Unsanitized user input in SQL catalog configuration

Overview

• Rule ID: java_lang_information_leakage

• Applicable Languages: Java

• Weakness ID: CWE-15

Description

Using unsanitized user input to configure a SQL Connection's catalog can lead to serious security vulnerabilities. Attackers can manipulate the catalog name in the setCatalog method, potentially causing harmful or unintended actions within the application.

Remediation Guidelines

• Do not use direct user input for setting the SQL database's catalog. Always sanitize or validate input before using it in your database configuration.

References

Configuration