Menu
Our team is looking to have better compliance with the OWASP guidelines, and one of the tasks is the prevention of SQL Injection attacks. In order to facilitate this, I was looking for a way to automatically check for the usage of java.sql.Statement in our codebase, so this could be flagged and changed to use PreparedStatement.
Our build process is based on Maven and we also have Sonar setup to run analytics on the project. Some rules are already in place in Sonar to fail our builds if certain thresholds are met, so this could be implemented there. I have seen where I could setup a checkstyle regex rule looking for the import, but I wanted to see if there were other options as well.
Any location along the development/build path would work. If there were something in intellij that would flag this, something in the maven build process, or a different way to flag this in Sonar, any of these would be fine.
Thanks!!
972
I would suggest creating an architectural constraint within Sonar.
The example demonstrates a rule banning the use of *java.sql.** classes.
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
