nyx/tests/fixtures/header_injection/python/unsafe_subscript_set.py

# Unsafe: tainted request value flows into the bare-subscript header set
# `response.headers["X-Forwarded-By"] = lang`.  The LHS-subscript
# classification path matches `response.headers` / `resp.headers` as a
# HEADER_INJECTION sink so this form fires alongside the explicit
# `headers.add` / `set_cookie` method-call shapes.
from flask import request, make_response


def handler():
    lang = request.args.get("lang")
    response = make_response("ok")
    response.headers["X-Forwarded-By"] = lang
    return response
new capacity bits (#67) 2026-05-07 01:29:31 -04:00			`# Unsafe: tainted request value flows into the bare-subscript header set`
			# `response.headers["X-Forwarded-By"] = lang`. The LHS-subscript
			# classification path matches `response.headers` / `resp.headers` as a
			`# HEADER_INJECTION sink so this form fires alongside the explicit`
			# `headers.add` / `set_cookie` method-call shapes.
			`from flask import request, make_response`


			`def handler():`
			`lang = request.args.get("lang")`
			`response = make_response("ok")`
			`response.headers["X-Forwarded-By"] = lang`
			`return response`