Some developers prefer to create a longer query using StringBuffer/StringBuilder.
In practice this is more rare than regular concatenation, but I see it in projects from time to time.
IDEA could support this, using logic similar to the current concatenation support.
If append() calls are interspersed with conditional statements, or if something other than a string literal is appended, injection should back off.
Description
Some developers prefer to create a longer query using StringBuffer/StringBuilder.
In practice this is more rare than regular concatenation, but I see it in projects from time to time.
IDEA could support this, using logic similar to the current concatenation support.
If append() calls are interspersed with conditional statements, or if something other than a string literal is appended, injection should back off.
Bug
Open
JPA query not validated if obtained through StringBuffer