B611: django_rawsql_used
- bandit.plugins.django_sql_injection.django_rawsql_used(context)[source]
B611: Potential SQL injection on RawSQL function
- Example:
>> Issue: [B611:django_rawsql_used] Use of RawSQL potential SQL attack vector. Severity: Medium Confidence: Medium CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html) Location: examples/django_sql_injection_raw.py:11:26 More Info: https://bandit.readthedocs.io/en/latest/plugins/b611_django_rawsql_used.html 10 ' WHERE "username"="admin" OR 1=%s --' 11 User.objects.annotate(val=RawSQL(raw, [0]))
See also
Added in version 1.5.0.
Changed in version 1.7.3: CWE information added