B610: django_extra_usedΒΆ
-
bandit.plugins.django_sql_injection.
django_extra_used
(context)[source] B610: Potential SQL injection on extra function
Example: >> Issue: [B610:django_extra_used] Use of extra potential SQL attack vector. Severity: Medium Confidence: Medium CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html) Location: examples/django_sql_injection_extra.py:29:0 More Info: https://bandit.readthedocs.io/en/latest/plugins/b610_django_extra_used.html 28 tables_str = 'django_content_type" WHERE "auth_user"."username"="admin' 29 User.objects.all().extra(tables=[tables_str]).distinct()
See also
New in version 1.5.0.
Changed in version 1.7.3: CWE information added