Use of unsanitized data to issue SQL queries このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください 。
このルールを試す ID: python-flask/sqlalchemy-injection
Language: Python
Severity: Error
Category: Security
CWE : 89
Description Use of unsanitized data from incoming requests in SQL queries may lead to SQL injections. Instead, the data should be filtered and sanitized before use, making sure all potential SQL injections are avoided.
Learn More Non-Compliant Code Examples import flask
import requests
app = flask . Flask ( __name__ )
@app.route ( "/route/to/resource/<resource_id>" )
def resource2 ( resource_id ):
file1 = query . order_by ( resource_id )
file2 = query . having ( f " { resource_id } " )
@app.route ( "/route/to/resource/<resource_id>" )
def resource3 ( resource_id ):
file3 = query . filter ( " {0} " . format ( resource_id ))
@app.route ( "/route/to/resource" )
def resource2 ():
resource_id = flask . request . args . get ( "resource_id" )
file1 = query . group_by ( resource_id )
Compliant Code Examples import flask
import requests
app = flask . Flask ( __name__ )
@app.route ( "/route/to/resource" )
def resource2 ():
resource_id = flask . request . args . get ( "resource_id" )
file1 = query . group_by ( sanitize ( resource_id ))
Seamless integrations. Try Datadog Code Analysis