push ssti.py

ssti.py

@@ -0,0 +1,41 @@
+# app_vulnerable.py
+from flask import Flask, request, render_template_string
+
+app = Flask(__name__)
+
+@app.route('/', methods=['GET', 'POST'])
+def index():
+    name = ''
+    if request.method == 'POST':
+        # VULNÉRABLE : on concatène directement la saisie dans un template string
+        name = request.form.get('name', '')
+        template = f"""
+        <!doctype html>
+        <html>
+          <head><title>SSTI demo (vuln)</title></head>
+          <body>
+            <h1>Bonjour {name} !</h1>
+            <p>Ce template est rendu côté serveur via render_template_string.</p>
+            <form method="post">
+              <input name="name" placeholder="Votre nom">
+              <button type="submit">Envoyer</button>
+            </form>
+          </body>
+        </html>
+        """
+        return render_template_string(template)
+    return '''
+    <!doctype html>
+    <html>
+      <head><title>SSTI demo (vuln)</title></head>
+      <body>
+        <h1>Bonjour !</h1>
+        <form method="post">
+          <input name="name" placeholder="Votre nom">
+          <button type="submit">Envoyer</button>
+        </form>
+      </body>
+    </html>
+    '''
+if __name__ == '__main__':
+    app.run(debug=True)