Null penetration detection & prevention
jayvdb opened this issue · 2 comments
I am using https://pypi.org/project/schemathesis/ to smoke test a Django DRF API, and find that NULL is frequently causing problems.
I have run into NULL in
- headers Styria-Digital/django-rest-framework-jwt#70 , also oauth2_provider and social-auth2, but I havent raise bugs yet, as I plan to remove those anyway.
- URL percent encoding paths django-oscar/django-oscar-api#226
It seems like something this app might detect and prevent at a higher level, rather than every single app needing to have dedicated null detection, or try/except everywhere to reply with an error blaming the client instead of a server error. Obviously a dedicated frontend processor doing packet analysis is the best approach, but it seems there is room for a simpler solution within Django that could reach the 80/20 rule.
If there are other more suitable projects for active abuse detection in django, I'd be glad to be redirected elsewhere.
It's possible for a middleware to do something like this but I think it would make more sense to handle it in your API, maybe in a base class?