Skip to content

Fix: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option. in scripts/compare-llama-bench.py#16572

Closed
orbisai-sec wants to merge 1 commit intoggml-org:masterfrom
orbisai-sec:fix-semgrep-python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-b8c38e8f-b1fc