Code Walkthrough
The
following
code walkthrough includes only the
code most relevant to the functionality of the
DynSqlSelectStmts class. To view the source code
in its entirety, see Example 6-6 later in this
chapter.
The SqlInjectionExample.java
example source file (refer to Example 6-5) is
referenced throughout the code walkthrough to help you better
understand the class implementation of
DynSqlSelectStmts.
The DynSqlSelectStmts class imports the
net.sourceforge.pmd.ast package, much like other
PMD rules. Where this rule differs is the
org.apache.regexp
package, which provides an API for
building regular expressions.
packagenet.sourceforge.pmd.rules.web.security;importnet.sourceforge.pmd.ast.*;importorg.apache.regexp.*;importjava.util.*;importjava.text.MessageFormat;
Tip
You can download the regexp package from the Apache Jakarta Project web site at http://jakarta.apache.org. You can substitute this package for any other available Java API supporting regular expressions.
Similar to other PMD rules, DynSqlSelectStmts
extends the
AbstractRule
base class. The
debug
class variable controls the printing of debug statements to standard
out at runtime:
public classDynSqlSelectStmtsextendsAbstractRule {private static booleandebug =true;
Tip
If you’re working with PMD for the first time,
you’ll want to leave debug set to
true.
The PATTERN variable is initialized with the
select.+from string—a
regular expression to identify SQL
select statements. The syntax of this regular expression ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
