Improper validation of input data, leading to potential data leaks. The path should be checked and validated before opening a file in order to prevent opening random files and leaking data.
defdownload_file1(request):url=request.GET.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpassdefdownload_file2(request):url=request.POST.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpassdefdownload_file3(request):url=request.BLA.get("filename")print(f"url of the file: {url}")file=open(url,"rb")withopen(url)asf:passpass
Compliant Code Examples
importosdefdownload_file(request):url=request.GET.get("filename")if".."inurl:returnsanitized_path=os.path.realpath(url,strict=True)print(f"url of the file: {url}")file=open(sanitized_path,"rb")withopen(sanitized_path)asf:passpass
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- python-django # Rules to enforce Python django.