'Clean request.data in django rest

Quick question:

I know that Django has some baked-in security at different system levels, but I'm not sure if accessing the the request.data property directly safe? (can it cause a security vulnerability by simply reading the users input data before i have done something to clean it)

book = Book.objects.get(uuid=request.data.uuid)

(obviously, this is a simplified example)

Do I have to clean the data? Are there some packages that do this for me or can I use some of Django's native functions for this?

Thanks!

djangodjango-rest-framework


Solution 1:[1]

Since you mentioned you are using django rest framework, you should use the serializers for that.

Have a look at: https://www.django-rest-framework.org/api-guide/serializers/

serializer = MySerializer(data=request.data)
serializer.is_valid(raise_exception=True)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 loicgasser

Related Questions

Django models | get specific columns

Django models | get specific columns

Django models | get specific columns

Django models | get specific columns

Django models | get specific columns

python: can't open file 'manage.py': [Errno 2] No such file or directory

How to take a zipfile as a File object in django?

How to take a zipfile as a File object in django?

django: invalid syntax path('details/<int:id>/', views.details, name='details')

How do I install an old version of Django on virtualenv?

How to automatically login a user after registration in django

Took too long to shut down and was killed

Override save method of Django Admin

ValueError The QuerySet value for an exact lookup must be limited to one result using slicing on django views

django.core.exceptions.ValidationError: ['“” value must be a decimal number.']