mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
12 lines
484 B
Java
12 lines
484 B
Java
// SQL injection — negative fixture.
|
|
// Safe: uses a parameterized query; payload is a bound argument.
|
|
// Entry: Entry.login(String) Cap: SQL_QUERY
|
|
// Expected verdict: NotConfirmed
|
|
|
|
public class Entry {
|
|
public static void login(String username) {
|
|
String template = "SELECT name FROM users WHERE name = ?";
|
|
// Simulate parameterized execution: template is fixed.
|
|
System.out.println("Executing: " + template + " param-len=" + username.length());
|
|
}
|
|
}
|