Interactive demo

See a finding, end to end.

Select a sample or paste your own code. The sandbox simulates the IFDS analysis and returns a finding with a full taint witness.

Input · python

# app/views/uploads.py
from flask import request, send_file
import os

UPLOAD_DIR = "/var/uploads"

def download(req):
    name = req.args["file"]
    path = os.path.join(UPLOAD_DIR, name)
    return send_file(path)

Output · 1 finding

High · CWE-22Deterministic-core
Path traversal · unsanitised user input reaches file read
app/views/uploads.py · L7 (source) → L9 (sink)
fingerprint
a82d · 4e1f · 7c93 · strong
spec
path-traversal/flask-py
S_version
specs@2026.05.14-r2
env_digest
sha256:c1b…a89

Note: This sandbox simulates the IFDS analysis. In production, scanipy runs a full code-property graph construction over your repository, replays only the affected slice on incremental commits, and signs every finding with a provenance chain.

Scan your own repository.

Connect your SCM in a minute. No agents, no infrastructure changes.

Start free scan →See pricing