Merge pull request #5485 from RasmusWL/django-queryset-chains

Approved by tausbn
2026-04-29 10:45:15 +02:00 · 2021-04-12 08:49:31 -07:00
parent d35a501121 c8a6e837b5
commit bc56d16c18
3 changed files with 55 additions and 77 deletions
--- a/python/change-notes/2021-03-22-django-queryset-chains.md
+++ b/python/change-notes/2021-03-22-django-queryset-chains.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Improved modeling of `django` to recognize QuerySet chains such as `User.objects.using("db-name").exclude(username="admin").extra("some sql")`. This can lead to new results for `py/sql-injection`.