Package io.codemodder.remediation.sqlinjection

Class SQLParameterizer

java.lang.Object
io.codemodder.remediation.sqlinjection.SQLParameterizer
public final class SQLParameterizer extends Object
Contains most of the logic for detecting and fixing parameterizable SQL statements for a given MethodCallExpr.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SQLParameterizer(com.github.javaparser.ast.expr.MethodCallExpr methodCallExpr)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    Optional<com.github.javaparser.ast.expr.MethodCallExpr>
    checkAndFix()
    Checks if methodCall is a query call that needs to be fixed and fixes if that's the case.
    static Set<String>
    fixableJdbcMethodNames()
    Returns a set of fixable JDBC method names.
    static boolean
    isParameterizationCandidate(com.github.javaparser.ast.expr.MethodCallExpr methodCallExpr)
    Checks if the MethodCallExpr is of one of the execute calls of Statement whose argument is not a String literal.
    static boolean
    isSupportedJdbcMethodCall(com.github.javaparser.ast.expr.MethodCallExpr methodCall)
    Returns true if this is a fixable JDBC method name.
    static com.github.javaparser.ast.expr.Expression
    resolveExpression(com.github.javaparser.ast.expr.Expression expr)
    Tries to find the source of an expression if it can be uniquely defined, otherwise, returns self.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SQLParameterizer

      public SQLParameterizer(com.github.javaparser.ast.expr.MethodCallExpr methodCallExpr)

  • Method Details

    • isParameterizationCandidate

      public static boolean isParameterizationCandidate(com.github.javaparser.ast.expr.MethodCallExpr methodCallExpr)
      Checks if the MethodCallExpr is of one of the execute calls of Statement whose argument is not a String literal.

    • isSupportedJdbcMethodCall

      public static boolean isSupportedJdbcMethodCall(com.github.javaparser.ast.expr.MethodCallExpr methodCall)
      Returns true if this is a fixable JDBC method name.

    • fixableJdbcMethodNames

      public static Set<String> fixableJdbcMethodNames()
      Returns a set of fixable JDBC method names.

    • resolveExpression

      public static com.github.javaparser.ast.expr.Expression resolveExpression(com.github.javaparser.ast.expr.Expression expr)
      Tries to find the source of an expression if it can be uniquely defined, otherwise, returns self.

    • checkAndFix

      public Optional<com.github.javaparser.ast.expr.MethodCallExpr> checkAndFix()
      Checks if methodCall is a query call that needs to be fixed and fixes if that's the case. If the parameterization happened, returns the PreparedStatement creation.