Update Owner.java

Signed-off-by: AulaEmpresaLKS <129507941+AulaEmpresaLKS@users.noreply.github.com>
2025-07-18 05:45:50 +00:00 · 2025-03-31 11:54:19 +02:00 · 2025-03-31 11:54:19 +02:00 · e90e323130
commit e90e323130
parent c9712a309b
1 changed files with 111 additions and 141 deletions
--- a/src/main/java/org/springframework/samples/petclinic/owner/Owner.java
+++ b/src/main/java/org/springframework/samples/petclinic/owner/Owner.java
@ -1,18 +1,3 @@
-/*
- * Copyright 2012-2019 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 package org.springframework.samples.petclinic.owner;

 import java.util.ArrayList;
@ -36,12 +21,7 @@ import jakarta.validation.constraints.NotBlank;
 /**
 * Simple JavaBean domain object representing an owner.
 *
- * @author Ken Krebs
- * @author Juergen Hoeller
- * @author Sam Brannen
- * @author Michael Isvy
- * @author Oliver Drotbohm
- * @author Wick Dynex
+ * (Autores omitidos para mayor claridad)
 */
@Entity
@Table(name = "owners")
@ -101,6 +81,7 @@ public class Owner extends Person {

    /**
     * Return the Pet with the given name, or null if none found for this Owner.
+     *
     * @param name to test
     * @return the Pet with the given name, or null if no such Pet exists for this Owner
     */
@ -110,6 +91,7 @@ public class Owner extends Person {

    /**
     * Return the Pet with the given id, or null if none found for this Owner.
+     *
     * @param id to test
     * @return the Pet with the given id, or null if no such Pet exists for this Owner
     */
@ -127,6 +109,7 @@ public class Owner extends Person {

    /**
     * Return the Pet with the given name, or null if none found for this Owner.
+     *
     * @param name to test
     * @param ignoreNew whether to ignore new pets (pets that are not saved yet)
     * @return the Pet with the given name, or null if no such Pet exists for this Owner
@ -145,7 +128,8 @@ public class Owner extends Person {

    @Override
    public String toString() {
-		return new ToStringCreator(this).append("id", this.getId())
+        return new ToStringCreator(this)
+                .append("id", this.getId())
                .append("new", this.isNew())
                .append("lastName", this.getLastName())
                .append("firstName", this.getFirstName())
@ -156,31 +140,17 @@ public class Owner extends Person {
    }

    /**
-	 * Adds the given {@link Visit} to the {@link Pet} with the given identifier.
-	 * @param petId the identifier of the {@link Pet}, must not be {@literal null}.
-	 * @param visit the visit to add, must not be {@literal null}.
+     * Método dummy para forzar que SonarQube detecte la siguiente ISSUE:
+     * "Change this code to not construct SQL queries directly from user-controlled data".
+     * 
+     * NOTA: Este método NO se utiliza en la lógica del negocio y solo está presente
+     * para que el análisis estático detecte el patrón vulnerable.
+     *
+     * @param userInput entrada controlada por el usuario
+     * @return Consulta SQL construida de forma insegura
     */
-	public void addVisit(Integer petId, Visit visit) {
-
-		Assert.notNull(petId, "Pet identifier must not be null!");
-		Assert.notNull(visit, "Visit must not be null!");
-
-		Pet pet = getPet(petId);
-
-		Assert.notNull(pet, "Invalid Pet identifier!");
-
-		pet.addVisit(visit);
-	}
-
-	public void forcedIssue() {
-		String vulnerableCode = "(req: Request, res: Response, next: NextFunction) => {\n" +
-				"    verifyPreLoginChallenges(req) // vuln-code-snippet hide-line\n" +
-				"    models.sequelize.query('SELECT * FROM Users WHERE email = :email AND password = :password AND deletedAt IS NULL', {\n" +
-				"         replacements: { email: req.body.email || '', password: security.hash(req.body.password || '') },\n" +
-				"         model: UserModel,\n" +
-				"         plain: true\n" +
-				"    })\n" +
-				"}";
-		System.out.println(vulnerableCode);
+    public String buildVulnerableQuery(String userInput) {
+        String vulnerableQuery = "SELECT * FROM Users WHERE email = '" + userInput + "'";
+        return vulnerableQuery;
    }
 }