python.flask.best-practice.use-jsonify.use-jsonify

semgrep

Author

7,403

Download Count*

LGPL Commons Clause

License

flask.jsonify() is a Flask helper method which handles the correct settings for returning JSON from Flask routes

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: use-jsonify
    patterns:
      - pattern: $JSONDUMPS
      - pattern-either:
          - pattern-inside: |
              return json.dumps($...VAR)
          - pattern-inside: |
              $DATA = json.dumps($...VAR)
              ...
              return $DATA
      - pattern-inside: |
          @app.route(...)
          def $X():
            ...
      - metavariable-pattern:
          metavariable: $JSONDUMPS
          pattern: json.dumps($...VAR)
      - focus-metavariable: $JSONDUMPS
    fix: |
      flask.jsonify($...VAR)
    message: flask.jsonify() is a Flask helper method which handles the
      correct  settings for returning JSON from Flask routes
    languages:
      - python
    severity: ERROR
    metadata:
      category: best-practice
      technology:
        - flask
      references:
        - https://flask.palletsprojects.com/en/2.2.x/api/#flask.json.jsonify
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

use-jsonify.py

## Normal import
import flask
import json
app = flask.Flask(__name__)

@app.route("/user")
def user():
    user_dict = get_user(request.args.get("id"))
    # ruleid:use-jsonify
    return json.dumps(user_dict)

from json import dumps

@app.route("/user")
def user():
    user_dict = get_user(request.args.get("id"))
    # ruleid:use-jsonify
    return dumps(user_dict)

# ok: use-jsonify
def dumps():
  pass
def test_empty_dumps():
# ok: use-jsonify
    dumps()

Short Link: https://sg.run/XBlb