Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Looking for a way to prevent to usage of java.sql.Statement in project

Our team is looking to have better compliance with the OWASP guidelines, and one of the tasks is the prevention of SQL Injection attacks. In order to facilitate this, I was looking for a way to automatically check for the usage of java.sql.Statement in our codebase, so this could be flagged and changed to use PreparedStatement.

Our build process is based on Maven and we also have Sonar setup to run analytics on the project. Some rules are already in place in Sonar to fail our builds if certain thresholds are met, so this could be implemented there. I have seen where I could setup a checkstyle regex rule looking for the import, but I wanted to see if there were other options as well.

Any location along the development/build path would work. If there were something in intellij that would flag this, something in the maven build process, or a different way to flag this in Sonar, any of these would be fine.

Thanks!!

like image 972
jaycyn94 Avatar asked Jan 16 '12 16:01

jaycyn94


1 Answers

I would suggest creating an architectural constraint within Sonar.

The example demonstrates a rule banning the use of *java.sql.** classes.

like image 108
Mark O'Connor Avatar answered Oct 27 '22 19:10

Mark O'Connor