Skip to content

Commit

Permalink
Update docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Hubert Daniszewski <[email protected]>
Signed-off-by: myteron <[email protected]>
  • Loading branch information
@myteron @s19110
myteron and s19110 authored Dec 4, 2024
1 parent 7fae30a commit 199c482
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ The `compliant01.py` code is also providing variable type hints in its methods s
> * Type hints do not prevent simple string injections at runtime. They only help prevent coding mistakes when used with a special linter at design time.
> * The `sqlite3.cursor.executescript()` method is specifically designed to prohibit printing the output. That is to prevent an attacker from exploring the database back-end layout.
> * Production code must use logging that avoids exposing sensitive data.
> * Input sanitation as described in separate rules would have to be added.

[*compliant01.py:*](compliant01.py)

Expand Down

0 comments on commit 199c482

Please sign in to comment.