Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added authentication logic : XSS vuln detected #31

Closed
wants to merge 2 commits into from
Closed

Added authentication logic : XSS vuln detected #31

wants to merge 2 commits into from

Conversation

MoroccanTea
Copy link
Owner

  • Login using Google OAuth
  • Improved file structure
  • Added env vars and secrets to github

@MoroccanTea MoroccanTea added the feature New feature or request label Nov 14, 2023
@MoroccanTea MoroccanTea added this to the Beta release milestone Nov 14, 2023
@MoroccanTea MoroccanTea self-assigned this Nov 14, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 14, 2023
View reviewed changes
backend/api.py Fixed Show fixed Hide fixed
white-b1nary
white-b1nary requested changes Nov 15, 2023
View reviewed changes
Copy link
Collaborator

@white-b1nary white-b1nary left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code you've posted is vulnerable to Cross-Site Scripting (XSS) because it directly includes user-provided data (request.args['error_reason'], request.args['error_description'], user_info.data['id'], and user_info.data['name']) in the response without any sanitization

def authorized():
    resp = google.authorized_response()
    if resp is None or resp.get('access_token') is None:
        return 'Access denied: reason={0} error={1}'.format(
            request.args['error_reason'],
            request.args['error_description']
 session['google_token'] = (resp['access_token'], '')
    user_info = google.get('userinfo')
    return 'Logged in as id={0} name={1} redirecting to profile...'.format(
        user_info.data['id'], user_info.data['name'])
        )

Make sure to use the escape function before including it in the response

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 23, 2023
View reviewed changes
backend/api.py Dismissed Show dismissed Hide dismissed
@MoroccanTea MoroccanTea changed the title Added authentication logic Added authentication logic : XSS vuln detected Nov 23, 2023
@MoroccanTea MoroccanTea added the Security vulns Discovered security vulneabilities label Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@white-b1nary white-b1nary white-b1nary requested changes

@azhbbx3 azhbbx3 azhbbx3 approved these changes

Assignees

@MoroccanTea MoroccanTea

Labels
feature New feature or request Security vulns Discovered security vulneabilities
Projects
None yet
Milestone
Beta release
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@MoroccanTea @azhbbx3 @white-b1nary