Use of unsanitized data to open API
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: python-flask/urlopen-unsanitized-data
Language: Python
Severity: Error
Category: Security
CWE: 918
Use of unsanitized from incoming request, leading to potential data leak and lack of control of the service. The code should check any incoming data and make sure it’s safe to use it.
import flask
from urllib.request import urlopen
app = flask.Flask(__name__)
@app.route("/route/to/resource/<resource_id>")
def resource2(resource_id):
file1 = urlopen(resource_id)
file2 = urlopen(f"/path/to/{resource_id}")
@app.route("/route/to/resource")
def resource2():
resource_id = flask.request.args.get("resource_id")
file1 = urlopen(resource_id)
file2 = urlopen(f"/path/to/{resource_id}")
file3 = urlopen("/path/to/{0}".format(resource_id))
import flask
from urllib.request import urlopen
app = flask.Flask(__name__)
@app.route("/route/to/resource/<resource_id>")
def resource2(resource_id):
sanitized_resource_id = sanitize(resource_id)
file1 = urlopen(sanitized_resource_id)
