• PROTECTSQL
• Table of Contents
  • Installation
    • Installing the repository for contribution purposes
    • Installing the package
  • Usage
    • Init command
    • Analyze command
  • Inspiration
  • What it does
  • How we built it
  • Tech Stack
  • Screenshots
  • Challenges we ran into
  • Accomplishments that we're proud of
  • What's next for Protectsql
  • Demo

Please refer to our CONTRIBUTING.md file to setup protectsql locally

Our package is publicly available on PyPi. To install using pip, run the command:

pip install protectsql

protectsql init # initialise the pysa configurations

Runs the static analysis.

protectsql analyze # analyze your app

We wanted to make a package to check for SQLi vulnerabilities for generic frameworks/specific to Flask as there are quite a few python applications that don't use ORM and are vulnerable to SQLi vulnerabilities.

A CLI tool which will help you analyze your python/flask app, using Pysa (a static analysis tool by facebook), In case sqli are found, they're displayed at runtime after running the analyze command.

Protectsql is build on top of pysa, a part of the pyre-check project package (see more about pysa here). Additionally, since it's a CLI tool, we also make use of click (see more here).

• python
• pysa
• click
• flask

• Understanding pysa documentation
• Coming up with target frameworks vulnerable to sqli injections and how can we use pysa for them

• Using pysa for static analysis
• Usage of click, the python CLI tool
• Uploading our own package to PyPi

We plan to add support to more lightweight framework which does not rely on ORM!

As of now, Protectsql is published on PyPi and is ready for use. Anyone can contribute following our contribution rules and guidelines.