This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Improper validation of input data, leading to potential data leaks. The path should be checked and validated before opening a file in order to prevent opening random files and leaking data.
defdownload_file1(request):url=request.GET.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpassdefdownload_file2(request):url=request.POST.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpassdefdownload_file3(request):url=request.BLA.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpass
Compliant Code Examples
importosdefdownload_file(request):url=request.GET.get("filename")if".."inurl:returnsanitized_path=os.path.realpath(url,strict=True)print(f"url of the file: {url}")file=open(sanitized_path,"rb")withopen(sanitized_path)asf:passpass
1
2
rulesets:- python-django # Rules to enforce Python django.