diff options
author | Sunder Tattavarada <statta@research.att.com> | 2019-07-08 19:26:38 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-07-08 19:26:38 +0000 |
commit | 0f32f237134aa2c455f30ad0d3ecb6ddfcea4d21 (patch) | |
tree | 730d7c032cd762c6a9031b4261a361492c344eaf | |
parent | 4f77c9f6c5539747c0fadd6028044e2ff2ceb8cf (diff) | |
parent | 5247fe86ad346208a78b1bdd7565041018e56d57 (diff) |
Merge "Fix sql injection vulnerability"
-rw-r--r-- | ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java index b99863eb..59180d37 100644 --- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java +++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java @@ -244,16 +244,15 @@ public class WidgetCatalogServiceImpl implements WidgetCatalogService { logger.debug("WidgetCatalogServiceImpl.getWidgetCatalog: result={}", widgets); return widgets; } - - - - - + private void updateAppId(long widgetId, Set<RoleApp> roles){ Session session = sessionFactory.openSession(); for(RoleApp role: roles){ - String sql = "UPDATE ep_widget_catalog_role SET app_id = " + role.getApp().getAppId() + " WHERE widget_id = " + widgetId + " AND ROLE_ID = " + role.getRoleId() ; + String sql = "UPDATE ep_widget_catalog_role SET app_id = :appId WHERE widget_id = :widgetId AND ROLE_ID = :roleId" ; Query query = session.createSQLQuery(sql); + query.setParameter("appId", role.getApp().getAppId()); + query.setParameter("widgetId", widgetId); + query.setParameter("roleId", role.getRoleId()); query.executeUpdate(); } session.flush(); |