I am running a python script which needs to accept user input parameters. This can be done using parse_args or argv. But the problem I am facing is having a mssql connection string using pyodbc package. The vulnerability is on pd.read_sql and pyodbc.connect if I use sys.argv. I cannot move away from argv and I tried many approaches like having regex on sys.argv and if pattern not matching exit the script. Regex on all input parameters also. I am not able to understand why the vulnerability still persists on read_sql and pyodbc.connect. Need a help on this.
python hello_world.py --env Test --path /Users/abc/scripts --ing search --tab test_tab
I have written regex on tab parameter as I am passing the variable to database connection.
I used regex on all input parameters and used strip() which checkmarx was expecting. Sanitizing every input parameters would solve the vulnerability issues.