Use of unsanitized data to open file Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter .
TRY THIS RULE ID: python-flask/open-file-unsanitized-data
Language: Python
Severity: Error
Category: Security
CWE : 22
Description Use of unsanitized from incoming request, leading to potential data leak and lack of control of the service. Do not use unsanitized data to control file operations. The code should check any incoming data and make sure it’s safe to use it.
Learn More Non-Compliant Code Examples import flask
import requests
app = flask . Flask ( __name__ )
@app.route ( "/route/to/resource/<resource_id>" )
def resource1 ( resource_id ):
with open ( resource_id ) as f :
pass
with open ( f "/path/to/ { resource_id } " ) as f :
pass
with open ( "/path/to/ {0} " . format ( resource_id )) as f :
pass
with open ( "/path/to/ {0} " . other ( resource_id )) as f :
pass
@app.route ( "/route/to/resource/<resource_id>" )
def resource2 ( resource_id ):
file1 = open ( resource_id )
file2 = open ( f "/path/to/ { resource_id } " )
file3 = open ( "/path/to/ {0} " . format ( resource_id ))
@app.route ( "/route/to/resource" )
def resource2 ():
resource_id = flask . request . args . get ( "resource_id" )
file1 = open ( resource_id )
file2 = open ( f "/path/to/ { resource_id } " )
file3 = open ( "/path/to/ {0} " . format ( resource_id ))
from flask import Flask , request , render_template
app = Flask ( __name__ , static_url_path = '/static' , static_folder = 'static' )
app . config [ 'DEBUG' ] = True
@app.route ( "/" )
def start ():
return render_template ( "index.html" )
Compliant Code Examples import flask
import requests
app = flask . Flask ( __name__ )
@app.route ( "/route/to/resource/<resource_id>" )
def resource2 ( resource_id ):
sanitized_resource_id = sanitize ( resource_id )
file1 = open ( sanitized_resource_id )
Seamless integrations. Try Datadog Code Analysis
