Hi Rajeevan, Value of CHECK_EXIST_USER_DATA is "SELECT " + "DATA_VALUE " + "FROM IDN_IDENTITY_USER_DATA " + "WHERE TENANT_ID = ? AND USER_NAME = ? AND DATA_KEY=?". I tried "SELECT DATA_VALUE FROM IDN_IDENTITY_USER_DATA WHERE TENANT_ID = ? AND USER_NAME = ? AND DATA_KEY=?" and "SELECT DATA_VALUE FROM IDN_IDENTITY_USER_DATA WHERE TENANT_ID=? AND USER_NAME=? AND DATA_KEY=?" as well. But getting the same result still.
Thanks. On Thu, Jun 4, 2015 at 4:05 PM, Rajeevan Vimalanathan <[email protected]> wrote: > Hi Chamila, > > What is the value of SQLQuery.CHECK_EXIST_USER_DATA? Is this a constant? > You can find a similar issue reported at [1]. > > [1] > http://stackoverflow.com/questions/398179/findbugs-not-finding-potential-sql-injection-vulnerability > > Thanks, > Rajeevan > > On Wed, Jun 3, 2015 at 9:57 AM, Chamila Wijayarathna <[email protected]> > wrote: > >> Hello all, >> >> When profiling using Sonar, I'm getting error as in $subject >> (squid:S2077) from [1]. What is the reason for this warning? how can I >> solve this? >> >> 1. >> https://github.com/wso2/carbon-identity/blob/master/components/identity-mgt/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/store/JDBCIdentityDataStore.java#L92 >> >> Thank You! >> >> -- >> *Chamila Dilshan Wijayarathna,* >> Software Engineer >> Mobile:(+94)788193620 >> WSO2 Inc., http://wso2.com/ >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > Vimalanathan Rajeevan > Software Engineer > WSO2 Inc.:http://wso2.com > lean.enterprise.middleware > > > Mobile : +94 773090875 > -- *Chamila Dilshan Wijayarathna,* Software Engineer Mobile:(+94)788193620 WSO2 Inc., http://wso2.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
