Django Doctor

Configuring Django Doctor

Django Doctor checks over 40 security, performance, and maintainability problems.

This can be customized using a pyproject.toml file: add it to the root of your project and specify some check codes in enable and disable, like the examples below.

View the list of check codes here.

What is a pyproject.toml file? Read here.

Examples of Django Doctor pyproject.toml configuration

Example 1: Disable one check

pyproject.toml


[tool.djangodoctor]
disable = ["redundant-settings"]

Example 2: Disable multiple checks

pyproject.toml


[tool.djangodoctor]
disable = ["redundant-settings", "missing-hsts-subdomain"]

Example 3: Disable everything except x

pyproject.toml


[tool.djangodoctor]
disable = ["all"]
enable = ["redundant-settings", "missing-hsts-subdomain"]

Check codes

Use these codes in the enable and disbale section of your pyproject.toml file to customize the checks that Django Doctor performs.

Code	Summary
migration-model-import	Importing models.py into migrations
missing-reverse-migration	Missing reverse migration
hard-coded-static-url	Hard-coded static asset URL in template
middleware-order	Middleware order
non-unique-url-name	URL name not unique
reverse-lazy-misuse	Using reverse_lazy where reverse would be better
middleware-order-end	Middleware should be near the end
middleware-order-top	Middleware should be near the top
hard-coded-url	Hard-coded URL in template
brittle-unique-for	Brittle unique_for
direct-import-settings	Importing setting file directly
huge-max-length	CharField with huge max_length
deprecated-nullboolean-field	Deprecated NullBooleanField
redundant-default-args	Redundant default arguments
redundant-setting	Redundant setting
field-null-not-blank	Field allows null but not blank
non-unique-primary	Non-unique primary_key
template-dir-relative	Relative path in TEMPLATES setting
template-dir-backslash	Back slashes in TEMPLATES settings
nullable-string-field	Nullable string field
missing-related-name	ForeignKey missing related_name
model-method-order	Model method order
misplaced-admin-class	Admin class not in admin.py
tall-model	Tall Model
tall-models	Huge models.py
model-common-prefix	Tall models.py with a common prefix
django-version-support	Django version is no longer supported
django-minor-version	Django bugfixes and additional features available
missing-security-middleware	Security middleware not activated
missing-xframe-middleware	Clickjacking protection not activated
missing-csrf-middleware	Cross Site Request Forgery protection not activated
missing-csrf-secure	Cross Site Request Forgery protection weak to packet sniffing
missing-hsts-middleware	HTTP Strict Transport Security protection not activated
missing-hsts-subdomain	Subdomains not protected by HSTS
missing-hsts-preload	HSTS browser preload list not activated
missing-secure-content-type-nosniff	Browser can be tricked into executing uploaded malicious code
missing-secure-ssl-redirect	Website can be served with insecure HTTP
missing-session-cookie-secure	Session cookie is vulnerable to packet sniffing attack
missing-session-cookie-http-only	Session cookie is vulnerable to XSS attack
queryset-length	Using len(queryset) instead of queryset.count()
indirect-foreign-key	Not using foreign keys directly
count-instead-exists	Comparing queryset.count() instead of checking queryset.exists()
truthy-instead-exists	Checking queryset truthiness instead of checking queryset.exists()

Are you ready to improve your team agility through lower tech debt? Get Django Doctor.