Closed
Bug 422145
Opened 16 years ago
Closed 16 years ago
Static analysis of SQL statements
Categories
(Developer Infrastructure :: Source Code Analysis, defect)
Developer Infrastructure
Source Code Analysis
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: ondrej, Assigned: taras.mozilla)
References
Details
Bug 405920 requested an audit of SQL statements in Places to prevent SQL injection. Because such analysis should be done on regular basis, it is favorable to create an automated tool and extend this audit to the whole code base. The tool should find all calls to following methods: mozIStorageStatement::initialize mozIStorageConnection::createStatement mozIStorageConnection::executeSimpleSQL The SQL parameter should be checked, whether it is a literal constant (which may include macro fragments) or a variable or result of a function call. It should be possible to use some comments in code that would notify the parser that the next occurrence is verified dynamically built SQL statement to avoid false alarms. It would be great if all the parsed statements were stored in a file. This would allow deeper automated testing: - check that all queries can be prepared after database conversion, - check that SELECT use indexes in the query plan on all tables.
Reporter | ||
Comment 1•16 years ago
|
||
Bug 405920 implemented simple perl based script that runs on all platforms and does not require any setup. This bug is not needed now.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Updated•6 years ago
|
Product: Core → Firefox Build System
Updated•2 years ago
|
Product: Firefox Build System → Developer Infrastructure
You need to log in
before you can comment on or make changes to this bug.
Description
•