research-school-2024/examples/idor.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""IDOR example"""

from flask import Flask, jsonify

app: Flask = Flask(__name__)

users_data = {"1": {"name": "Alice"}, "2": {"name": "Bob"}}


@app.get("/<user_id>")
def get_user(user_id: str):
    """Gets a user by ID"""
    return str(users_data[user_id])


if __name__ == "__main__":
    app.run(debug=True)