SQL injection

Help
Rick Leir
2010-09-03
2013-02-05
  • Rick Leir
    Rick Leir
    2010-09-03

    Greetings,
    Mike Ware writes "FindBugs only tracks data flow within a single class file (i.e., intra-procedural analysis). To put in context, FindBugs can't identify a SQL injection vulnerability where data flows across class/language boundaries: data is input in the view layer, persisted in entity classes or a model, and eventually sent to insecure DAO classes"

    Is this still true?
    Thanks,
    Rick