From 19584b90d67bffcc00ff041ad0b57d16c8fd0d60 Mon Sep 17 00:00:00 2001
From: Ana Scolari <127357173+apsscolari@users.noreply.github.com>
Date: Wed, 5 Feb 2025 13:36:56 -0800
Subject: [PATCH] Update codeql_sample_issues.py

---
 codeql_sample_issues.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/codeql_sample_issues.py b/codeql_sample_issues.py
index 635485f..9d76984 100644
--- a/codeql_sample_issues.py
+++ b/codeql_sample_issues.py
@@ -1,3 +1,22 @@
 import os
+from flask import request, Flask
+import re
+
+
 # Clear-text logging of sensitive information
+# did not trigger an alert in codeQL somehow...
 print(f"[INFO] Environment: {os.environ}")
+
+# attempt to trigger a warning in codeQL 
+# Regular expression injection
+@app.route("/direct")
+def direct():
+    unsafe_pattern = request.args["pattern"]
+    re.search(unsafe_pattern, "")
+
+
+@app.route("/compile")
+def compile():
+    unsafe_pattern = request.args["pattern"]
+    compiled_pattern = re.compile(unsafe_pattern)
+    compiled_pattern.search("")