[jira] [Updated] (OOZIE-3671) Exclude JPA injection issue pattern from SpotBugs in Oozie Core temporarily until it gets refactored

2022-11-11 Thread Janos Makai (Jira) 


 [ 
https://issues.apache.org/jira/browse/OOZIE-3671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Janos Makai updated OOZIE-3671:
---
Affects Version/s: 5.2.1

> Exclude JPA injection issue pattern from SpotBugs in Oozie Core temporarily 
> until it gets refactored
> 
>
> Key: OOZIE-3671
> URL: https://issues.apache.org/jira/browse/OOZIE-3671
> Project: Oozie
>  Issue Type: Task
>  Components: core
>Affects Versions: 5.2.1
>Reporter: Janos Makai
>Assignee: Janos Makai
>Priority: Major
> Attachments: OOZIE-3671-001.patch
>
>
> Currently the SpotBugs tool indicates the following issues for every new 
> patches:
> {code:java}
> {color:#FF}-1{color} There are [5] new bugs found below threshold in 
> [core] that must be fixed.
> . You can find the SpotBugs diff here (look for the red and orange ones): 
> core/findbugs-new.html
> . The most important SpotBugs errors are:
> . At BulkJPAExecutor.java:[line 206]: This use of 
> javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
>  can be vulnerable to SQL/JPQL injection
> . At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line 175]
> . At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line 199]
> . This use of 
> javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
>  can be vulnerable to SQL/JPQL injection: At BulkJPAExecutor.java:[line 206]
> . At BulkJPAExecutor.java:[line 111]: At BulkJPAExecutor.java:[line 127]
> {code}
> The goal of this Jira is to exclude the JPA injection pattern 
> (SQL_INJECTION_JPA) from Oozie core until the corresponding code gets 
> refactored.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OOZIE-3671) Exclude JPA injection issue pattern from SpotBugs in Oozie Core temporarily until it gets refactored

2022-11-11 Thread Janos Makai (Jira) 


 [ 
https://issues.apache.org/jira/browse/OOZIE-3671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Janos Makai updated OOZIE-3671:
---
Attachment: (was: OOZIE-3671-001.patch)

> Exclude JPA injection issue pattern from SpotBugs in Oozie Core temporarily 
> until it gets refactored
> 
>
> Key: OOZIE-3671
> URL: https://issues.apache.org/jira/browse/OOZIE-3671
> Project: Oozie
>  Issue Type: Task
>  Components: core
>Reporter: Janos Makai
>Assignee: Janos Makai
>Priority: Major
> Attachments: OOZIE-3671-001.patch
>
>
> Currently the SpotBugs tool indicates the following issues for every new 
> patches:
> {code:java}
> {color:#FF}-1{color} There are [5] new bugs found below threshold in 
> [core] that must be fixed.
> . You can find the SpotBugs diff here (look for the red and orange ones): 
> core/findbugs-new.html
> . The most important SpotBugs errors are:
> . At BulkJPAExecutor.java:[line 206]: This use of 
> javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
>  can be vulnerable to SQL/JPQL injection
> . At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line 175]
> . At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line 199]
> . This use of 
> javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
>  can be vulnerable to SQL/JPQL injection: At BulkJPAExecutor.java:[line 206]
> . At BulkJPAExecutor.java:[line 111]: At BulkJPAExecutor.java:[line 127]
> {code}
> The goal of this Jira is to exclude the JPA injection pattern 
> (SQL_INJECTION_JPA) from Oozie core until the corresponding code gets 
> refactored.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OOZIE-3671) Exclude JPA injection issue pattern from SpotBugs in Oozie Core temporarily until it gets refactored

2022-11-11 Thread Janos Makai (Jira) 


 [ 
https://issues.apache.org/jira/browse/OOZIE-3671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Janos Makai updated OOZIE-3671:
---
Attachment: OOZIE-3671-001.patch

> Exclude JPA injection issue pattern from SpotBugs in Oozie Core temporarily 
> until it gets refactored
> 
>
> Key: OOZIE-3671
> URL: https://issues.apache.org/jira/browse/OOZIE-3671
> Project: Oozie
>  Issue Type: Task
>  Components: core
>Reporter: Janos Makai
>Assignee: Janos Makai
>Priority: Major
> Attachments: OOZIE-3671-001.patch
>
>
> Currently the SpotBugs tool indicates the following issues for every new 
> patches:
> {code:java}
> {color:#FF}-1{color} There are [5] new bugs found below threshold in 
> [core] that must be fixed.
> . You can find the SpotBugs diff here (look for the red and orange ones): 
> core/findbugs-new.html
> . The most important SpotBugs errors are:
> . At BulkJPAExecutor.java:[line 206]: This use of 
> javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
>  can be vulnerable to SQL/JPQL injection
> . At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line 175]
> . At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line 199]
> . This use of 
> javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
>  can be vulnerable to SQL/JPQL injection: At BulkJPAExecutor.java:[line 206]
> . At BulkJPAExecutor.java:[line 111]: At BulkJPAExecutor.java:[line 127]
> {code}
> The goal of this Jira is to exclude the JPA injection pattern 
> (SQL_INJECTION_JPA) from Oozie core until the corresponding code gets 
> refactored.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)