Audit required: Potential SQL injection on RawSQL function BAN-B611

Use of extra in Django querysets should be audited, since unsanitized strings can open up security vulnerabilities.