diff options
| author |   Dominik Orliński <d.orlinski@samsung.com> | 2019-04-30 11:44:27 +0200 |
|---|---|---|
| committer | Dominik Orliński <d.orlinski@samsung.com> | 2019-06-17 07:32:39 +0200 |
| commit | 30aaf77277e4437a4a57e659db1cdc84adc96dab (patch) | |
| tree | 2dc2a6e7f62286fe8e3aed61dce6d8b50e870aa2 /ecomp-portal-BE-common/src/main | |
| parent | a543a773266e13155d739e00c4b9d4b0d1529abf (diff) | |
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I5cb7561e4b2b781834bd4f2ec36dee58b4738bf2
Diffstat (limited to 'ecomp-portal-BE-common/src/main')
| -rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index 5d9761ce..780a4353 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -483,9 +483,13 @@ public class UserRolesCommonServiceImpl { transaction = localSession.beginTransaction(); // Attention! All roles from remote application supposed to be // active! + @SuppressWarnings("unchecked") - List<EPRole> currentAppRoles = localSession - .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list(); + List<EPRole> currentAppRoles = localSession.createQuery("from :name where appId = :appId") + .setParameter("name",EPRole.class.getName()) + .setParameter("appId",appId) + .list(); + List<EPRole> obsoleteRoles = new ArrayList<EPRole>(); for (int i = 0; i < currentAppRoles.size(); i++) { EPRole oldAppRole = currentAppRoles.get(i); |