Lack of sanitization of user data
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: python-django/http-response-from-request
Language: Python
Severity: Error
Category: Security
CWE: 22
Description
The response sent with an HttpResponse
contains unsanitized request data. The data should be sanitized before being returns in an HttpResponse
.
Learn More
Non-Compliant Code Examples
def execute_command(request):
data = request.GET.get("data")
print("foobar")
foo = HttpResponse("data: '{0}'".format(data))
foo = HttpResponse(data)
return HttpResponse("data: '{0}'".format(data))
Compliant Code Examples
def execute_command(request):
data = request.GET.get("data")
print("foobar")
return HttpResponse("user '{user}' does not exist".format(sanitize_data(data)))
Seamless integrations. Try Datadog Code Analysis