diff options
| author |   Dominik Orliński <d.orlinski@samsung.com> | 2019-06-17 11:53:38 +0200 |
|---|---|---|
| committer | Dominik Orliński <d.orlinski@samsung.com> | 2019-06-19 11:12:16 +0200 |
| commit | 941133a42bad6a1d73c63913a950d1e4bc814fde (patch) | |
| tree | c0e7095e051f6cb5cd0d21a5b301bdf066d3dfd5 /ecomp-portal-BE-common/src/main | |
| parent | a543a773266e13155d739e00c4b9d4b0d1529abf (diff) | |
Fix sql injection vulnerability
Use a variable binding instead of concatenation.
Change test 'getAppRolesForNonCentralizedPartnerAppTest'.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: Ia75da49ed582836a47b5fdcddab62fbe02e36e72
Diffstat (limited to 'ecomp-portal-BE-common/src/main')
| -rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index 5d9761ce..a26c6ef3 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -564,8 +564,9 @@ public class UserRolesCommonServiceImpl { "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url"); @SuppressWarnings("unchecked") List<FunctionalMenuItem> funcMenuItems = localSession - .createQuery( - "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId) + .createQuery("from :name where menuId=:menuId") + .setParameter("name",FunctionalMenuItem.class.getName()) + .setParameter("menuId",menuId) .list(); if (funcMenuItems.size() > 0) { logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item"); |