Django is a popular open-source web application framework in Python. Django's file storage API allows access to the file system, which can potentially cause arbitrary read/write vulnerabilities if user-controlled data is able to control the files being read.
We use the following linters internally, so to save everyone's time, please make sure you run the following linters locally and fix errors related to the files you modified before submitting a PR:
black && usort format . && flake8
To install the linters, you can run the following command:
Django is a popular open-source web application framework in Python. Django's file storage API allows access to the file system, which can potentially cause arbitrary read/write vulnerabilities if user-controlled data is able to control the files being read.
We have some existing file system models at https://github.com/facebook/pyre-check/blob/main/stubs/taint/core_privacy_security/filesystem_other_sinks.pysa. Please refer to the Django API to identify key functions and model them in a similar way.
Submitting a PR
We use the following linters internally, so to save everyone's time, please make sure you run the following linters locally and fix errors related to the files you modified before submitting a PR:
To install the linters, you can run the following command: