This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Improper validation of input data, leading to potential data leaks. The path should be checked and validated before opening a file in order to prevent opening random files and leaking data.
defdownload_file1(request):url=request.GET.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpassdefdownload_file2(request):url=request.POST.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpassdefdownload_file3(request):url=request.BLA.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpass
Compliant Code Examples
importosdefdownload_file(request):url=request.GET.get("filename")if".."inurl:returnsanitized_path=os.path.realpath(url,strict=True)print(f"url of the file: {url}")file=open(sanitized_path,"rb")withopen(sanitized_path)asf:passpass
Seamless integrations. Try Datadog Code Security
Datadog Code Security
Try this rule and analyze your code with Datadog Code Security
How to use this rule
1
2
rulesets:- python-django # Rules to enforce Python django.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Security scans to your CI pipelines