Skip to main content

Example of Scan Results in Eclipse

The following is an example of scan results in Eclipse showing SQL Injection vulnerability instances.

A developer looks at the CxViewer Tree, and sees that the code contains 67 (!) instances of SQL Injection:

6345589066.png

Briefly, an SQL Injection vulnerability exists when user input is used in the syntax of an SQL query. Since those inputs could be interpreted as SQL syntax rather than user input, a user could manipulate the input in such a way as to alter query logic, potentially bypassing security checks and modifying the database, including execution of system commands.

The developer goes to the Graph Navigation tab to get an overview of all 67 instances:

6345589063.png

The developer notices the red-bordered element at the middle of a large part of the graph. It looks like by securing that point in the code, almost half of the vulnerability instances will be eliminated.

The developer drags the blue rectangle over the red-bordered element, so as to focus on it in the Full Graph:

6345589060.png

The developer selects the red-bordered element in the Full Graph, so as to see its code in context:

6345589057.png

Now the developer can secure the code.