summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common
diff options
context:
space:
mode:
authorDominik Orliński <d.orlinski@samsung.com>2019-06-17 11:53:38 +0200
committerDominik Orliński <d.orlinski@samsung.com>2019-06-19 11:12:16 +0200
commit941133a42bad6a1d73c63913a950d1e4bc814fde (patch)
treec0e7095e051f6cb5cd0d21a5b301bdf066d3dfd5 /ecomp-portal-BE-common
parenta543a773266e13155d739e00c4b9d4b0d1529abf (diff)
Fix sql injection vulnerability
Use a variable binding instead of concatenation. Change test 'getAppRolesForNonCentralizedPartnerAppTest'. Issue-ID: OJSI-174 Signed-off-by: Dominik Orliński <d.orlinski@samsung.com> Change-Id: Ia75da49ed582836a47b5fdcddab62fbe02e36e72
Diffstat (limited to 'ecomp-portal-BE-common')
-rw-r--r--ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java5
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java4
2 files changed, 6 insertions, 3 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 5d9761ce..a26c6ef3 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -564,8 +564,9 @@ public class UserRolesCommonServiceImpl {
"syncAppRoles: There is exactly 1 menu item for this role, so emptying the url");
@SuppressWarnings("unchecked")
List<FunctionalMenuItem> funcMenuItems = localSession
- .createQuery(
- "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId)
+ .createQuery("from :name where menuId=:menuId")
+ .setParameter("name",FunctionalMenuItem.class.getName())
+ .setParameter("menuId",menuId)
.list();
if (funcMenuItems.size() > 0) {
logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item");
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
index c907a6e5..10296507 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
@@ -440,8 +440,10 @@ public class UserRolesCommonServiceImplTest {
.thenReturn(epFunctionalMenuQuery2);
Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list();
- Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l))
+ Mockito.when(session.createQuery("from :name where menuId=:menuId"))
.thenReturn(epFunctionalMenuItemQuery);
+ Mockito.when(epFunctionalMenuItemQuery.setParameter("name",FunctionalMenuItem.class.getName())).thenReturn(epFunctionalMenuItemQuery);
+ Mockito.when(epFunctionalMenuItemQuery.setParameter("menuId",10l)).thenReturn(epFunctionalMenuItemQuery);
Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list();
List<EcompRole> mockEcompRoleList2 = new ArrayList<>();
EcompRole mockUserAppRoles = new EcompRole();