Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] sql-injection: Fix false positives #344

Merged
merged 5 commits into from
Sep 9, 2021
Merged

[FIX] sql-injection: Fix false positives #344

merged 5 commits into from
Sep 9, 2021

Conversation

moylop260
Copy link
Collaborator

@moylop260 moylop260 commented Sep 8, 2021
edited

Ignore cases when you are using almost one parameter
It means you maybe are using a concatenation for valid concatenation but parameters for other cases

Ignore cases for private parameters and private methods too
It is a common way to use a valid "cr.execute" for Odoo views in newer
versions

Fix #334

It could depends of feedback from:

@moylop260
[FIX] sql-injection: Fix false positives
af01790 
Ignore cases when you are using almost one parameter
It means you maybe are using a concatenation for valid concatenation but parameters for other cases

Ignore cases for private parameters and private methods too
It is a common way to use a valid "cr.execute" for Odoo views in newer
versions

Fix OCA#334
@moylop260 moylop260 merged commit 1ee7a91 into OCA:master Sep 9, 2021
@moylop260 moylop260 deleted the oca-fix-sql-inj-moy branch September 9, 2021 21:44
@moylop260 moylop260 mentioned this pull request Sep 10, 2021
Closed
@antonag32 antonag32 mentioned this pull request Oct 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

False positives with sql-injection check
1 participant
@moylop260