Package io.codemodder.remediation.sqlinjection

Class SQLInjectionFixComposer

java.lang.Object
io.codemodder.remediation.sqlinjection.SQLInjectionFixComposer
All Implemented Interfaces:
RemediationStrategy
public final class SQLInjectionFixComposer extends Object implements RemediationStrategy
Composes several transformations related to SQL injections.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SQLInjectionFixComposer()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    SuccessOrReason
    fix(com.github.javaparser.ast.CompilationUnit cu, com.github.javaparser.ast.Node node)
    Given a node, checks if it is a MethodCallExpr related to executing JDBC API SQL queries (i.e.
    static boolean
    match(com.github.javaparser.ast.Node node)
    Check if the node is a JDBC API query method that is a target of a SQL injection transformation.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SQLInjectionFixComposer

      public SQLInjectionFixComposer()

  • Method Details

    • fix

      public SuccessOrReason fix(com.github.javaparser.ast.CompilationUnit cu, com.github.javaparser.ast.Node node)
      Given a node, checks if it is a MethodCallExpr related to executing JDBC API SQL queries (i.e. prepareStatement(), executeQuery(), etc.), or a BinaryExpr that flows into one, parameterize data injections or add a validation step for structural injections.
      Specified by:
      fix in interface RemediationStrategy
      Returns:
      A SuccessOrReason object containing a list of dependencies if the fix was successful, or a reason for failure otherwise

    • match

      public static boolean match(com.github.javaparser.ast.Node node)
      Check if the node is a JDBC API query method that is a target of a SQL injection transformation.