Continuing the focus on Django security, I've hacked up a scanner for raw SQL queries that should aid in an application audit. Please see  for source code and sample output.
This project started with Adam Baldwin's regex to find raw SQL queries:
grep -R ".raw(" *
grep -R ".execute(" *
However, the scanner  is a bit more powerful. It checks that string interpolation is actually being used on the first parameter to those methods. Using the ast module with Python's native parser gives us more flexibility than regex ever will, and this basic proof of concept could be extended into a a full-blown static analysis tool. Who's interested?
The only downside I see is that because we "unparse" the AST into a string, you won't be able to do a search of the source file for the matched calls. The line numbers that are output will have to suffice.
Could someone please add recursive directory traversal to send all the *.py files under a directory through the scanner?