Terence Monteiro created FINERACT-2624:
------------------------------------------
Summary: Sanitize runreports endpoint input parameters and use
prepared statements for report execution
Key: FINERACT-2624
URL: https://issues.apache.org/jira/browse/FINERACT-2624
Project: Apache Fineract
Issue Type: Bug
Components: Reports
Affects Versions: 1.14.0
Reporter: Terence Monteiro
The runreports (stretchy reporting) endpoint does not currently validate or
sanitise input parameters before use in report execution. This fix adds:
# Input parameter sanitisation based on type definitions in
{{stretchy_parameter, stretchy_report_parameter}}
# Prepared statement execution for stretchy reports
Integration tests are included covering numeric parameter validation (positive
and negative), unregistered parameter rejection, and boundary inputs including
UNION ALL patterns.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
