Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Fix sql injection vulnerability"
[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / portal / service / UserRolesCommonServiceImpl.java
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 39aed6b..a440c31 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -539,7 +539,10 @@ public class UserRolesCommonServiceImpl  {
                                        // Delete from fn_user_role
                                        @SuppressWarnings("unchecked")
                                        List<EPUserApp> userRoles = localSession.createQuery(
-                                                       "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId)
+                                                       "from :name where app.id=:appId and role_id=:roleId")
+                                                       .setParameter("name",EPUserApp.class.getName())
+                                                       .setParameter("appId",appId)
+                                                       .setParameter("roleId",roleId)
                                                        .list();
 
                                        logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size());
ARCHIVED- 2022-02-15 at the request of the project