codeql/python/change-notes/2021-03-22-django-queryset-chains.md

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
lgtm,codescanning
* Improved modeling of `django` to recognize QuerySet chains such as `User.objects.using("db-name").exclude(username="admin").extra("some sql")`. This can lead to new results for `py/sql-injection`.
	`lgtm,codescanning`
	* Improved modeling of `django` to recognize QuerySet chains such as `User.objects.using("db-name").exclude(username="admin").extra("some sql")`. This can lead to new results for `py/sql-injection`.