Merge "Fix sql injection vulnerability"

[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / portal / service / UserRolesCommonServiceImpl.java

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 656cf9e..1d9ed57 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -587,8 +587,9 @@ public class UserRolesCommonServiceImpl  {
                                                                        "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url");
                                                        @SuppressWarnings("unchecked")
                                                        List<FunctionalMenuItem> funcMenuItems = localSession
-                                                                       .createQuery(
-                                                                                       "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId)
+                                                                       .createQuery("from :name where menuId=:menuId")
+                                                                       .setParameter("name",FunctionalMenuItem.class.getName())
+                                                                       .setParameter("menuId",menuId)
                                                                        .list();
                                                        if (funcMenuItems.size() > 0) {
                                                                logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item");