[QGIS-Developer] Existing plugin versions should not be marked with "security issues"
chris hermansen
clhermansen at gmail.com
Wed Jun 17 12:18:10 PDT 2026
Everyone, asking a question here related to Raymond Nijssen's challenge...
On Wed, Jun 17, 2026 at 12:06 PM Raymond Nijssen via QGIS-Developer <
qgis-developer at lists.osgeo.org> wrote:
[snip]
>
> I fixed it by using the `# nosec` comment behind all the lines with SQL
> strings. Feels a bit strange though to "fix" things that are not bad or
> broken at all.
>
> >
> > Le 17/06/2026 à 18:40, Raymond Nijssen via QGIS-Developer a écrit :
> >> Hi, I'm having this security issue with Bandit and cannot publish my
> >> plugin. But the executeSql() does not take separate parameters. What
> >> would be the proper solution here?
Is there really no prepared statement approach that could be used in cases
like this, instead of an "executeSql() that does not take separate
parameters"?
--
Chris Hermansen · clhermansen "at" gmail "dot" com
C'est ma façon de parler.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20260617/23da2dcc/attachment-0001.htm>
More information about the QGIS-Developer
mailing list