sink查找问题 #38
Description
sql注入的sink找不到
示例代码
`package com.aab.springboot002;
//STEP 1. Import required packages
import java.sql.*;
public class SelectRecords {
// JDBC driver name and database URL
static final String JDBC_DRIVER = "com.mysql.jdbc.Driver";
static final String DB_URL = "jdbc:mysql://localhost/jdbc_db";
// Database credentials
static final String USER = "root";
static final String PASS = "123456";
public static void sqlinject() {
Connection conn = null;
Statement stmt = null;
try{
//STEP 2: Register JDBC driver
Class.forName("com.mysql.jdbc.Driver");
//STEP 3: Open a connection
System.out.println("Connecting to a selected database...");
conn = DriverManager.getConnection(DB_URL, USER, PASS);
System.out.println("Connected database successfully...");
//STEP 4: Execute a query
System.out.println("Creating statement...");
stmt = conn.createStatement();
String sql = "SELECT id, first, last, age FROM student";
ResultSet rs = stmt.executeQuery(sql);
//STEP 5: Extract data from result set
while(rs.next()){
//Retrieve by column name
int id = rs.getInt("id");
int age = rs.getInt("age");
String first = rs.getString("first");
String last = rs.getString("last");
//Display values
System.out.print("ID: " + id);
System.out.print(", Age: " + age);
System.out.print(", First: " + first);
System.out.println(", Last: " + last);
}
rs.close();
}catch(SQLException se){
//Handle errors for JDBC
se.printStackTrace();
}catch(Exception e){
//Handle errors for Class.forName
e.printStackTrace();
}finally{
//finally block used to close resources
try{
if(stmt!=null)
conn.close();
}catch(SQLException se){
}// do nothing
try{
if(conn!=null)
conn.close();
}catch(SQLException se){
se.printStackTrace();
}//end finally try
}//end try
System.out.println("Goodbye!");
}//end main
}//end JDBCExample
package com.aab.springboot002.Controller;
import com.aab.springboot002.SelectRecords;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class IndexController {
@RequestMapping("/index")
public String index(){
SelectRecords.sqlinject();
return "Hello World";
}
}
`
IDEA版本:2025.2.3
插件版本:233-1.1.0
idea偶尔会出现类似报错,异常类型都是这个
java.lang.IllegalStateException: Virtual file is null for element: this.reference(object)
at org.skgroup.codeauditassistant.utils.GraphUtils.getSourceSpan(GraphUtils.kt:164)
at org.skgroup.codeauditassistant.utils.GraphUtils.getMethodNode(GraphUtils.kt:111)
at org.skgroup.codeauditassistant.utils.ProblemAnnotator.annotateMethodCall(ProblemAnnotator.kt:30)
at org.skgroup.codeauditassistant.utils.ProblemAnnotator.annotate(ProblemAnnotator.kt:21)
at com.intellij.codeInsight.daemon.impl.AnnotationHolderImpl.runAnnotatorWithContext(AnnotationHolderImpl.java:212)
at com.intellij.codeInsight.daemon.impl.AnnotatorRunner.lambda$runAnnotator$2(AnnotatorRunner.java:131)
at com.intellij.codeInsight.daemon.impl.AnnotationSessionImpl.computeWithSession(AnnotationSessionImpl.java:87)
at com.intellij.codeInsight.daemon.impl.AnnotatorRunner.runAnnotator(AnnotatorRunner.java:121)
at com.intellij.codeInsight.daemon.impl.AnnotatorRunner.lambda$runAnnotatorsAsync$0(AnnotatorRunner.java:69)
at com.intellij.platform.locking.impl.NestedLocksThreadingSupport.tryRunReadAction(NestedLocksThreadingSupport.kt:826)
at com.intellij.openapi.application.impl.ApplicationImpl.tryRunReadAction(ApplicationImpl.java:1221)
at com.intellij.codeInsight.daemon.impl.AnnotatorRunner.lambda$runAnnotatorsAsync$1(AnnotatorRunner.java:69)
at com.intellij.concurrency.ApplierCompleter.processArrayItem(ApplierCompleter.java:121)
at com.intellij.concurrency.ApplierCompleter.processArray(ApplierCompleter.java:219)
at com.intellij.concurrency.ApplierCompleter.execAll(ApplierCompleter.java:171)
at com.intellij.concurrency.ApplierCompleter.lambda$exec$0(ApplierCompleter.java:110)
at com.intellij.platform.locking.impl.NestedLocksThreadingSupport.tryRunReadAction(NestedLocksThreadingSupport.kt:826)
at com.intellij.openapi.application.impl.ApplicationImpl.tryRunReadAction(ApplicationImpl.java:1221)
at com.intellij.concurrency.ApplierCompleter.lambda$wrapInReadActionAndIndicator$2(ApplierCompleter.java:153)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$14(CoreProgressManager.java:681)
at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:756)
at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:712)
at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:680)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:78)
at com.intellij.concurrency.ApplierCompleter.wrapInReadActionAndIndicator(ApplierCompleter.java:164)
at com.intellij.concurrency.ApplierCompleter.lambda$wrapAndRun$1(ApplierCompleter.java:145)
at com.intellij.openapi.application.impl.ApplicationImpl.executeByImpatientReader(ApplicationImpl.java:258)
at com.intellij.concurrency.ApplierCompleter.wrapAndRun(ApplierCompleter.java:145)
at com.intellij.concurrency.ApplierCompleter.exec(ApplierCompleter.java:113)
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:507)
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1491)
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:2073)
at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:2035)
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:187)