Very good project, it helped me a lot and gave me ideas for doing CSRF checks, but I found some minor problems while reading. When token processing is performed, localTokens are a set, which cannot have duplicate values. Then localTokens are assigned to allTokens by traversing them. All this takes place in the Evaluate function. The problem is that in earlier Bolt.py token comparisons, allTokens were first rebranded with set tokens. Of course, we know that allTokens have already been rebranded with localTokens, so the size of the uniqueTokens that will be rebranded will be consistent with allTokens no matter what. So it's never typed into the logic that determines token duplication.
Very good project, it helped me a lot and gave me ideas for doing CSRF checks, but I found some minor problems while reading. When token processing is performed, localTokens are a set, which cannot have duplicate values. Then localTokens are assigned to allTokens by traversing them. All this takes place in the Evaluate function. The problem is that in earlier Bolt.py token comparisons, allTokens were first rebranded with set tokens. Of course, we know that allTokens have already been rebranded with localTokens, so the size of the uniqueTokens that will be rebranded will be consistent with allTokens no matter what. So it's never typed into the logic that determines token duplication.