pycharm-security icon indicating copy to clipboard operation
pycharm-security copied to clipboard

Published 20 hours ago verified publisher icon tonybaloney

Flask ORM (?) SQL Injection

Open tonybaloney opened this issue 4 years ago • 4 comments

Investigate and add inspections for SQL Injection techniques for Flask ORM.

tonybaloney avatar May 16 '20 00:05 tonybaloney

Am happy to be part of this team

Nkarnaud avatar May 16 '20 10:05 Nkarnaud

@Nkarnaud can you answer these questions

  1. What does Flask use for connecting and querying the database by default?
  2. Does flask-sqlalchemy add any https://flask.palletsprojects.com/en/1.1.x/tutorial/views/ https://flask-sqlalchemy.palletsprojects.com/en/2.x/
  3. Fork this repo, https://github.com/tonybaloney/pycharm-security-testing then install the plugin into PyCharm and see how it handles the existing demos.
  4. Write a demo Flask app that can be used for testing, add some SQL injection vulnerabilities into it.

tonybaloney avatar May 16 '20 23:05 tonybaloney

@tonybaloney & @Nkarnaud Is this issue picked up by anyone? I would like to work give a helping hand in this project and I think this issue fits me.

Odame avatar Jul 01 '20 18:07 Odame

@Odame this is still up for grabs if you want to help

tonybaloney avatar Jul 02 '20 01:07 tonybaloney