Merge "Fix sql injection vulnerability"

author: Sunder Tattavarada <statta@research.att.com> 2019-07-08 19:28:02 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2019-07-08 19:28:02 +0000
commit: 9c75bfe936c5deb4775ecef059d3fedbd5a96352 (patch)
tree: c35550ba6c26662b917fd606eecef1ccf3e95b13 /ecomp-portal-BE-common/src/main
parent: 10666973ce95e8f5768973fe0a151899a38eef02 (diff)
parent: bc81456aaed10ee5dfd3e5c031a7607d11be3e5b (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index bc0fd06d..a2165647 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -338,7 +338,10 @@ public class UserRolesCommonServiceImpl  {
 					} else { // remote app
 						@SuppressWarnings("unchecked")
 						List<EPRole> roles = localSession
-								.createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list();
+								.createQuery("from :name where appId=:appId")
+								.setParameter("name",EPRole.class.getName())
+								.setParameter("appId",appId)
+								.list();
 						for (EPRole role : roles) {
 							if (!extRequestValue && app.getCentralAuth()) {
 								rolesMap.put(role.getId(), role);
author	Sunder Tattavarada <statta@research.att.com>	2019-07-08 19:28:02 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2019-07-08 19:28:02 +0000
commit	9c75bfe936c5deb4775ecef059d3fedbd5a96352 (patch)
tree	c35550ba6c26662b917fd606eecef1ccf3e95b13 /ecomp-portal-BE-common/src/main
parent	10666973ce95e8f5768973fe0a151899a38eef02 (diff)
parent	bc81456aaed10ee5dfd3e5c031a7607d11be3e5b (diff)