first commit

django/CVE-2020-9402/src/vuln/admin.py

@@ -0,0 +1,7 @@
+from django.contrib import admin
+from .models import Collection, Collection2
+
+# Register your models here.
+
+admin.site.register(Collection)
+admin.site.register(Collection2)

django/CVE-2020-9402/src/vuln/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class VulnConfig(AppConfig):
+    name = 'vuln'

django/CVE-2020-9402/src/vuln/models.py

@@ -0,0 +1,15 @@
+from django.contrib.gis.db import models
+
+# Create your models here.
+
+class Names(models.Model):
+    name = models.CharField(max_length=128)
+
+    def __str__(self):
+        return self.name
+
+class Collection(Names):
+    path = models.LineStringField()
+
+class Collection2(Names):
+    point = models.PointField()

django/CVE-2020-9402/src/vuln/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

django/CVE-2020-9402/src/vuln/views.py

@@ -0,0 +1,27 @@
+from django.shortcuts import render, HttpResponse
+from django.contrib.gis.geos import Point
+from django.contrib.gis.measure import D
+from django.contrib.gis.db.models.functions import Distance
+from django.contrib.gis.db.models import Union
+from .models import Collection, Collection2
+
+# Create your views here.
+
+def vuln(request):
+    query = request.GET.get('q', default=0.05)
+    qs = Collection.objects.annotate(
+        d=Distance(
+            Point(0.01, 0.01, srid=4326),
+            Point(0.01, 0.01, srid=4326),
+            tolerance=query,
+        ),
+    ).filter(d=D(m=1)).values('name')
+    return HttpResponse(qs)
+
+def vuln2(request):
+    query = request.GET.get('q')
+    qs = Collection2.objects.aggregate(
+            Union('point', tolerance=query),
+    ).values()
+
+    return HttpResponse(qs)