org.sonar.l10n.py.rules.python.S6560.html Maven / Gradle / Ivy
Why is this an issue?
By default, only dictionary objects can be serialized in Django JSON-encoded response. Before ECMASCript 5, serializing non-dictionary objects
could lead to security vulnerabilities. Since most modern browsers implement ECMAScript 5, this vector of attack is no longer a threat and it is
possible to serialize non-dictionary objects by setting the safe
flag to False
. However, if this flag is not set, a
TypeError
will be thrown by the serializer.
Despite this possibility, it is still recommended to serialize dictionary objects, as an API based on dict
is generally more
extensible and easier to maintain.
How to fix it
To fix this issue, developers should ensure that the safe flag is set to "False" when attempting to serialize non-dictionary objects in Django.
Code examples
Noncompliant code example
from django.http import JsonResponse
response = JsonResponse([1, 2, 3])
Compliant solution
from django.http import JsonResponse
response = JsonResponse([1, 2, 3], safe=False)
Resources
Documentation
© 2015 - 2024 Weber Informatics LLC | Privacy Policy