Python validating sql parser
Unless you have a good reason, don’t construct SQL queries by hand. For the shell, use the module to escape input correctly.If your application ever loads and parses XML files, the odds are you are using one of the XML standard library modules. Mostly Do S-style (designed to crash systems instead of exfiltration of data).
Injection attacks are broad and really common and there are many types of injection.Basically, the idea is that you can do referential entities in XML, so when your unassuming XML parser tries to load this XML file into memory it consumes gigabytes of RAM.Try it out if you don’t believe me :-)Another attack uses external entity expansion.The attacker can use that to include references to one of the subprocess modules to run arbitrary commands on the host.This wonderful example shows how to pickle a class that opens a shell in Python 2.