Tweak logic

crates/ruff_linter/src/codes.rs

@@ -632,7 +632,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
         (Flake8Bandit, "607") => (RuleGroup::Stable, rules::flake8_bandit::rules::StartProcessWithPartialPath),
         (Flake8Bandit, "608") => (RuleGroup::Stable, rules::flake8_bandit::rules::HardcodedSQLExpression),
         (Flake8Bandit, "609") => (RuleGroup::Stable, rules::flake8_bandit::rules::UnixCommandWildcardInjection),
-        (Flake8Bandit, "611") => (RuleGroup::Stable, rules::flake8_bandit::rules::DjangoRawSql),
+        (Flake8Bandit, "611") => (RuleGroup::Preview, rules::flake8_bandit::rules::DjangoRawSql),
         (Flake8Bandit, "612") => (RuleGroup::Stable, rules::flake8_bandit::rules::LoggingConfigInsecureListen),
         (Flake8Bandit, "701") => (RuleGroup::Stable, rules::flake8_bandit::rules::Jinja2AutoescapeFalse),
         (Flake8Bandit, "702") => (RuleGroup::Preview, rules::flake8_bandit::rules::MakoTemplates),

crates/ruff_linter/src/rules/flake8_bandit/rules/django_raw_sql.rs

@@ -1,35 +1,35 @@
 use ruff_diagnostics::{Diagnostic, Violation};
 use ruff_macros::{derive_message_formats, violation};
-use ruff_python_ast::{self as ast};
+use ruff_python_ast::{self as ast, Expr};
 use ruff_text_size::Ranged;
 
 use crate::checkers::ast::Checker;
 
 /// ## What it does
-/// Checks for Django that use `RawSQL` function.
+/// Checks for uses of Django's `RawSQL` function.
 ///
 /// ## Why is this bad?
-/// Django `RawSQL` function can cause SQL injection attack.
+/// Django's `RawSQL` function can be used to execute arbitrary SQL queries,
+/// which can in turn lead to SQL injection vulnerabilities.
 ///
 /// ## Example
 /// ```python
 /// from django.db.models.expressions import RawSQL
 /// from django.contrib.auth.models import User
 ///
-/// User.objects.annotate(val=RawSQL("%secure" % "nos", []))
+/// User.objects.annotate(val= ("%secure" % "nos", []))
 /// ```
 ///
 /// ## References
-/// - [Django documentation: API](https://docs.djangoproject.com/en/dev/ref/models/expressions/#django.db.models.expressions.RawSQL)
-/// - [Django documentation: sql injection protection](https://docs.djangoproject.com/en/dev/topics/security/#sql-injection-protection)
+/// - [Django documentation: SQL injection protection](https://docs.djangoproject.com/en/dev/topics/security/#sql-injection-protection)
 /// - [Common Weakness Enumeration: CWE-89](https://cwe.mitre.org/data/definitions/89.html)
 #[violation]
 pub struct DjangoRawSql;
 
 impl Violation for DjangoRawSql {
     #[derive_message_formats]
     fn message(&self) -> String {
-        format!("Use of RawSQL potential SQL attack vector.")
+        format!("Use of `RawSQL` can lead to SQL injection vulnerabilities")
     }
 }
 
@@ -45,13 +45,11 @@ pub(crate) fn django_raw_sql(checker: &mut Checker, call: &ast::ExprCall) {
             )
         })
     {
-        let sql = if let Some(arg) = call.arguments.find_argument("sql", 0) {
-            arg
-        } else {
-            &call.arguments.find_keyword("sql").unwrap().value
-        };
-
-        if !sql.is_string_literal_expr() {
+        if !call
+            .arguments
+            .find_argument("sql", 0)
+            .is_some_and(Expr::is_string_literal_expr)
+        {
             checker
                 .diagnostics
                 .push(Diagnostic::new(DjangoRawSql, call.func.range()));

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S611_S611.py.snap

@@ -1,7 +1,7 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S611.py:5:27: S611 Use of RawSQL potential SQL attack vector.
+S611.py:5:27: S611 Use of `RawSQL` can lead to SQL injection vulnerabilities
   |
 4 | User.objects.annotate(val=RawSQL('secure', []))
 5 | User.objects.annotate(val=RawSQL('%secure' % 'nos', []))
@@ -10,7 +10,7 @@ S611.py:5:27: S611 Use of RawSQL potential SQL attack vector.
 7 | raw = '"username") AS "val" FROM "auth_user" WHERE "username"="admin" --'
   |
 
-S611.py:6:27: S611 Use of RawSQL potential SQL attack vector.
+S611.py:6:27: S611 Use of `RawSQL` can lead to SQL injection vulnerabilities
   |
 4 | User.objects.annotate(val=RawSQL('secure', []))
 5 | User.objects.annotate(val=RawSQL('%secure' % 'nos', []))
@@ -20,7 +20,7 @@ S611.py:6:27: S611 Use of RawSQL potential SQL attack vector.
 8 | User.objects.annotate(val=RawSQL(raw, []))
   |
 
-S611.py:8:27: S611 Use of RawSQL potential SQL attack vector.
+S611.py:8:27: S611 Use of `RawSQL` can lead to SQL injection vulnerabilities
    |
  6 | User.objects.annotate(val=RawSQL('{}secure'.format('no'), []))
  7 | raw = '"username") AS "val" FROM "auth_user" WHERE "username"="admin" --'
@@ -30,7 +30,7 @@ S611.py:8:27: S611 Use of RawSQL potential SQL attack vector.
 10 |       ' WHERE "username"="admin" OR 1=%s --'
    |
 
-S611.py:11:27: S611 Use of RawSQL potential SQL attack vector.
+S611.py:11:27: S611 Use of `RawSQL` can lead to SQL injection vulnerabilities
    |
  9 | raw = '"username") AS "val" FROM "auth_user"' \
 10 |       ' WHERE "username"="admin" OR 1=%s --'
@@ -40,7 +40,7 @@ S611.py:11:27: S611 Use of RawSQL potential SQL attack vector.
 13 | User.objects.annotate(val=RawSQL(params=[], sql='{}secure'.format('no')))
    |
 
-S611.py:12:27: S611 Use of RawSQL potential SQL attack vector.
+S611.py:12:27: S611 Use of `RawSQL` can lead to SQL injection vulnerabilities
    |
 10 |       ' WHERE "username"="admin" OR 1=%s --'
 11 | User.objects.annotate(val=RawSQL(raw, [0]))
@@ -49,7 +49,7 @@ S611.py:12:27: S611 Use of RawSQL potential SQL attack vector.
 13 | User.objects.annotate(val=RawSQL(params=[], sql='{}secure'.format('no')))
    |
 
-S611.py:13:27: S611 Use of RawSQL potential SQL attack vector.
+S611.py:13:27: S611 Use of `RawSQL` can lead to SQL injection vulnerabilities
    |
 11 | User.objects.annotate(val=RawSQL(raw, [0]))
 12 | User.objects.annotate(val=RawSQL(sql='{}secure'.format('no'), params=[]))