Menu

javax.persistence.EntityManager.createNativeQuery SQL Injections missed

2014-09-02
2014-09-08
  • Patrick Tucker

    Patrick Tucker - 2014-09-02

    We used VCG 1.6.1.0 to scan some code that we inherited to look for security vulnerabilities and were mostly satisfied with the results. After doing manual scans of the code, we realized that it was not catching any of the SQL Injections on queries that were done through java's EntityManager.

    Is there any reason it can not do this?

    Thanks,
    Pat

     
  • N1ckDunn

    N1ckDunn - 2014-09-03

    Hi Pat

    I'll take a look at implementing a check for this in the next release.

    Nick

     
  • Patrick Tucker

    Patrick Tucker - 2014-09-08

    That would be great!

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.