hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: added comment about second order sql injection

Browse Source
This commit is contained in:
Jami Cogswell
2023-03-14 22:20:19 -04:00
parent a7da6c8029
commit 702ca19c3c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/ext/java.sql.model.yml
View File

@@ -41,7 +41,7 @@ extensions:
- ["java.sql", "ResultSet", "getInt", "(int)", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getInt", "(String)", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getLong", "(String)", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getString", "(int)", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getString", "(int)", "manual"] # taint-numeric, potentially interesting for second order SQL injection
- ["java.sql", "ResultSet", "getTimestamp", "(String)", "manual"] # taint-numeric
- ["java.sql", "Timestamp", "Timestamp", "(long)", "manual"] # taint-numeric
- ["java.sql", "Timestamp", "getTime", "()", "manual"] # taint-numeric