>/iSSSKrSSKrSSKJr SSKJr Sr\R"S5\R"S5S55r \R"S5\R"S5S 55r g) N)issue)test_propertiesc0nUH<n[U[R5(dM$URXR'M> U$)N) isinstanceastkeywordvaluearg)keywordskwargsnodes ]/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/django_sql_injection.py keywords2dictr s9 F dCKK ( (#zzF88  MCallB610cLSnURS:XGa[URR5nURRnU(a[ U5S:aUSUS'[ U5S:aUSUS'[ U5S:aUSUS '[ U5S :aUSUS '[ U5S :aUS US '[ U5S:aUS US'SnSHnXR;dM [ X%[R5(aZX%RHFn[ U[R5(a![ UR[5(aMCSn M MSn O U(dSU;a[ US[R5(aUSRHEn[ U[R5(a![ UR[5(aMCSn O U(dXUSRHEn[ U[R5(a![ UR[5(aMCSn O OSnU(aK[ R""[ R$[ R$[&R(R*US9$gg)a%**B610: Potential SQL injection on extra function** :Example: .. code-block:: none >> Issue: [B610:django_extra_used] Use of extra potential SQL attack vector. Severity: Medium Confidence: Medium CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html) Location: examples/django_sql_injection_extra.py:29:0 More Info: https://bandit.readthedocs.io/en/latest/plugins/b610_django_extra_used.html 28 tables_str = 'django_content_type" WHERE "auth_user"."username"="admin' 29 User.objects.all().extra(tables=[tables_str]).distinct() .. seealso:: - https://docs.djangoproject.com/en/dev/topics/security/#sql-injection-protection - https://cwe.mitre.org/data/definitions/89.html .. versionadded:: 1.5.0 .. versionchanged:: 1.7.3 CWE information added z)Use of extra potential SQL attack vector.extrarselectwhereparamstablesorder_by select_paramsF)rrTseverity confidencecwetextN)call_function_namerr r argslenrrListeltsConstantr strDictkeysvaluesbanditIssueMEDIUMrCwe SQL_INJECTION) context descriptionr r'insecurekeyvalkvs rdjango_extra_usedr<s):>K!!W,w||445||   4yA~#'7x 4yA~"&q'w4yA~#'7x 4yA~#'7x 4yA~%)!Wz"4yA~*.q''&C}fk38844%{//&sCLL99 *399c : :'+H! 0 $H'H.&*CHH55)..A"1cll33&qww44#' / #H-44&q#,,77 *177C 8 8'+H! 5  <<!==II++   e-rB611cSnURS5(aURS:XaURR(aURRSnO$[ URR 5nUSn[ U[R5(a[ UR[5(dK[R"[R[R[RR US9$ggg)a**B611: Potential SQL injection on RawSQL function** :Example: .. code-block:: none >> Issue: [B611:django_rawsql_used] Use of RawSQL potential SQL attack vector. Severity: Medium Confidence: Medium CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html) Location: examples/django_sql_injection_raw.py:11:26 More Info: https://bandit.readthedocs.io/en/latest/plugins/b611_django_rawsql_used.html 10 ' WHERE "username"="admin" OR 1=%s --' 11 User.objects.annotate(val=RawSQL(raw, [0])) .. seealso:: - https://docs.djangoproject.com/en/dev/topics/security/#sql-injection-protection - https://cwe.mitre.org/data/definitions/89.html .. versionadded:: 1.5.0 .. versionchanged:: 1.7.3 CWE information added z*Use of RawSQL potential SQL attack vector.zdjango.db.modelsRawSQLrsqlr!N)is_module_imported_liker&r r'rr rrr+r r,r0r1r2rr3r4)r5r6r@r s rdjango_rawsql_usedrBms:?K&&'9::  % % 1||  ll''*&w||'<'<=Um3 --*SYY2L2L||#]]%}} //$ 3M 2;r) rr0 bandit.corerrtestrcheckstest_idr<rBrrrHsw  /VfTTnVf,,r