summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/test/java
diff options
context:
space:
mode:
authorDominik Orliński <d.orlinski@samsung.com>2019-04-30 11:44:27 +0200
committerDominik Orliński <d.orlinski@samsung.com>2019-06-17 07:32:39 +0200
commit30aaf77277e4437a4a57e659db1cdc84adc96dab (patch)
tree2dc2a6e7f62286fe8e3aed61dce6d8b50e870aa2 /ecomp-portal-BE-common/src/test/java
parenta543a773266e13155d739e00c4b9d4b0d1529abf (diff)
Fix sql injection vulnerability
Use a variable binding instead of concatenation. Change test 'getAppRolesForNonCentralizedPartnerAppTest'. Issue-ID: OJSI-174 Signed-off-by: Dominik Orliński <d.orlinski@samsung.com> Change-Id: I5cb7561e4b2b781834bd4f2ec36dee58b4738bf2
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java')
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java7
1 files changed, 6 insertions, 1 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
index c907a6e5..87abdbbd 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
@@ -424,8 +424,13 @@ public class UserRolesCommonServiceImplTest {
Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles"))
.thenReturn(mockEcompRoleArray);
// syncAppRolesTest
- Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId()))
+
+ Mockito.when(session.createQuery("from :name where appId = :appId"))
.thenReturn(epRoleQuery);
+
+ Mockito.when(epRoleQuery.setParameter("name",EPRole.class.getName())).thenReturn(epRoleQuery);
+ Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery);
+
Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list();
Mockito.when(session.createQuery(
"from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l))