Patrick.Sy/spring-petclinic
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-07-18 05:45:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix

Browse source
This commit is contained in:
GRUPOLKS\m.garcia 2025-03-31 13:52:46 +02:00
parent 614efd5339
commit d33065b201
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/main/java/org/springframework/samples/petclinic/owner/Owner.java
View file

@ -171,4 +171,19 @@ public class Owner extends Person {
pet.addVisit(visit);
}
/**
* WARNING: Este método construye una consulta SQL directamente a partir de datos
* controlados por el usuario, lo cual es inseguro y susceptible a inyección SQL.
* Issue: Change this code to not construct SQL queries directly from user-controlled
* data.
*/
public String generateUnsafeQuery(String userInput) {
// Construcción directa de la consulta SQL (vulnerable a inyección)
String query = "SELECT * FROM users WHERE username = '" + userInput + "'";
// Simulación de ejecución de la consulta
System.out.println("Ejecutando query insegura: " + query);
return query;
}
}