0xDC0DE
commented
1 year ago Semgrep actually is able to detect this with the rule python.lang.security.audit.formatted-sql-query
Open shouldafound[bot] opened 1 year ago
0xDC0DE
commented
1 year ago Semgrep actually is able to detect this with the rule python.lang.security.audit.formatted-sql-query
0xDC0DE
commented
1 year ago Here is the complete code example https://github.com/anxolerd/dvpwa/blob/a1d8f89fac2e57093189853c6527c2b01fc1d9c1/sqli/dao/student.py#L42
Semgrep ShouldaFound reported a possible false negative. The issue is described below:
from https://github.com/anxolerd/dvpwa -- should find sql injection vuln
A playground link was also created for this shouldafound. See here: https://semgrep.dev/s/7LXZ