Update docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md

myteron · gkunz · web-flow · commit f2e7746df17f · 2024-12-02T17:30:36.000Z
Co-authored-by: Georg Kunz &lt;georg.kunz@ericsson.com&gt;
Signed-off-by: myteron &lt;myteron@gmail.com&gt;
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-89/README.md
@@ -175,7 +175,7 @@ The `compliant01.py` code is also providing variable type hints in its methods s
 >[!NOTE]
 >
 > * Type hints do not prevent simple string injections at runtime. They only help prevent coding mistakes when used with a special linter at design time.
-> * The `sqlite3.cursor.executescript()` is specifically designed to prohibit printing the output. That is to prevent an attacker from exploring the database back-end layout.
+> * The `sqlite3.cursor.executescript()` method is specifically designed to prohibit printing the output. That is to prevent an attacker from exploring the database back-end layout.
 > * Production code must use logging that avoids exposing sensitive data.
 
 [*compliant01.py:*](compliant01.py)

Original file line number	Diff line number	Diff line change
@@ -175,7 +175,7 @@ The `compliant01.py` code is also providing variable type hints in its methods s
`175`	`175`	`>[!NOTE]`
`176`	`176`	`>`
`177`	`177`	`> * Type hints do not prevent simple string injections at runtime. They only help prevent coding mistakes when used with a special linter at design time.`
`178`		-> * The `sqlite3.cursor.executescript()` is specifically designed to prohibit printing the output. That is to prevent an attacker from exploring the database back-end layout.
	`178`	+> * The `sqlite3.cursor.executescript()` method is specifically designed to prohibit printing the output. That is to prevent an attacker from exploring the database back-end layout.
`179`	`179`	`> * Production code must use logging that avoids exposing sensitive data.`
`180`	`180`
`181`	`181`	`[compliant01.py:](compliant01.py)`