# HTTP Parameter Pollution

- ID: python-parameter-pollution
- Severity: MEDIUM
- CWE: CWE-235 (CWE-235)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects handling of duplicate HTTP parameters without proper validation.

## Remediation

Check for duplicate parameters and reject requests with unexpected multiples.

```python
if len(request.args.getlist('param')) > 1:
    return "Duplicate parameters not allowed", 400
```

Learn more: https://shoulder.dev/learn/python/cwe-235/parameter-pollution

## Documentation

[object Object]

## Related Rules

- **HTTP Parameter Pollution Prevention in Express.js** [LOW]: