ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5146/python/how-to-fix-it/django.adoc
Ilia Kebets c80d7f3b4c
Add checks for education format (#1607)
2023-03-07 17:16:47 +01:00

40 lines
899 B
Plaintext
Raw Permalink Blame History

== How to fix it in Django
=== Code examples
include::../../common/fix/code-rationale.adoc[]
==== Noncompliant code example
[source,python,diff-id=1,diff-type=noncompliant]
----
from django.http import HttpResponseRedirect
def redirect():
url = request.GET.get("url", "/")
return HttpResponseRedirect(url) # Noncompliant
----
==== Compliant solution
[source,python,diff-id=1,diff-type=compliant]
----
from django.http import HttpResponseRedirect
from urllib.parse import urlparse
allow_list = ['www.example.com', 'example.com']
def redirect():
url = request.GET.get("url", "/")
parsed_url = urlparse(url)
if parsed_url.netloc in allow_list:
return HttpResponseRedirect("https://" + parsed_url.netloc)
return HttpResponseRedirect("/")
----
include::../../common/fix/how-does-this-work.adoc[]
=== Pitfalls
include::../../common/pitfalls/starts-with.adoc[]
Reference in New Issue View Git Blame Copy Permalink