See: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
>>> from django.core.cache import cache
>>> cache.set('my_key', 'hello, world!')
>>> cache.get('my_key')
'hello, world!'
>>> c = chr(33)
>>> c
'!'
See: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
>>> from django.core.cache import cache
>>> cache.set('my_key', 'hello, world!')
>>> cache.get('my_key')
'hello, world!'
>>> c = chr(33)
>>> c
'!'
javascript:!function(a){var b=document.createElement("textarea"),c=document.getSelection();b.textContent=a,document.body.appendChild(b),c.removeAllRanges(),b.select(),document.execCommand("copy"),c.removeAllRanges(),document.body.removeChild(b)}(`[${document.title}](${location.href})`); |
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ | |
-H "Content-Type: application/json" \ | |
https://api.github.com/repos/ryu22e/django_demo/deployments/${DEPLOYMENT_ID}/statuses \ | |
--data '{"state": "success"}' |
"""悪い例""" | |
from django.conf import settings | |
from django.db import models | |
class Bug(models.Model): | |
pass | |
class Comment(models.Model): |
"""悪い例""" | |
from django.db import models | |
class Product(models.Model): | |
name = models.CharField(max_length=1000) | |
account_id = models.CharField(max_length=100) # カンマ区切りでIDを入れる(例: '1,2,3') |
# example/models.py | |
from django.db import models | |
from django.contrib.postgres.fields import JSONField | |
class Example(models.Model): | |
value = JSONField(verbose_name="値") | |
enabled = models.BooleanField(verbose_name="有効") |
from django.db import models | |
class Book(models.Model): | |
title = models.CharField(max_length=50, verbose_name="タイトル") |
# 以下gunicornのexampleをベースに作成 | |
# https://github.com/benoitc/gunicorn/blob/master/examples/nginx.conf | |
# /etc/nginx/sites-available/default を上書きする想定 | |
# 今回の脆弱性の確認に必要な最低限の設定だけ書いているので、本番でこの設定を丸ごとコピーして使わないように! | |
upstream app_server { | |
server 127.0.0.1:8000 fail_timeout=0; | |
} | |
server { | |
listen 80; |
# django_example/settings.py | |
# 以下を追記 | |
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') | |
# http→httpsへのリダイレクトをさせたいなら以下コメントアウトを外す | |
# SECURE_SSL_REDIRECT = True |
from django.contrib import admin | |
from .forms import PostAdminForm | |
from .models import Post | |
class PostAdmin(admin.ModelAdmin): | |
form = PostAdminForm | |