diff --git a/internal/services/engines/rules_test.go b/internal/services/engines/rules_test.go
index aa924a362..df4f76d97 100644
--- a/internal/services/engines/rules_test.go
+++ b/internal/services/engines/rules_test.go
@@ -443,6 +443,22 @@ func TestRulesVulnerableCode(t *testing.T) {
 				},
 			},
 		},
+
+		// Java
+		{
+			name: "HS-JAVA-134",
+			rule: java.NewSQLInjection(),
+			src:  SampleVulnerableJavaSQLInjection,
+			findings: []engine.Finding{
+				{
+					CodeSample: "var pstmt = con.prepareStatement(\"select * from mytable where field01 = '\" + field01 + \"'\");",
+					SourceLocation: engine.Location{
+						Line:   14,
+						Column: 50,
+					},
+				},
+			},
+		},
 	}
 
 	for _, tt := range testcases {
@@ -605,6 +621,13 @@ func TestRulesSafeCode(t *testing.T) {
 			rule: leaks.NewWPConfig(),
 			src:  SampleSafeLeaksRegularWPConfig,
 		},
+
+		// Java
+		{
+			name: "HS-JAVA-134",
+			rule: java.NewSQLInjection(),
+			src:  SampleSafeJavaSQLInjection,
+		},
 	}
 
 	for _, tt := range testcases {
diff --git a/internal/services/engines/samples_test.go b/internal/services/engines/samples_test.go
index adc9ec47f..981355c47 100644
--- a/internal/services/engines/samples_test.go
+++ b/internal/services/engines/samples_test.go
@@ -561,4 +561,51 @@ func main() {
 <?php
 define('AUTH_KEY', getenv("AUTH_KEY"));
 	`
+
+	SampleVulnerableJavaSQLInjection = `
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import javax.sql.DataSource;
+
+public class VulnerableCodeSQLInjection134 {
+
+    public void printResults(DataSource ds, String field01) throws SQLException {
+        try (
+                var con = ds.getConnection();
+                var pstmt = con.prepareStatement("select * from mytable where field01 = '" + field01 + "'");
+                var rs = pstmt.executeQuery()) {
+            while (rs.next()) {
+                System.out.println(rs.getString(1));
+            }
+        }
+    }
+}
+`
+
+	SampleSafeJavaSQLInjection = `
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import javax.sql.DataSource;
+
+public class VulnerableCodeSQLInjection134 {
+
+    public void printResults(DataSource ds, String field01) throws SQLException {
+        try {
+            var con = ds.getConnection();
+            var pstmt = con.prepareStatement("select * from mytable where field01 = ? ");
+            pstmt.setString(1,field01);
+            var rs = pstmt.executeQuery();
+            while (rs.next()) {
+                System.out.println(rs.getString(1));
+            }
+        }
+    }
+}
+`
 )