Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Fix sql injection vulnerability"
[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / portal / service / UserRolesCommonServiceImpl.java
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index ae1670d..39aed6b 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -495,9 +495,13 @@ public class UserRolesCommonServiceImpl  {
                        transaction = localSession.beginTransaction();
                        // Attention! All roles from remote application supposed to be
                        // active!
+
                        @SuppressWarnings("unchecked")
-                       List<EPRole> currentAppRoles = localSession
-                                       .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list();
+                       List<EPRole> currentAppRoles = localSession.createQuery("from :name where appId = :appId")
+                                       .setParameter("name",EPRole.class.getName())
+                                       .setParameter("appId",appId)
+                                       .list();
+
                        List<EPRole> obsoleteRoles = new ArrayList<EPRole>();
                        for (int i = 0; i < currentAppRoles.size(); i++) {
                                EPRole oldAppRole = currentAppRoles.get(i);
ARCHIVED- 2022-02-15 at the request of the project