From 4a4628d57bf3d11fda68e16f695139d512f75354 Mon Sep 17 00:00:00 2001 From: Temoc Rodriguez Date: Fri, 6 Oct 2017 09:21:04 -0700 Subject: Fixed bug introduced by sql injeciton protection. Added missing colon before the named parameters. Fixed a typo parameter name. Fixed bad cast by setParameter. This fixes issues encountered in the UI. Whenever a policy is moved, renamed, or deleted it makes a db call and that db call fails on setParameter method. This hibernate method is supposed to automatically detect the type of the object for the named parameters but it fails with type Long. It tries to convert to int and it fails. A check is now added for type Long. Issue-ID: POLICY-278 Change-Id: Idbb4067a5ec2cc9d9b040de9e574ba2564e1ee2c Signed-off-by: Temoc Rodriguez --- .../org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'ONAP-PAP-REST/src/main') diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java index 5d2b7f6c7..1766cb302 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/daoimpl/CommonClassDaoImpl.java @@ -242,7 +242,12 @@ public class CommonClassDaoImpl implements CommonClassDao{ try { Query hbquery = session.createQuery(query); for (Map.Entry paramPair : params.entrySet()) { - hbquery.setParameter(paramPair.getKey(), paramPair.getValue()); + if(paramPair.getValue() instanceof java.lang.Long){ + hbquery.setLong(paramPair.getKey(), (long) paramPair.getValue()); + } + else{ + hbquery.setParameter(paramPair.getKey(), paramPair.getValue()); + } } data = hbquery.list(); tx.commit(); -- cgit 1.2.3-korg