Django

pythondjangosql-injectioncursor-executedatabaseraw-sqltaint-analysisinter-proceduralCWE-89OWASP-A03

User input flows to cursor.execute() without parameterization, enabling SQL injection attacks.

Django SQL Injection via QuerySet.raw()

pythondjangosql-injectionraw-querysetormtaint-analysisinter-proceduralCWE-89OWASP-A03

User input flows to QuerySet.raw() without parameterization, enabling SQL injection through Django's ORM raw query interface.

Django SQL Injection via QuerySet.extra()

pythondjangosql-injectionqueryset-extraormtaint-analysisinter-proceduralCWE-89OWASP-A03

User input flows to QuerySet.extra() without parameterization, enabling SQL injection through Django's legacy ORM extension interface.

Django SQL Injection via RawSQL Expression

pythondjangosql-injectionrawsqlannotationsormtaint-analysisinter-proceduralCWE-89OWASP-A03

User input flows to RawSQL() expression without parameterization, enabling SQL injection through Django's annotation system.

Raw SQL Usage Audit via RawSQL Expression

pythondjangosql-injectionrawsqlauditormCWE-89OWASP-A03

RawSQL() expression detected. Audit this usage to confirm parameterized queries are used for all user-controlled values.

Django Tainted SQL String Construction

pythondjangosql-injectionstring-constructionf-stringformattaint-analysisinter-proceduralCWE-89OWASP-A03

User input is used to construct a SQL string that flows to a database execution function, enabling SQL injection via string building.

Django Command Injection via os.system()

pythondjangocommand-injectionos-systemshelltaint-analysisinter-proceduralCWE-78OWASP-A03

User input flows to os.system(), enabling arbitrary OS command execution with the privileges of the Django process.

CWE-78

Django Command Injection via subprocess

pythondjangocommand-injectionsubprocessshelltaint-analysisinter-proceduralCWE-78OWASP-A03

User input flows to subprocess with shell=True or as a string command, enabling OS command injection.

CWE-78

Django Code Injection via eval()

pythondjangocode-injectionevalrcetaint-analysisinter-proceduralCWE-95OWASP-A03

User input flows to eval(), enabling arbitrary Python code execution on the server.

CWE-95

Django Code Injection via exec()

pythondjangocode-injectionexecrcetaint-analysisinter-proceduralCWE-95OWASP-A03

User input flows to exec(), enabling arbitrary Python statement execution on the server.

CWE-95

Django globals() Misuse for Arbitrary Code Execution

pythondjangocode-injectionglobalsfunction-dispatchtaint-analysisinter-proceduralCWE-94OWASP-A03

User input is used to index globals(), enabling arbitrary function dispatch and potential code execution.

CWE-94

Django SSRF via requests Library

pythondjangossrfrequestshttp-clienttaint-analysisinter-proceduralCWE-918OWASP-A10

User input flows to requests.get/post/put/delete/head(), enabling the server to make HTTP requests to attacker-controlled URLs.

CWE-918

Django SSRF via urllib

pythondjangossrfurllibhttp-clientstandard-librarytaint-analysisinter-proceduralCWE-918OWASP-A10

User input flows to urllib.request.urlopen() or urllib.request.Request(), enabling the server to make HTTP requests to attacker-controlled URLs.

CWE-918

Django Path Traversal via os.path.join()

pythondjangopath-traversaldirectory-traversalos-path-joinfile-accesstaint-analysisinter-proceduralCWE-22OWASP-A01

User input flows to os.path.join() leading to file operations, enabling path traversal to access files outside the intended directory.

CWE-22

Django XSS via Direct HttpResponse with User Input

pythondjangoxsshttpresponsehtml-injectiontaint-analysisinter-proceduralCWE-79OWASP-A03

User input flows directly to HttpResponse without HTML escaping, enabling Cross-Site Scripting (XSS) attacks.

Django mark_safe() Usage Audit

pythondjangoxssmark-safeauto-escapingauditCWE-79OWASP-A03

mark_safe() bypasses Django's automatic HTML escaping. Audit all usages to confirm content is properly sanitized before being marked safe.

Django SafeString Subclass Audit

pythondjangoxsssafestringsafedatasubclassauditCWE-79OWASP-A03

Class extends SafeString or SafeData, bypassing Django's auto-escaping for all instances. Audit to confirm the class properly sanitizes content.

Django XSS in HTML Email Body via EmailMessage

pythondjangoxsshtml-injectionemailemailmessagetaint-analysisinter-proceduralCWE-79OWASP-A03

User input flows into HTML email body content without sanitization, enabling HTML injection in emails.

Django XSS in send_mail html_message Parameter

pythondjangoxsshtml-injectionemailsend-mailhtml-messagetaint-analysisinter-proceduralCWE-79OWASP-A03

User input flows into the html_message parameter of send_mail() without sanitization, enabling HTML injection in emails.

Django Insecure Cookie Settings via set_cookie()

pythondjangocookiessecurity-misconfigurationhttponlysecuresamesiteauditCWE-614CWE-1004OWASP-A05

Cookie set without secure, httponly, or samesite flags, making it vulnerable to interception, XSS-based theft, and CSRF attacks.

CWE-614, CWE-1004

Django Insecure Deserialization of Request Data

pythondjangodeserializationpickleyamldillinsecure-deserializationrcetaint-analysisinter-proceduralCWE-502OWASP-A08

User input flows to unsafe deserialization functions (pickle, yaml.load, dill, shelve), enabling arbitrary code execution during deserialization.

CWE-502

Django Empty Password in set_password()

pythondjangopasswordauthenticationempty-passwordset-passwordauditCWE-521CWE-258OWASP-A07

Empty string passed to set_password() creates an account with no password protection. Use None or set_unusable_password() instead.

CWE-521, CWE-258

Django Default Empty Password Value via flows()

pythondjangopasswordauthenticationdefault-valueempty-passwordtaint-analysisCWE-521CWE-287OWASP-A07

request.POST.get('password', '') with empty string default flows to set_password(), potentially setting an empty password when the field is omitted.

CWE-521, CWE-287