Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:python-flask/no-render-template-string
Language: Python
Severity: Error
Category: Security
Description
Using templates created with string leads to server-side injection. Use template based on files.
importosfromfunctoolsimportwrapsfromflaskimportrequest,redirect,url_for,render_template_stringAPI_KEY=os.environ.get('VULN_FLASK_APP_API_KEY')# Decorator to check if user is logged indefrequire_api_key(f):@wraps(f)defwrap(*args,**kwargs):api_key=request.cookies.get('api_key')ifAPI_KEYisNoneorapi_key==API_KEY:returnf(*args,**kwargs)else:returnrender_template_string('no api key found'),401returnwrap
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- python-flask # Rules to enforce Python flask.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines