diff options
author | st782s <statta@research.att.com> | 2017-11-06 16:05:26 -0500 |
---|---|---|
committer | st782s <statta@research.att.com> | 2017-11-07 14:03:14 -0500 |
commit | 418d7273d6d8f6fed2698df89c9910be8498a677 (patch) | |
tree | a022deb5da7a12c7f2c5e9c49b042bf76eca1b0a /ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java | |
parent | f11362ef34d550f8adff2067a136f660c1959e5e (diff) |
Release new SDK Version
Issue: PORTAL-19, PORTAL-135
Includes SDK 2.1 release updates deprecating certain methods to address
vulnerabilities
Change-Id: Ibf105a0cf3c7d7e89eb05862c54aadfacf575d97
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java')
-rw-r--r-- | ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java index f34610cb..8fce7e89 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java @@ -157,6 +157,11 @@ public class DataAccessServiceImpl extends FusionService implements DataAccessSe /** * generic get list method * + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + * * @param domainClass * @param filterClause * @param fromIndex @@ -164,6 +169,7 @@ public class DataAccessServiceImpl extends FusionService implements DataAccessSe * @param orderBy * @return */ + @Deprecated private List getListCommon(Class domainClass, String filterClause, Integer fromIndex, Integer toIndex, String orderBy) { String className = domainClass.getName(); @@ -186,17 +192,38 @@ public class DataAccessServiceImpl extends FusionService implements DataAccessSe return list; } + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ @Override + @Deprecated public List getList(Class domainClass, Map additionalParams) { return getListCommon(domainClass, null, null, null, null); } + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ @Override + @Deprecated public List getList(Class domainClass, String filter, String orderBy, Map additionalParams) { return getListCommon(domainClass, filter, null, null, orderBy); } - + + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ @Override + @Deprecated public List getList(Class domainClass, String filter, int fromIndex, int toIndex, String orderBy, Map additionalParams) { return getListCommon(domainClass, filter, new Integer(fromIndex), new Integer(toIndex), orderBy); @@ -401,8 +428,10 @@ public class DataAccessServiceImpl extends FusionService implements DataAccessSe @Override public int executeNamedUpdateQuery(String queryName, Map params, Map additionalParams) { - logger.error(EELFLoggerDelegate.errorLogger, "Not implemented"); - throw new UnsupportedOperationException(); + Session session = sessionFactory.getCurrentSession(); + Query query = session.getNamedQuery(queryName); + bindQueryParameters(query,params); + return query.executeUpdate(); } @Override |