|
If you were logged in you would be able to see more operations.
|
|
|
Seam
Created: 12/Oct/07 03:29 AM
Updated: 14/Oct/07 07:30 AM
|
|
| Component/s: |
Core
|
| Affects Version/s: |
2.0.0.CR2
|
| Fix Version/s: |
2.0.0.CR3
|
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
Environment:
|
Hibernate, PostgreSQL
|
|
Issue Links:
|
Duplicate
|
|
This issue duplicates:
|
|
JBSEAM-2099
Support protection against SQL inject...
|
|
|
|
|
|
|
| Workaround: |
Workaround Exists
|
| Workaround Description: |
Quick fix in derived class:
@Name("blaList")
public class BlaList extends EntityQuery {
[...]
private static final String[] ORDERS = {"name asc","name desc","id asc","id desc"};
@Override
public void setOrder(String order) {
if (Arrays.asList(ORDERS).contains(order)) {
super.setOrder(order);
}
}
Quick fix in derived class:
@Name("blaList")
public class BlaList extends EntityQuery {
[...]
private static final String[] ORDERS = {"name asc","name desc","id asc","id desc"};
@Override
public void setOrder(String order) {
if (Arrays.asList(ORDERS).contains(order)) {
super.setOrder(order);
}
}
|
|
There is a security hole in class: org.jboss.seam.framework.Query in method: getRenderedEjbql(). This method generate EJB-QL query in this way:
if ( getOrder()!=null ) builder.append(" order by ").append( getOrder() );
return builder.toString();
"Order" variable comes from request.
|
|
Description
|
There is a security hole in class: org.jboss.seam.framework.Query in method: getRenderedEjbql(). This method generate EJB-QL query in this way:
if ( getOrder()!=null ) builder.append(" order by ").append( getOrder() );
return builder.toString();
"Order" variable comes from request.
|
Show » |
|
There are no comments yet on this issue.
|
| |
|
|
Bug
Major
