Uploaded image for project: 'SonarSlang'
  1. SonarSlang
  2. SONARSLANG-475

Rule S2068: filter database query parameters

    XMLWordPrintable

    Details

      Description

      The following use case show legitimate use of parameters in a database query.

      • Go
        query1 := "password=?"                  // Compliant
        query2 := "password=:password"          // Compliant
        query3 := "password=:param"             // Compliant
        query4 := "password='" + password + "'" // Compliant
        query5 := "password=%s"                 // Compliant
        query6 := "password=%v"                 // Compliant
        
      • Ruby
        query1 = "password=?"                  # Compliant
        query2 = "password=:password"          # Compliant
        query3 = "password=:param"             # Compliant
        query4 = "password='" + password + "'" # Compliant
        query5 = "password=%s"                 # Compliant
        query6 = "password=%v"                 # Compliant
        
      • Apex
        String query1 = 'password=?'; // Compliant
        String query2 = 'password=:password'; // Compliant
        String query3 = 'password=:param'; // Compliant
        String query4 = 'password=' + password ; // Compliant
        String query5 = 'password=%s'; // Compliant
        String query6 = 'password=%v'; // Compliant
        
      • Kotlin
        val query1 = "password=?"                  // Compliant
        val query2 = "password=:password"          // Compliant
        val query3 = "password=:param"             // Compliant
        val query4 = "password='" + password + "'" // Compliant
        val query5 = "password=%s"                 // Compliant
        val query6 = "password=%v"                 // Compliant
        
      • Scala
        val var1 = "password=?"                  // Compliant
        val var1 = "password=:password"          // Compliant
        val var1 = "password=:param"             // Compliant
        val var1 = "password='" + password + "'" // Compliant
        val var1 = "password=%s"                 // Compliant
        val var1 = "password=%v"                 // Compliant
        

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              amelie.renard Amélie Renard
              Reporter:
              pierre-loup.tristant Pierre-Loup Tristant
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: