github-actions[bot]
commented
2 years ago Thanks for submitting your first issue, we will have a look as quickly as possible.
Open NormanWenzelWSS opened 2 years ago
github-actions[bot]
commented
2 years ago Thanks for submitting your first issue, we will have a look as quickly as possible.
WhiteSource SAST Security Report for SQL Injection (CWE 89)
Latest Scan: 2022-03-02 07:30pm New Vulnerabilities: 1 Total Vulnerabilities: 2 Scan URL: WhiteSource SAST
Vulnerability Description
SQL Injection vulnerability occurs when a user input is used in the construction of an SQL query without proper user input string neutralization (sanitization). A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown of the DBMS), recover the content of a given file present on the DBMS file system or in some cases issue commands to the operating system
Compliance Standard Violations
Vulnerabilities
Details
org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java:63
### Snippet ```Java protected AttackResult injectableQuery(String query) { try (Connection connection = dataSource.getConnection()) { try (Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) { statement.executeUpdate(query); ```Suppress Vulnerability
### Remediation Recommondations
org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java:58
### Snippet ```Java String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'"; try (Connection connection = dataSource.getConnection()) { try { Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE); log(connection, query); ResultSet results = statement.executeQuery(query); ```Suppress Vulnerability
### Remediation Suggestion //TODOCreate PR
Suppressed Vulnerabilities