FINERACT-1943 Transaction and datatable GET queries #3386
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marta-jankovics
force-pushed
the
FINERACT-1943
branch
from
2fa835f
to
4317c93
Compare
adamsaghy
reviewed
Aug 22, 2023
| @@ -173,7 +232,9 @@ public static Object parseAndValidateColumnValue(final ResultsetColumnHeaderData | |||
| if (StringUtils.isEmpty(columnValue)) { | |||
| return columnValue; | |||
| } | |||
| SQLInjectionValidator.validateDynamicQuery(columnValue); | |||
| if (strict) { | |||
There was a problem hiding this comment.
Can you please help me to understand why we need this?
There was a problem hiding this comment.
strict: for stored procedures we do not want to validate the column values against injections to be inserted/updated/searched for.
sqlGenerator parameter instead of dialect, to fulfil @galovics request to avoid static methods on services.
There was a problem hiding this comment.
are we using/planning to use stored procedures?
There was a problem hiding this comment.
We are already using prepared statements on the newly implemented transaction and datatable get queries. Switch to prepared statements for datatable entry insert/update will come with the next PR.
adamsaghy
reviewed
Aug 22, 2023
fineract-provider/src/main/java/org/apache/fineract/portfolio/search/service/SearchUtil.java
Show resolved
Hide resolved
adamsaghy
reviewed
Aug 22, 2023
.../apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImplTest.java
Show resolved
Hide resolved
adamsaghy
reviewed
Aug 22, 2023
fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/PagedRequest.java
Show resolved
Hide resolved
marta-jankovics
force-pushed
the
FINERACT-1943
branch
from
4317c93
to
eb202b2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Describe the changes made and why they were made.
Ignore if these details are present on the associated Apache Fineract JIRA ticket.
Checklist
Please make sure these boxes are checked before submitting your pull request - thanks!
Write the commit message as per https://github.com/apache/fineract/#pull-requests
Acknowledge that we will not review PRs that are not passing the build ("green") - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers.
Create/update unit or integration tests for verifying the changes made.
Follow coding conventions at https://cwiki.apache.org/confluence/display/FINERACT/Coding+Conventions.
Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes
Submission is not a "code dump". (Large changes can be made "in repository" via a branch. Ask on the developer mailing list for guidance, if required.)
FYI our guidelines for code reviews are at https://cwiki.apache.org/confluence/display/FINERACT/Code+Review+Guide.