diff options
author | Dominik Orliński <d.orlinski@samsung.com> | 2019-06-17 11:53:27 +0200 |
---|---|---|
committer | Dominik Orliński <d.orlinski@samsung.com> | 2019-06-25 11:32:04 +0200 |
commit | bc81456aaed10ee5dfd3e5c031a7607d11be3e5b (patch) | |
tree | 1ae167d999eda683ec518c9fadd35dbc717351e3 | |
parent | a543a773266e13155d739e00c4b9d4b0d1529abf (diff) |
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: Ia655ccf79800c132b3ac466016b8fdfd9f9c27bd
-rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index 5d9761ce..5e6f1d9a 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -323,7 +323,10 @@ public class UserRolesCommonServiceImpl { } else { // remote app @SuppressWarnings("unchecked") List<EPRole> roles = localSession - .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list(); + .createQuery("from :name where appId=:appId") + .setParameter("name",EPRole.class.getName()) + .setParameter("appId",appId) + .list(); for (EPRole role : roles) { if (!extRequestValue && app.getCentralAuth()) { rolesMap.put(role.getId(), role); |