Jacob Kaplan-Moss

Tag: sqli

Preventing SQL Injection in Django May 15th, 2020

I wrote this article for r2c, a security startup I’ve been consulting for. They’ve been building Bento, a program analysis toolkit that can find bug through static anaylsys of Python code. It uses semgrep, a code search tool that understands Python syntax. I’ve been helping them figure out which kinds of checks matter to Django developers. SQL injection is one of the places we decided to start, and I wrote this article to explain the problem, solutions, and how Bento/semgrep can help.…