We have a Flask/ML application which while training takes user input. While in production, it skips taking input 开发者_高级运维from user and reads in from a steps.ob file.
However, Checkmarks still identifies this as a potential SQL injection vulnerability.
for i in range(0, n):
ele = input("Enter column name (one at a time): ")
cols_drop.append(ele) # adding the element
X = df.drop(cols_drop,axis='columns')
Is there any short workaround for clearing this vulnerability? (In production, since we are supplying the steps.ob file, it won't take user input but checkmarx is not considering that there is an if/else production condition)
精彩评论