开发者

python input causing checkmarx sql_injection/command_injection

开发者 https://www.devze.com 2022-12-07 20:32 出处:网络
We have a Flask/ML application which while training takes user input. While in production, it skips taking input 开发者_高级运维from user and reads in from a steps.ob file.

We have a Flask/ML application which while training takes user input. While in production, it skips taking input 开发者_高级运维from user and reads in from a steps.ob file.

However, Checkmarks still identifies this as a potential SQL injection vulnerability.

for i in range(0, n): 
    ele = input("Enter column name (one at a time): ")
    cols_drop.append(ele) # adding the element
X = df.drop(cols_drop,axis='columns')

Is there any short workaround for clearing this vulnerability? (In production, since we are supplying the steps.ob file, it won't take user input but checkmarx is not considering that there is an if/else production condition)

0

精彩评论

暂无评论...
验证码 换一张
取 消