Includes some security patches for better security in Django applications.
Project description
About Package
This Repo with include all security patches, That can be used to make django more secure against existing vulnerabilities.
Note This repo is not fully updated yet.
Installation
Install from Python packages repository:
pip install django-security-patch
Adding to Django Applications's settings.py
file:
INSTALLED_APPS = (
...
'django_security_patch',
)
After Django 1.10, middleware modules can be added to MIDDLEWARE list in settings file:
MIDDLEWARE = [
...
'django_security_patch.middleware.QueryStringsSanitizer'
]
For Pre-Django 1.10, middleware modules can be added to MIDDLEWARE_CLASSES
in settings.py
file.
Description
One the leading vulnerabilities in current web application is Template Injeciton
. For example
When u are using aa javascript library like Angularjs, You should be careful that data reflected
from user (from search box for example) will not be rendered in the context that there is another
template handler (like angularjs) which will lead to Template Injection
.
for example user sends [[test]]
via search box of django. this will of course will not create
any vulnerability for django, but if this value is rendered in template and there is angularjs,
it will give attacker to do some Client-side Attacks.
Usage
just install package and add this in your settings.py file:
QUERY_REMOVE_STRINGS = ['{{', '}}', '[[', ']]']
From now on, any query string in request.GET that includes this characters, will be replaced.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-security-patch-0.0.3.tar.gz
.
File metadata
- Download URL: django-security-patch-0.0.3.tar.gz
- Upload date:
- Size: 3.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 74042fca33bccca95b5613972c5e2d2f44693fa1f4ea1bbd02d98a3c6e9b44bb |
|
MD5 | aff2ef9157c25106372288cf56419ceb |
|
BLAKE2b-256 | 0c6e208585588c7302698c4624c5e8d06bec8ff0b2bfb6cb08b613d12d24241a |
File details
Details for the file django_security_patch-0.0.3-py3-none-any.whl
.
File metadata
- Download URL: django_security_patch-0.0.3-py3-none-any.whl
- Upload date:
- Size: 16.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 655fcfaca44cb25793c65b864c4b1d81bc595d65c47c06cc0ff5c053833ad654 |
|
MD5 | b4d1b83be64deccd025ad6a0a55800a5 |
|
BLAKE2b-256 | 5c83e8c17cd2a0d59ed3714bd220fa2e0549870f57917eb8668b382ae7eb4c54 |