Revert "Fix sql injection vulnerability"

This reverts commit 941133a42bad6a1d73c63913a950d1e4bc814fde.
This is required because this commit breaks the portal unit test due
to some other changes that happen between verify job and merge of that commit.

Issue-ID: OJSI-174
Change-Id: Ieb53f8ba23e2b1b05c67ec4d7d51c6d5107cfb87
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index b41dcd7..522579d 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -597,9 +597,8 @@ public class UserRolesCommonServiceImpl  {
                                                                        "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url");
                                                        @SuppressWarnings("unchecked")
                                                        List<FunctionalMenuItem> funcMenuItems = localSession
-                                                                       .createQuery("from :name where menuId=:menuId")
-                                                                       .setParameter("name",FunctionalMenuItem.class.getName())
-                                                                       .setParameter("menuId",menuId)
+                                                                       .createQuery(
+                                                                                       "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId)
                                                                        .list();
                                                        if (funcMenuItems.size() > 0) {
                                                                logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item");

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
index fb6c325..9b5058d 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
@@ -473,10 +473,8 @@ public class UserRolesCommonServiceImplTest {
                Mockito.when(epFunctionalMenuQuery2.setParameter("menuId",10l)).thenReturn(epFunctionalMenuQuery2);
                Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list();
 
-               Mockito.when(session.createQuery("from :name where menuId=:menuId"))
+               Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l))
                                .thenReturn(epFunctionalMenuItemQuery);
-               Mockito.when(epFunctionalMenuItemQuery.setParameter("name",FunctionalMenuItem.class.getName())).thenReturn(epFunctionalMenuItemQuery);
-               Mockito.when(epFunctionalMenuItemQuery.setParameter("menuId",10l)).thenReturn(epFunctionalMenuItemQuery);
                Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list();
                List<EcompRole> mockEcompRoleList2 = new ArrayList<>();
                EcompRole mockUserAppRoles = new EcompRole();