node-jt400 icon indicating copy to clipboard operation
node-jt400 copied to clipboard

Published 20 hours ago verified publisher icon tryggingamidstodin

quser in HsqlClient class

Open teddyngibm opened this issue 2 years ago • 1 comments

Hi. A recent SAST scan result from AppScan picked up a security vulnerability from the below line in the HsqlClient class. Is there a reason why quser is hardcoded and not passed in as a parameter?

public Connection getConnection() throws Exception {
	return DriverManager.getConnection("jdbc:hsqldb:mem:test", "quser", "");
}

teddyngibm avatar May 23 '22 14:05 teddyngibm

I'm not sure if there is a good reason, but hsql is only used to create an in-memory database for testing, and this has always worked for us.

OlafurTorfi avatar May 25 '22 15:05 OlafurTorfi