I have some fixtures of models in my code base for easy initial setup of the project. However, it includes SQL fixtures as well which means .sql files.
I have looked deeply in Django loaddata but it does not support 'SQL' fixtures because,
sql is not a known serialization format
So, I tried to load data directly from MySQL using mysql --host={host} --port={port} --user={user} --password={password} {database} < {filename} command.
But I have lots of sql files and I do not want to load each file individually, so I decided to add a script to load all sqls files from specified directory and run above command using os.system.
And now bandit is giving security warning for it
Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High
So I am looking for a secure way to load data from SQL files.