Skip to main content

Includes some security patches for better security in Django applications.

Project description

About Package

This Repo with include all security patches, That can be used to make django more secure against existing vulnerabilities.

Note This repo is not fully updated yet.

Installation

Install from Python packages repository:

pip install django-security-patch

Adding to Django Applications's settings.py file:

INSTALLED_APPS = (
    ...
    'django_security_patch',
)

After Django 1.10, middleware modules can be added to MIDDLEWARE list in settings file:

MIDDLEWARE = [
    ...
    'django_security_patch.middleware.QueryStringsSanitizer'
]

For Pre-Django 1.10, middleware modules can be added to MIDDLEWARE_CLASSES in settings.py file.

Description

One the leading vulnerabilities in current web application is Template Injeciton. For example When u are using aa javascript library like Angularjs, You should be careful that data reflected from user (from search box for example) will not be rendered in the context that there is another template handler (like angularjs) which will lead to Template Injection.

for example user sends [[test]] via search box of django. this will of course will not create any vulnerability for django, but if this value is rendered in template and there is angularjs, it will give attacker to do some Client-side Attacks.

Usage

just install package and add this in your settings.py file:

QUERY_REMOVE_STRINGS = ['{{', '}}', '[[', ']]']

From now on, any query string in request.GET that includes this characters, will be replaced.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-security-patch-0.0.3.tar.gz (3.5 kB view details)

Uploaded Source

Built Distribution

django_security_patch-0.0.3-py3-none-any.whl (16.3 kB view details)

Uploaded Python 3

File details

Details for the file django-security-patch-0.0.3.tar.gz.

File metadata

  • Download URL: django-security-patch-0.0.3.tar.gz
  • Upload date:
  • Size: 3.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for django-security-patch-0.0.3.tar.gz
Algorithm Hash digest
SHA256 74042fca33bccca95b5613972c5e2d2f44693fa1f4ea1bbd02d98a3c6e9b44bb
MD5 aff2ef9157c25106372288cf56419ceb
BLAKE2b-256 0c6e208585588c7302698c4624c5e8d06bec8ff0b2bfb6cb08b613d12d24241a

See more details on using hashes here.

File details

Details for the file django_security_patch-0.0.3-py3-none-any.whl.

File metadata

  • Download URL: django_security_patch-0.0.3-py3-none-any.whl
  • Upload date:
  • Size: 16.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for django_security_patch-0.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 655fcfaca44cb25793c65b864c4b1d81bc595d65c47c06cc0ff5c053833ad654
MD5 b4d1b83be64deccd025ad6a0a55800a5
BLAKE2b-256 5c83e8c17cd2a0d59ed3714bd220fa2e0549870f57917eb8668b382ae7eb4c54

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page