Add sqlite 3 missing sink by bitterpanda63 · Pull Request #591 · AikidoSec/firewall-python

bitterpanda63 · 2026-02-12T16:34:01Z

Summary by Aikido

Security Issues: 0	🔍 Quality Issues: 1	Resolved Issues: 0

🚀 New Features

Added sqlite3 sink, tests, and integration into package imports.
Introduced modify_arguments helper to inject and adjust call arguments.

⚡ Enhancements

Added patch_immutable_class to enable wrapping methods on C-backed classes.

^{More info}

…cations

…_arg

also includes a bunch of additional test cases

aikido_zen/sinks/sqlite3.py

aikido-pr-checks · 2026-03-02T18:43:42Z

aikido_zen/sinks/sqlite3.py

+        "cursor": _cursor_patch
+    }
+
+    if _PATCH_CONNECTION_EXECUTE:


_connect references _PATCH_CONNECTION_EXECUTE, but it isn't defined/imported here, so calling sqlite3.connect will raise NameError during patching.

Details

✨ AI Reasoning
The code builds a set of patches for the connection factory. While doing so, it branches on a flag to decide whether to also patch connection-level execute methods. However, the flag being checked is not defined anywhere in the shown code. That means calling the connect wrapper will raise an exception at that point, preventing any patching from working.

🔧 How do I fix it?
Trace execution paths carefully. Ensure precondition checks happen before using values, validate ranges before checking impossible conditions, and don't check for states that the code has already ruled out.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.}
_{Reply @AikidoSec ignore: [REASON] to ignore this issue.}
_{More info}

bitterpanda63 added 7 commits February 11, 2026 11:19

Add first rendition of sqlite3.py sink

aecc31c

Add sqlite3 sink tests

3d54bf0

Update sqlite3.py sink: Add c-level wrapping, still needs some modifi…

92fe154

…cations

sqlite3.py _connect shouldnt have a @before_modify_return and use get…

217612d

…_arg

Create a modify_arguments.py helper for patching

867d95a

Create and use the new patch_immutable_class for sqlite3.py

b75b13f

pass factory so as to fix an issue with the _cursor_patch

cd4ae75

also includes a bunch of additional test cases

bitterpanda63 marked this pull request as ready for review March 2, 2026 17:51

aikido-pr-checks bot reviewed Mar 2, 2026

View reviewed changes

aikido_zen/sinks/sqlite3.py Show resolved Hide resolved

bitterpanda63 added 2 commits March 2, 2026 18:54

Add sqlite3 as supported in README.md

103b1f8

Update to patch _execute and _executescript & to make them more dynamic

12d6dd0

aikido-pr-checks bot reviewed Mar 2, 2026

View reviewed changes

bitterpanda63 added 2 commits March 2, 2026 19:48

cleanup & check if py is 3.11 or higher

5a65a9c

lint changes

bcf9313

timokoessler approved these changes Mar 2, 2026

View reviewed changes

bitterpanda63 merged commit bf3acdb into main Mar 2, 2026
84 checks passed

bitterpanda63 deleted the add-sqlite-3-missing-sink branch March 2, 2026 20:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add sqlite 3 missing sink#591

Add sqlite 3 missing sink#591
bitterpanda63 merged 11 commits intomainfrom
add-sqlite-3-missing-sink

bitterpanda63 commented Feb 12, 2026 •

edited by aikido-pr-checks bot

Loading

Uh oh!

Uh oh!

aikido-pr-checks bot Mar 2, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

bitterpanda63 commented Feb 12, 2026 • edited by aikido-pr-checks bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by Aikido

Uh oh!

Uh oh!

aikido-pr-checks bot Mar 2, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

bitterpanda63 commented Feb 12, 2026 •

edited by aikido-pr-checks bot

Loading