Python: Add TODO

yoff · yoff · commit c57c798bfa3f · 2020-10-21T15:10:40.000+02:00
diff --git a/python/ql/src/experimental/semmle/python/frameworks/Django.qll b/python/ql/src/experimental/semmle/python/frameworks/Django.qll
@@ -319,6 +319,8 @@ private module Django {
     /**
      * A call to the `annotate` function on a model using a `RawSQL` argument.
      *
+     * TODO: Consider reworking this to use taint tracking.
+     *
      * See https://docs.djangoproject.com/en/3.1/ref/models/querysets/#annotate
      */
     private class ObjectsAnnotate extends SqlExecution::Range, DataFlow::CfgNode {

Original file line number	Diff line number	Diff line change
`@@ -319,6 +319,8 @@ private module Django {`
`319`	`319`	`/**`
`320`	`320`	* A call to the `annotate` function on a model using a `RawSQL` argument.
`321`	`321`	`*`
	`322`	`+ * TODO: Consider reworking this to use taint tracking.`
	`323`	`+ *`
`322`	`324`	`* See https://docs.djangoproject.com/en/3.1/ref/models/querysets/#annotate`
`323`	`325`	`*/`
`324`	`326`	`private class ObjectsAnnotate extends SqlExecution::Range, DataFlow::CfgNode {`