Table 1 Features for detecting SQL injection
From: Towards the application of recommender systems to secure coding
Feature | Data type | Possible values | Description |
|---|---|---|---|
Sources | Multi-valued | {getPathInfo, getResource, getName, getServletPath, getRemoteHost, getLocalAddr, getParameterMap, getRealPath, getServerName, getPathTranslated, getInitParameterNames, getHeader, getCookies, getPath, getComment, getParameter, getParameterValues, getRequestURL, getHeaders, getRequestURI, getResourceAsStream, getRequestDispatcher, getQueryString, getResourcePaths, getDomain, getValue, getLocalName, getInitParameter, getRemoteUser, getHeaderNames, getContentType, getParameterNames, concatenateWhere, getNamedDispatcher} | The method that accepts or processes potentially tainted user input |
Sinks | Multi-valued | {executeLargeUpdate, updateWithOnConflict, setGrouping, queryForList, batchUpdate, update, buildQuery, prepareStatement, delete, buildUnionSubQuery, queryWithFactory, rawQueryWithFactory, nativeSQL, queryForInt, blobFileDescriptorForQuery, longForQuery, sqlRestriction, newQuery, executeInsert, createQuery, queryForMap, queryForLong, apply, execSQL, queryForRowSet, query, stringForQuery, buildQueryString, <init>, addBatch, execute, executeQuery, createSQLQuery, createNativeQuery, setFilter, appendWhere, queryForObject, newPreparedStatementCreator, as, compileStatement, createDbFromSqlStatements, buildUnionQuery, rawQuery, executeUpdate, prepareCall} | The method that creates, modifies, or executes a SQL query |
Quoted_variables_found | Boolean | {True, false} | Tells whether explicit apostrophes were used to formulate an SQL query string |
Potentially_sanitized | Boolean | {True, false} | Tells whether user inputs were passed to untainted functions before being used in SQL strings |
Prepared_statement_imported | Boolean | {True, false} | Specifies whether the recommended prepared statement class was imported |
All_queries_parameterized | Boolean | {True, false} | Specifies whether the question-mark wildcard was used as variable placeholders in query strings |
Metadata | String | – | Data (encoded in base 64) containing SQL statements and methods found in each Java file to assist with verification of classification |
Class | Binary | {Safe, unsafe} | The target variable |