16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
46 lines
1.1 KiB
Plaintext
46 lines
1.1 KiB
Plaintext
== Why is this an issue?
|
|
|
|
``++PreparedStatement++``s and ``++CallableStatement++``s (for stored procedures) are safer and more efficient than ``++Statement++``s and should always be preferred.
|
|
|
|
|
|
This rule raises an issue each time a ``++Statement++`` is declared.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
Statement stmt = null; // Noncompliant
|
|
// ...
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,java]
|
|
----
|
|
PreparedStatement stmt = null;
|
|
// ...
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration
|
|
* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation
|
|
* https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command
|
|
* https://www.owasp.org/index.php/Top_10_2013-A1-Injection[OWASP Top Ten 2013 Category A1] - Injection
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== duplicates: S2077
|
|
|
|
=== on 1 Dec 2015, 11:14:50 Michael Gumowski wrote:
|
|
LGTM!
|
|
|
|
endif::env-github,rspecator-view[]
|