Our Fortify scans alerted us to possible SQL injection attacks in sqldict.py, and upon inspection it does appear to have a number of SQL statements built with Python's string-building %s feature rather than sqlite's parameterized queries.
Is that something that can be fixed? It's giving our cyber team fits. =)
Our Fortify scans alerted us to possible SQL injection attacks in sqldict.py, and upon inspection it does appear to have a number of SQL statements built with Python's string-building %s feature rather than sqlite's parameterized queries.
Is that something that can be fixed? It's giving our cyber team fits. =)
-Rob