8000 gh-96250: Improve sqlite3 injection attack example by jiajunjie · Pull Request #99270 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

gh-96250: Improve sqlite3 injection attack example #99270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Dec 8, 2022
Merged

gh-96250: Improve sqlite3 injection attack example #99270

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
867b98e
Improve sqlite3 injection attack example
jiajunjie Nov 9, 2022
5449ef5
Reflow bco. 79 char limit
erlend-aasland Nov 9, 2022
313a921
Use simulated REPL
jiajunjie Nov 16, 2022
41c5a82
Explain the example in the text
jiajunjie Nov 25, 2022
e622ccb
Explain the attack mechanism
jiajunjie Nov 29, 2022
c3fdb06
Add the attack effect
jiajunjie Dec 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Explain the attack mechanism
  • Loading branch information
@jiajunjie
jiajunjie authored Nov 29, 2022
commit e622ccb72ab06318aef5d4e21355124188eaa964
8 changes: 4 additions & 4 deletions Doc/library/sqlite3.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1868,15 +1868,15 @@ How to use placeholders to bind values in SQL queries

SQL operations usually need to use values from Python variables. However,
beware of using Python's string operations to assemble queries, as they
are vulnerable to `SQL injection attacks`_. For example, an attacker can
select all stocks by assembling a query with a crafted input::
are vulnerable to `SQL injection attacks`_. For example, an attacker can simply
close the single quote and inject arbitrary logic::

>>> # Never do this -- insecure!
>>> symbol = input()
' OR 1 = 1; --
' OR TRUE; --
>>> sql = "SELECT * FROM stocks WHERE symbol = '%s'" % symbol
>>> print(sql)
SELECT * FROM stocks WHERE symbol = '' OR 1 = 1; --'
SELECT * FROM stocks WHERE symbol = '' OR TRUE; --'
>>> cur.execute(sql)

Instead, use the DB-API's parameter substitution. To insert a variable into a
Expand Down
0