You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@fineract.apache.org by GitBox <gi...@apache.org> on 2022/03/03 12:47:22 UTC
[GitHub] [fineract] josemakara2 opened a new pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
josemakara2 opened a new pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
## Description
See FINERACT-1343
Work in progress ..
## Checklist
Please make sure these boxes are checked before submitting your pull request - thanks!
- [x] Write the commit message as per https://github.com/apache/fineract/#pull-requests
- [x] Acknowledge that we will not review PRs that are not passing the build _("green")_ - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers.
- [ ] Create/update unit or integration tests for verifying the changes made.
- [x] Follow coding conventions at https://cwiki.apache.org/confluence/display/FINERACT/Coding+Conventions.
- [ ] Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/api-docs/apiLive.htm with details of any API changes
- [x] Submission is not a "code dump". (Large changes can be made "in repository" via a branch. Ask on the developer mailing list for guidance, if required.)
FYI our guidelines for code reviews are at https://cwiki.apache.org/confluence/display/FINERACT/Code+Review+Guide.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] awasum commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
awasum commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-915897713
@ptuomola Maybe we should just merge this one if it Look Good. Than to let the bot auto close it again.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] BLasan edited a comment on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
BLasan edited a comment on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-939406742
@josemakara2 Can you resolve the build failure?
`Still running (12 of 60): ./gradlew -q --no-daemon --console=plain licenseMain licenseTest check build test --fail-fast doc
The command ./gradlew -q --no-daemon --console=plain licenseMain licenseTest check build test --fail-fast doc exited with 1.`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-1003317936
Let's see if we can get the build to pass...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-1058588976
I tried to fix this earlier but kept getting some strange classpath conflicts. But a lot has changed since then, so probably worth trying again...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] vidakovic commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
vidakovic commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-1084284512
Closing because it looks abandoned.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] josemakara2 edited a comment on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
josemakara2 edited a comment on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-816988270
Hi Fineract community members,
I would like feedback on this particular commit. It is introducing a new project library dependencies
https://github.com/apache/fineract/pull/1687/commits/2d8f3f0a326992e1804757e27a6f884d582754e5
_Use ESAPI, `The OWASP Enterprise Security API`, Escaping where Prepared Statements with Parameterized Queries is not feasible to mitigate SQL Injection (FINERACT-1343)_
Partly blocked by FINERACT-1343
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] github-actions[bot] commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-1026338483
This pull request seems to be stale. Are you still planning to work on it? We will automatically close it in 30 days.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] awasum edited a comment on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
awasum edited a comment on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-869224245
Woow... This looks like valuable work. @ptuomola , @vorburger . Have time to take a look?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] github-actions[bot] commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-989328955
This pull request seems to be stale. Are you still planning to work on it? We will automatically close it in 30 days.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] github-actions[bot] closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
github-actions[bot] closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-916476864
@awasum Yes, at a quick glance this looks good. I just didn't do anything on this as the comment says "Work in progress". Also the build seems to be failing (could be unrelated) and the comments would need to be squashed. @josemakara2 would you have a chance to finish this off, and we can then merge?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] awasum closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
awasum closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] awasum commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
awasum commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-869224245
Woow... This looks like a valuable work. @ptuomola , @vorburger . Have time to take a look?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] github-actions[bot] commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-848382658
This pull request seems to be stale. Are you still planning to work on it? We will automatically close it in 30 days.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-1003321686
Looks like this is failing because of classpath duplicates. Need to see if we can fix those...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] github-actions[bot] closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
github-actions[bot] closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-876870465
@josemakara2 This looks really good and would definitely be in favour of merging this... just wondered if you had more work planned for this? The description says "Work in progress" and there's also a TODO in the code...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] awasum commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
awasum commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-1084345283
Looking this one... if someone rebased and made it pass the build.. it will fix some of the issues seen here: https://github.com/apache/fineract/security/code-scanning
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] vidakovic closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
vidakovic closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] BLasan commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
BLasan commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-939406742
@josemakara2 Can you resolve the build failure?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] github-actions[bot] commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-894878563
This pull request seems to be stale. Are you still planning to work on it? We will automatically close it in 30 days.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] josemakara2 commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
josemakara2 commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-816988270
Hi Fineract community members,
I would like feedback on this particular commit. It is introducing a new project library dependencies
https://github.com/apache/fineract/pull/1687/commits/2d8f3f0a326992e1804757e27a6f884d582754e5
_Use ESAPI, `The OWASP Enterprise Security API`, Escaping where Prepared Statements with Parameterized Queries is not feasible to mitigate SQL Injection (FINERACT-1343)_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] github-actions[bot] closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
github-actions[bot] closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] BLasan edited a comment on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
BLasan edited a comment on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-939406742
@josemakara2 Can you resolve the build failure?
`Still running (12 of 60): ./gradlew -q --no-daemon --console=plain licenseMain licenseTest check build test --fail-fast doc
The command ./gradlew -q --no-daemon --console=plain licenseMain licenseTest check build test --fail-fast doc exited with 1.`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola closed pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
ptuomola closed pull request #1687:
URL: https://github.com/apache/fineract/pull/1687
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] awasum commented on pull request #1687: PART 2 - Use prepared statements instead of string concatenated SQL everywhere (FINERACT-1343)
Posted by GitBox <gi...@apache.org>.
awasum commented on pull request #1687:
URL: https://github.com/apache/fineract/pull/1687#issuecomment-1058008381
This still looks important... @fynmanoj , @galovics , @ptuomola , @vidakovic ...Anyone interested to make this happen?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org