• Home
• io.codemodder
• core-codemods
• 0.96.0
• source code
• description.md

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.HQLParameterizationCodemod.description.md Maven / Gradle / Ivy

This change refactors Hibernate queries to be parameterized, rather than built by hand.

Without parameterization, developers must remember to escape inputs using the rules for that database. It's usually buggy, at the least -- and sometimes vulnerable.

Our changes look something like this:

```diff
- Query hqlQuery = session.createQuery("select p from Person p where p.name like '" + tainted + "'");
+ Query hqlQuery = session.createQuery("select p from Person p where p.name like :parameter0").setParameter(":parameter0", tainted);
```