Skip to main content

Table 1 Features for detecting SQL injection

From: Towards the application of recommender systems to secure coding

Feature Data type Possible values Description
Sources Multi-valued {getPathInfo, getResource, getName, getServletPath, getRemoteHost, getLocalAddr, getParameterMap, getRealPath, getServerName, getPathTranslated, getInitParameterNames, getHeader, getCookies, getPath, getComment, getParameter, getParameterValues, getRequestURL, getHeaders, getRequestURI, getResourceAsStream, getRequestDispatcher, getQueryString, getResourcePaths, getDomain, getValue, getLocalName, getInitParameter, getRemoteUser, getHeaderNames, getContentType, getParameterNames, concatenateWhere, getNamedDispatcher} The method that accepts or processes potentially tainted user input
Sinks Multi-valued {executeLargeUpdate, updateWithOnConflict, setGrouping, queryForList, batchUpdate, update, buildQuery, prepareStatement, delete, buildUnionSubQuery, queryWithFactory, rawQueryWithFactory, nativeSQL, queryForInt, blobFileDescriptorForQuery, longForQuery, sqlRestriction, newQuery, executeInsert, createQuery, queryForMap, queryForLong, apply, execSQL, queryForRowSet, query, stringForQuery, buildQueryString, <init>, addBatch, execute, executeQuery, createSQLQuery, createNativeQuery, setFilter, appendWhere, queryForObject, newPreparedStatementCreator, as, compileStatement, createDbFromSqlStatements, buildUnionQuery, rawQuery, executeUpdate, prepareCall} The method that creates, modifies, or executes a SQL query
Quoted_variables_found Boolean {True, false} Tells whether explicit apostrophes were used to formulate an SQL query string
Potentially_sanitized Boolean {True, false} Tells whether user inputs were passed to untainted functions before being used in SQL strings
Prepared_statement_imported Boolean {True, false} Specifies whether the recommended prepared statement class was imported
All_queries_parameterized Boolean {True, false} Specifies whether the question-mark wildcard was used as variable placeholders in query strings
Metadata String Data (encoded in base 64) containing SQL statements and methods found in each Java file to assist with verification of classification
Class Binary {Safe, unsafe} The target variable