summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/main
diff options
context:
space:
mode:
authorDominik Orliński <d.orlinski@samsung.com>2019-04-30 11:46:19 +0200
committerDominik Orliński <d.orlinski@samsung.com>2019-06-17 11:46:06 +0200
commitd4ce764ca897efe12f3b46850aa37852c0372aa5 (patch)
treeb89377353c5f6cbcfaf79dccdc029273bf38a8f8 /ecomp-portal-BE-common/src/main
parenta543a773266e13155d739e00c4b9d4b0d1529abf (diff)
Fix sql injection vulnerability
Use a variable binding instead of concatenation. Change test 'getAppRolesForNonCentralizedPartnerAppTest'. Issue-ID: OJSI-174 Signed-off-by: Dominik Orliński <d.orlinski@samsung.com> Change-Id: I45895dc7665ff17394e602cbccf875e4e91b5ce1
Diffstat (limited to 'ecomp-portal-BE-common/src/main')
-rw-r--r--ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java5
1 files changed, 4 insertions, 1 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 5d9761ce..17996ef8 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -523,7 +523,10 @@ public class UserRolesCommonServiceImpl {
// Delete from fn_user_role
@SuppressWarnings("unchecked")
List<EPUserApp> userRoles = localSession.createQuery(
- "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId)
+ "from :name where app.id=:appId and role_id=:roleId")
+ .setParameter("name",EPUserApp.class.getName())
+ .setParameter("appId",appId)
+ .setParameter("roleId",roleId)
.list();
logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size());