SonarQube Plugins
  1. SonarQube Plugins
  2. SONARPLUGINS-632

Add a new Web rule to prevent use of SQL inside JSP

    Details

    • Number of attachments :
      0

      Activity

      Hide
      Matthijs Galesloot added a comment - - edited

      There is already a check for IllegalTagLibsCheck, so it is already posssible to scan for illegal use of the jstl sql taglib.

      Show
      Matthijs Galesloot added a comment - - edited There is already a check for IllegalTagLibsCheck, so it is already posssible to scan for illegal use of the jstl sql taglib.
      Hide
      Matthijs Galesloot added a comment -

      A new check is provided: LibraryDependencyCheck.

      LibraryDependencyCheck has a param for the list of libraries that should not be used. This param has a default value of java.sql,javax.sql. Dependencies to these lirabries should be avoided.

      The check will scan for two things:

      • page import
        e.g. <%@ page import=\"java.sql.*\"%>
      • expressions
        e.g. <% java.sql.Connection c1; %>
      Show
      Matthijs Galesloot added a comment - A new check is provided: LibraryDependencyCheck. LibraryDependencyCheck has a param for the list of libraries that should not be used. This param has a default value of java.sql,javax.sql. Dependencies to these lirabries should be avoided. The check will scan for two things: page import e.g. <%@ page import=\"java.sql.*\"%> expressions e.g. <% java.sql.Connection c1; %>

        People

        • Assignee:
          Matthijs Galesloot
          Reporter:
          Freddy Mallet
        • Votes:
          0 Vote for this issue
          Watchers:
          0 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved: