Skip to content

Commit

Permalink
Merge pull request #547 from shikoko/ANDROID-779
Browse files Browse the repository at this point in the history 
ANDROID-779 Fix SQL injection vulnerability exposed in veracode report
  • Loading branch information
@shikoko
shikoko authored Jun 12, 2019
2 parents 1b5238b + 32faa43 commit 0b1fb6f
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions .../java/org/alfresco/mobile/android/application/providers/search/HistorySearchProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@
package org.alfresco.mobile.android.application.providers.search;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;

import org.alfresco.mobile.android.application.database.DatabaseManagerImpl;
import org.alfresco.mobile.android.platform.database.DatabaseManager;
Expand Down Expand Up @@ -141,7 +143,9 @@ public Cursor query(Uri uri, String[] projection, String selection, String[] sel
// Check if the caller has requested a column which does not exists
checkColumns(projection);

queryBuilder.setStrict(true);
queryBuilder.setTables(HistorySearchSchema.TABLENAME);
queryBuilder.setProjectionMap(createProjectionMap(projection));

int uriType = URI_MATCHER.match(uri);
switch (uriType)
Expand Down Expand Up @@ -206,4 +210,12 @@ private void checkColumns(String[] projection)
"Unknown columns in projection"); }
}
}

private Map<String, String> createProjectionMap(String[] projection) {
Map<String, String> projectionMap = new HashMap<>();
for (String column : projection) {
projectionMap.put(column, column);
}
return projectionMap;
}
}

0 comments on commit 0b1fb6f

Please sign in to comment.