[Management] GetOfferByID - Potential injection

SENG3150Connections / Project

Final Project

http://203.9.224.192

0 stars 0 forks source link

[Management] GetOfferByID - Potential injection #15

Closed ScottWalkerAU closed 6 years ago

ScottWalkerAU commented 6 years ago

File: Management.Actions.GetOfferByID.java Line: 34 Issue: SQL Injection is possible with the .where("id=" + id) function call, sanitisation is required.

Suggested solution: Replace with .where(HOTELS.ID.eq(UInteger.valueOf(id)))

Freakout2114 commented 6 years ago

Followed the Suggested solution and updated the code accordingly.