Skip to content

Fix B608 to detect VALUES( without space#1337

Merged
ericwb merged 1 commit into
PyCQA:mainfrom
kfess:update/injection-sql
Nov 30, 2025
Merged

Fix B608 to detect VALUES( without space#1337
ericwb merged 1 commit into
PyCQA:mainfrom
kfess:update/injection-sql

Conversation

@kfess
Copy link
Copy Markdown
Contributor

@kfess kfess commented Nov 29, 2025

The current regex pattern for INSERT statements requires a whitespace character after VALUES,
but VALUES( is valid SQL syntax and commonly used.
This causes potential SQL injection cases to go undetected.

Changed the regex from values\s to values[\s(] to match both VALUES ( and VALUES( patterns.

Resolves: #1336

@kfess
Fix B608 to detect VALUES( without space
832cb26 
The current regex pattern for INSERT statements requires a whitespace
character after VALUES, but VALUES( is valid SQL syntax and commonly
used. This causes potential SQL injection cases to go undetected.

Changed the regex from `values\s` to `values[\s(]` to match both
`VALUES (` and `VALUES(` patterns.

Resolves: PyCQA#1336
@kfess kfess force-pushed the update/injection-sql branch from 87f58ad to 832cb26 Compare November 29, 2025 05:34
@ericwb ericwb merged commit 3c56109 into PyCQA:main Nov 30, 2025
15 checks passed
@github-actions github-actions Bot mentioned this pull request Feb 18, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sigmavirus24 sigmavirus24 sigmavirus24 approved these changes

@ericwb ericwb ericwb approved these changes

@lukehinds lukehinds Awaiting requested review from lukehinds lukehinds is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

B608: Missing detection for VALUES( without space in SQL injection check

3 participants

@kfess @sigmavirus24 @ericwb