'How to fortify fetchone sentence in desktop aplication?
Guys I need to fortify (Scan code analysis) the following script:
def _insert_s_s(self, curr, s_d, usu):
if usu[0:7]=='user':
curr.execute('''INSERT INTO shema1.table1(D_T, D_B, S_T, F, E, ID_W) VALUES(%s, %s, %s, %s, %s, %s) RETURNING ID_S''', s_d)
retval = curr.fetchone()[0]
return retval
But after fortify the code I get the message:
Database access control errors occur when:
Data enters a program from an untrusted source.
In this case, the data enters at fetchone() in cgtransaction.py on line 154.
And in the following code:
def _insert_file_c(self, curr, f_d, usu):
if usu[0:7]=='usersgc':
curr.execute('''INSERT INTO shema3.table3(F_T, ID_F, ID_S) VALUES (%s, %s, %s)''', f_d)
I get the message:
The data is used to specify the value of a primary key in a SQL query.
In this case, the data is used by execute() in cgtransaction.py on line 175.
Please let me know if you have some ideas. Thanks a lot.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|