Python中文网 - 问答频道, 解决您学习工作中的Python难题和Bug
Python常见问题
一个SAST工具基于SQL注入的理由将下面的代码标记为易受攻击,我想知道为什么它显示出易受攻击尽管Django文档说所有输入都是类型安全的转换/错误的输入在后端被转义,文件是视图.py公司名称:
def infopanel(request):
item_id = request.GET.get('item_id','')
change_key = request.GET.get('change_key','')
context = request.GET.get('context','')
if item_id == '' or change_key == '':
return render_to_response('emailtrackergenericfailure.html',{'errorcode':"invalid message parameters (item_id, change_key, and or folder)"},context_instance=RequestContext(request))
# The exchange server item id sometimes has a '+' character in it.
# '+' is read as a ' ' due to the way the GET parameters are formatted.
# Change all spaces in the strings back to a '+' to repair this.
item_id = replace(item_id ,' ','+')
change_key = replace(change_key,' ','+')
#return render_to_response('emailtrackergenericfailure.html',{'errorcode':'ahhhh'},context_instance=RequestContext(request))
message = getMessage(item_id,change_key)
# print "****************** MESSAGE ******************"
# print message
# print "**************** END MESSAGE ****************"
#return render_to_response('emailtrackergenericfailure.html',{'errorcode':message},context_instance=RequestContext(request))
# Find the email message object and mark it as read
mssg = None
folder = ""
try:
mssg = Inbox.objects.get(item_id__exact=item_id,change_key=change_key)
folder = 'inbox'
except ObjectDoesNotExist:
try:
mssg = TicketEmail.objects.get(item_id=item_id,change_key=change_key)
folder = 'ticketemails'
except ObjectDoesNotExist:
try:
mssg = SentItems.objects.get(item_id=item_id,change_key=change_key)
folder = 'sentitems'
except ObjectDoesNotExist:
try:
mssg = RequestEmail.objects.get(item_id=item_id,change_key=change_key)
folder = 'requests'
except ObjectDoesNotExist:
try:
mssg = DeletedItems.objects.get(item_id=item_id,change_key=change_key)
folder = 'deleteditems'
except ObjectDoesNotExist:
return render_to_response('emailtrackergenericfailure.html',{'errorcode':'message not found in database.'},context_instance=RequestContext(request))
# Check if the exchange server returned an error
if message.GetItemResponseMessage._ResponseClass != 'Success':
mssg.read='True'
mssg.save()
return render_to_response('emailtrackergenericfailure.html',{'errorcode':message.GetItemResponseMessage.ResponseCode},context_instance=RequestContext(request))
if mssg.read != 'True':
new_change_key = markAsRead(item_id,change_key)
mssg.read='True'
mssg.change_key=new_change_key
mssg.save()
Tags: tokeyidmessagegetreturnresponserequest
热门问题
- “matplotlib”ImportError:DLL加载失败:%1不是有效的Win32应用程序
- “matplotlib”中对字体设置的奇怪响应
- “matplotlib”如何将绘图调整为图形大小?
- “Matplotlib不支持生成器作为输入。当我尝试使用scatter()打印列表时”
- “matplotlib中的点悬停时是否可能显示标签?”
- “max_features”如何限制sklearn集成模型中的特征数量?
- “max_poolig2d_3/MaxPool”的1减去2导致维度大小为负
- “maxiter”参数对中的方法“SLSQP”有效吗scipy.optimize.minimize?
- “maxRunningTime”选项的格式(谷歌人工智能平台)
- “MDMenuItem”对象在MDDropdownMenu上没有属性“callback”
- “Mean”不适用于Pandas数据帧,从Pickle读取16 x 200000+个观察值
- “MediaDefiningClass”对象不是iterable Djangoimportexp
- “Medicine”对象没有属性“add”错误
- “MergeSummary”Op的“inputs”具有与预期类型字符串不匹配的类型[bool,bool,bool,bool,bool,bool,bool]
- “message”:“所需的请求部分“file\”不存在”
- “message”是Django还是Python中的保留字?
- “method”和“method”的实例之间不支持“<”,Python,Djang
- “method”对象不可订阅。不知道怎么了
- “Method”对象不是iterab
- “method”对象不是iterable dataframe python
热门文章
- Python覆盖写入文件
- 怎样创建一个 Python 列表?
- Python3 List append()方法使用
- 派森语言
- Python List pop()方法
- Python Django Web典型模块开发实战
- Python input() 函数
- Python3 列表(list) clear()方法
- Python游戏编程入门
- 如何创建一个空的set?
- python如何定义(创建)一个字符串
- Python标准库 [The Python Standard Library by Ex
- Python网络数据爬取及分析从入门到精通(分析篇)
- Python3 for 循环语句
- Python List insert() 方法
- Python 字典(Dictionary) update()方法
- Python编程无师自通 专业程序员的养成
- Python3 List count()方法
- Python 网络爬虫实战 [Web Crawler With Python]
- Python Cookbook(第2版)中文版
目前没有回答
相关问题 更多 >
编程相关推荐