module level offender description mitigation
-------------------------- -------- -------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getColumnPrivileges(String, String, String, String) org.postgresql.jdbc.PgDatabaseMetaData.getColumnPrivileges(String, String, String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 1670
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getColumns(String, String, String, String) org.postgresql.jdbc.PgDatabaseMetaData.getColumns(String, String, String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 1537
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getFunctions(String, String, String) org.postgresql.jdbc.PgDatabaseMetaData.getFunctions(String, String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 2645
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getImportedExportedKeys(String, String, String, String, String, String) org.postgresql.jdbc.PgDatabaseMetaData.getImportedExportedKeys(String, String, String, String, String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 2180
java-find-secbugs medium In method org.postgresql.jdbc.PgDatabaseMetaData.getIndexInfo(String, String, String, boolean, boolean) org.postgresql.jdbc.PgDatabaseMetaData.getIndexInfo(String, String, String, boolean, boolean) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 2401
java-find-secbugs high In method org.postgresql.xa.PGXAConnection.commitPrepared(Xid) org.postgresql.xa.PGXAConnection.commitPrepared(Xid) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 586
java-find-secbugs high In method org.postgresql.xa.PGXAConnection.prepare(Xid) org.postgresql.xa.PGXAConnection.prepare(Xid) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 352
java-find-secbugs high In method org.postgresql.xa.PGXAConnection.rollback(Xid) org.postgresql.xa.PGXAConnection.rollback(Xid) passes a nonconstant String to an execute or addBatch method on an SQL statement Check line(s) 457
I'm submitting a security report
Describe the issue
find-secbugs is detecting issues in the official Postgres JDBC drivers, in functions related to prepared statements.
What does this mean and what can one do about it?
Driver Version?
42.2.10.jre7
Java Version?
12
To Reproduce
Run
docker run --rm -v $PWD:/target hawkeyesec/scanner-cli:latestIn a project using this driver
Expected behaviour
No security errors