A small package to track SQL injection in flask app
Project description
PROTECTSQL
Table of Contents
Installation
Installing the repository for contribution purposes
Please refer to our CONTRIBUTING.md file to setup protectsql locally
Installing the package
Our package is publicly available on PyPi.
To install using pip, run the command:
pip install protectsql
Usage
Init command
protectsql init # initialise the pysa configurations
Analyze command
Runs the static analysis.
protectsql analyze # analyze your app
Inspiration
We wanted to make a package to check for SQLi vulnerabilities for generic frameworks/specific to Flask as there are quite a few python applications that don't use ORM and are vulnerable to SQLi vulnerabilities.
What it does
A CLI tool which will help you analyze your python/flask app, using Pysa (a static analysis tool by facebook), In case sqli are found, they're displayed at runtime after running the analyze command.
How we built it
Protectsql is build on top of pysa, a part of the pyre-check project package (see more about pysa here).
Additionally, since it's a CLI tool, we also make use of click (see more here).
Tech Stack
pythonpysaclickflask
Challenges we ran into
- Understanding
pysadocumentation - Coming up with target frameworks vulnerable to sqli injections and how can we use
pysafor them
Accomplishments that we're proud of
- Using
pysafor static analysis - Usage of
click, the python CLI tool - Uploading our own package to PyPi
What's next for Protectsql
We plan to add support to more lightweight framework which does not rely on ORM!
As of now, Protectsql is published on PyPi and is ready for use. Anyone can contribute following our contribution rules and guidelines.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file protectsql-0.0.8.tar.gz.
File metadata
- Download URL: protectsql-0.0.8.tar.gz
- Upload date:
- Size: 4.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 41359e5eb7eb7ec61ba9289766eb4daa884c92d97981b8386f426896b63f57b8 |
|
| MD5 | 703071196280974988b1c029a0f25069 |
|
| BLAKE2b-256 | 880f41410630d04e14d93c4ad664caae82ac0b2b70cf34d182740c8007cc8c3d |
File details
Details for the file protectsql-0.0.8-py3-none-any.whl.
File metadata
- Download URL: protectsql-0.0.8-py3-none-any.whl
- Upload date:
- Size: 4.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5fd5e62278d9fae849fb0ca305c5a4766456574627449b1b3edcd9dc6ffc4ec5 |
|
| MD5 | 37ec18dd16b281260da9d549c97c7910 |
|
| BLAKE2b-256 | 9a23f5a424f8b652994e4d6022800b1f8179f75955babbd39f5882b685da0097 |
