This repository was archived by the owner on Jun 9, 2022. It is now read-only.
This repository was archived by the owner on Jun 9, 2022. It is now read-only.
Detecting security issues on official JDBC drivers? #159
Description
I'm submitting a security report
- bug report
- feature request
Describe the issue
find-secbugs is detecting issues in the official Postgres JDBC drivers, in functions related to prepared statements.
What does this mean and what can one do about it?
module level offender description mitigation
-------------------------- -------- -------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getColumnPrivileges(String, String, String, String) org.postgresql.jdbc.PgDatabaseMetaData.getColumnPrivileges(String, String, String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 1670
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getColumns(String, String, String, String) org.postgresql.jdbc.PgDatabaseMetaData.getColumns(String, String, String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 1537
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getFunctions(String, String, String) org.postgresql.jdbc.PgDatabaseMetaData.getFunctions(String, String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 2645
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getImportedExportedKeys(String, String, String, String, String, String) org.postgresql.jdbc.PgDatabaseMetaData.getImportedExportedKeys(String, String, String, String, String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 2180
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getIndexInfo(String, String, String, boolean, boolean) org.postgresql.jdbc.PgDatabaseMetaData.getIndexInfo(String, String, String, boolean, boolean) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 2401
java-find-secbugs high In method org.postgresql.xa.PGXAConnection.commitPrepared(Xid) org.postgresql.xa.PGXAConnection.commitPrepared(Xid) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 586
java-find-secbugs high In method org.postgresql.xa.PGXAConnection.prepare(Xid) org.postgresql.xa.PGXAConnection.prepare(Xid) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 352
java-find-secbugs high In method org.postgresql.xa.PGXAConnection.rollback(Xid) org.postgresql.xa.PGXAConnection.rollback(Xid) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 457
Driver Version?
42.2.10.jre7
Java Version?
12
To Reproduce
Run
docker run --rm -v $PWD:/target hawkeyesec/scanner-cli:latest
In a project using this driver
Expected behaviour
No security errors