Spring Data Jpa Sql Injection

Posted on  by 

Injection
Details
Written by Nam Ha Minh
Last Updated on 29 April 2020 | Print Email
Spring Data Jpa Sql Injection

When developing Spring Boot applications with Spring Data JPA and Hibernate, you may want to see the generated SQL statements for testing/debugging purpose. By default, SQL statements are not printed unless you change the default logging level to DEBUG in the application.propertiesfile:

  1. All Query created from method names with Containing keyword is affected by SQL Injection. DATAJPA-678 Query lookup in spring data with ' or '%' as part of the string being. DATAJPA-1534 Wildcard character needs to be escaped in Spring data JPA. Closed; Activity. Assignee: Jens Schauder Reporter: Maruthi Adithya G Last updater.
  2. We also use JPA over Hibernate, Spring Data, or Spring JDBC templates quite often. We do run into certain scenarios where you still want to verify if the incoming data string is SQL-Injection.

The Spring Framework supports integration with Hibernate, Java Persistence API (JPA), Java Data Objects (JDO) and iBATIS SQL Maps for resource management, data access object (DAO) implementations, and transaction strategies.

Sql

Then you can look for the SQL statements under the logging category org.hibernate.SQL like this:

Injection

However, seeing SQL statements this way is not convenient because you have to wade through a lot of unrelated information. And running Spring Boot applications with debug logging level is very slow as a huge amount of information is printed.

So the best way to see SQL statements generated by a Spring Boot application is setting a couple the following entries in the application.propertiesfile:

Spring Data Jpa Sql Injection Tool

Then you can see the SQL statements are nicely formatted like this:

And keep the logging level as default (INFO) or WARN so you can focus only on SQL statements.

Sql

Watch the following video to see how to show and format SQL in a Spring Boot project in action:

Spring Data Jpa Show Sql

Other Spring Boot Tutorials:

Spring Jpa Execute Sql


About the Author:

Nam Ha Minh is certified Java programmer (SCJP and SCWCD). He started programming with Java in the time of Java 1.4 and has been falling in love with Java since then. Make friend with him on Facebook and watch his Java videos you YouTube.

Coments are closed