python.flask.best-practice.get-class-method-with-side-effects.flask-class-method-get-side-effects

semgrep

Author

4,289

Download Count*

LGPL Commons Clause

License

Flask class method GET with side effects

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flask-class-method-get-side-effects
    patterns:
      - pattern-either:
          - pattern: |
              def get(self,...):
                  ...
                  $METHOD(...)
          - pattern: |
              def get(self,...):
                  ...
                  $VAR = $METHOD(...)
      - metavariable-regex:
          metavariable: $METHOD
          regex: (?i)(create|update|delete).*
    message: Flask class method GET with side effects
    severity: WARNING
    languages:
      - python
    metadata:
      category: best-practice
      technology:
        - flask
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

get-class-method-with-side-effects.py

import flask

class SomeClass:
    #violation - CRUD operation
    # ruleid: flask-class-method-get-side-effects
    def get(self):
        createRecord(someVar)

    #violation - CRUD operation
    # ruleid: flask-class-method-get-side-effects
    def get(self, arg1):
        print("foo")
        var = updateBar(somearg)

    # ruleid: flask-class-method-get-side-effects
    def get(self,arg1,arg2):
        someFunction()
        DeleteRecord(arg2)

class OtherClass:
    #ok
    def get(self, somearg):
        otherFunc("hello world")

Short Link: https://sg.run/2x6D