Closed pixeebot[bot] closed 3 months ago
I'm confident in this change, but I'm not a maintainer of this project. Do you see any reason not to merge it?
If this change was not helpful, or you have suggestions for improvements, please let me know!
This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!
You can also customize me to make sure I'm working with you in the way you want.
Failed conditions
B Maintainability Rating on New Code (required ≥ A)
See analysis details on SonarCloud
Catch issues before they fail your Quality Gate with our IDE extension SonarLint
This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!
You can also customize me to make sure I'm working with you in the way you want.
Remediation
This change fixes "SQL Injection" (id = sql-injection) identified by Contrast.
Details
This change fixes SQL injection vulnerabilities reported by Contrast by parameterizing SQL statements.
Without parameterization, developers must remember to escape inputs using the rules for that database. It's usually buggy, at the least -- and sometimes vulnerable.
Our changes look something like this:
More reading
* [https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) * [https://cwe.mitre.org/data/definitions/89.html](https://cwe.mitre.org/data/definitions/89.html)I have additional improvements ready for this repo! If you want to see them, leave the comment:
... and I will open a new PR right away!
🧚🤖Powered by Pixeebot (codemod ID: contrast:java/sql-injection)