I am fixing code for the audit report for security issue– SQL Injection. In

Question

0

Asked: June 5, 20262026-06-05T19:26:48+00:00 2026-06-05T19:26:48+00:00

I am fixing code for the audit report for security issue– SQL Injection. In

0

I am fixing code for the audit report for security issue– SQL Injection.
In my code the following method is used extensively to delete records.
The method is defined in a Base Class and is extended by every other dao level class in the module.

public void delete(Class objectClass, long objectId)throws DAOException{
        try{
            getHibernateTemplate().delete(getObject(objectClass,objectId));
        }catch(Exception e){
            throw new DAOException(e);
        }
    }

And, the method call
getHibernateTemplate().delete(getObject(objectClass,objectId));

is reported to be prone to SQL Injection. Reported like

“Injection of data received from servlet request (“getObject(objectClass,objectId)”) to User Defined Dangerous”.

How to fix the issue.
I have done sufficient homework and had already fixed some more SQL Injection issue by prepared statement in HQL.

Thanks in Advance.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T19:26:50+00:00

Editorial Team

2026-06-05T19:26:50+00:00Added an answer on June 5, 2026 at 7:26 pm

ANSWER — This method in itself use binding parameters and can be verified by Log4j api. I have verified the logs for the binding parameters and SQL injection for this issue is not feasible

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am fixing code for the audit report for security issue– SQL Injection. In

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply