terencemo opened a new pull request, #5905: URL: https://github.com/apache/fineract/pull/5905
## Description These changes use prepared statements for stretchy reports and sanitise input to the runreports endpoint. The sanitisation uses the format type of each report parameter and only allows e.g numeric input for a numeric parameter. Similarly for date and string parameters, the input is sanitised to only allow the corresponding type of input. The change helps reporting to check for valid and invalid inputs including non-numeric input to numeric parameters, attempts to inject SQL like SLEEP and UNION ALL through input parameters. Integration tests are added to ensure the reports work for valid input and reject invalid input. ## Checklist Please make sure these boxes are checked before submitting your pull request - thanks! - [ ] Write the commit message as per [our guidelines](https://github.com/apache/fineract/blob/develop/CONTRIBUTING.md#pull-requests) - [ ] Acknowledge that we will not review PRs that are not passing the build _("green")_ - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers. - [ ] Create/update [unit or integration tests](https://fineract.apache.org/docs/current/#_testing) for verifying the changes made. - [ ] Follow our [coding conventions](https://cwiki.apache.org/confluence/display/FINERACT/Coding+Conventions). - [ ] Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes - [ ] [This PR must not be a "code dump"](https://cwiki.apache.org/confluence/display/FINERACT/Pull+Request+Size+Limit). Large changes can be made in a branch, with assistance. Ask for help on the [developer mailing list](https://fineract.apache.org/#contribute). Your assigned reviewer(s) will follow our [guidelines for code reviews](https://cwiki.apache.org/confluence/display/FINERACT/Code+Review+Guide). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
