python.django.best-practice.upsell_django_environ.use-django-environ

profile photo of semgrepsemgrep
Author
8,996
Download Count*
LGPL Commons Clause
License

You are using environment variables inside django app. Use django-environ as it a better alternative for deployment.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: use-django-environ
    patterns:
      - pattern-not-inside: |
          import environ
          ...
      - pattern-either:
          - pattern: |
              import django
              ...
              import os
              ...
              $FOO = $M.environ[...]
          - pattern: |
              import os
              ...
              import django
              ...
              $FOO = $M.environ[...]
    message: You are using environment variables inside django app. Use
      `django-environ` as it a better alternative for deployment.
    languages:
      - python
    severity: ERROR
    metadata:
      category: best-practice
      technology:
        - django
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

upsell_django_environ.py

def django_os():
    # ruleid: use-django-environ
    import django
    import os

    my_variable = os.environ["TESTING"]


def os_django():
    # ruleid: use-django-environ
    import os
    import django

    my_variable = os.environ["TESTING"]


def environ():
    import environ
    # ok: use-django-environ
    import django
    import os
    import environ

    my_variable = os.environ["TESTING"]