Closed pixeebot[bot] closed 5 months ago
This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!
You can also customize me to make sure I'm working with you in the way you want.
Remediation
This change fixes findings identified by DefectDojo.
Details
This codemod refactors SQL statements to be parameterized, rather than built by hand.
Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerabilities. Although we can't tell for sure if your code is actually exploitable, this change will make the code more robust in case the conditions which prevent exploitation today ever go away.
Our changes look something like this:
I have additional improvements ready for this repo! If you want to see them, leave the comment:
... and I will open a new PR right away!
🧚🤖Powered by Pixeebot (codemod ID: defectdojo:python/llm-sql-parameterization)