zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-29 19:47:51 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/config
History
Weimin Yu 5b4b86317b Add a presubmit check to require use of templated SQL string literals (#954) 
* Add a presubmit check to require use of templated SQL string literals

This PR proposes a coding style convention that helps prevent
SQL-injection attacks, and is easy to enforce in the presubmit check.

SQL-injections can be effectively prevented if all parameterized queries
are generated using the proper param-binding methods. In our project
which uses Hibernate exclusively, this can be achieved if we all follow
a simple convention: only use constant sql templates assigned to static
final String variables as the first parameter to creat(Native)Query
methods.

This PR adds a presubmit check to enforce the proposed rule, and
modified one class as a demo. If the team agrees with this proposal, we
will change all other use cases.
2021-02-06 19:28:38 -05:00
..
checkstyle Upgradle JUnit to 4.13 (#442) 2020-01-14 10:54:09 -05:00
dependency-license Update BEAM SDK to work with Java 11 (#762) 2020-08-10 20:56:08 -04:00
nom_build.py Generate ER diagrams in :nom:generate_golden_file (#867) 2020-11-10 10:03:28 -05:00
nom_build_test.py Generate ER diagrams in :nom:generate_golden_file (#867) 2020-11-10 10:03:28 -05:00
presubmits.py Add a presubmit check to require use of templated SQL string literals (#954) 2021-02-06 19:28:38 -05:00