66from aikido_zen .helpers .get_argument import get_argument
77from aikido_zen .helpers .register_call import register_call
88from aikido_zen .sinks import patch_function , on_import , before
9+ from aikido_zen .vulnerabilities .idor .check_idor import run_idor_check
910
1011
1112@before
@@ -20,6 +21,9 @@ def _execute(func, instance, args, kwargs):
2021 kind = "sql_injection" , op = "pymysql.Cursor.execute" , args = (query , "mysql" )
2122 )
2223
24+ query_params = get_argument (args , kwargs , 1 , "args" )
25+ run_idor_check (query , "mysql" , query_params )
26+
2327
2428@before
2529def _executemany (func , instance , args , kwargs ):
@@ -30,6 +34,9 @@ def _executemany(func, instance, args, kwargs):
3034 kind = "sql_injection" , op = "pymysql.Cursor.executemany" , args = (query , "mysql" )
3135 )
3236
37+ query_params = get_argument (args , kwargs , 1 , "args" )
38+ run_idor_check (query , "mysql" , query_params )
39+
3340
3441@on_import ("pymysql.cursors" , "pymysql" , version_requirement = "0.9.0" )
3542def patch (m ):
0 commit comments