Merge "Fix sql injection vulnerability"

author Sunder Tattavarada <statta@research.att.com>

Mon, 8 Jul 2019 19:26:49 +0000 (19:26 +0000)

committer Gerrit Code Review <gerrit@onap.org>

Mon, 8 Jul 2019 19:26:49 +0000 (19:26 +0000)
author Sunder Tattavarada <statta@research.att.com>
Mon, 8 Jul 2019 19:26:49 +0000 (19:26 +0000)
committer Gerrit Code Review <gerrit@onap.org>
Mon, 8 Jul 2019 19:26:49 +0000 (19:26 +0000)
diff --cc ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
Simple merge
diff --cc ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java

index 9b5058d,1029650..fb6c325
--- 1/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
--- 2/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
@@@ -446,35 -424,26 +446,37 @@@ public class UserRolesCommonServiceImpl
                 Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles"))
                                 .thenReturn(mockEcompRoleArray);
                 // syncAppRolesTest
- -              Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId()))
+ +
+ +              Mockito.when(session.createQuery("from :name where appId = :appId"))
                                 .thenReturn(epRoleQuery);
+ +
+ +              Mockito.when(epRoleQuery.setParameter("name",EPRole.class.getName())).thenReturn(epRoleQuery);
+ +              Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery);
+ +
                 Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list();
- -              Mockito.when(session.createQuery(
- -                              "from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l))
+ +              Mockito.when(session.createQuery("from :name where app.id=:appId and role_id=:roleId"))
                                 .thenReturn(epUserAppsQuery);
+ +              Mockito.when(epUserAppsQuery.setParameter("name",EPUserApp.class.getName())).thenReturn(epUserAppsQuery);
+ +              Mockito.when(epUserAppsQuery.setParameter("appId",mockApp.getId())).thenReturn(epUserAppsQuery);
+ +              Mockito.when(epUserAppsQuery.setParameter("roleId",15l)).thenReturn(epUserAppsQuery);
                 Mockito.doReturn(mockUserRolesList).when(epUserAppsQuery).list();
   
- -              Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + 15l))
+ +              Mockito.when(session.createQuery("from :name where roleId=:roleId"))
                                 .thenReturn(epFunctionalMenuQuery);
+ +              Mockito.when(epFunctionalMenuQuery.setParameter("name",FunctionalMenuRole.class.getName())).thenReturn(epFunctionalMenuQuery);
+ +              Mockito.when(epFunctionalMenuQuery.setParameter("roleId",15l)).thenReturn(epFunctionalMenuQuery);
                 Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery).list();
   
- -              Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + 10l))
+ +              Mockito.when(session.createQuery("from :name where menuId=:menuId"))
                                 .thenReturn(epFunctionalMenuQuery2);
+ +              Mockito.when(epFunctionalMenuQuery2.setParameter("name",FunctionalMenuRole.class.getName())).thenReturn(epFunctionalMenuQuery2);
+ +              Mockito.when(epFunctionalMenuQuery2.setParameter("menuId",10l)).thenReturn(epFunctionalMenuQuery2);
                 Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list();
   
-               Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l))
+               Mockito.when(session.createQuery("from :name where menuId=:menuId"))
                                 .thenReturn(epFunctionalMenuItemQuery);
+               Mockito.when(epFunctionalMenuItemQuery.setParameter("name",FunctionalMenuItem.class.getName())).thenReturn(epFunctionalMenuItemQuery);
+               Mockito.when(epFunctionalMenuItemQuery.setParameter("menuId",10l)).thenReturn(epFunctionalMenuItemQuery);
                 Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list();
                 List<EcompRole> mockEcompRoleList2 = new ArrayList<>();
                 EcompRole mockUserAppRoles = new EcompRole();
author	Sunder Tattavarada <statta@research.att.com>
	Mon, 8 Jul 2019 19:26:49 +0000 (19:26 +0000)
committer	Gerrit Code Review <gerrit@onap.org>
	Mon, 8 Jul 2019 19:26:49 +0000 (19:26 +0000)
		1	2
ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java	patch \|	diff1 \|	diff2 \|	blob \| history
ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java	patch \|	diff1 \|	diff2 \|	blob \| history