Python: Merge SQLAlchemy TextClause injection into py/sql-injection

As discussed in a meeting today, this will end up presenting an query suite that's easier to use for customers. Since https://github.com/github/codeql/pull/6589 has JUST been merged, if we get this change in fast enough, no end-user will ever have run `py/sqlalchemy-textclause-injection` as part of LGTM.com or Code Scanning.
2026-04-29 02:35:15 +02:00 · 2021-09-21 20:21:42 +02:00
parent d62f76afa6
commit a83bb39d0f
13 changed files with 55 additions and 245 deletions
--- a/python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection-query.md
+++ b/python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection-query.md
@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Introduced a new query _SQLAlchemy TextClause built from user-controlled sources_ (`py/sqlalchemy-textclause-injection`) to alert if user-input is added to a TextClause from SQLAlchemy, since that can lead to SQL injection.
--- a/python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection.md
+++ b/python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Expanded the query _SQL query built from user-controlled sources_ (`py/sql-injection`) to alert if user-input is added to a TextClause from SQLAlchemy, since that can lead to SQL injection.