rspec/rules/S5146/python/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

Flask

----
from flask import request, redirect

@app.route('move')
def move():
    url = request.args["next"]
    return redirect(url) # Noncompliant
----

Django

----
from django.http import HttpResponseRedirect

def move(request):
    url = request.GET.get("next", "/")
    return HttpResponseRedirect(url) # Noncompliant
----

== Compliant Solution

Flask

----
from flask import request, redirect, url_for

@app.route('move')
def move():
    endpoint = request.args["next"]
    return redirect(url_for(endpoint)) # Compliant
----

Django

----
from django.http import HttpResponseRedirect
from urllib.parse import urlparse

DOMAINS_WHITELIST = ['www.example.com', 'example.com']

def move(request):
    url = request.GET.get("next", "/")
    parsed_uri = urlparse(url)
    if parsed_uri.netloc in DOMAINS_WHITELIST:
        return HttpResponseRedirect(url) # Compliant
    return HttpResponseRedirect("/")
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

endif::env-github,rspecator-view[]
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

			`Flask`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
			`from flask import request, redirect`

			`@app.route('move')`
			`def move():`
			`url = request.args["next"]`
			`return redirect(url) # Noncompliant`
			`----`

			`Django`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
			`from django.http import HttpResponseRedirect`

			`def move(request):`
			`url = request.GET.get("next", "/")`
			`return HttpResponseRedirect(url) # Noncompliant`
			`----`

			`== Compliant Solution`

			`Flask`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
			`from flask import request, redirect, url_for`

			`@app.route('move')`
			`def move():`
			`endpoint = request.args["next"]`
			`return redirect(url_for(endpoint)) # Compliant`
			`----`

			`Django`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
			`from django.http import HttpResponseRedirect`
			`from urllib.parse import urlparse`

			`DOMAINS_WHITELIST = ['www.example.com', 'example.com']`

			`def move(request):`
			`url = request.GET.get("next", "/")`
			`parsed_uri = urlparse(url)`
			`if parsed_uri.netloc in DOMAINS_WHITELIST:`
			`return HttpResponseRedirect(url) # Compliant`
			`return HttpResponseRedirect("/")`
			`----`

			`include::../see.adoc[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`include::../highlighting.adoc[]`

			`endif::env-github,rspecator-view[]`