See: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
>>> from django.core.cache import cache
>>> cache.set('my_key', 'hello, world!')
>>> cache.get('my_key')
'hello, world!'
>>> c = chr(33)
>>> c
'!'
Ryuji Tsutsui ryu22e
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript:!function(a){var b=document.createElement("textarea"),c=document.getSelection();b.textContent=a,document.body.appendChild(b),c.removeAllRanges(),b.select(),document.execCommand("copy"),c.removeAllRanges(),document.body.removeChild(b)}(`[${document.title}](${location.href})`); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| https://api.github.com/repos/ryu22e/django_demo/deployments/${DEPLOYMENT_ID}/statuses \ | |
| --data '{"state": "success"}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """悪い例""" | |
| from django.conf import settings | |
| from django.db import models | |
| class Bug(models.Model): | |
| pass | |
| class Comment(models.Model): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """悪い例""" | |
| from django.db import models | |
| class Product(models.Model): | |
| name = models.CharField(max_length=1000) | |
| account_id = models.CharField(max_length=100) # カンマ区切りでIDを入れる(例: '1,2,3') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # example/models.py | |
| from django.db import models | |
| from django.contrib.postgres.fields import JSONField | |
| class Example(models.Model): | |
| value = JSONField(verbose_name="値") | |
| enabled = models.BooleanField(verbose_name="有効") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from django.db import models | |
| class Book(models.Model): | |
| title = models.CharField(max_length=50, verbose_name="タイトル") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 以下gunicornのexampleをベースに作成 | |
| # https://github.com/benoitc/gunicorn/blob/master/examples/nginx.conf | |
| # /etc/nginx/sites-available/default を上書きする想定 | |
| # 今回の脆弱性の確認に必要な最低限の設定だけ書いているので、本番でこの設定を丸ごとコピーして使わないように! | |
| upstream app_server { | |
| server 127.0.0.1:8000 fail_timeout=0; | |
| } | |
| server { | |
| listen 80; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # django_example/settings.py | |
| # 以下を追記 | |
| SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') | |
| # http→httpsへのリダイレクトをさせたいなら以下コメントアウトを外す | |
| # SECURE_SSL_REDIRECT = True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from django.contrib import admin | |
| from .forms import PostAdminForm | |
| from .models import Post | |
| class PostAdmin(admin.ModelAdmin): | |
| form = PostAdminForm | |