[
https://issues.apache.org/jira/browse/FINERACT-2624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18089829#comment-18089829
]
Terence Monteiro edited comment on FINERACT-2624 at 6/18/26 4:45 AM:
---------------------------------------------------------------------
Based on the integration tests and the feedback of the reporters, this issue
has been fixed so updated ticket status as Fixed
was (Author: terencemo):
Based on the integration tests and the feedback of the reporters, this issue
has been fixed
> Sanitize runreports endpoint input parameters and use prepared statements for
> report execution
> ----------------------------------------------------------------------------------------------
>
> Key: FINERACT-2624
> URL: https://issues.apache.org/jira/browse/FINERACT-2624
> Project: Apache Fineract
> Issue Type: Bug
> Components: Reports
> Affects Versions: 1.14.0
> Reporter: Terence Monteiro
> Assignee: Terence Monteiro
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0
>
>
> The runreports (stretchy reporting) endpoint does not currently validate or
> sanitise input parameters before use in report execution. This fix adds:
> # Input parameter sanitisation based on type definitions in
> {{stretchy_parameter, stretchy_report_parameter}}
> # Prepared statement execution for stretchy reports
> Integration tests are included covering numeric parameter validation
> (positive and negative), unregistered parameter rejection, and boundary
> inputs including UNION ALL patterns.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
