From 9cb412ef2f4d8248341348df952fae7fb93ff7bd Mon Sep 17 00:00:00 2001
From: Anthony Bartolo <abartolo@microsoft.com>
Date: Wed, 20 Aug 2025 14:54:20 -0400
Subject: [PATCH] Potential fix for code scanning alert no. 6: Construction of
 a cookie using user-supplied input

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../Tech Talks/ContainerDemo/example-voting-app/vote/app.py  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/archive/Events and Hacks/Tech Talks/ContainerDemo/example-voting-app/vote/app.py b/archive/Events and Hacks/Tech Talks/ContainerDemo/example-voting-app/vote/app.py
index 93955db0a..80f5fd2d9 100644
--- a/archive/Events and Hacks/Tech Talks/ContainerDemo/example-voting-app/vote/app.py	
+++ b/archive/Events and Hacks/Tech Talks/ContainerDemo/example-voting-app/vote/app.py	
@@ -19,8 +19,9 @@ def get_redis():
 @app.route("/", methods=['POST','GET'])
 def hello():
     voter_id = request.cookies.get('voter_id')
-    if not voter_id:
-        voter_id = hex(random.getrandbits(64))[2:-1]
+    # Validate voter_id: must be a hex string of length 16 (64 bits)
+    if not voter_id or not (isinstance(voter_id, str) and len(voter_id) == 16 and all(c in '0123456789abcdefABCDEF' for c in voter_id)):
+        voter_id = hex(random.getrandbits(64))[2:].zfill(16)
 
     vote = None