Merge pull request #2 from Edunova8/Mobb-fix-2dbfe

Vulnerability fix (powered by Mobb Autofixer)
Edunova8 · May 2, 2024 · b22e861 · b22e861
2 parents 2597006 + cecda60
commit b22e861
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/main/java/com/appsecco/dvja/services/ProductService.java b/src/main/java/com/appsecco/dvja/services/ProductService.java
@@ -45,7 +45,8 @@ public List<Product> findAll() {
     }
 
     public List<Product> findContainingName(String name) {
-        Query query = entityManager.createQuery("SELECT p FROM Product p WHERE p.name LIKE '%" + name + "%'");
+        Query query = entityManager.createQuery("SELECT p FROM Product p WHERE p.name LIKE :name");
+        query.setParameter("name", "%" + name + "%");
         List<Product> resultList = query.getResultList();
 
         return resultList;

diff --git a/src/main/java/com/appsecco/dvja/services/UserService.java b/src/main/java/com/appsecco/dvja/services/UserService.java
@@ -72,7 +72,8 @@ public User findByLogin(String login) {
     }
 
     public User findByLoginUnsafe(String login) {
-        Query query = entityManager.createQuery("SELECT u FROM User u WHERE u.login = '" + login + "'");
+        Query query = entityManager.createQuery("SELECT u FROM User u WHERE u.login = :login");
+        query.setParameter("login", login);
         List<User> resultList = query.getResultList();
 
         if(resultList.size() > 0)