Skip to content
This repository was archived by the owner on Aug 21, 2025. It is now read-only.

Commit 26b9531

Browse files
WirelessLifeWirelessLife
authored
Merge pull request #382 from microsoft/alert-autofix-6
Potential fix for code scanning alert no. 6: Construction of a cookie using user-supplied input
2 parents 2bec55f + 9cb412e commit 26b9531

File tree

1 file changed

+3
-2
lines changed
  • archive/Events and Hacks/Tech Talks/ContainerDemo/example-voting-app/vote

1 file changed

+3
-2
lines changed

archive/Events and Hacks/Tech Talks/ContainerDemo/example-voting-app/vote/app.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,9 @@ def get_redis():
1919
@app.route("/", methods=['POST','GET'])
2020
def hello():
2121
voter_id = request.cookies.get('voter_id')
22-
if not voter_id:
23-
voter_id = hex(random.getrandbits(64))[2:-1]
22+
# Validate voter_id: must be a hex string of length 16 (64 bits)
23+
if not voter_id or not (isinstance(voter_id, str) and len(voter_id) == 16 and all(c in '0123456789abcdefABCDEF' for c in voter_id)):
24+
voter_id = hex(random.getrandbits(64))[2:].zfill(16)
2425

2526
vote = None
2627

0 commit comments

Comments
 (0)