You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@fineract.apache.org by "Manthan Surkar (Jira)" <ji...@apache.org> on 2020/09/22 20:04:00 UTC

[jira] [Created] (FINERACT-1156) SQL injection error with Run Reports

Manthan Surkar created FINERACT-1156:
----------------------------------------

             Summary: SQL injection error with Run Reports
                 Key: FINERACT-1156
                 URL: https://issues.apache.org/jira/browse/FINERACT-1156
             Project: Apache Fineract
          Issue Type: Bug
            Reporter: Manthan Surkar


As reported by Matt 
He faced the SQL injection error while trying to run reports for Active Loans (Pentaho).

After investigating a bit, I found all the the report names that had a "(" faced this issue, this turns out to be a problem with the regex that was designed to accept the report names.


Unrelated: 
This module has a lot of SQL string concatenation and a good place to use our SQLbuilder module ( I will take this)

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)