You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/06/15 11:18:20 UTC
[3/4] git commit: updated refs/heads/master to 0f4aac7
Fix 3 findbugs SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING warnings in Upgrade410to420.java There was no risk of sql injection here, nor any need to use PreparedStatement, still this fixes the warnings
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
This closes #443
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/117870c1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/117870c1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/117870c1
Branch: refs/heads/master
Commit: 117870c1213c2ff0d5e34f0cf713a2b94502033d
Parents: 4eaa613
Author: Rafael da Fonseca <rs...@gmail.com>
Authored: Sun Jun 14 19:27:06 2015 +0200
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jun 15 12:17:51 2015 +0300
----------------------------------------------------------------------
.../src/com/cloud/upgrade/dao/Upgrade410to420.java | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/117870c1/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
index b32947a..51da73f 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
@@ -250,8 +250,10 @@ public class Upgrade410to420 implements DbUpgrade {
private String getConfigurationParameter(Connection conn, String category, String paramName) {
try (PreparedStatement pstmt =
- conn.prepareStatement("select value from `cloud`.`configuration` where category='" + category + "' and value is not NULL and name = '" + paramName + "';");)
+ conn.prepareStatement("select value from `cloud`.`configuration` where category=? and value is not NULL and name = ?;");)
{
+ pstmt.setString(1, category);
+ pstmt.setString(2, paramName);
try(ResultSet rs = pstmt.executeQuery();) {
while (rs.next()) {
return rs.getString("value");
@@ -266,8 +268,10 @@ public class Upgrade410to420 implements DbUpgrade {
}
private void setConfigurationParameter(Connection conn, String category, String paramName, String paramVal) {
- try (PreparedStatement pstmt = conn.prepareStatement("UPDATE `cloud`.`configuration` SET value = '" + paramVal + "' WHERE name = '" + paramName + "';");)
+ try (PreparedStatement pstmt = conn.prepareStatement("UPDATE `cloud`.`configuration` SET value = ? WHERE name = ?;");)
{
+ pstmt.setString(1, paramVal);
+ pstmt.setString(2, paramName);
s_logger.debug("Updating global configuration parameter " + paramName + " with value " + paramVal + ". Update SQL statement is " + pstmt);
pstmt.executeUpdate();
} catch (SQLException e) {
@@ -683,8 +687,8 @@ public class Upgrade410to420 implements DbUpgrade {
trafficType = "Guest";
}
try(PreparedStatement sel_pstmt =
- conn.prepareStatement("select physical_network_id, traffic_type, vmware_network_label from physical_network_traffic_types where vmware_network_label is not NULL and traffic_type='" +
- trafficType + "';");) {
+ conn.prepareStatement("select physical_network_id, traffic_type, vmware_network_label from physical_network_traffic_types where vmware_network_label is not NULL and traffic_type=?;");) {
+ pstmt.setString(1, trafficType);
try(ResultSet rsLabel = sel_pstmt.executeQuery();) {
newLabel = getNewLabel(rsLabel, trafficTypeVswitchParamValue);
try(PreparedStatement update_pstmt =