Merge "Fix sql injection vulnerability"

author: Sunder Tattavarada <statta@research.att.com> 2019-06-18 16:04:28 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2019-06-18 16:04:28 +0000
commit: 37ea104d5c99b4100381cc0e8e79be3feb98a0ec (patch)
tree: 13b233367dc8135d80eccb578e7c809e1a242f06 /ecomp-portal-BE-common/src/main/java
parent: 80ddb55b9f5569c6443104150cb74ba2ae4fcb08 (diff)
parent: d4ce764ca897efe12f3b46850aa37852c0372aa5 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 39aed6ba..a440c311 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -539,7 +539,10 @@ public class UserRolesCommonServiceImpl  {
 					// Delete from fn_user_role
 					@SuppressWarnings("unchecked")
 					List<EPUserApp> userRoles = localSession.createQuery(
-							"from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId)
+							"from :name where app.id=:appId and role_id=:roleId")
+							.setParameter("name",EPUserApp.class.getName())
+							.setParameter("appId",appId)
+							.setParameter("roleId",roleId)
 							.list();
 
 					logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size());
author	Sunder Tattavarada <statta@research.att.com>	2019-06-18 16:04:28 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2019-06-18 16:04:28 +0000
commit	37ea104d5c99b4100381cc0e8e79be3feb98a0ec (patch)
tree	13b233367dc8135d80eccb578e7c809e1a242f06 /ecomp-portal-BE-common/src/main/java
parent	80ddb55b9f5569c6443104150cb74ba2ae4fcb08 (diff)
parent	d4ce764ca897efe12f3b46850aa37852c0372aa5 (diff)