46 lines
892 B
Plaintext
46 lines
892 B
Plaintext
== Why is this an issue?
|
|
|
|
include::../rationale.adoc[]
|
|
|
|
include::../impact.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
=== Code examples
|
|
|
|
include::../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,python,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
from flask import request
|
|
from urllib.request import urlopen
|
|
|
|
@app.route('/example')
|
|
def example():
|
|
id = request.args["user"]
|
|
urlopen("http://example.com/api/user/" + id).read() # Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,python,diff-id=1,diff-type=compliant]
|
|
----
|
|
from flask import request
|
|
from urllib.request import urlopen
|
|
from urllib.parse import quote
|
|
|
|
@app.route('/example')
|
|
def example():
|
|
id = request.args["user"]
|
|
urlopen("http://example.com/api/user/?u=" + quote(id)).read()
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../common/fix/encoding.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/standards.adoc[] |