Details
Description
The following use case show legitimate use of parameters in a database query.
- Go
query1 := "password=?" // Compliant query2 := "password=:password" // Compliant query3 := "password=:param" // Compliant query4 := "password='" + password + "'" // Compliant query5 := "password=%s" // Compliant query6 := "password=%v" // Compliant
- Ruby
query1 = "password=?" # Compliant query2 = "password=:password" # Compliant query3 = "password=:param" # Compliant query4 = "password='" + password + "'" # Compliant query5 = "password=%s" # Compliant query6 = "password=%v" # Compliant
- Apex
String query1 = 'password=?'; // Compliant String query2 = 'password=:password'; // Compliant String query3 = 'password=:param'; // Compliant String query4 = 'password=' + password ; // Compliant String query5 = 'password=%s'; // Compliant String query6 = 'password=%v'; // Compliant
- Kotlin
val query1 = "password=?" // Compliant val query2 = "password=:password" // Compliant val query3 = "password=:param" // Compliant val query4 = "password='" + password + "'" // Compliant val query5 = "password=%s" // Compliant val query6 = "password=%v" // Compliant
- Scala
val var1 = "password=?" // Compliant val var1 = "password=:password" // Compliant val var1 = "password=:param" // Compliant val var1 = "password='" + password + "'" // Compliant val var1 = "password=%s" // Compliant val var1 = "password=%v" // Compliant
Attachments
Issue Links
- contributes to
-
MMF-1935 Enhanced hard-coded credentials detection (S2068) for SLANG
-
- To Do
-
- implements
-
RSPEC-2068 Hard-coded credentials are security-sensitive
- Active
