+Manthan:
On Tue, Sep 22, 2020 at 8:42 AM Mexina Daniel <[email protected]> wrote:
> Hi Michael
>
> See the file attached from Tube.
>
> Seems it wasn't attached in the mail list.
>
oh, I had not noticed that (it's best to point out if something is
attached). So here is the error, it's better to include it in the email
body text, so that search engines can find it:
java.lang.NullPointerException
at
org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput(SQLInjectionValidator.java:36)
at
org.apache.fineract.infrastructure.security.utils.ColumnValidator.validateSqlInjection(ColumnValidator.java:95)
at
org.apache.fineract.infrastructure.dataqueries.service.ReadWriteNonCoreDataServiceImpl.retrieveDataTableGenericResultSet(ReadWriteNonCoreDataServiceImpl.java:1190)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201)
at com.sun.proxy.$Proxy145.retrieveDataTableGenericResultSet(Unknown
Source)
at
org.apache.fineract.infrastructure.dataqueries.api.DatatablesApiResource.getDatatable(DatatablesApiResource.java:174)
if we look at
https://github.com/apache/fineract/blob/develop/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java,
we can see that line 1190 no longer calls validateSqlInjection(), so this
is presumably from an older (or forked) version of that code. But the only
use of validateSqlInjection() in ReadWriteNonCoreDataServiceImpl has now
moved to line 1235. Assuming that's the one, then this problem has
something to do with the order parameter to the
{datatable}/{apptableId}/{datatableId} REST API... what did you specify as
"order"? Try simply without order for a test - it probably works better,
right?
BTW we (Manthan) fixed something which may well be (I'm not 100% sure)
related to this in 1.4.0 - check out
https://issues.apache.org/jira/browse/FINERACT-1066. Can you try upgrading
to and using 1.4.0?
PS we're trying to eventually remove the entire SQLInjectionValidator
altogether, watch https://issues.apache.org/jira/browse/FINERACT-1095..
there's more work left to achieve that, including e.g.
https://issues.apache.org/jira/browse/FINERACT-1058. Manthan, when you got
to that, or anyone else interested in joining the party and helping re.
this, looks to me like ReadWriteNonCoreDataServiceImpl is another place
that could benefit from using our SqlBuilder utility instead of the buggy
SQLInjectionValidator.
Daniel & Tube, hope this helps? Let me know if it did, always happy to hear.
> Best Regards
> ---
>
> Mexina Daniel
>
> Managing Director
>
> Singo Africa Limited ~~ *adding value*
>
> Magomeni-Makumbusho | Morogoro Rd/Ruaha Str.
>
> Opp. Usalama BRT | Watumishi House, Wing B, Gnd Flr.
>
> P.O BOX 78908 | 14121 Dar es salaam
>
> +255 71 211 0791
>
> amala.co.tz | singo.africa
>
>
>
> On 14-09-2020 14:45, Michael Vorburger wrote:
>
> As far as one can tell from reading the email thread below, this just
> seems to be a question about how to use data tables feature?
>
> I'm not seeing anything below offering any details about anything related
> to an SQL Injection vulnerability.
>
>
> On Mon, 14 Sep 2020, 13:34 Mexina Daniel, <[email protected]> wrote:
>
>> Hello Tube
>>
>> I have cc'd the community so that if there is anyone with a solution can
>> share.
>>
>> Hello Community
>>
>> Can someone help as i haven't yet understood what could be the problem, i
>> have attached the log file he shared.
>>
>> I can see there is an issue with SQLInjection.
>>
>> Best Regards
>> ---
>>
>> Mexina Daniel
>>
>> Managing Director
>>
>> Singo Africa Limited ~~ *adding value*
>>
>> Magomeni-Makumbusho | Morogoro Rd/Ruaha Str.
>>
>> Opp. Usalama BRT | Watumishi House, Wing B, Gnd Flr.
>>
>> P.O BOX 78908 | 14121 Dar es salaam
>>
>> +255 71 211 0791
>>
>> amala.co.tz | singo.africa
>>
>>
>>
>> On 14-09-2020 13:00, ጓይላና Tube wrote:
>>
>> hello
>>
>> Here is the log file.
>>
>> Best Regards
>>
>> On Mon, 14 Sep 2020 at 09:19, Mexina Daniel <[email protected]> wrote:
>>
>>> Hello
>>>
>>> Can you share the log file to see what is the error?
>>>
>>> Best Regards
>>> ---
>>>
>>> Mexina Daniel
>>>
>>> Managing Director
>>>
>>> Singo Africa Limited ~~ *adding value*
>>>
>>> Magomeni-Makumbusho | Morogoro Rd/Ruaha Str.
>>>
>>> Opp. Usalama BRT | Watumishi House, Wing B, Gnd Flr.
>>>
>>> P.O BOX 78908 | 14121 Dar es salaam
>>>
>>> +255 71 211 0791
>>>
>>> amala.co.tz | singo.africa
>>>
>>>
>>>
>>> On 13-09-2020 18:22, ጓይላና Tube wrote:
>>>
>>>
>>>
>>> On Sun, 13 Sep 2020 at 16:19, ጓይላና Tube <[email protected]> wrote:
>>>
>>>> Hello
>>>>
>>>> i have installed mifos platform locally. but i got the same error in
>>>> Mifos demo and locally installed mifos. Datatables are not displaying &
>>>> showing red rectangle
>>>>
>>>> Below is a screenshot of the error
>>>>
>>>> Regards
>>>>
>>>>
>>>> On Sun, 13 Sep 2020 at 11:13, Mexina Daniel <[email protected]>
>>>> wrote:
>>>>
>>>>> Hello
>>>>>
>>>>> Have you tried in a demo of Mifos and it's not displayed or you are
>>>>> talking of your system installed locally?
>>>>>
>>>>> Best Regards
>>>>>
>>>>> On 12 Sep 2020 23:22, ጓይላና Tube <[email protected]> wrote:
>>>>>
>>>>> Thank You for your resposne
>>>>>
>>>>> #Data tables created for Group, Client, Loan and Savings account is
>>>>> not getting displayed in the particular General pages (eg. datatable
>>>>> created for client is not displaying in Client general page),
>>>>> can you suggest me the solution to solve this problem?
>>>>>
>>>>> Best Regards
>>>>>
>>>>>
>>>>> On Sat, 12 Sep 2020 at 21:18, Mexina Daniel <[email protected]>
>>>>> wrote:
>>>>>
>>>>> Hello
>>>>>
>>>>> Go ahead and ask.
>>>>>
>>>>> Best Regards
>>>>>
>>>>> On 12 Sep 2020 19:57, ጓይላና Tube <[email protected]> wrote:
>>>>>
>>>>> this is tesfahiwet software developer from mekelle, ethiopia. i want
>>>>> to ask you some questions about mifos platform.
>>>>> thank you for your response
>>>>>
>>>>> On Sat, 12 Sep 2020 at 17:55, ጓይላና Tube <[email protected]> wrote:
>>>>>
>>>>> Thank you for your response.
>>>>>
>>>>> On Sat, 12 Sep 2020 at 17:02, Mexina Daniel <[email protected]>
>>>>> wrote:
>>>>>
>>>>> Hello
>>>>>
>>>>> We have received your text through our chat.
>>>>>
>>>>> May we know how we can help you?
>>>>>
>>>>> Best Regards
>>>>>
>>>>> Mexina Daniel
>>>>>
>>>>>
