From 60ad9865cb63a49874d597a64bce89b8d8e7856e Mon Sep 17 00:00:00 2001 From: ZeroPath Date: Mon, 7 Jul 2025 23:22:59 +0000 Subject: [PATCH] fix: mitigate insecure deserialization vulnerability by using JSON instead of pickle --- owasp-top10-2021-apps/a8/amarelo-designs/app/app.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a8/amarelo-designs/app/app.py b/owasp-top10-2021-apps/a8/amarelo-designs/app/app.py index 92e24231e..f4d1d167c 100644 --- a/owasp-top10-2021-apps/a8/amarelo-designs/app/app.py +++ b/owasp-top10-2021-apps/a8/amarelo-designs/app/app.py @@ -2,6 +2,7 @@ from flask import Flask, request, make_response, render_template, redirect, flash import uuid +import json import pickle import base64 app = Flask(__name__) @@ -20,7 +21,7 @@ def login(): if username == "admin" and password == "admin": token = str(uuid.uuid4().hex) cookie = { "username":username, "admin":True, "sessionId":token } - pickle_resultado = pickle.dumps(cookie) + pickle_resultado = json.dumps(cookie).encode('utf-8') encodedSessionCookie = base64.b64encode(pickle_resultado) resp = make_response(redirect("/user")) resp.set_cookie("sessionId", encodedSessionCookie) @@ -37,7 +38,7 @@ def userInfo(): cookie = request.cookies.get("sessionId") if cookie == None: return "Não Autorizado!" - cookie = pickle.loads(base64.b64decode(cookie)) + cookie = json.loads(base64.b64decode(cookie).decode('utf-8')) return render_template('user.html')