mirror of
https://github.com/google/nomulus
synced 2025-12-23 06:15:42 +00:00
d7e65d95e6
* Add a presubmit check to require use of templated SQL string literals This PR proposes a coding style convention that helps prevent SQL-injection attacks, and is easy to enforce in the presubmit check. SQL-injections can be effectively prevented if all parameterized queries are generated using the proper param-binding methods. In our project which uses Hibernate exclusively, this can be achieved if we all follow a simple convention: only use constant sql templates assigned to static final String variables as the first parameter to creat(Native)Query methods. This PR adds a presubmit check to enforce the proposed rule, and modified one class as a demo. If the team agrees with this proposal, we will change all other use cases.