Open whokilleddb opened 2 years ago
Write better (safer) functions to prevent SQLi
It is generally considered bad practice to write SQL statements as such without preparing them first (See: this) https://github.com/nexB/scancode-analyzer/blob/813732ace5f0cb9647fe1c8ff504a4d30a1c67ac/etc/load_scan_into_dataframe/postgres.py#L59
Maybe, the Queries can be written using placeholders so that the database can fill in the data values properly and safely.
Also, if you guys think that this is a valid issue, can I work on it? 😄
Write better (safer) functions to prevent SQLi
It is generally considered bad practice to write SQL statements as such without preparing them first (See: this) https://github.com/nexB/scancode-analyzer/blob/813732ace5f0cb9647fe1c8ff504a4d30a1c67ac/etc/load_scan_into_dataframe/postgres.py#L59
Maybe, the Queries can be written using placeholders so that the database can fill in the data values properly and safely.