Welcome to Software Development on Codidact!
Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.
Post History
I manage a wsgi application that accepts JSON data via POST from potentially untrusted sources. Normally it is treated as a text blob and never parsed, but there is a value in the expected input th...
#1: Initial revision
by
ajv
·
2021-10-19T00:32:16Z (over 2 years ago)
Is it dangerous to use json.loads on untrusted data?
I manage a wsgi application that accepts JSON data via POST from potentially untrusted sources. Normally it is treated as a text blob and never parsed, but there is a value in the expected input that I would like to log.
The obvious way to do it looks like this (where `payload` is the untrusted input):
```py
try:
data = json.loads(payload)
except json.JSONDecodeError as ex:
logging.warning("bad payload: %s", ex)
else:
value = data.get('something', 'ERR_MISSING')
logging.debug("something: %.30s", value)
```
This feels like it *should* be safe, which automatically makes me wonder if it is not. Broken json is handled, and the contents of `data` are not passed to anything other than the logger. But I am uncertain if it's safe to run json.loads on untrusted input, and I'm not sure that all possible json values are safe to stringify for logging.
What am I missing, if anything?