You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@fineract.apache.org by GitBox <gi...@apache.org> on 2022/04/07 10:15:23 UTC
[GitHub] [fineract] taskain7 opened a new pull request, #2266: FINERACT-1483: fix Sonar Security Hotspots
taskain7 opened a new pull request, #2266:
URL: https://github.com/apache/fineract/pull/2266
## Description
Concatenated SQL queries have been changed to prepared statement.
SQL String literals have been checked with OWASP for MySQL and Postgresql escapeLiteral for PSQL.
Reviwed SQL queries have been tagged witj `//NOSONAR`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] galovics merged pull request #2266: FINERACT-1483: fix Sonar Security Hotspots
Posted by GitBox <gi...@apache.org>.
galovics merged PR #2266:
URL: https://github.com/apache/fineract/pull/2266
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] vidakovic commented on pull request #2266: FINERACT-1483: fix Sonar Security Hotspots
Posted by GitBox <gi...@apache.org>.
vidakovic commented on PR #2266:
URL: https://github.com/apache/fineract/pull/2266#issuecomment-1095027240
Give me a ping when you want these to appear downstream... looks like it should be synced sooner than later.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] galovics commented on a diff in pull request #2266: FINERACT-1483: fix Sonar Security Hotspots
Posted by GitBox <gi...@apache.org>.
galovics commented on code in PR #2266:
URL: https://github.com/apache/fineract/pull/2266#discussion_r846010986
##########
fineract-provider/src/main/java/org/apache/fineract/portfolio/account/service/PortfolioAccountReadPlatformServiceImpl.java:
##########
@@ -119,25 +119,25 @@ public PortfolioAccountData retrieveOne(final Long accountId, final Integer acco
case LOAN:
sql = "select " + this.loanAccountMapper.schema() + " where ";
if (portfolioAccountDTO.getClientId() != null) {
- sql += " la.client_id = ? and la.loan_status_id in (" + defaultAccountStatus.toString() + ") ";
+ sql += " la.client_id = ? and la.loan_status_id in (" + defaultAccountStatus + ") ";
sqlParams.add(portfolioAccountDTO.getClientId());
} else {
- sql += " la.loan_status_id in (" + defaultAccountStatus.toString() + ") ";
+ sql += " la.loan_status_id in (" + defaultAccountStatus + ") ";
Review Comment:
Same here.
##########
fineract-provider/src/main/java/org/apache/fineract/portfolio/address/service/AddressReadPlatformServiceImpl.java:
##########
@@ -198,31 +198,31 @@ public AddressData mapRow(final ResultSet rs, @SuppressWarnings("unused") final
final AddMapper rm = new AddMapper();
final String sql = "select " + rm.schema() + " and ca.client_id=? and ca.address_type_id=?";
- return this.jdbcTemplate.query(sql, rm, new Object[] { clientid, typeid });
+ return this.jdbcTemplate.query(sql, rm, new Object[] { clientid, typeid }); // NOSONAR
}
@Override
public Collection<AddressData> retrieveAddressbyTypeAndStatus(final long clientid, final long typeid, final String status) {
this.context.authenticatedUser();
- Boolean temp = false;
+ boolean temp;
Review Comment:
Can you merge these 2 lines into 1? Makes more sense.
##########
fineract-provider/src/main/java/org/apache/fineract/portfolio/account/service/PortfolioAccountReadPlatformServiceImpl.java:
##########
@@ -119,25 +119,25 @@ public PortfolioAccountData retrieveOne(final Long accountId, final Integer acco
case LOAN:
sql = "select " + this.loanAccountMapper.schema() + " where ";
if (portfolioAccountDTO.getClientId() != null) {
- sql += " la.client_id = ? and la.loan_status_id in (" + defaultAccountStatus.toString() + ") ";
+ sql += " la.client_id = ? and la.loan_status_id in (" + defaultAccountStatus + ") ";
sqlParams.add(portfolioAccountDTO.getClientId());
} else {
- sql += " la.loan_status_id in (" + defaultAccountStatus.toString() + ") ";
+ sql += " la.loan_status_id in (" + defaultAccountStatus + ") ";
}
if (portfolioAccountDTO.getCurrencyCode() != null) {
sql += " and la.currency_code = ?";
sqlParams.add(portfolioAccountDTO.getCurrencyCode());
}
- accounts = this.jdbcTemplate.query(sql, this.loanAccountMapper, sqlParams.toArray());
+ accounts = this.jdbcTemplate.query(sql, this.loanAccountMapper, sqlParams.toArray()); // NOSONAR
break;
case SAVINGS:
sql = "select " + this.savingsAccountMapper.schema() + " where ";
if (portfolioAccountDTO.getClientId() != null) {
- sql += " sa.client_id = ? and sa.status_enum in (" + defaultAccountStatus.toString() + ") ";
+ sql += " sa.client_id = ? and sa.status_enum in (" + defaultAccountStatus + ") ";
sqlParams.add(portfolioAccountDTO.getClientId());
} else {
- sql += " sa.status_enum in (" + defaultAccountStatus.toString() + ") ";
+ sql += " sa.status_enum in (" + defaultAccountStatus + ") ";
Review Comment:
same here
##########
fineract-provider/src/main/java/org/apache/fineract/portfolio/account/service/PortfolioAccountReadPlatformServiceImpl.java:
##########
@@ -119,25 +119,25 @@ public PortfolioAccountData retrieveOne(final Long accountId, final Integer acco
case LOAN:
sql = "select " + this.loanAccountMapper.schema() + " where ";
if (portfolioAccountDTO.getClientId() != null) {
- sql += " la.client_id = ? and la.loan_status_id in (" + defaultAccountStatus.toString() + ") ";
+ sql += " la.client_id = ? and la.loan_status_id in (" + defaultAccountStatus + ") ";
Review Comment:
Don't we want to move the defaultAccountStatus into a parameter as well?
##########
fineract-provider/src/main/java/org/apache/fineract/portfolio/address/service/AddressReadPlatformServiceImpl.java:
##########
@@ -198,31 +198,31 @@ public AddressData mapRow(final ResultSet rs, @SuppressWarnings("unused") final
final AddMapper rm = new AddMapper();
final String sql = "select " + rm.schema() + " and ca.client_id=? and ca.address_type_id=?";
- return this.jdbcTemplate.query(sql, rm, new Object[] { clientid, typeid });
+ return this.jdbcTemplate.query(sql, rm, new Object[] { clientid, typeid }); // NOSONAR
}
@Override
public Collection<AddressData> retrieveAddressbyTypeAndStatus(final long clientid, final long typeid, final String status) {
this.context.authenticatedUser();
- Boolean temp = false;
+ boolean temp;
temp = Boolean.parseBoolean(status);
final AddMapper rm = new AddMapper();
final String sql = "select " + rm.schema() + " and ca.client_id=? and ca.address_type_id=? and ca.is_active=?";
- return this.jdbcTemplate.query(sql, rm, new Object[] { clientid, typeid, temp });
+ return this.jdbcTemplate.query(sql, rm, new Object[] { clientid, typeid, temp }); // NOSONAR
}
@Override
public Collection<AddressData> retrieveAddressbyStatus(final long clientid, final String status) {
this.context.authenticatedUser();
- Boolean temp = false;
+ boolean temp;
Review Comment:
Same here.
##########
fineract-provider/src/main/java/org/apache/fineract/portfolio/account/service/PortfolioAccountReadPlatformServiceImpl.java:
##########
@@ -119,25 +119,25 @@ public PortfolioAccountData retrieveOne(final Long accountId, final Integer acco
case LOAN:
sql = "select " + this.loanAccountMapper.schema() + " where ";
if (portfolioAccountDTO.getClientId() != null) {
- sql += " la.client_id = ? and la.loan_status_id in (" + defaultAccountStatus.toString() + ") ";
+ sql += " la.client_id = ? and la.loan_status_id in (" + defaultAccountStatus + ") ";
sqlParams.add(portfolioAccountDTO.getClientId());
} else {
- sql += " la.loan_status_id in (" + defaultAccountStatus.toString() + ") ";
+ sql += " la.loan_status_id in (" + defaultAccountStatus + ") ";
}
if (portfolioAccountDTO.getCurrencyCode() != null) {
sql += " and la.currency_code = ?";
sqlParams.add(portfolioAccountDTO.getCurrencyCode());
}
- accounts = this.jdbcTemplate.query(sql, this.loanAccountMapper, sqlParams.toArray());
+ accounts = this.jdbcTemplate.query(sql, this.loanAccountMapper, sqlParams.toArray()); // NOSONAR
break;
case SAVINGS:
sql = "select " + this.savingsAccountMapper.schema() + " where ";
if (portfolioAccountDTO.getClientId() != null) {
- sql += " sa.client_id = ? and sa.status_enum in (" + defaultAccountStatus.toString() + ") ";
+ sql += " sa.client_id = ? and sa.status_enum in (" + defaultAccountStatus + ") ";
Review Comment:
same here
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] galovics commented on pull request #2266: FINERACT-1483: fix Sonar Security Hotspots
Posted by GitBox <gi...@apache.org>.
galovics commented on PR #2266:
URL: https://github.com/apache/fineract/pull/2266#issuecomment-1095014188
Good job. I'll wait for the builds to finish then I'll merge it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org