mirror of
https://github.com/google/nomulus.git
synced 2025-06-24 05:11:10 +02:00
5b4b86317b
* Add a presubmit check to require use of templated SQL string literals This PR proposes a coding style convention that helps prevent SQL-injection attacks, and is easy to enforce in the presubmit check. SQL-injections can be effectively prevented if all parameterized queries are generated using the proper param-binding methods. In our project which uses Hibernate exclusively, this can be achieved if we all follow a simple convention: only use constant sql templates assigned to static final String variables as the first parameter to creat(Native)Query methods. This PR adds a presubmit check to enforce the proposed rule, and modified one class as a demo. If the team agrees with this proposal, we will change all other use cases. |
||
|---|---|---|
| .. | ||
| main | ||
| nonprod | ||
| test | ||