From fa5f20d91c416a855f0d6afe157db8250574617c Mon Sep 17 00:00:00 2001 From: st398c Date: Thu, 28 Mar 2019 16:30:03 -0400 Subject: Fortify, version, Junit Issue-ID: PORTAL-543, PORTAL-273, PORTAL-544 Change-Id: Ib864ef78bbd534170cab90d9314f2d8943f78872 Signed-off-by: Thota, Saisree --- .../portalsdk/analytics/model/SearchHandler.java | 34 +++++++++++++++------- .../onap/portalsdk/analytics/system/DbUtils.java | 31 ++++++++++++++++++++ .../system/fusion/web/RaptorControllerAsync.java | 4 ++- 3 files changed, 57 insertions(+), 12 deletions(-) (limited to 'ecomp-sdk/epsdk-analytics/src/main/java') diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java index 5d3c94e9..8b4fc340 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java @@ -216,6 +216,7 @@ public class SearchHandler extends org.onap.portalsdk.analytics.RaptorObject { String sql = Globals.getLoadReportSearchResult(); String rep_id = ""; + String rep_id_sql_value = ""; String rep_id_options = ""; String rep_id_sql = Globals.getLoadReportSearchRepIdSql(); //rep_id_sql = " AND ROUND(cr.rep_id, 0) like coalesce('%%', ROUND(cr.rep_id, 0)) "; @@ -237,20 +238,24 @@ public class SearchHandler extends org.onap.portalsdk.analytics.RaptorObject { if(AppUtils.nvl(rep_id_options).length()>0 ) { switch (rep_id_options) { case "0": - rep_id_sql = " AND cr.rep_id = "+ rep_id+" "; + rep_id_sql = " AND cr.rep_id = ? "; + rep_id_sql_value = rep_id; break; case "1": - rep_id_sql = " AND cr.rep_id < "+ rep_id+" "; + rep_id_sql = " AND cr.rep_id < ? "; + rep_id_sql_value = rep_id; break; case "2": - rep_id_sql = " AND cr.rep_id > "+ rep_id+" "; + rep_id_sql = " AND cr.rep_id > ? "; + rep_id_sql_value = rep_id; break; default: rep_id_sql = Globals.getLoadReportSearchRepIdSql(); break; } } else { - rep_id_sql = " AND cr.rep_id = "+ rep_id+" "; + rep_id_sql = " AND cr.rep_id = ? "; + rep_id_sql_value = rep_id; } } else { rep_id_sql = Globals.getLoadReportSearchRepIdSql(); //equal is default @@ -259,6 +264,7 @@ public class SearchHandler extends org.onap.portalsdk.analytics.RaptorObject { sql = sql.replace("[fReportID]", rep_id_sql); String rep_name = ""; + String rep_name_sql_value = ""; String rep_name_options = ""; String rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%%') "; if(request.getParameter("rep_name")!=null) { @@ -277,23 +283,29 @@ public class SearchHandler extends org.onap.portalsdk.analytics.RaptorObject { if(AppUtils.nvl(rep_name_options).length()>0 ) { switch (rep_name_options) { case "0": - rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('"+rep_name+"%') "; + rep_name_sql = " AND UPPER(cr.title) LIKE UPPER(?) "; + rep_name_sql_value = rep_name+"%"; break; case "1": - rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%"+rep_name+"') "; + rep_name_sql = " AND UPPER(cr.title) LIKE UPPER(?) "; + rep_name_sql_value = "%"+rep_name; break; case "2": - rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%"+rep_name+"%') "; + rep_name_sql = " AND UPPER(cr.title) LIKE UPPER(?) "; + rep_name_sql_value = "%"+rep_name+"%"; break; default: - rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%%') "; + rep_name_sql = " AND UPPER(cr.title) LIKE UPPER(?) "; + rep_name_sql_value = "%%"; break; } } else { - rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%"+rep_name+"%') "; //contains is default + rep_name_sql = " AND UPPER(cr.title) LIKE UPPER(?) "; //contains is default + rep_name_sql_value = "%"+rep_name+"%"; } } else { - rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%%') "; + rep_name_sql = " AND UPPER(cr.title) LIKE UPPER(?) "; + rep_name_sql_value = "%%"; } sql = sql.replace("[fReportName]",rep_name_sql); @@ -365,7 +377,7 @@ public class SearchHandler extends org.onap.portalsdk.analytics.RaptorObject { sql = sql.replace("[roleList.toString()]", roleList.toString()); //System.out.println("query is for search list is : " + sql); - DataSet ds = DbUtils.executeQuery(sql); + DataSet ds = DbUtils.executeQuery(sql, rep_name_sql_value, rep_id_sql_value); ReportSearchResultJSON rsr = new ReportSearchResultJSON(0, 6, 7); rsr.parseData(ds, request, 0, 20, 6, 7); diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java index e179d388..37d3612c 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java @@ -39,6 +39,7 @@ package org.onap.portalsdk.analytics.system; import java.sql.CallableStatement; import java.sql.Connection; +import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; @@ -46,6 +47,7 @@ import java.sql.Types; import javax.sql.DataSource; +import org.apache.commons.lang3.StringUtils; import org.onap.portalsdk.analytics.error.RaptorException; import org.onap.portalsdk.analytics.error.ReportSQLException; import org.onap.portalsdk.analytics.model.runtime.ReportRuntime; @@ -200,6 +202,35 @@ public class DbUtils { throw new ReportSQLException(e.getMessage(), sql); } } // executeQuery + + public static DataSet executeQuery(String sql, String reportName, String reportID) throws ReportSQLException { + Connection con = null; + try { + con = getConnection(); + PreparedStatement preparedStatement = con.prepareStatement(sql); + if(StringUtils.isNotBlank(reportID)) { + preparedStatement.setString(1, reportID); + preparedStatement.setString(2, reportName); + }else { + preparedStatement.setString(1, reportName); + } + + try(ResultSet rs = preparedStatement.executeQuery();) + { + logger.debug(EELFLoggerDelegate.debugLogger, ("[SQL CALL FROM RAPTOR] [SQL] " + sql)); + return new DataSet(rs, Integer.MAX_VALUE); + } + } catch (SQLException e) { + throw new ReportSQLException(e.getMessage(), sql); + } catch (ReportSQLException ex) { + logger.error(EELFLoggerDelegate.debugLogger, ("Error " + sql)); + throw new ReportSQLException(ex.getMessage(), ex); + }catch(Exception ex1) { + throw new ReportSQLException(ex1.getMessage(), ex1.getCause()); + } finally { + clearConnection(con); + } + } // executeQuery public static DataSet executeQuery(String sql) throws ReportSQLException { return executeQuery(sql, Integer.MAX_VALUE); diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java index c761bdcc..dbecbbd8 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java @@ -671,7 +671,9 @@ public class RaptorControllerAsync extends RestrictedBaseController { ReportRuntime rr = null; boolean newReport = false; MessageJSON messageJSON = new MessageJSON(); - + if("-1".equals(id)) { + id = "Create"; + } try { if (id.equals("InSession")) { rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION); -- cgit 1.2.3-korg