search

anuragrao04 / GrowPal

GrowPal is a software that aids small businesses in apartment societies to grow their customer base.
Apache License 2.0
1 stars 1 forks source link

Sanitise SQL Queries - Part 2 of 2- All pages connected to Home Page #6

Closed anuragrao04 closed 12 months ago

anuragrao04 commented 1 year ago

Explanation

All the SQL Queries used in the project are not sanitised. This makes it highly susceptible to SQL injection attacks. We need to sanitise all queries before they are passed to the database. We do not expect you to sanitise all of the queries since that would take too much time and would be lengthy. Sanitise all queries in the pages connected to the home page. This includes Items Page, Selling Page, Sell Page and the transactions. This issue has higher points awarded since it involves a higher number of pages.

Possible Way To Fix It

Use pattern matching/ text parsing specific to the context to sanitise the SQL queries. Another way is to use the sanitisation feature of SQLAlchemy

Resources

SQLAlchemy Sanitisation

Bounty Points: 40 - 80 Depending on the number of queries sanitised and the amount of login/code required.

g-anupam commented 12 months ago

can i be assigned this

anuragrao04 commented 12 months ago

@g-anupam go ahead!

AdiXgit commented 12 months ago

can i be assigned

akdino commented 12 months ago

can i be assigned

DedLad commented 12 months ago

can i have?