diff options
author | Sunder Tattavarada <statta@research.att.com> | 2019-07-08 19:28:02 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-07-08 19:28:02 +0000 |
commit | 9c75bfe936c5deb4775ecef059d3fedbd5a96352 (patch) | |
tree | c35550ba6c26662b917fd606eecef1ccf3e95b13 | |
parent | 10666973ce95e8f5768973fe0a151899a38eef02 (diff) | |
parent | bc81456aaed10ee5dfd3e5c031a7607d11be3e5b (diff) |
Merge "Fix sql injection vulnerability"
-rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index bc0fd06d..a2165647 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -338,7 +338,10 @@ public class UserRolesCommonServiceImpl { } else { // remote app @SuppressWarnings("unchecked") List<EPRole> roles = localSession - .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list(); + .createQuery("from :name where appId=:appId") + .setParameter("name",EPRole.class.getName()) + .setParameter("appId",appId) + .list(); for (EPRole role : roles) { if (!extRequestValue && app.getCentralAuth()) { rolesMap.put(role.getId(), role); |