Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flask ORM (?) SQL Injection #113

Open
tonybaloney opened this issue May 16, 2020 · 4 comments
Open

Flask ORM (?) SQL Injection #113

tonybaloney opened this issue May 16, 2020 · 4 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@tonybaloney
Copy link
Owner

Investigate and add inspections for SQL Injection techniques for Flask ORM.
@tonybaloney tonybaloney added enhancement New feature or request help wanted Extra attention is needed labels May 16, 2020
@Nkarnaud
Copy link

Am happy to be part of this team

@tonybaloney
Copy link
Owner Author

@Nkarnaud can you answer these questions

  1. What does Flask use for connecting and querying the database by default?
  2. Does flask-sqlalchemy add any https://flask.palletsprojects.com/en/1.1.x/tutorial/views/
    https://flask-sqlalchemy.palletsprojects.com/en/2.x/
  3. Fork this repo, https://github.com/tonybaloney/pycharm-security-testing then install the plugin into PyCharm and see how it handles the existing demos.
  4. Write a demo Flask app that can be used for testing, add some SQL injection vulnerabilities into it.

@Odame
Copy link

Odame commented Jul 1, 2020

@tonybaloney & @Nkarnaud Is this issue picked up by anyone?
I would like to work give a helping hand in this project and I think this issue fits me.

@tonybaloney
Copy link
Owner Author

@Odame this is still up for grabs if you want to help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tonybaloney @Odame @Nkarnaud