From b3bd9e94c76b7781a31d362fe8fda61242b30d83 Mon Sep 17 00:00:00 2001
From: Dominik Frantisek Bucik <bucik@ics.muni.cz>
Date: Wed, 8 Dec 2021 07:13:42 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=90=9B=20Fix=20possible=20SQL=20ex?=
 =?UTF-8?q?ceptions?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixed possible SQLExceptions by using the correct IDP_IDP and SP_ID
column names where it was missing. Also, removed usages of ResultSet
scrolling functionality, to prevent the SQL exceptions raised when
scrolling is not available.
---
 .../filters/impl/ProxyStatisticsFilter.java   | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ProxyStatisticsFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ProxyStatisticsFilter.java
index 35b0bf419..a78dd1e0a 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ProxyStatisticsFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ProxyStatisticsFilter.java
@@ -159,24 +159,32 @@ public class ProxyStatisticsFilter extends PerunRequestFilter {
 	}
 
 	private int extractSpId(Connection c, String spIdentifier) throws SQLException {
-		String getSpIdQuery = "SELECT * FROM " + serviceProvidersMapTableName + " WHERE identifier= ?";
+		String query = "SELECT " + spIdColumnName + " FROM " + serviceProvidersMapTableName +
+				" WHERE identifier = ? LIMIT 1";
 
-		try (PreparedStatement preparedStatement = c.prepareStatement(getSpIdQuery)) {
+		try (PreparedStatement preparedStatement = c.prepareStatement(query)) {
 			preparedStatement.setString(1, spIdentifier);
 			ResultSet rs = preparedStatement.executeQuery();
-			rs.first();
-			return rs.getInt("spId");
+			if (rs.next()) {
+				return rs.getInt(spIdColumnName);
+			} else {
+				throw new SQLException("No result found");
+			}
 		}
 	}
 
 	private int extractIdpId(Connection c, String idpEntityId) throws SQLException {
-		String getIdPIdQuery = "SELECT * FROM " + identityProvidersMapTableName + " WHERE identifier = ?";
+		String query = "SELECT " + idpIdColumnName + " FROM " + identityProvidersMapTableName +
+				" WHERE identifier = ? LIMIT 1";
 
-		try (PreparedStatement preparedStatement = c.prepareStatement(getIdPIdQuery)) {
+		try (PreparedStatement preparedStatement = c.prepareStatement(query)) {
 			preparedStatement.setString(1, idpEntityId);
 			ResultSet rs = preparedStatement.executeQuery();
-			rs.first();
-			return rs.getInt("idpId");
+			if (rs.next()) {
+				return rs.getInt(idpIdColumnName);
+			} else {
+				throw new SQLException("No result found");
+			}
 		}
 	}