Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logic problems in Token processing #20

Open
Armandhe-China opened this issue Sep 27, 2022 · 1 comment
Open

Logic problems in Token processing #20

Armandhe-China opened this issue Sep 27, 2022 · 1 comment

Comments

@Armandhe-China
Copy link

Very good project, it helped me a lot and gave me ideas for doing CSRF checks, but I found some minor problems while reading. When token processing is performed, localTokens are a set, which cannot have duplicate values. Then localTokens are assigned to allTokens by traversing them. All this takes place in the Evaluate function. The problem is that in earlier Bolt.py token comparisons, allTokens were first rebranded with set tokens. Of course, we know that allTokens have already been rebranded with localTokens, so the size of the uniqueTokens that will be rebranded will be consistent with allTokens no matter what. So it's never typed into the logic that determines token duplication.
@Armandhe-China Armandhe-China changed the title Token处理中的逻辑问题 Logic problems in Token processing Sep 27, 2022
@nrathaus
Copy link

allTokens is not a set()

uniqueTokens is a set(allTokens)

allTokens is built from the dataset which is allForms (its source is from this)

Therefore there is no issue as you stated

This at least for the source code available for the past two years

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nrathaus @Armandhe-China