Skip to content

Commit

Permalink
Merge pull request #2985 from returntocorp/emma/introduce-deepok
Browse files Browse the repository at this point in the history 
chore: use deepok to mark lines as ok when run with the pro engine
  • Loading branch information
@colleend
colleend authored Jun 28, 2023
2 parents 9c3c28e + 72991de commit b2b56f5
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions java/spring/security/injection/tainted-sql-string.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,8 +177,7 @@ class Test {
public ResultSet ok7(@RequestBody String name, Foo foo) {
var v = foo.getBars(name).get(0).getX();
String sql = "SELECT * FROM table WHERE name = ";
// ok in pro engine
// ruleid: tainted-sql-string
// ruleid: deepok: tainted-sql-string
sql += v + ";";
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:8080", "guest", "password");
Statement stmt = conn.createStatement();
Expand Down Expand Up @@ -213,8 +212,7 @@ class Test2 {
public ResultSet ok8(@RequestBody String name, SiteModel sitemodel) {
var v = sitemodel.getPrefixes(name).sites.ids.get(0);
String sql = "SELECT * FROM table WHERE name = ";
// ok in pro-engine
// ruleid: tainted-sql-string
// ruleid: deepok: tainted-sql-string
sql += v + ";";
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:8080", "guest", "password");
Statement stmt = conn.createStatement();
Expand Down

0 comments on commit b2b56f5

Please sign in to comment.