[PR] FINERACT-2624: Prepared statement, input parameter sanitisation [fineract]

Sun, 31 May 2026 16:15:40 -0700 


terencemo opened a new pull request, #5916:
URL: https://github.com/apache/fineract/pull/5916

   ## Description
   
   This PR enhances stretchy reporting in Fineract by:
   
    1. Sanitising input parameters based on type definitions
    1. Using Prepared statement to execute stretchy reports
    
   Integrations tests have been added which invoke `runreports` with both valid 
and invalid inputs. Numeric parameter (officeId) positive and negative tests 
(numeric and non-numeric input) - some of the invalid inputs include `SLEEP` 
and `pg_sleep` commands. Also `UNION ALL` inputs passed attempting SQL 
injection.
   
   Besides this, unregistered parameter passing is covered where a parameter 
not in `stretchy_report_parameter` for the given report is passed. Additional 
integration tests can be added to cover date and string parameter types.
   
   ## Checklist
   
   Please make sure these boxes are checked before submitting your pull request 
- thanks!
   
   - [x] Write the commit message as per [our 
guidelines](https://github.com/apache/fineract/blob/develop/CONTRIBUTING.md#pull-requests)
   - [x] Acknowledge that we will not review PRs that are not passing the build 
_("green")_ - it is your responsibility to get a proposed PR to pass the build, 
not primarily the project's maintainers.
   - [x] Create/update [unit or integration 
tests](https://fineract.apache.org/docs/current/#_testing) for verifying the 
changes made.
   - [x] Follow our [coding 
conventions](https://cwiki.apache.org/confluence/display/FINERACT/Coding+Conventions).
   - [x] Add required Swagger annotation and update API documentation at 
fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with 
details of any API changes
   - [x] [This PR must not be a "code 
dump"](https://cwiki.apache.org/confluence/display/FINERACT/Pull+Request+Size+Limit).
 Large changes can be made in a branch, with assistance. Ask for help on the 
[developer mailing list](https://fineract.apache.org/#contribute).
   
   Your assigned reviewer(s) will follow our [guidelines for code 
reviews](https://cwiki.apache.org/confluence/display/FINERACT/Code+Review+Guide).
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to