Skip to content

Commit

Permalink
Update libuser.py
Browse files Browse the repository at this point in the history
  • Loading branch information
@streichsbaer
streichsbaer authored Mar 26, 2024
1 parent 0884c8d commit 29fda59
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions bad/libuser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@ def login(username, password):
conn.row_factory = sqlite3.Row
c = conn.cursor()

user = c.execute("SELECT * FROM users WHERE username = '{}' and password = '{}'".format(username, password)).fetchone()
user_name = c.execute("SELECT * FROM users WHERE username = '{}' and password = '{}'".format(username, password)).fetchone()

Check failure

Code scanning / CodeQL

SQL query built from user-controlled sources High

This SQL query depends on a
user-provided value
Loading
.
This SQL query depends on a
user-provided value
Loading
.
This SQL query depends on a
user-provided value
Loading
.
This SQL query depends on a
user-provided value
Loading
.

if user:
return user['username']
if user_name:
return user_name['username']
else:
return False

Expand Down

0 comments on commit 29fda59

Please sign in to comment.