python.flask.best-practice.use-jsonify.use-jsonify
semgrep
Author
7,403
Download Count*
License
flask.jsonify() is a Flask helper method which handles the correct settings for returning JSON from Flask routes
Run Locally
Run in CI
Defintion
rules:
- id: use-jsonify
patterns:
- pattern: $JSONDUMPS
- pattern-either:
- pattern-inside: |
return json.dumps($...VAR)
- pattern-inside: |
$DATA = json.dumps($...VAR)
...
return $DATA
- pattern-inside: |
@app.route(...)
def $X():
...
- metavariable-pattern:
metavariable: $JSONDUMPS
pattern: json.dumps($...VAR)
- focus-metavariable: $JSONDUMPS
fix: |
flask.jsonify($...VAR)
message: flask.jsonify() is a Flask helper method which handles the
correct settings for returning JSON from Flask routes
languages:
- python
severity: ERROR
metadata:
category: best-practice
technology:
- flask
references:
- https://flask.palletsprojects.com/en/2.2.x/api/#flask.json.jsonify
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
use-jsonify.py
## Normal import
import flask
import json
app = flask.Flask(__name__)
@app.route("/user")
def user():
user_dict = get_user(request.args.get("id"))
# ruleid:use-jsonify
return json.dumps(user_dict)
from json import dumps
@app.route("/user")
def user():
user_dict = get_user(request.args.get("id"))
# ruleid:use-jsonify
return dumps(user_dict)
# ok: use-jsonify
def dumps():
pass
def test_empty_dumps():
# ok: use-jsonify
dumps()
Short Link: https://sg.run/XBlb