diff options
author | Sunder Tattavarada <statta@research.att.com> | 2019-07-08 19:26:49 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-07-08 19:26:49 +0000 |
commit | 3f56b9fdb4d2ec891344d6c9048363e1cac587d2 (patch) | |
tree | 8f3eaa3b7e1ba8d8d6ac2c151a493ce0587a3146 /ecomp-portal-BE-common | |
parent | 0f32f237134aa2c455f30ad0d3ecb6ddfcea4d21 (diff) | |
parent | 941133a42bad6a1d73c63913a950d1e4bc814fde (diff) |
Merge "Fix sql injection vulnerability"
Diffstat (limited to 'ecomp-portal-BE-common')
2 files changed, 6 insertions, 3 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index 656cf9ea..1d9ed57e 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -587,8 +587,9 @@ public class UserRolesCommonServiceImpl { "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url"); @SuppressWarnings("unchecked") List<FunctionalMenuItem> funcMenuItems = localSession - .createQuery( - "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId) + .createQuery("from :name where menuId=:menuId") + .setParameter("name",FunctionalMenuItem.class.getName()) + .setParameter("menuId",menuId) .list(); if (funcMenuItems.size() > 0) { logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item"); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java index 9b5058d3..fb6c325c 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java @@ -473,8 +473,10 @@ public class UserRolesCommonServiceImplTest { Mockito.when(epFunctionalMenuQuery2.setParameter("menuId",10l)).thenReturn(epFunctionalMenuQuery2); Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l)) + Mockito.when(session.createQuery("from :name where menuId=:menuId")) .thenReturn(epFunctionalMenuItemQuery); + Mockito.when(epFunctionalMenuItemQuery.setParameter("name",FunctionalMenuItem.class.getName())).thenReturn(epFunctionalMenuItemQuery); + Mockito.when(epFunctionalMenuItemQuery.setParameter("menuId",10l)).thenReturn(epFunctionalMenuItemQuery); Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list(); List<EcompRole> mockEcompRoleList2 = new ArrayList<>(); EcompRole mockUserAppRoles = new EcompRole(); |