[jira] [Resolved] (FINERACT-1156) SQL injection error with Run Reports

Michael Vorburger (Jira) Sun, 14 Mar 2021 03:27:03 -0700


     [ 
https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Michael Vorburger resolved FINERACT-1156.
-----------------------------------------
    Resolution: Fixed

> SQL injection error with Run Reports
> ------------------------------------
>
>                 Key: FINERACT-1156
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1156
>             Project: Apache Fineract
>          Issue Type: Bug
>            Reporter: Manthan Surkar
>            Assignee: Manthan Surkar
>            Priority: Major
>             Fix For: 1.5.0
>
>         Attachments: screenshot-1.png
>
>
> As reported by Matt 
> He faced the SQL injection error while trying to run reports for Active Loans 
> (Pentaho).
> After investigating a bit, I found all the report names that had a "(" faced 
> this issue, this turns out to be a problem with the regex that was designed 
> to accept the report names.
>  !screenshot-1.png! 
> Unrelated: 
> This module has a lot of SQL string concatenation and a good place to use our 
> SQLbuilder module ( I will take this)
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (FINERACT-1156) SQL injection error with Run Reports

Reply via email to