From 71525f539001ffab18215acbbbb92fef1d863860 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Wed, 10 Jul 2019 19:59:13 +0200 Subject: [PATCH] Revert "Fix sql injection vulnerability" This reverts commit 941133a42bad6a1d73c63913a950d1e4bc814fde. This is required because this commit breaks the portal unit test due to some other changes that happen between verify job and merge of that commit. Issue-ID: OJSI-174 Change-Id: Ieb53f8ba23e2b1b05c67ec4d7d51c6d5107cfb87 Signed-off-by: Krzysztof Opasiak --- .../onap/portalapp/portal/service/UserRolesCommonServiceImpl.java | 5 ++--- .../portalapp/portal/service/UserRolesCommonServiceImplTest.java | 4 +--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index b41dcd7a..522579d8 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -597,9 +597,8 @@ public class UserRolesCommonServiceImpl { "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url"); @SuppressWarnings("unchecked") List funcMenuItems = localSession - .createQuery("from :name where menuId=:menuId") - .setParameter("name",FunctionalMenuItem.class.getName()) - .setParameter("menuId",menuId) + .createQuery( + "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId) .list(); if (funcMenuItems.size() > 0) { logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item"); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java index fb6c325c..9b5058d3 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java @@ -473,10 +473,8 @@ public class UserRolesCommonServiceImplTest { Mockito.when(epFunctionalMenuQuery2.setParameter("menuId",10l)).thenReturn(epFunctionalMenuQuery2); Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list(); - Mockito.when(session.createQuery("from :name where menuId=:menuId")) + Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l)) .thenReturn(epFunctionalMenuItemQuery); - Mockito.when(epFunctionalMenuItemQuery.setParameter("name",FunctionalMenuItem.class.getName())).thenReturn(epFunctionalMenuItemQuery); - Mockito.when(epFunctionalMenuItemQuery.setParameter("menuId",10l)).thenReturn(epFunctionalMenuItemQuery); Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list(); List mockEcompRoleList2 = new ArrayList<>(); EcompRole mockUserAppRoles = new EcompRole(); -- 2.16.6