Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: sonar smell findings #2407

Closed
wants to merge 2 commits into from
Closed

fix: sonar smell findings #2407

wants to merge 2 commits into from

Conversation

strehle
Copy link
Member

@strehle strehle commented Jul 17, 2023

@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/185627350

The labels on this github issue will be updated when the story is started.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 17, 2023
View reviewed changes
server/src/main/java/org/cloudfoundry/identity/uaa/resources/jdbc/JdbcPagingList.java
result = result.substring(0, orderByPos);
private String getDBName(String sql) {
String result = "";
Matcher dbNameResult = dbName.matcher(sql);

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data

This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings starting with 'select ' and with many repetitions of 'select a'. This [regular expression](1) that depends on a [user-provided value](3) may run slow on strings starting with 'select ' and with many repetitions of 'select a'. This [regular expression](1) that depends on a [user-provided value](4) may run slow on strings starting with 'select ' and with many repetitions of 'select a'.
server/src/main/java/org/cloudfoundry/identity/uaa/resources/jdbc/JdbcPagingList.java
@@ -73,14 +76,14 @@
this.sql = sql;
this.args = args;
this.mapper = mapper;
this.size = parameterJdbcTemplate.queryForObject(getCountSql(sql), args, Integer.class);
this.size = jdbcTemplate != null ? parameterJdbcTemplate.getJdbcTemplate().queryForObject("select count(*) from " + getDBName(sql), Integer.class) : 0;

Check failure

Code scanning / CodeQL

Query built from user-controlled sources

This query depends on a [user-provided value](1). This query depends on a [user-provided value](2). This query depends on a [user-provided value](3).
@strehle strehle closed this Jul 17, 2023
@strehle strehle deleted the fix/sonar/new-smells branch July 17, 2023 14:54
@cf-gitbot cf-gitbot added accepted Accepted the issue and removed delivered labels Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
accepted Accepted the issue
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@strehle @cf-gitbot