zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-05 01:11:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/core
History
Weimin Yu 5b4b86317b Add a presubmit check to require use of templated SQL string literals (#954) 
* Add a presubmit check to require use of templated SQL string literals

This PR proposes a coding style convention that helps prevent
SQL-injection attacks, and is easy to enforce in the presubmit check.

SQL-injections can be effectively prevented if all parameterized queries
are generated using the proper param-binding methods. In our project
which uses Hibernate exclusively, this can be achieved if we all follow
a simple convention: only use constant sql templates assigned to static
final String variables as the first parameter to creat(Native)Query
methods.

This PR adds a presubmit check to enforce the proposed rule, and
modified one class as a demo. If the team agrees with this proposal, we
will change all other use cases.
2021-02-06 19:28:38 -05:00
..
gradle/dependency-locks Add a Secret Manager client for Nomulus (#872) 2020-11-12 17:12:52 -05:00
src Add a presubmit check to require use of templated SQL string literals (#954) 2021-02-06 19:28:38 -05:00
WEB-INF/appengine-generated Enable Cloud SQL when Datastore is enabled for unit test (#502) 2020-03-10 12:26:25 -04:00
build.gradle A better Datastore bulk delete tool (#947) 2021-02-02 22:46:38 -05:00
Dockerfile Build docker image of nomulus tool (#142) 2019-07-16 20:18:44 -04:00
karma.conf.js Clean up generated sources configuration (#724) 2020-07-30 15:43:42 -04:00