hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
experimental/benjamin-button
codeql/python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection.md
Rasmus Wriedt Larsen a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
2021-09-21 20:21:42 +02:00

210 B
Raw Permalink Blame History

lgtm,codescanning

  • Expanded the query SQL query built from user-controlled sources (py/sql-injection) to alert if user-input is added to a TextClause from SQLAlchemy, since that can lead to SQL injection.