RSPEC-2077 should be triggered when String is concatenated using +=
public List<Object[]> notFiring(String table) { String query = "SELECT * "; query += "FROM " + table; return em.createNativeQuery(query).getResultList(); // False negative }
- is related to
-
RSPEC-2077 Formatting SQL queries is security-sensitive
- Active
- links to