Mike Ware writes "FindBugs only tracks data flow within a single class file (i.e., intra-procedural analysis). To put in context, FindBugs can't identify a SQL injection vulnerability where data flows across class/language boundaries: data is input in the view layer, persisted in entity classes or a model, and eventually sent to insecure DAO classes"
Is this still true?
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.