All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.sonar.l10n.py.rules.python.S6560.html Maven / Gradle / Ivy

There is a newer version: 4.23.0.17664
Show newest version

Why is this an issue?

By default, only dictionary objects can be serialized in Django JSON-encoded response. Before ECMASCript 5, serializing non-dictionary objects could lead to security vulnerabilities. Since most modern browsers implement ECMAScript 5, this vector of attack is no longer a threat and it is possible to serialize non-dictionary objects by setting the safe flag to False. However, if this flag is not set, a TypeError will be thrown by the serializer.

Despite this possibility, it is still recommended to serialize dictionary objects, as an API based on dict is generally more extensible and easier to maintain.

How to fix it

To fix this issue, developers should ensure that the safe flag is set to "False" when attempting to serialize non-dictionary objects in Django.

Code examples

Noncompliant code example

from django.http import JsonResponse
response = JsonResponse([1, 2, 3])

Compliant solution

from django.http import JsonResponse
response = JsonResponse([1, 2, 3], safe=False)

Resources

Documentation

Serializing non-dictionary objects





© 2015 - 2024 Weber Informatics LLC | Privacy Policy