apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/dynamic_fixtures/python/sqli_negative.py

19 lines
603 B
Python
Raw Permalink Normal View History

Dynamic (#77)
2026-06-05 10:16:30 -05:00
"""SQL injection — negative fixture.
Safe function: uses parameterized queries.
Expected verdict: NotConfirmed (parameterized query prevents injection).
"""
import sqlite3
def login(username):
"""Safe login: parameterized query prevents SQL injection."""
conn = sqlite3.connect(":memory:")
conn.execute("CREATE TABLE users (id INTEGER, name TEXT)")
conn.execute("INSERT INTO users VALUES (1, 'alice')")
# Safe: parameterized query
rows = conn.execute("SELECT name FROM users WHERE name=?", (username,)).fetchall()
for row in rows:
print(row[0])
conn.close()
Reference in a new issue Copy permalink