Database Access Control

ID

java.database_access_control

Severity

low

Resource

Access Control

Language

Java

Tags

CWE:732, NIST.SP.800-53, OWASP:2021:A1, PCI-DSS:6.5.6

Description

Avoid database queries except from specific locations.

Rationale

Restrict database queries to only the specified architecture classes.

This detector flags calls to methods that perform DB queries.

Remediation

Follow a proper architecture design by ensuring that database queries are restricted to designated architecture classes.

Configuration

The rule has the following configurable parameters:

  • dbLocationPatterns, that indicates the list of ANT patterns with the paths of the specific locations that are allowed to hold DB queries. Empty means that nothing is allowed.

References