Francis Guchie created FINERACT-1338:
----------------------------------------
Summary: SQL Injection - While "runreports" api is trying to load
report parameters
Key: FINERACT-1338
URL: https://issues.apache.org/jira/browse/FINERACT-1338
Project: Apache Fineract
Issue Type: Bug
Reporter: Francis Guchie
Attachments: image-2021-03-31-15-53-00-571.png
After solving the error at FINERACT-1336 a new error shows up.
while api - runreports
fineract-provider/api/v1/runreports/OfficeIdSelectOne?parameterType=true
is spooling the report parameters, user will not see any error on the UI
!image-2021-03-31-15-53-00-571.png!
but looking through the console OR postman you see error below
{
"developerMessage": "The request was invalid. This typically will happen
due to validation errors which are provided.",
"httpStatusCode": "400",
"defaultUserMessage": "Unexpected SQL Commands found",
*"userMessageGlobalisationCode": "error.msg.found.sql.injection"*
}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
