fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [fineract] thesmallstar opened a new pull request #1159: FINERACT-1006 Fixes: NullPointerException at SQLInjectionValidator.va…
Date Mon, 06 Jul 2020 22:20:19 GMT

thesmallstar opened a new pull request #1159:
URL: https://github.com/apache/fineract/pull/1159


   This happened due to 
   ```
     if (searchParameters.isOrderByRequested()) {
                   sqlBuilder.append(" order by ").append(searchParameters.getOrderBy()).append('
').append(searchParameters.getSortOrder());
                   this.columnValidator.validateSqlInjection(sqlBuilder.toString(), searchParameters.getOrderBy(),
                           searchParameters.getSortOrder());
               }
   ```
   -> here, we incorrectly checked if OrderBY was not null but did not check if sortorder
was "not null".
   
   Instead of fixing it here, it is better to fix it in the called function (IMO).
   Since the function SQLvalidateinput can be called either from columnValidator or independently,
I have added check for not null at both the places.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message