This project demonstrate a simple SQL injection vulnerability on a SpringBoot project The project runs a servlet serving two endpoints:
- '/' with a simple Hello the world answer
- '/person/address' which maps the 'name' GET parameter to a SQL query (the vulnerability)
- the initial DB setup has a PEOPLE table populated with one entry for the name 'foo'
- as default, the application listens on port 8080 and also maps the H2 DB console: http://localhost:8080/h2-console
Credits to @jeff-zapotoczny-sonarsource for the initial implementation
For further reference, please consider the following sections:
- Official Apache Maven documentation
- Spring Boot Maven Plugin Reference Guide
- Create an OCI image
- Spring Web
- JDBC API
The following guides illustrate how to use some features concretely: