rspec/rules/S5146/python/how-to-fix-it/flask.adoc

== How to fix it in Flask

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,python,diff-id=11,diff-type=noncompliant]
----
from flask import Flask, redirect

app = Flask("example")

@app.route("/redirecting")
def redirecting():
    url = request.args["url"]
    return redirect(url) # Noncompliant
----

==== Compliant solution

[source,python,diff-id=11,diff-type=compliant]
----
from flask import Flask, redirect, url_for

app = Flask("example")

@app.route("/redirecting")
def redirecting():
    url = request.args["url"]
    return redirect(url_for(url))
----

include::../../common/fix/how-does-this-work.adoc[]

=== Pitfalls

include::../../common/pitfalls/starts-with.adoc[]
Add checks for education format (#1607) 2023-03-07 17:16:47 +01:00			`== How to fix it in Flask`

			`=== Code examples`
Modify S5146(multiple languages): Update to the education framework (APPSEC-185) (#1330) 2022-10-24 11:45:06 +02:00
			`include::../../common/fix/code-rationale.adoc[]`

			`==== Noncompliant code example`

Diff blocks: fix incorrect use for python (#2795) Improvement identified in #2790. Add a prefix to the diff-id when it is used multiple times in different "how to fix it in XYZ" sections to avoid ambiguity and pedantically follow the spec: > A single and unique diff-id should be used only once for each type of code example as shown in the description of a rule. Obvious typos around `diff-type` were fixed. An obvious extra use of diff blocks was removed. 2023-08-21 15:22:49 +02:00			`[source,python,diff-id=11,diff-type=noncompliant]`
Modify S5146(multiple languages): Update to the education framework (APPSEC-185) (#1330) 2022-10-24 11:45:06 +02:00			`----`
			`from flask import Flask, redirect`

			`app = Flask("example")`

Modify rule S5146: Fix invalid Python sample (#2239) I couldn't get Sonarcloud to trigger this issue using the provided noncompliant code example. I think the code examples as written end up being circular because the local function 'redirect()' will call itself rather than the imported 'redirect()' function of the same name. The fix is to change the local function name to be redirecting(). I changed the API endpoint name as well so that it matched. Once I had made this change, the noncompliant code example did lead to Sonarcloud spotting the issue. ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) 2023-06-29 15:57:46 +02:00			`@app.route("/redirecting")`
			`def redirecting():`
Modify S5146(multiple languages): Update to the education framework (APPSEC-185) (#1330) 2022-10-24 11:45:06 +02:00			`url = request.args["url"]`
			`return redirect(url) # Noncompliant`
			`----`

			`==== Compliant solution`

Diff blocks: fix incorrect use for python (#2795) Improvement identified in #2790. Add a prefix to the diff-id when it is used multiple times in different "how to fix it in XYZ" sections to avoid ambiguity and pedantically follow the spec: > A single and unique diff-id should be used only once for each type of code example as shown in the description of a rule. Obvious typos around `diff-type` were fixed. An obvious extra use of diff blocks was removed. 2023-08-21 15:22:49 +02:00			`[source,python,diff-id=11,diff-type=compliant]`
Modify S5146(multiple languages): Update to the education framework (APPSEC-185) (#1330) 2022-10-24 11:45:06 +02:00			`----`
			`from flask import Flask, redirect, url_for`

			`app = Flask("example")`

Modify rule S5146: Fix invalid Python sample (#2239) I couldn't get Sonarcloud to trigger this issue using the provided noncompliant code example. I think the code examples as written end up being circular because the local function 'redirect()' will call itself rather than the imported 'redirect()' function of the same name. The fix is to change the local function name to be redirecting(). I changed the API endpoint name as well so that it matched. Once I had made this change, the noncompliant code example did lead to Sonarcloud spotting the issue. ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) 2023-06-29 15:57:46 +02:00			`@app.route("/redirecting")`
			`def redirecting():`
Modify S5146(multiple languages): Update to the education framework (APPSEC-185) (#1330) 2022-10-24 11:45:06 +02:00			`url = request.args["url"]`
			`return redirect(url_for(url))`
			`----`

			`include::../../common/fix/how-does-this-work.adoc[]`

			`=== Pitfalls`

			`include::../../common/pitfalls/starts-with.adoc[]`