[jira] [Commented] (FINERACT-1123) StringIndexOutOfBoundsException at ColumnValidator

Thu, 20 Aug 2020 08:27:57 -0700 


    [ 
https://issues.apache.org/jira/browse/FINERACT-1123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17181276#comment-17181276
 ] 

Michael Vorburger commented on FINERACT-1123:
---------------------------------------------

Oh, I think I've confused things - it's FINERACT-1095 which will eventually get 
rid of {{sqlSearch}}.

> StringIndexOutOfBoundsException at ColumnValidator
> --------------------------------------------------
>
>                 Key: FINERACT-1123
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1123
>             Project: Apache Fineract
>          Issue Type: Bug
>            Reporter: Michael Vorburger
>            Priority: Major
>
> See FINERACT-932 for general background; on 23.07.20 (only) there were x2 of 
> these in logs of https://www.fineract.dev :
> {noformat}java.lang.StringIndexOutOfBoundsException: begin -1, end 4, length 
> 947
>         at java.lang.String.checkBoundsBeginEnd (String.java:3319)
>         at java.lang.String.substring (String.java:1874)
>         at 
> org.apache.fineract.infrastructure.security.utils.ColumnValidator.getTableColumnMap
>  (ColumnValidator.java:121)
>         at 
> org.apache.fineract.infrastructure.security.utils.ColumnValidator.validateSqlInjection
>  (ColumnValidator.java:107)
>         at 
> org.apache.fineract.portfolio.client.service.ClientReadPlatformServiceImpl.buildSqlStringFromClientCriteria
>  (ClientReadPlatformServiceImpl.java:241)
>         at 
> org.apache.fineract.portfolio.client.service.ClientReadPlatformServiceImpl.retrieveAll
>  (ClientReadPlatformServiceImpl.java:200)
>         at 
> org.apache.fineract.portfolio.client.api.ClientsApiResource.retrieveAll 
> (ClientsApiResource.java:189)
>         at 
> org.apache.fineract.portfolio.client.api.ClientsApiResource.retrieveAll 
> (ClientsApiResource.java:176){noformat}
> [~Manthan] I'm not fully up to speed on your current efforts (I'll try to 
> catch up, time permitting) and was curious if you were going to plan to 
> eventually fully remove 
> {{org.apache.fineract.infrastructure.security.utils.ColumnValidator.getTableColumnMap()}}
>  ? If yes, then this is a a non-issue that's probably not worth fixing. 
> Perhaps just link this bug to whatever other issue will remove the class.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to