Merge "Fix sql injection vulnerability"

author: Sunder Tattavarada <statta@research.att.com> 2019-07-08 19:26:49 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2019-07-08 19:26:49 +0000
commit: 3f56b9fdb4d2ec891344d6c9048363e1cac587d2 (patch)
tree: 8f3eaa3b7e1ba8d8d6ac2c151a493ce0587a3146 /ecomp-portal-BE-common/src/main/java/org
parent: 0f32f237134aa2c455f30ad0d3ecb6ddfcea4d21 (diff)
parent: 941133a42bad6a1d73c63913a950d1e4bc814fde (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 656cf9ea..1d9ed57e 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -587,8 +587,9 @@ public class UserRolesCommonServiceImpl  {
 									"syncAppRoles: There is exactly 1 menu item for this role, so emptying the url");
 							@SuppressWarnings("unchecked")
 							List<FunctionalMenuItem> funcMenuItems = localSession
-									.createQuery(
-											"from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId)
+									.createQuery("from :name where menuId=:menuId")
+									.setParameter("name",FunctionalMenuItem.class.getName())
+									.setParameter("menuId",menuId)
 									.list();
 							if (funcMenuItems.size() > 0) {
 								logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item");
author	Sunder Tattavarada <statta@research.att.com>	2019-07-08 19:26:49 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2019-07-08 19:26:49 +0000
commit	3f56b9fdb4d2ec891344d6c9048363e1cac587d2 (patch)
tree	8f3eaa3b7e1ba8d8d6ac2c151a493ce0587a3146 /ecomp-portal-BE-common/src/main/java/org
parent	0f32f237134aa2c455f30ad0d3ecb6ddfcea4d21 (diff)
parent	941133a42bad6a1d73c63913a950d1e4bc814fde (diff)