summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/main/java
diff options
context:
space:
mode:
authorSunder Tattavarada <statta@research.att.com>2019-07-08 19:26:49 +0000
committerGerrit Code Review <gerrit@onap.org>2019-07-08 19:26:49 +0000
commit3f56b9fdb4d2ec891344d6c9048363e1cac587d2 (patch)
tree8f3eaa3b7e1ba8d8d6ac2c151a493ce0587a3146 /ecomp-portal-BE-common/src/main/java
parent0f32f237134aa2c455f30ad0d3ecb6ddfcea4d21 (diff)
parent941133a42bad6a1d73c63913a950d1e4bc814fde (diff)
Merge "Fix sql injection vulnerability"
Diffstat (limited to 'ecomp-portal-BE-common/src/main/java')
-rw-r--r--ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 656cf9ea..1d9ed57e 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -587,8 +587,9 @@ public class UserRolesCommonServiceImpl {
"syncAppRoles: There is exactly 1 menu item for this role, so emptying the url");
@SuppressWarnings("unchecked")
List<FunctionalMenuItem> funcMenuItems = localSession
- .createQuery(
- "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId)
+ .createQuery("from :name where menuId=:menuId")
+ .setParameter("name",FunctionalMenuItem.class.getName())
+ .setParameter("menuId",menuId)
.list();
if (funcMenuItems.size() > 0) {
logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item");