search

PixeeSandbox / pygoat-defectdojo-bak

intentionally vuln web Application Security in django
https://appsec.asia
0 stars 0 forks source link

(DefectDojo) Fix raw SQL queries that are not parameterized #3

Closed pixeebot[bot] closed 5 months ago

pixeebot[bot] commented 5 months ago

Remediation

This change fixes findings identified by DefectDojo.

Details

This codemod refactors SQL statements to be parameterized, rather than built by hand.

Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerabilities. Although we can't tell for sure if your code is actually exploitable, this change will make the code more robust in case the conditions which prevent exploitation today ever go away.

Our changes look something like this:

import sqlite3

name = input()
connection = sqlite3.connect("my_db.db")
cursor = connection.cursor()
- cursor.execute("SELECT * from USERS WHERE name ='" + name + "'")
+ cursor.execute("SELECT * from USERS WHERE name =?", (name, ))

I have additional improvements ready for this repo! If you want to see them, leave the comment:

@pixeebot next

... and I will open a new PR right away!

🧚🤖Powered by Pixeebot (codemod ID: defectdojo:python/llm-sql-parameterization)

pixeebot[bot] commented 5 months ago

This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!

You can also customize me to make sure I'm working with you in the way you want.