Python has a built-in ast module that lets you inspect, parse and edit Python code. AST stands for abstract syntax tree, a data structure that makes it easy to analyze, inspect and edit programming language code.
When working with abstract trees, you don't have to worry about the syntax of a programming language. Abstract trees represent relations between objects, operators and language expressions.
This article shows a real-world example of how you can use this module to detect SQL injection vulnerabilities in Python code.
Introduction to SQL injections
SQL injection is a code injection technique that makes it possible for an attacker to insert or alter SQL query in the poorly designed application.
To demonstrate this attack, I wrote a simple web application using flask:
import sqlite3 import hashlib from flask import Flask, request app =
from Planet Python
via read more
No comments:
Post a Comment