search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.46k stars 606 forks source link

Failed detection in injection_sql plugin #515

Open teeann opened 5 years ago

teeann commented 5 years ago

Describe the bug injection_sql.py plugin fails to check hardcoded_sql_expressions on certain test cases.

To Reproduce Steps to reproduce the behavior:

  1. Create test.py file with content: 
    "SELECT a " + "FROM " + vuln
  2. Run bandit: bandit test.py
  3. There are no detected issues in the console output

Expected behavior The above test.py file should generate hardcoded_sql_expressions issue.

Bandit version

1.6.2
sachfer commented 4 years ago

In order to fix this bug, an additional module needs to be added to the code which checks the string on the left from the add operator to contain a keyword (SELECT) followed by a random string (an attribute name) and the string to the right to contain a keyword (FROM).

And also, the query ("SELECT a " + "FROM " + vuln) needs to be added in the example scripts to be more informative to the users of Bandit.