Configuring Django Doctor

Django Doctor checks over 40 security, performance, and maintainability problems.

This can be customized using a pyproject.toml file: add it to the root of your project and specify some check codes in enable and disable, like the examples below.

View the list of check codes here.
What is a pyproject.toml file? Read here.

Examples of Django Doctor pyproject.toml configuration

Example 1: Disable one check



disable = ["redundant-settings"]

Example 2: Disable multiple checks



disable = ["redundant-settings", "missing-hsts-subdomain"]

Example 3: Disable everything except x



disable = ["all"]

enable = ["redundant-settings", "missing-hsts-subdomain"]

Check codes

Use these codes in the enable and disbale section of your pyproject.toml file to customize the checks that Django Doctor performs.

migration-model-importImporting into migrations
missing-reverse-migrationMissing reverse migration
hard-coded-static-urlHard-coded static asset URL in template
middleware-orderMiddleware order
non-unique-url-nameURL name not unique
reverse-lazy-misuseUsing reverse_lazy where reverse would be better
middleware-order-endMiddleware should be near the end
middleware-order-topMiddleware should be near the top
hard-coded-urlHard-coded URL in template
brittle-unique-forBrittle unique_for
direct-import-settingsImporting setting file directly
huge-max-lengthCharField with huge max_length
deprecated-nullboolean-fieldDeprecated NullBooleanField
redundant-default-argsRedundant default arguments
redundant-settingRedundant setting
field-null-not-blankField allows null but not blank
non-unique-primaryNon-unique primary_key
template-dir-relativeRelative path in TEMPLATES setting
template-dir-backslashBack slashes in TEMPLATES settings
nullable-string-fieldNullable string field
missing-related-nameForeignKey missing related_name
model-method-orderModel method order
misplaced-admin-classAdmin class not in
tall-modelTall Model
model-common-prefixTall with a common prefix
django-version-supportDjango version is no longer supported
django-minor-versionDjango bugfixes and additional features available
missing-security-middlewareSecurity middleware not activated
missing-xframe-middlewareClickjacking protection not activated
missing-csrf-middlewareCross Site Request Forgery protection not activated
missing-csrf-secureCross Site Request Forgery protection weak to packet sniffing
missing-hsts-middlewareHTTP Strict Transport Security protection not activated
missing-hsts-subdomainSubdomains not protected by HSTS
missing-hsts-preloadHSTS browser preload list not activated
missing-secure-content-type-nosniffBrowser can be tricked into executing uploaded malicious code
missing-secure-ssl-redirectWebsite can be served with insecure HTTP
missing-session-cookie-secureSession cookie is vulnerable to packet sniffing attack
missing-session-cookie-http-onlySession cookie is vulnerable to XSS attack
queryset-lengthUsing len(queryset) instead of queryset.count()
indirect-foreign-keyNot using foreign keys directly
count-instead-existsComparing queryset.count() instead of checking queryset.exists()
truthy-instead-existsChecking queryset truthiness instead of checking queryset.exists()

Are you ready to improve your team agility through lower tech debt? Get Django Doctor.