator-server.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/accumulator-server.py b/scripts/accumulator-server.py index c08b893bd0..fb75a68559 100755 --- a/scripts/accumulator-server.py +++ b/scripts/accumulator-server.py @@ -54,7 +54,7 @@ import json import paho.mqtt.client as mqtt import threading - +import html def usage_and_exit(msg): """ @@ -353,9 +353,9 @@ def record_request(request): params = '' for k in request.args: if (params == ''): - params = k + '=' + request.args[k] + params = html.escape(k) + '=' + html.escape(request.args[k]) else: - params += '&' + k + '=' + request.args[k] + params += '&' + html.escape(k) + '=' + html.escape(request.args[k]) if (params == ''): s += '\n' @@ -364,7 +364,7 @@ def record_request(request): # Store headers (according to pre-defined order) for h in sort_headers(request.headers.keys()): - s += h + ': ' + request.headers[h] + '\n' + s += h + ': ' + html.escape(request.headers[h]) + '\n' # Store payload if ((request.data is not None) and (len(request.data) != 0)): @@ -377,7 +377,7 @@ def record_request(request): except ValueError as e: s += str(e) else: - s += request.data.decode("utf-8") + s += html.escape(request.data.decode("utf-8")) # Separator s += '=======================================\n'