Hi,
Does anyone know whether any of these can trigger a warning in Fortify on Demand? I'm trying to figure which tool is better for me to use, these are just simple codes that I found helpful to do a quick test.
1) SQL injection
dbConnection = Utilities.getDBConnection();
sqlStatement= dbConnection.createStatement();
String query = "insert into users (status) values ('updated') where name='" data "'";
sqlStatement= dbConnection.createStatement();
Boolean result = sqlStatement.execute(query);
2) StackTrace
} catch (Exception e) {
e.printStackTrace();
}
3) Hard coded constants for db connection
return DriverManager.getConnection("jdbc:mysql://localhost/dbName", MYSQL_USERNAME, MYSQL_PASSWORD);
Thanks!