Closed anuragrao04 closed 12 months ago
Can I be assigned this?
Ok can I be deassigned?
@Python-is-better-than-Java do you want to work on this issue?
i would like to work
Can i work on this issue?
give me work
can i have it?
@Python-is-better-than-Java do you want to work on this issue?
No I would like for someone else to be assigned it
@ProSai8055 please go ahead
can i get assigned to this issue
Explanation
All the SQL Queries used in the project are not sanitised. This makes it highly susceptible to SQL injection attacks. We need to sanitise all queries before they are passed to the database. We do not expect you to sanitise all of the queries since that would take too much time and would be lengthy. Sanitise all queries from the login page to the home page. This includes all the pages that come in between in the flow, including the register page, forgot password, etc.
Possible Way To Fix It
Use pattern matching/ text parsing specific to the context to sanitise the SQL queries. Another way is to use the sanitisation feature of SQLAlchemy
Resources
SQLAlchemy Sanitisation
Bounty Points: 40 to 80 Depending on the number of queries sanitised and the amount of login/code required.