Sanitise SQL Queries - Part 1 of 2 - Login pages to Home Page

[anuragrao04]

Explanation

All the SQL Queries used in the project are not sanitised. This makes it highly susceptible to SQL injection attacks. We need to sanitise all queries before they are passed to the database. We do not expect you to sanitise all of the queries since that would take too much time and would be lengthy. Sanitise all queries from the login page to the home page. This includes all the pages that come in between in the flow, including the register page, forgot password, etc.

Possible Way To Fix It

Use pattern matching/ text parsing specific to the context to sanitise the SQL queries. Another way is to use the sanitisation feature of SQLAlchemy

Resources

SQLAlchemy Sanitisation

Bounty Points: 40 to 80 Depending on the number of queries sanitised and the amount of login/code required.

• You can sanitize a small subset of queries and get lower bounties.[The issue will remain open until majority of sql queries are sanitized.

[Python-is-better-than-Java]

Can I be assigned this?

[Python-is-better-than-Java]

Ok can I be deassigned?

[anuragrao04]

@Python-is-better-than-Java do you want to work on this issue?

[ProSai8055]

i would like to work

[prerana1809]

Can i work on this issue?

[ankitam389]

give me work

[DedLad]

can i have it?

[Python-is-better-than-Java]

@Python-is-better-than-Java do you want to work on this issue?

No I would like for someone else to be assigned it

[anuragrao04]

@ProSai8055 please go ahead

[7Akshu77]

can i get assigned to this issue