Skip to content

Commit 702ca19

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
Java: added comment about second order sql injection
1 parent a7da6c8 commit 702ca19

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

java/ql/lib/ext/java.sql.model.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ extensions:
4141
- ["java.sql", "ResultSet", "getInt", "(int)", "manual"] # taint-numeric
4242
- ["java.sql", "ResultSet", "getInt", "(String)", "manual"] # taint-numeric
4343
- ["java.sql", "ResultSet", "getLong", "(String)", "manual"] # taint-numeric
44-
- ["java.sql", "ResultSet", "getString", "(int)", "manual"] # taint-numeric
44+
- ["java.sql", "ResultSet", "getString", "(int)", "manual"] # taint-numeric, potentially interesting for second order SQL injection
4545
- ["java.sql", "ResultSet", "getTimestamp", "(String)", "manual"] # taint-numeric
4646
- ["java.sql", "Timestamp", "Timestamp", "(long)", "manual"] # taint-numeric
4747
- ["java.sql", "Timestamp", "getTime", "()", "manual"] # taint-numeric

0 commit comments

Comments
 (0)