Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
5.2.1
-
None
-
None
Description
Currently the SpotBugs tool indicates the following issues for every new patches:
{color:#FF0000}-1{color} There are [5] new bugs found below threshold in [core] that must be fixed.
. You can find the SpotBugs diff here (look for the red and orange ones): core/findbugs-new.html
. The most important SpotBugs errors are:
. At BulkJPAExecutor.java:[line 206]: This use of javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query; can be vulnerable to SQL/JPQL injection
. At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line 175]
. At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line 199]
. This use of javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query; can be vulnerable to SQL/JPQL injection: At BulkJPAExecutor.java:[line 206]
. At BulkJPAExecutor.java:[line 111]: At BulkJPAExecutor.java:[line 127]
The goal of this Jira is to exclude the JPA injection pattern (SQL_INJECTION_JPA) from Oozie core until the corresponding code gets refactored.
Attachments
Attachments
Issue Links
- is duplicated by
-
-
- Open
-