ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S3649/java/how-to-fix-it/spring-jdbc.adoc
Loris S e52b9671b2 Education text Fix (#1338)
2023-03-02 18:22:24 +01:00

71 lines
1.8 KiB
Plaintext
Raw Blame History

=== How to fix it in Spring
include::../../common/fix/code-rationale.adoc[]
==== Noncompliant code example
[source,java,diff-id=1,diff-type=noncompliant]
----
@RestController
public class ApiController
{
@Autowired
JdbcTemplate jdbcTemplate;
@GetMapping(value = "/authenticate")
@ResponseBody
public ResponseEntity<String> authenticate(
@RequestParam("user") String user,
@RequestParam("pass") String pass)
{
String query = "SELECT * FROM users WHERE user = '" + user + "' AND pass = '" + pass + "'";
try {
BeanPropertyRowMapper<User> userType = new BeanPropertyRowMapper(User.class);
User queryResult = jdbcTemplate.queryForObject(query, userType);
} catch (Exception e) {
return new ResponseEntity<>("Unauthorized", HttpStatus.UNAUTHORIZED);
}
return new ResponseEntity<>("Authentication Success", HttpStatus.OK);
}
}
----
==== Compliant solution
[source,java,diff-id=1,diff-type=compliant]
----
@RestController
public class ApiController
{
@Autowired
JdbcTemplate jdbcTemplate;
@GetMapping(value = "/authenticate")
@ResponseBody
public ResponseEntity<String> authenticate(
@RequestParam("user") String user,
@RequestParam("pass") String pass)
{
String query = "SELECT * FROM users WHERE user = ? AND pass = ?";
try {
BeanPropertyRowMapper<User> userType = new BeanPropertyRowMapper(User.class);
User queryResult = jdbcTemplate.queryForObject(query, userType, user, pass);
} catch (Exception e) {
return new ResponseEntity<>("Unauthorized", HttpStatus.UNAUTHORIZED);
}
return new ResponseEntity<>("Authentication Success", HttpStatus.OK);
}
}
----
=== How does this work?
include::../../common/fix/prepared-statements.adoc[]
Reference in New Issue View Git Blame Copy Permalink