Skip to content

Commit

Permalink
Update main.py
Browse files Browse the repository at this point in the history
  • Loading branch information
@sirdarckcat
sirdarckcat committed Jan 22, 2021
1 parent 176f052 commit f680405
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions 2019/beginners/web-wafwaf/app/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@
app = Flask(__name__)
app.secret_key = os.urandom(128)

BLACKLIST = ['#', '<', '>', '=', '%', '-']
BLACKLIST_WORDS = ['or', 'is', 'like', 'join', '0', 'limit', 'char']
FORBIDDEN_CHARS = ['#', '<', '>', '=', '%', '-']
FORBIDDEN_WORDS = ['or', 'is', 'like', 'join', '0', 'limit', 'char']


def get_db():
Expand All @@ -56,10 +56,10 @@ def query_db(query, args=(), one=False):
return (rv[0] if rv else None) if one else rv

def check_parameter(name):
for c in BLACKLIST:
for c in FORBIDDEN_CHARS:
if c in name:
return False
for w in BLACKLIST_WORDS:
for w in FORBIDDEN_WORDS:
if w in name:
return False
return True
Expand Down

0 comments on commit f680405

Please sign in to comment.