CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
        • Airflow
        • Attr
        • Aws-lambda
        • Bokeh
        • Boto3
        • Cassandra
        • Click
        • Correctness
        • Couchbase
        • Cryptography
        • Distributed
        • Django
        • Docker
        • Elasticsearch
        • Fastapi
        • Flask
        • Jinja2
        • Jwt
        • Lang
        • Ldap3
        • Mariadb
        • Mysql
        • Mysqlclient
        • Neo4j
        • Openai
        • Peewee
        • Pg8000
        • Psycopg2
        • Pycryptodome
        • Pyjwt
        • Pymongo
        • Pymssql
        • Pymysql
        • Pyramid
        • Redis
        • Requests
        • Sh
        • Sqlalchemy
          • Correctness
          • Performance
          • Python-sqlalchemy-hardcoded-secret
          • Security
          • Security
            • Audit
        • Tormysql
        • Urllib3
        • Webrepl
        • Wtforms
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Security

    Audit

    avoid-sqlalchemy-text

    sqlalchemy.text passes the constructed SQL statement to the database mostly unchanged. This means that the usual SQL injection protections are not applied and this function is vulnerable to SQL injection if user input can reach here. Use normal SQLAlchemy operators (such as or_, and_, etc.) to construct SQL.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
    OWASP:
    - A01:2017 - Injection
    - A03:2021 - Injection
    SecurityPython tormysql empty password
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.