Flask ORM (?) SQL Injection

Question

tonybaloney opened this issue 4 years ago · 4 comments

Investigate and add inspections for SQL Injection techniques for Flask ORM.

Answer 1 · 2020-05-16T10:44:54.000Z

Am happy to be part of this team

Answer 2 · 2020-05-16T23:06:52.000Z

@Nkarnaud can you answer these questions

What does Flask use for connecting and querying the database by default?
Does flask-sqlalchemy add any https://flask.palletsprojects.com/en/1.1.x/tutorial/views/
https://flask-sqlalchemy.palletsprojects.com/en/2.x/
Fork this repo, https://github.com/tonybaloney/pycharm-security-testing then install the plugin into PyCharm and see how it handles the existing demos.
Write a demo Flask app that can be used for testing, add some SQL injection vulnerabilities into it.

Answer 3 · 2020-07-01T18:22:54.000Z

@tonybaloney & @Nkarnaud Is this issue picked up by anyone?
I would like to work give a helping hand in this project and I think this issue fits me.

Answer 4 · 2020-07-02T01:43:14.000Z

@Odame this is still up for grabs if you want to help