Skip to content

Fix: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option. in scripts/compare-llama-bench.py #16572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option. in scripts/compare-llama-bench.py #16572

wants to merge 1 commit into from

Conversation

orbisai-sec
Copy link

Context and Purpose:

This PR automatically remediates a security vulnerability:

  • Description: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.
  • Rule ID: python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query
  • Severity: HIGH
  • File: scripts/compare-llama-bench.py
  • Lines Affected: 338 - 338

This change is necessary to protect the application from potential security risks associated with this vulnerability.

Solution Implemented:

The automated remediation process has applied the necessary changes to the affected code in scripts/compare-llama-bench.py to resolve the identified issue.

Please review the changes to ensure they are correct and integrate as expected.

@orbisai-sec
fix: semgrep_python.sqlalchemy.security.sqlalchemy-execute-raw-query.…
c929f45 
…sqlalchemy-execute-raw-query_scripts/compare-llama-bench.py_338
@github-actions github-actions bot added script Script related python python script changes labels Oct 14, 2025
@JohannesGaessler
Copy link
Collaborator

The indentation isn't even syntactically correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

python python script changes script Script related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@orbisai-sec @JohannesGaessler