etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix findbugs SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING warning in Upgrade2214to30.java There was no risk of sql injection here, nor any need to use PreparedStatement, still this fixes the warninG 

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

This closes #441
This commit is contained in:
Rafael da Fonseca 2015-06-14 19:13:10 +02:00 committed by Rohit Yadav
parent 7a57ce3334
commit 869cc0c9f2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
engine/schema/src/com/cloud/upgrade/dao/Upgrade2214to30.java
View File

@ -272,7 +272,8 @@ public class Upgrade2214to30 extends Upgrade30xBase implements DbUpgrade {
addDefaultSGProvider(conn, physicalNetworkId, zoneId, networkType, false);
//for all networks with this tag, add physical_network_id
PreparedStatement pstmt3 = conn.prepareStatement("SELECT network_id FROM `cloud`.`network_tags` where tag = '" + guestNetworkTag + "'");
PreparedStatement pstmt3 = conn.prepareStatement("SELECT network_id FROM `cloud`.`network_tags` where tag= ?");
pstmt3.setString(1,guestNetworkTag);
ResultSet rsNet = pstmt3.executeQuery();
s_logger.debug("Adding PhysicalNetwork to VLAN");
s_logger.debug("Adding PhysicalNetwork to user_ip_address");