Code Review / dmaap / datarouter.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Fix new sonar vulnerabilities
[dmaap/datarouter.git] / datarouter-prov / src / main / java / org / onap / dmaap / datarouter / provisioning / beans / Group.java
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
index a460d64..91d6c1b 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
@@ -133,14 +133,15 @@ public class Group extends Syncable {
     }\r
 \r
     public static Collection<String> getGroupsByClassfication(String classfication) {\r
-        List<String> list = new ArrayList<String>();\r
-        String sql = "select * from GROUPS where classification = '" + classfication + "'";\r
+        List<String> list = new ArrayList<>();\r
+        String sql = "select * from GROUPS where classification = ?";\r
         try {\r
             DB db = new DB();\r
             @SuppressWarnings("resource")\r
             Connection conn = db.getConnection();\r
-            try(Statement stmt = conn.createStatement()) {\r
-                try(ResultSet rs = stmt.executeQuery(sql)) {\r
+            try(PreparedStatement stmt = conn.prepareStatement(sql)) {\r
+                stmt.setString(1, classfication);\r
+                try(ResultSet rs = stmt.executeQuery()) {\r
                     while (rs.next()) {\r
                         int groupid = rs.getInt("groupid");\r
 \r
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API