hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 04:38:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
fd64ff9ef1898636f35a41e5bfe0acb43ccfd7b6
codeql/python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection-query.md
Rasmus Wriedt Larsen c34d6d1162 Python: Add query to handle SQLAlchemy TextClause Injection 
instead of doing this via taint-steps. See description in code/tests.
2021-09-02 10:19:57 +02:00

244 B
Raw Blame History

lgtm,codescanning

  • Introduced a new query SQLAlchemy TextClause built from user-controlled sources (py/sqlalchemy-textclause-injection) to alert if user-input is added to a TextClause from SQLAlchemy, since that can lead to SQL injection.