Flask ORM (?) SQL Injection
tonybaloney opened this issue · 4 comments
tonybaloney commented
Investigate and add inspections for SQL Injection techniques for Flask ORM.
Nkarnaud commented
Am happy to be part of this team
tonybaloney commented
@Nkarnaud can you answer these questions
- What does Flask use for connecting and querying the database by default?
- Does flask-sqlalchemy add any https://flask.palletsprojects.com/en/1.1.x/tutorial/views/
https://flask-sqlalchemy.palletsprojects.com/en/2.x/ - Fork this repo, https://github.com/tonybaloney/pycharm-security-testing then install the plugin into PyCharm and see how it handles the existing demos.
- Write a demo Flask app that can be used for testing, add some SQL injection vulnerabilities into it.
Odame commented
@tonybaloney & @Nkarnaud Is this issue picked up by anyone?
I would like to work give a helping hand in this project and I think this issue fits me.
tonybaloney commented
@Odame this is still up for grabs if you want to help