Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:java-security/sql-injection-hibernate
Language: Java
Severity: Warning
Category: Security
Description
Never build a SQL query by concatenating string. Instead, make sure that you use Hibernate functionalities to prevent SQL Injection.
classFoobar{publicvoidtest(){Sessionsession=sessionFactory.openSession();Queryq=session.createQuery("select t from UserEntity t where id = "+input);q.execute();}}
Compliant Code Examples
classFoobar{publicvoidtest(){Sessionsession=sessionFactory.openSession();Queryq=session.createQuery("select t from UserEntity t where id = :userId");q.setString("userId",input);q.execute();}}
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- java-security # Rules to enforce Java security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines