hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/query-tests/security/CWE-352/MyBatisProvider.java
Jami Cogswell df77d4914f Java: initial tests
2025-01-30 10:13:45 -05:00

25 lines
716 B
Java
Raw Permalink Blame History

import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.jdbc.SQL;
public class MyBatisProvider {
public String badDelete(@Param("input") final String input) {
return "DELETE FROM users WHERE username = '" + input + "';";
}
public String badUpdate(@Param("input") final String input) {
String s = (new SQL() {
{
this.UPDATE("users");
this.SET("balance = 0");
this.WHERE("username = '" + input + "'");
}
}).toString();
return s;
}
public String badInsert(@Param("input") final String input) {
return "INSERT INTO users VALUES (1, '" + input + "', 'hunter2');";
}
}
Reference in New Issue View Git Blame Copy Permalink