Insecure Use of SQL Queries

Why is this important?

SQL injections are dangerous because they can be easily identified by attackers. Hackers can use SQL injections to read from and sometimes even write to your database. SQL injections are very common and have been the cause of many high-profile breaches.

Check out this video for a high-level explanation:

SQL Injection Explanation Video

Fixing Insecure Use of SQL Queries

Option A: Avoid using RawSQL and QuerySet.extra

  1. Go through the issues that GuardRails identified in the PR.
  2. Identify any occurrences of RawSQL() or QuerySet.extra(), both of them can lead to SQL injections and should be avoided.
  3. Remove the use of these APIs with normal QuerySet functionality, that is safe against SQL injections. Alternatively, if it can't be removed, you should escape any parameters that the user can control by using params.
  4. Test it
  5. Ship it 🚢 and relax 🌴

Option B: Use Secure Query Patterns

  1. Go through the issues that GuardRails identified in the PR.
  2. Look for code that is similar to the example below:

     import MySQLdb
    
     db = MySQLdb.connect(host="localhost",
     user="",
     passwd="",
     db="")
    
     cur = db.cursor()
    
     platform = raw_input('Enter language: ')
     # This is the vulnerable line of code
     cur.execute("SELECT * FROM platforms WHERE language = '%s';" % platform)
     for row in cur.fetchall():
     print (row)
    
     db.close()
    
  3. The easiest solution is to update the code to follow the pattern below:

     cur.execute("SELECT * FROM platforms WHERE language = %s;", (platform,))
    
  4. Test it

  5. Ship it 🚢 and relax 🌴

More information: