Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3253

Rule S2068: filter database query parameters

    XMLWordPrintable

    Details

    • Type: False-Positive
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.1
    • Component/s: Rules
    • Labels:

      Description

      The following use case show legitimate use of parameters in a database query.

      String query1 = "password=?"; // Compliant
      String query2 = "password=:password"; // Compliant
      String query3 = "password=:param"; // Compliant; See Hibernate query parameter https://docs.jboss.org/hibernate/orm/3.2/api/org/hibernate/Query.html
      String query4 = "password='" + pwd + "'"; // Compliant
      String query5 = "password=%s"; // Compliant
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              michael.gumowski Michael Gumowski
              Reporter:
              pierre-loup.tristant Pierre-Loup Tristant
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: