Use of unsanitized data to open API このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
このルールを試す ID: python-flask/urlopen-unsanitized-data
Language: Python
Severity: Error
Category: Security
CWE : 918
Description Use of unsanitized from incoming request, leading to potential data leak and lack of control of the service. The code should check any incoming data and make sure it’s safe to use it.
Learn More Non-Compliant Code Examples import flask
from urllib.request import urlopen
app = flask . Flask ( __name__ )
@app.route ( "/route/to/resource/<resource_id>" )
def resource2 ( resource_id ):
file1 = urlopen ( resource_id )
file2 = urlopen ( f "/path/to/ { resource_id } " )
@app.route ( "/route/to/resource" )
def resource2 ():
resource_id = flask . request . args . get ( "resource_id" )
file1 = urlopen ( resource_id )
file2 = urlopen ( f "/path/to/ { resource_id } " )
file3 = urlopen ( "/path/to/ {0} " . format ( resource_id ))
Compliant Code Examples import flask
from urllib.request import urlopen
app = flask . Flask ( __name__ )
@app.route ( "/route/to/resource/<resource_id>" )
def resource2 ( resource_id ):
sanitized_resource_id = sanitize ( resource_id )
file1 = urlopen ( sanitized_resource_id )
Seamless integrations. Try Datadog Code Analysis
