diff options
| author |   Sunder Tattavarada <statta@research.att.com> | 2019-06-18 16:04:19 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2019-06-18 16:04:19 +0000 |
| commit | 80ddb55b9f5569c6443104150cb74ba2ae4fcb08 (patch) | |
| tree | 0870c5ce5aa678b0a13b015e73b0b6d2f376a4ee /ecomp-portal-BE-common/src/main/java | |
| parent | 89e5721f7e8e45fd0f26597a8b8082d90b47839c (diff) | |
| parent | 30aaf77277e4437a4a57e659db1cdc84adc96dab (diff) | |
Merge "Fix sql injection vulnerability"
Diffstat (limited to 'ecomp-portal-BE-common/src/main/java')
| -rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index ae1670d2..39aed6ba 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -495,9 +495,13 @@ public class UserRolesCommonServiceImpl { transaction = localSession.beginTransaction(); // Attention! All roles from remote application supposed to be // active! + @SuppressWarnings("unchecked") - List<EPRole> currentAppRoles = localSession - .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list(); + List<EPRole> currentAppRoles = localSession.createQuery("from :name where appId = :appId") + .setParameter("name",EPRole.class.getName()) + .setParameter("appId",appId) + .list(); + List<EPRole> obsoleteRoles = new ArrayList<EPRole>(); for (int i = 0; i < currentAppRoles.size(); i++) { EPRole oldAppRole = currentAppRoles.get(i); |