Merge "Fix sql injection vulnerability"

[portal.git] / ecomp-portal-BE-common / src / test / java / org / onap / portalapp / portal / service / UserRolesCommonServiceImplTest.java

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
index d3ac4b9..680d766 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
@@ -454,9 +454,11 @@ public class UserRolesCommonServiceImplTest {
                Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery);
 
                Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list();
-               Mockito.when(session.createQuery(
-                               "from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l))
+               Mockito.when(session.createQuery("from :name where app.id=:appId and role_id=:roleId"))
                                .thenReturn(epUserAppsQuery);
+               Mockito.when(epUserAppsQuery.setParameter("name",EPUserApp.class.getName())).thenReturn(epUserAppsQuery);
+               Mockito.when(epUserAppsQuery.setParameter("appId",mockApp.getId())).thenReturn(epUserAppsQuery);
+               Mockito.when(epUserAppsQuery.setParameter("roleId",15l)).thenReturn(epUserAppsQuery);
                Mockito.doReturn(mockUserRolesList).when(epUserAppsQuery).list();
 
                Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + 15l))