From: Sunder Tattavarada <statta@research.att.com>
Date: Tue, 18 Jun 2019 16:04:28 +0000 (+0000)
Subject: Merge "Fix sql injection vulnerability"
X-Git-Tag: 3.2.0~272
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=portal.git;a=commitdiff_plain;h=37ea104d5c99b4100381cc0e8e79be3feb98a0ec

Merge "Fix sql injection vulnerability"
---

37ea104d5c99b4100381cc0e8e79be3feb98a0ec
diff --cc ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
index d3ac4b9e,bb6f1676..680d766d
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
@@@ -446,17 -424,14 +446,19 @@@ public class UserRolesCommonServiceImpl
  		Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles"))
  				.thenReturn(mockEcompRoleArray);
  		// syncAppRolesTest
 -		Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId()))
 +
 +		Mockito.when(session.createQuery("from :name where appId = :appId"))
  				.thenReturn(epRoleQuery);
 +
 +		Mockito.when(epRoleQuery.setParameter("name",EPRole.class.getName())).thenReturn(epRoleQuery);
 +		Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery);
 +
  		Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list();
- 		Mockito.when(session.createQuery(
- 				"from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l))
+ 		Mockito.when(session.createQuery("from :name where app.id=:appId and role_id=:roleId"))
  				.thenReturn(epUserAppsQuery);
+ 		Mockito.when(epUserAppsQuery.setParameter("name",EPUserApp.class.getName())).thenReturn(epUserAppsQuery);
+ 		Mockito.when(epUserAppsQuery.setParameter("appId",mockApp.getId())).thenReturn(epUserAppsQuery);
+ 		Mockito.when(epUserAppsQuery.setParameter("roleId",15l)).thenReturn(epUserAppsQuery);
  		Mockito.doReturn(mockUserRolesList).when(epUserAppsQuery).list();
  
  		Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + 15l))