SQL Injection Vulnerability
Description
The method identified is susceptible to injection. The input should be validated and properly escaped. This vulnerability can lead to unauthorized access to sensitive data and potentially allow an attacker to execute arbitrary SQL commands.
Examples
Insecure Code
scala
val query = "SELECT * FROM users WHERE name = '" + userName + "'"Secure Code
scala
val query = "SELECT * FROM users WHERE name = ?"; val pstmt = connection.prepareStatement(query); pstmt.setString(1, userName)Remediation
Validate and escape user input to prevent SQL injection. Consider using prepared statements or parameterized queries.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0043 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-89 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | sql, injection |
| OWASP | N/A |