diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md index 8c7899ab..546c054a 100644 --- a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md +++ b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md @@ -168,6 +168,7 @@ The `compliant01.py` code is also providing variable type hints in its methods s > * Type hints do not prevent simple string injections at runtime. They only help prevent coding mistakes when used with a special linter at design time. > * The `sqlite3.cursor.executescript()` method is specifically designed to prohibit printing the output. That is to prevent an attacker from exploring the database back-end layout. > * Production code must use logging that avoids exposing sensitive data. +> * Input sanitation as described in separate rules would have to be added. [*compliant01.py:*](compliant01.py)