From e9c298b3b4d5764e4f46a3e0ba3915531c372532 Mon Sep 17 00:00:00 2001
From: etcylfleet <matthew.fleetwood@intel.com>
Date: Wed, 31 Jan 2024 14:11:26 -0800
Subject: [PATCH] Create cwe_error_test1.py

Demonstrates a XSS vulnerability (CWE-79)
---
 cwe_error_test1.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 cwe_error_test1.py

diff --git a/cwe_error_test1.py b/cwe_error_test1.py
new file mode 100644
index 0000000..0dea3c6
--- /dev/null
+++ b/cwe_error_test1.py
@@ -0,0 +1,14 @@
+from flask import Flask, request, render_template_string
+
+app = Flask(__name__)
+
+@app.route('/')
+def index():
+  # Get user input from the query parameter "name"
+  user_input = request.args.get('name', 'World')
+
+  # This line is vulnerable to XSS. It directly places user_input into the HTML.
+  return render_template_string('<h1>Hello, ' + user_input + '!</h1>')
+
+if __name__ == '__main__':
+  app.run(debug=True)