bandit.plugins.django_sql_injection.
django_extra_used
B610: Potential SQL injection on extra function
See also
New in version 1.5.0.