cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject git commit: updated refs/heads/master to 1407033
Date Wed, 17 Jun 2015 20:38:50 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master f3afcb089 -> 1407033cc


Fix findbugs SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING warning in UserVmDaoImpl.java
detail field was vulnerable

Signed-off-by: Daan Hoogland <daan.hoogland@gmail.com>

This closes #473


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1407033c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1407033c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1407033c

Branch: refs/heads/master
Commit: 1407033cc2e0742653d82bb0181c041b31253693
Parents: f3afcb0
Author: Rafael da Fonseca <rsafonseca@gmail.com>
Authored: Wed Jun 17 20:08:06 2015 +0200
Committer: Daan Hoogland <daan.hoogland@gmail.com>
Committed: Wed Jun 17 22:38:19 2015 +0200

----------------------------------------------------------------------
 engine/schema/src/com/cloud/vm/dao/UserVmDaoImpl.java | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1407033c/engine/schema/src/com/cloud/vm/dao/UserVmDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/dao/UserVmDaoImpl.java b/engine/schema/src/com/cloud/vm/dao/UserVmDaoImpl.java
index 5fa3b06..14870e7 100644
--- a/engine/schema/src/com/cloud/vm/dao/UserVmDaoImpl.java
+++ b/engine/schema/src/com/cloud/vm/dao/UserVmDaoImpl.java
@@ -105,9 +105,7 @@ public class UserVmDaoImpl extends GenericDaoBase<UserVmVO, Long>
implements Use
             + "left join networks on nics.network_id=networks.id " + "left join user_ip_address
on user_ip_address.vm_id=vm_instance.id " + "where vm_instance.id in (";
 
     private static final String VMS_DETAIL_BY_NAME = "select vm_instance.instance_name, vm_instance.vm_type,
vm_instance.id , user_vm_details.value, user_vm_details.name from vm_instance "
-            + "left join user_vm_details on vm_instance.id = user_vm_details.vm_id where
(user_vm_details.name is null or user_vm_details.name = '";
-
-    private static final String VMS_DETAIL_BY_NAME2 = "') and vm_instance.instance_name in
(";
+            + "left join user_vm_details on vm_instance.id = user_vm_details.vm_id where
(user_vm_details.name is null or user_vm_details.name = ? ) and vm_instance.instance_name
in (";
 
     private static final int VM_DETAILS_BATCH_SIZE = 100;
 
@@ -645,8 +643,9 @@ public class UserVmDaoImpl extends GenericDaoBase<UserVmVO, Long>
implements Use
 
         PreparedStatement pstmt = null;
         try {
-            pstmt = txn.prepareStatement(VMS_DETAIL_BY_NAME + detail + VMS_DETAIL_BY_NAME2
+ getQueryBatchAppender(vmNames.size()));
-            int i = 1;
+            pstmt = txn.prepareStatement(VMS_DETAIL_BY_NAME + getQueryBatchAppender(vmNames.size()));
+            pstmt.setString(1, detail);
+            int i = 2;
             for(String name : vmNames) {
                 pstmt.setString(i, name);
                 i++;


Mime
View raw message