diff options
author | Temoc Rodriguez <cr056n@att.com> | 2017-10-06 09:21:04 -0700 |
---|---|---|
committer | Temoc Rodriguez <cr056n@att.com> | 2017-10-06 09:25:37 -0700 |
commit | 4a4628d57bf3d11fda68e16f695139d512f75354 (patch) | |
tree | 21185fc6e0001df1d1c87e1c77a791d3d54afec9 /ONAP-PAP-REST/src/main/java/org/onap | |
parent | 37c9c4d71d17981bf1d05b73d8363ffcbc2451bb (diff) |
Fixed bug introduced by sql injeciton protection.
Added missing colon before the named parameters. Fixed a typo parameter
name. Fixed bad cast by setParameter.
This fixes issues encountered in the UI. Whenever a policy is moved,
renamed, or deleted it makes a db call and that db call fails on
setParameter method. This hibernate method is supposed to automatically
detect the type of the object for the named parameters but it fails with
type Long. It tries to convert to int and it fails. A check is now added
for type Long.
Issue-ID: POLICY-278
Change-Id: Idbb4067a5ec2cc9d9b040de9e574ba2564e1ee2c
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
Diffstat (limited to 'ONAP-PAP-REST/src/main/java/org/onap')
-rw-r--r-- | ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java index 5d2b7f6c7..1766cb302 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java @@ -242,7 +242,12 @@ public class CommonClassDaoImpl implements CommonClassDao{ try { Query hbquery = session.createQuery(query); for (Map.Entry<String, Object> paramPair : params.entrySet()) { - hbquery.setParameter(paramPair.getKey(), paramPair.getValue()); + if(paramPair.getValue() instanceof java.lang.Long){ + hbquery.setLong(paramPair.getKey(), (long) paramPair.getValue()); + } + else{ + hbquery.setParameter(paramPair.getKey(), paramPair.getValue()); + } } data = hbquery.list(); tx.commit(); |