You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/06/15 11:18:19 UTC

[2/4] git commit: updated refs/heads/master to 0f4aac7

Fix findbugs SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING warning in Upgrade30xBase.java There was no risk of sql injection here, nor any need to use PreparedStatement, still, this fixes the warning

Signed-off-by: Rohit Yadav <ro...@shapeblue.com>

This closes #442


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4eaa613a
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4eaa613a
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4eaa613a

Branch: refs/heads/master
Commit: 4eaa613a0b78283bfeffa68a499df720a9fe45bf
Parents: 869cc0c
Author: Rafael da Fonseca <rs...@gmail.com>
Authored: Sun Jun 14 19:17:14 2015 +0200
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jun 15 12:17:49 2015 +0300

----------------------------------------------------------------------
 engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4eaa613a/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java
index 4a41857..aacede0 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java
@@ -32,12 +32,13 @@ public abstract class Upgrade30xBase implements DbUpgrade {
     final static Logger s_logger = Logger.getLogger(Upgrade30xBase.class);
 
     protected String getNetworkLabelFromConfig(Connection conn, String name) {
-        String sql = "SELECT value FROM `cloud`.`configuration` where name = '" + name + "'";
+        String sql = "SELECT value FROM `cloud`.`configuration` where name = ?";
         String networkLabel = null;
         PreparedStatement pstmt = null;
         ResultSet rs = null;
         try {
             pstmt = conn.prepareStatement(sql);
+            pstmt.setString(1,name);
             rs = pstmt.executeQuery();
             if (rs.next()) {
                 networkLabel = rs.getString(1);