Query PR
github/codeql#3855
Language
Java
CVE(s) ID list
JOOQ is very commonly used in enterprise, (I've used it at my last two companies), however, it seems to be far less commonly used in OSS.
There is one vulnerability that this query did find within our internal codebase at Gradle. @ldaley, if you'd be willing to corroborate this, I'd greatly appreciate it.
It ended up not being a full SQL Injection vulnerability as the input was sanitized externally, but CodeQL did detect the vulnerability as being sourced from a method call. If this method had been called without prior-sanitizing, it would have led to SQL injection.
CWE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Report
This vulnerability is classic SQL injection.
JOOQ is a framework that generates java code from your SQL database and provides a type-safe and SQL injection safe set of methods for interacting with your database schema.
However, there are methods, which the JOOQ library authors annotate with @PlainSQL which can lead to SQL injection if the first argument is a tainted string.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
Query PR
github/codeql#3855
Language
Java
CVE(s) ID list
JOOQ is very commonly used in enterprise, (I've used it at my last two companies), however, it seems to be far less commonly used in OSS.
There is one vulnerability that this query did find within our internal codebase at Gradle. @ldaley, if you'd be willing to corroborate this, I'd greatly appreciate it.
It ended up not being a full SQL Injection vulnerability as the input was sanitized externally, but CodeQL did detect the vulnerability as being sourced from a method call. If this method had been called without prior-sanitizing, it would have led to SQL injection.
CWE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Report
This vulnerability is classic SQL injection.
JOOQ is a framework that generates java code from your SQL database and provides a type-safe and SQL injection safe set of methods for interacting with your database schema.
However, there are methods, which the JOOQ library authors annotate with
@PlainSQLwhich can lead to SQL injection if the first argument is a tainted string.Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response