toolswatch/vFeed

Sanitize queries

Closed this issue · 0 comments

toolswatch commented

Andres Riancho suggested to sanitize the queries against SQL injection (not for local use but a next online web based vFeed db)

I added a small patch to get CVE details as following

query = (myCVE,)
cur.execute('SELECT * FROM nvd_db WHERE cveid=?', query)
data = cur.fetchone()

The code is working. Need to recheck if SQLi is sanitized.

Otherwise, any smart way to construct secure queries ?

ps : not mandatory for now.