summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/main
diff options
context:
space:
mode:
authorSunder Tattavarada <statta@research.att.com>2019-06-14 16:12:15 +0000
committerGerrit Code Review <gerrit@onap.org>2019-06-14 16:12:15 +0000
commit9abe14fca14a8f15a7ee58cab1e92908282fef0b (patch)
tree3221bda9c1b1983d0b45dc5e3938b658396eac9d /ecomp-portal-BE-common/src/main
parente496b1b94a07e7995fefd8113c0fbe25953322ea (diff)
parent3264d36e04f57e7f9d407b49c1253f73c4bf5d72 (diff)
Merge "Fix sql injection vulnerability"
Diffstat (limited to 'ecomp-portal-BE-common/src/main')
-rw-r--r--ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java11
1 files changed, 8 insertions, 3 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 5d9761ce..aaaf91bd 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -176,10 +176,10 @@ public class UserRolesCommonServiceImpl {
*
* @param userId
*/
- protected void createLocalUserIfNecessary(String userId) {
+ protected boolean createLocalUserIfNecessary(String userId) {
if (StringUtils.isEmpty(userId)) {
logger.error(EELFLoggerDelegate.errorLogger, "createLocalUserIfNecessary : empty userId!");
- return;
+ return false;
}
Session localSession = null;
Transaction transaction = null;
@@ -188,7 +188,10 @@ public class UserRolesCommonServiceImpl {
transaction = localSession.beginTransaction();
@SuppressWarnings("unchecked")
List<EPUser> userList = localSession
- .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list();
+ .createQuery("from :name where orgUserId=:userId")
+ .setParameter("name",EPUser.class.getName())
+ .setParameter("userId",userId)
+ .list();
if (userList.size() == 0) {
EPUser client = searchService.searchUserByUserId(userId);
if (client == null) {
@@ -202,9 +205,11 @@ public class UserRolesCommonServiceImpl {
}
}
transaction.commit();
+ return true;
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
EcompPortalUtils.rollbackTransaction(transaction, "searchOrCreateUser rollback, exception = " + e);
+ return false;
} finally {
EcompPortalUtils.closeLocalSession(localSession, "searchOrCreateUser");
}