How to trigger warnings for these? Sql injection, stack trace, and hard coded passwords

Hi,

Does anyone know whether any of these can trigger a warning in Fortify on Demand? I'm trying to figure which tool is better for me to use, these are just simple codes that I found helpful to do a quick test.

1) SQL injection

dbConnection = Utilities.getDBConnection();

sqlStatement= dbConnection.createStatement();

String query = "insert into users (status) values ('updated') where name='" data "'";

sqlStatement= dbConnection.createStatement();

Boolean result = sqlStatement.execute(query);

2) StackTrace

} catch (Exception e) {

e.printStackTrace();

}

3) Hard coded constants for db connection

return DriverManager.getConnection("jdbc:mysql://localhost/dbName", MYSQL_USERNAME, MYSQL_PASSWORD);

 

Thanks!

  • Fabulous! I just replied to that, thank you!
  • Thank you for your email. For others "following this post", I wanted to mention the Training Partner Program Micro Focus offers - . https://www.microfocus.com/training/partners/academic-training-partner-program/

    • No fee is required to be part of the program once your eligibility has been confirmed.
    • Access to the full online On-demand Training Library to help train your staff.
    • Ability to use Micro Focus course materials for staff development.
    • Access to the benefits of the PartnerNet Program – see www.partnernetprogram.com.
    • Ability to use all or parts of any existing course provided within the curriculum.
    • Ability to create new courses using parts of the material provided.
    • Ability to print your own manuals or purchase printed manuals at special reduced pricing.
    • Provision of Virtual Machines with pre-configured software environments and Micro Focus licenses to allow you to build your own as the need arises.
    • The ability to become a Testing Partner.
    • Access to the additional resources available to Training Partners.
    • Automatic membership in the TTP academic support community – www.thettp.org.
    • Become part of the growing community of academics teaching industry recognized materials to its staff and students.