From 199c48277d5bdba8c199eb677c4d9372cef2c39d Mon Sep 17 00:00:00 2001
From: myteron <myteron@gmail.com>
Date: Wed, 4 Dec 2024 13:01:27 +0000
Subject: [PATCH] Update
 docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md

Co-authored-by: Hubert Daniszewski <61824500+s19110@users.noreply.github.com>
Signed-off-by: myteron <myteron@gmail.com>
---
 docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md
index 8c7899ab..546c054a 100644
--- a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md
+++ b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md
@@ -168,6 +168,7 @@ The `compliant01.py` code is also providing variable type hints in its methods s
 > * Type hints do not prevent simple string injections at runtime. They only help prevent coding mistakes when used with a special linter at design time.
 > * The `sqlite3.cursor.executescript()` method is specifically designed to prohibit printing the output. That is to prevent an attacker from exploring the database back-end layout.
 > * Production code must use logging that avoids exposing sensitive data.
+> * Input sanitation as described in separate rules would have to be added.
 
 [*compliant01.py:*](compliant01.py)