hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dd1bed02e8ff47d700db194373affecb8842c063
codeql/python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection-query.md
Rasmus Wriedt Larsen c34d6d1162 Python: Add query to handle SQLAlchemy TextClause Injection 
instead of doing this via taint-steps. See description in code/tests.
2021-09-02 10:19:57 +02:00

244 B
Raw Blame History

lgtm,codescanning

  • Introduced a new query SQLAlchemy TextClause built from user-controlled sources (py/sqlalchemy-textclause-injection) to alert if user-input is added to a TextClause from SQLAlchemy, since that can lead to SQL injection.