python.requests.best-practice.use-request-json-shortcut.python.requests.best-practice.use-request-json-shortcut

profile photo of semgrepsemgrep
Author
1,938
Download Count*
LGPL Commons Clause
License

The requests library has a convenient shortcut for sending JSON requests, which lets you stop worrying about serializing the body yourself. To use it, replace body=json.dumps(...) with json=....

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: python.requests.best-practice.use-request-json-shortcut
    patterns:
      - pattern-inside: import json; ...
      - pattern-inside: import requests; ...
      - pattern: requests.$METHOD(..., body=json.dumps($BODY), ...)
    message: The requests library has a convenient shortcut for sending JSON
      requests, which lets you stop worrying about serializing the body
      yourself. To use it, replace `body=json.dumps(...)` with `json=...`.
    severity: WARNING
    metadata:
      references:
        - https://requests.readthedocs.io/en/stable/user/quickstart/#more-complicated-post-requests
      category: best-practice
      technology:
        - requests
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - python

Examples

use-request-json-shortcut.py

import json
import requests

# ruleid:python.requests.best-practice.use-request-json-shortcut
requests.put("https://example.org", body=json.dumps({"hello": True}))

# ruleid:python.requests.best-practice.use-request-json-shortcut
requests.patch("https://example.org", body=json.dumps({"hello": True}), timeout=5)

# ok
requests.post("https://example.org", json={"hello": True})

# ok
requests.post("https://example.org", body="hello=1")