-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FINERACT-1943 Transaction and datatable GET queries #3386
Conversation
2fa835f
to
4317c93
Compare
@@ -173,7 +232,9 @@ public static Object parseAndValidateColumnValue(final ResultsetColumnHeaderData | |||
if (StringUtils.isEmpty(columnValue)) { | |||
return columnValue; | |||
} | |||
SQLInjectionValidator.validateDynamicQuery(columnValue); | |||
if (strict) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please help me to understand why we need this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
strict: for stored procedures we do not want to validate the column values against injections to be inserted/updated/searched for.
sqlGenerator parameter instead of dialect, to fulfil @galovics request to avoid static methods on services.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are we using/planning to use stored procedures?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are already using prepared statements on the newly implemented transaction and datatable get queries. Switch to prepared statements for datatable entry insert/update will come with the next PR.
fineract-provider/src/main/java/org/apache/fineract/portfolio/search/service/SearchUtil.java
Show resolved
Hide resolved
.../apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImplTest.java
Show resolved
Hide resolved
fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/PagedRequest.java
Show resolved
Hide resolved
4317c93
to
eb202b2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Description
Describe the changes made and why they were made.
Ignore if these details are present on the associated Apache Fineract JIRA ticket.
Checklist
Please make sure these boxes are checked before submitting your pull request - thanks!
Write the commit message as per https://github.com/apache/fineract/#pull-requests
Acknowledge that we will not review PRs that are not passing the build ("green") - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers.
Create/update unit or integration tests for verifying the changes made.
Follow coding conventions at https://cwiki.apache.org/confluence/display/FINERACT/Coding+Conventions.
Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes
Submission is not a "code dump". (Large changes can be made "in repository" via a branch. Ask on the developer mailing list for guidance, if required.)
FYI our guidelines for code reviews are at https://cwiki.apache.org/confluence/display/FINERACT/Code+Review+Guide.