Thanks, I'll check it out. On Tue, 22 Sep 2020 at 20:42, Michael Vorburger <[email protected]> wrote:
> +Manthan: > > On Tue, Sep 22, 2020 at 8:42 AM Mexina Daniel <[email protected]> wrote: > >> Hi Michael >> >> See the file attached from Tube. >> >> Seems it wasn't attached in the mail list. >> > oh, I had not noticed that (it's best to point out if something is > attached). So here is the error, it's better to include it in the email > body text, so that search engines can find it: > > java.lang.NullPointerException > at > org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput(SQLInjectionValidator.java:36) > at > org.apache.fineract.infrastructure.security.utils.ColumnValidator.validateSqlInjection(ColumnValidator.java:95) > at > org.apache.fineract.infrastructure.dataqueries.service.ReadWriteNonCoreDataServiceImpl.retrieveDataTableGenericResultSet(ReadWriteNonCoreDataServiceImpl.java:1190) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201) > at com.sun.proxy.$Proxy145.retrieveDataTableGenericResultSet(Unknown > Source) > at > org.apache.fineract.infrastructure.dataqueries.api.DatatablesApiResource.getDatatable(DatatablesApiResource.java:174) > > if we look at > https://github.com/apache/fineract/blob/develop/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java, > we can see that line 1190 no longer calls validateSqlInjection(), so this > is presumably from an older (or forked) version of that code. But the only > use of validateSqlInjection() in ReadWriteNonCoreDataServiceImpl has now > moved to line 1235. Assuming that's the one, then this problem has > something to do with the order parameter to the > {datatable}/{apptableId}/{datatableId} REST API... what did you specify as > "order"? Try simply without order for a test - it probably works better, > right? > > BTW we (Manthan) fixed something which may well be (I'm not 100% sure) > related to this in 1.4.0 - check out > https://issues.apache.org/jira/browse/FINERACT-1066. Can you try > upgrading to and using 1.4.0? > > PS we're trying to eventually remove the entire SQLInjectionValidator > altogether, watch https://issues.apache.org/jira/browse/FINERACT-1095.. > there's more work left to achieve that, including e.g. > https://issues.apache.org/jira/browse/FINERACT-1058. Manthan, when you > got to that, or anyone else interested in joining the party and helping re. > this, looks to me like ReadWriteNonCoreDataServiceImpl is another place > that could benefit from using our SqlBuilder utility instead of the buggy > SQLInjectionValidator. > > Daniel & Tube, hope this helps? Let me know if it did, always happy to > hear. > >> Best Regards >> --- >> >> Mexina Daniel >> >> Managing Director >> >> Singo Africa Limited ~~ *adding value* >> >> Magomeni-Makumbusho | Morogoro Rd/Ruaha Str. >> >> Opp. Usalama BRT | Watumishi House, Wing B, Gnd Flr. >> >> P.O BOX 78908 | 14121 Dar es salaam >> >> +255 71 211 0791 >> >> amala.co.tz | singo.africa >> >> >> >> On 14-09-2020 14:45, Michael Vorburger wrote: >> >> As far as one can tell from reading the email thread below, this just >> seems to be a question about how to use data tables feature? >> >> I'm not seeing anything below offering any details about anything related >> to an SQL Injection vulnerability. >> >> >> On Mon, 14 Sep 2020, 13:34 Mexina Daniel, <[email protected]> wrote: >> >>> Hello Tube >>> >>> I have cc'd the community so that if there is anyone with a solution can >>> share. >>> >>> Hello Community >>> >>> Can someone help as i haven't yet understood what could be the problem, >>> i have attached the log file he shared. >>> >>> I can see there is an issue with SQLInjection. >>> >>> Best Regards >>> --- >>> >>> Mexina Daniel >>> >>> Managing Director >>> >>> Singo Africa Limited ~~ *adding value* >>> >>> Magomeni-Makumbusho | Morogoro Rd/Ruaha Str. >>> >>> Opp. Usalama BRT | Watumishi House, Wing B, Gnd Flr. >>> >>> P.O BOX 78908 | 14121 Dar es salaam >>> >>> +255 71 211 0791 >>> >>> amala.co.tz | singo.africa >>> >>> >>> >>> On 14-09-2020 13:00, ጓይላና Tube wrote: >>> >>> hello >>> >>> Here is the log file. >>> >>> Best Regards >>> >>> On Mon, 14 Sep 2020 at 09:19, Mexina Daniel <[email protected]> wrote: >>> >>>> Hello >>>> >>>> Can you share the log file to see what is the error? >>>> >>>> Best Regards >>>> --- >>>> >>>> Mexina Daniel >>>> >>>> Managing Director >>>> >>>> Singo Africa Limited ~~ *adding value* >>>> >>>> Magomeni-Makumbusho | Morogoro Rd/Ruaha Str. >>>> >>>> Opp. Usalama BRT | Watumishi House, Wing B, Gnd Flr. >>>> >>>> P.O BOX 78908 | 14121 Dar es salaam >>>> >>>> +255 71 211 0791 >>>> >>>> amala.co.tz | singo.africa >>>> >>>> >>>> >>>> On 13-09-2020 18:22, ጓይላና Tube wrote: >>>> >>>> >>>> >>>> On Sun, 13 Sep 2020 at 16:19, ጓይላና Tube <[email protected]> wrote: >>>> >>>>> Hello >>>>> >>>>> i have installed mifos platform locally. but i got the same error in >>>>> Mifos demo and locally installed mifos. Datatables are not displaying & >>>>> showing red rectangle >>>>> >>>>> Below is a screenshot of the error >>>>> >>>>> Regards >>>>> >>>>> >>>>> On Sun, 13 Sep 2020 at 11:13, Mexina Daniel <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello >>>>>> >>>>>> Have you tried in a demo of Mifos and it's not displayed or you are >>>>>> talking of your system installed locally? >>>>>> >>>>>> Best Regards >>>>>> >>>>>> On 12 Sep 2020 23:22, ጓይላና Tube <[email protected]> wrote: >>>>>> >>>>>> Thank You for your resposne >>>>>> >>>>>> #Data tables created for Group, Client, Loan and Savings account is >>>>>> not getting displayed in the particular General pages (eg. datatable >>>>>> created for client is not displaying in Client general page), >>>>>> can you suggest me the solution to solve this problem? >>>>>> >>>>>> Best Regards >>>>>> >>>>>> >>>>>> On Sat, 12 Sep 2020 at 21:18, Mexina Daniel <[email protected]> >>>>>> wrote: >>>>>> >>>>>> Hello >>>>>> >>>>>> Go ahead and ask. >>>>>> >>>>>> Best Regards >>>>>> >>>>>> On 12 Sep 2020 19:57, ጓይላና Tube <[email protected]> wrote: >>>>>> >>>>>> this is tesfahiwet software developer from mekelle, ethiopia. i want >>>>>> to ask you some questions about mifos platform. >>>>>> thank you for your response >>>>>> >>>>>> On Sat, 12 Sep 2020 at 17:55, ጓይላና Tube <[email protected]> >>>>>> wrote: >>>>>> >>>>>> Thank you for your response. >>>>>> >>>>>> On Sat, 12 Sep 2020 at 17:02, Mexina Daniel <[email protected]> >>>>>> wrote: >>>>>> >>>>>> Hello >>>>>> >>>>>> We have received your text through our chat. >>>>>> >>>>>> May we know how we can help you? >>>>>> >>>>>> Best Regards >>>>>> >>>>>> Mexina Daniel >>>>>> >>>>>>
