Support for auto handling of SQL Injection in Mule

[sanagaraj-pivotal]

What needs to be done

This PR and previous PRs related to SQL query support execute sql query directly using jdbctemplate.execute(sqlQueryFromMuleXML).

we need a way to automatically sanitise sqlQueryFromMuleXML so SQL injection can be prevented.

Ideal translation

Input
xml:

<?xml version="1.0" encoding="UTF-8"?>

<mule xmlns:dw="http://www.mulesoft.org/schema/mule/ee/dw"
	xmlns:db="http://www.mulesoft.org/schema/mule/db" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
	xmlns:spring="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/ee/dw http://www.mulesoft.org/schema/mule/ee/dw/current/dw.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/db http://www.mulesoft.org/schema/mule/db/current/mule-db.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd">
	<db:mysql-config name="MySQL_Configuration" host="localhost" port="3306" user="root" password="root" doc:name="MySQL Configuration" database="mulemigration"/>
	<flow name="dbFlow">
		<http:listener config-ref="HTTP_Listener_Configuration" path="/db" doc:name="HTTP"/>
		<logger level="INFO" doc:name="Logger"/>
		<db:select config-ref="MySQL_Configuration" doc:name="Database">
			<db:dynamic-query><![CDATA[select * from users where username='#[payload.username]' and password='#[payload.password]']]></db:dynamic-query>
		</db:select>
	</flow>
</mule>

Auto generated translation:

    @Bean
    IntegrationFlow sqlInjection(JdbcTemplate jdbcTemplate) {
        return IntegrationFlows.from(
                    Http.inboundGateway("/sql-injection")
                )
                /* TODO: The datatype might not be LinkedMultiValueMap please substitute the right type for payload*/
                .<LinkedMultiValueMap<String, String>>handle((p, h) ->
                        jdbcTemplate.queryForList(
                                "select  * from users where username = ? and password = ?",
                                p.getFirst("varForFirstParameter") /* TODO: Translate #[payload.username]*/,
                                p.getFirst("varForSecondParameter") /* TODO: Translate #[payload.username]*/
                        ))
                .log()
                .handle((p, h) -> p)
                .get();
    }

Manual translation will look like this:

java:

    @Bean
    IntegrationFlow sqlInjection(JdbcTemplate jdbcTemplate) {
        return IntegrationFlows.from(
                    Http.inboundGateway("/sql-injection")
                )
                .<LinkedMultiValueMap<String, String>>handle((p, h) ->
                        jdbcTemplate.queryForList(
                                "select  * from users where username = ? and password = ?",
                                p.getFirst("username"),
                                p.getFirst("password")
                        ))
                .log()
                .handle((p, h) -> p)
                .get();
    }

Why it needs to be done

This adds an important security feature to our mule translations

TBD:
translations for auto handling sql injections.