8f7349a0af
* RSPEC-S5147 Java * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc * applied some recommendations * improved code * message * removed vuln odm * split a sentence into multiple files * removed pléonasmes * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * applied recommendations * Update rules/S5147/php/rule.adoc Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com>
53 lines
1.4 KiB
Plaintext
53 lines
1.4 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
== Noncompliant Code Example
|
|
|
|
For the https://mongodb.github.io/mongo-java-driver/[MongoDB Java Driver]:
|
|
|
|
----
|
|
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws UnknownHostException
|
|
{
|
|
String input = req.getParameter("input");
|
|
|
|
MongoClient mongoClient = new MongoClient();
|
|
DB database = mongoClient.getDB("exampleDatabase");
|
|
DBCollection collection = database.getCollection("exampleCollection");
|
|
BasicDBObject query = new BasicDBObject();
|
|
|
|
query.put("$where", "this.field == \"" + input + "\""); // Noncompliant
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For the https://docs.mongodb.com/drivers/java/sync/current/[MongoDB Java Driver]:
|
|
|
|
----
|
|
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws UnknownHostException
|
|
{
|
|
String input = req.getParameter("input");
|
|
|
|
MongoClient mongoClient = new MongoClient();
|
|
DB database = mongoClient.getDB("ExampleDatabase");
|
|
DBCollection collection = database.getCollection("exampleCollection");
|
|
BasicDBObject query = new BasicDBObject();
|
|
|
|
query.put("field", input);
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
include::./see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|