Add a new Web rule to prevent use of SQL inside JSP

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: WEB-1.0
Component/s: Web
Labels:
None

Number of attachments :
0

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Matthijs Galesloot added a comment - 09/Nov/10 9:35 AM - edited

There is already a check for IllegalTagLibsCheck, so it is already posssible to scan for illegal use of the jstl sql taglib.

Show

Matthijs Galesloot added a comment - 09/Nov/10 9:35 AM - edited There is already a check for IllegalTagLibsCheck, so it is already posssible to scan for illegal use of the jstl sql taglib.

Hide

Permalink

Matthijs Galesloot added a comment - 24/Nov/10 10:45 AM

A new check is provided: LibraryDependencyCheck.

LibraryDependencyCheck has a param for the list of libraries that should not be used. This param has a default value of java.sql,javax.sql. Dependencies to these lirabries should be avoided.

The check will scan for two things:

page import
e.g. <%@ page import=\"java.sql.*\"%>
expressions
e.g. <% java.sql.Connection c1; %>

Show

Matthijs Galesloot added a comment - 24/Nov/10 10:45 AM A new check is provided: LibraryDependencyCheck. LibraryDependencyCheck has a param for the list of libraries that should not be used. This param has a default value of java.sql,javax.sql. Dependencies to these lirabries should be avoided. The check will scan for two things: page import e.g. <%@ page import=\"java.sql.*\"%> expressions e.g. <% java.sql.Connection c1; %>

People

Assignee:

Matthijs Galesloot

Reporter:

Freddy Mallet

Vote (0)

Watch (0)

Dates

Created:

24/Aug/10 1:34 AM

Updated:

01/Dec/10 1:49 PM

Resolved:

24/Nov/10 10:45 AM