hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix .qhelp

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-09-02 16:02:04 +02:00
parent d55f18f8e3
commit 88c6d4bb20
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/ql/src/Security/CWE-089/SQLAlchemyTextClauseInjection.qhelp
View File

@@ -9,6 +9,7 @@ The <code>TextClause</code> class in the <code>SQLAlchemy</code> PyPI package re
a textual SQL string directly. If user-input is added to it without sufficient
sanitization, a user may be able to run malicious database queries, since the
<code>TextClause</code> is inserted directly into the final SQL.
</p>
</overview>
<recommendation>