WEEK4CHALLENGE nikhilsimha

src/zcl_security_cc_problem_1.clas.abap

@@ -33,10 +33,16 @@ CLASS zcl_security_cc_problem_1 IMPLEMENTATION.
     out->write( flights ).
 
     DATA(dynamicUpdate) = |SEATS_MAX = '{ seatsMax }'|.
+    dynamicUpdate = cl_abap_dyn_prg=>quote( dynamicUpdate ).
+
+    TRY.
     UPDATE /dmo/flight
          SET (dynamicUpdate)
        WHERE carrier_id = @carrierId
             AND connection_id = @connectionId.
+            CATCH cx_sy_dynamic_osql_syntax.
+    out->write( 'Wrong input' ).
+ENDTRY.
 
     "Check the data afterwards
     SELECT * FROM /dmo/flight

src/zcl_security_cc_problem_2.clas.abap

@@ -20,7 +20,12 @@ ENDCLASS.
 CLASS zcl_security_cc_problem_2 IMPLEMENTATION.
   METHOD if_oo_adt_classrun~main.
     DATA(sql) = `CARRIER_ID = '` && input && `'`.
+    sql = cl_abap_dyn_prg=>quote( sql ).
+    try.
     SELECT * FROM /dmo/flight WHERE (sql) INTO table @DATA(results).
     out->write( results ).
+    CATCH cx_sy_dynamic_osql_syntax.
+     out->write( 'Wrong input' ).
+ENDTRY.
   ENDMETHOD.
 ENDCLASS.

src/zcl_security_cc_problem_3.clas.abap

@@ -17,7 +17,19 @@ ENDCLASS.
 CLASS zcl_security_cc_problem_3 IMPLEMENTATION.
   METHOD if_oo_adt_classrun~main.
     DATA dref TYPE REF TO data.
+    DATA dbtab TYPE string.
     FIELD-SYMBOLS <results> TYPE STANDARD TABLE.
+
+    TRY.
+    dbtab =
+      cl_abap_dyn_prg=>check_table_name_str(
+        val = to_upper( dbTable )
+        packages = '/DMO/FLIGHT_LEGACY' ).
+  CATCH cx_abap_not_a_table cx_abap_not_in_package.
+    out->write( 'Wrong input' ).
+    EXIT.
+ENDTRY.
+
     CREATE DATA dref TYPE STANDARD TABLE OF (dbTable)
                      WITH EMPTY KEY.
     ASSIGN dref->* TO <results>.