Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

IDS00-J

High

ProbableLikely

Medium

P12P18

L1

Automated Detection

ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Tainting CheckerTrust and security errors (see Chapter 8)
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.IO.INJ.SQL

SQL Injection (Java)

Coverity7.5

SQLI
FB.SQL_PREPARED_STATEMENT_GENERATED_

FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE

Implemented
Findbugs1.0SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTEImplemented
Fortify1.0

HTTP_Response_Splitting
SQL_Injection__Persistence
SQL_Injection

Implemented
Klocwork

Include Page
Klocwork_V
Klocwork_V

SV.DATA.BOUND

SV.DATA.DB
SV.HTTP_SPLITSQL
SV.PATH
SV.PATH.INJ
SV.SQLSQL.DBSOURCE

Implemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.IDS00.TDSQLProtect against SQL injection
SonarQube
Include Page
SonarQube_V
SonarQube_V

S2077

S3649

Executing SQL queries is security-sensitive

SQL queries should not be vulnerable to injection attacks

SpotBugs

Include Page
SpotBugs_V
SpotBugs_V

SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE
SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

Implemented

...