diff options
author | Sunder Tattavarada <statta@research.att.com> | 2019-07-08 19:27:46 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-07-08 19:27:46 +0000 |
commit | 10666973ce95e8f5768973fe0a151899a38eef02 (patch) | |
tree | f4b2ebebea710f54414423ff73a04f044acb34d4 | |
parent | 3f56b9fdb4d2ec891344d6c9048363e1cac587d2 (diff) | |
parent | d38e7941361188f3d114f2f25258a0024f2a2f90 (diff) |
Merge "Fix sql injection vulnerability"
-rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index 1d9ed57e..bc0fd06d 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -283,7 +283,10 @@ public class UserRolesCommonServiceImpl { transaction = localSession.beginTransaction(); @SuppressWarnings("unchecked") List<EPUser> userList = localSession - .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list(); + .createQuery("from :name where orgUserId=:userId") + .setParameter("name",EPUser.class.getName()) + .setParameter("userId",userId) + .list(); if (userList.size() > 0) { EPUser client = userList.get(0); roleActive = ("DELETE".equals(reqType)) ? "" : " and role.active = 'Y'"; |