WEEK4CHALLENGE jrodriguezcapote

src/zcl_security_cc_problem_1.clas.abap

@@ -23,6 +23,7 @@ ENDCLASS.
 
 CLASS zcl_security_cc_problem_1 IMPLEMENTATION.
 
+
   METHOD if_oo_adt_classrun~main.
 
     "Check that you have data that matches your input
@@ -32,7 +33,13 @@ CLASS zcl_security_cc_problem_1 IMPLEMENTATION.
             INTO TABLE @DATA(flights).
     out->write( flights ).
 
-    DATA(dynamicUpdate) = |SEATS_MAX = '{ seatsMax }'|.
+    TRY.
+        DATA(dynamicUpdate) = |SEATS_MAX = '{ CONV i( seatsMax ) }'|.
+      CATCH cx_sy_conversion_no_number.
+        out->write( `No valid input.` ).
+        RETURN.
+    ENDTRY.
+
     UPDATE /dmo/flight
          SET (dynamicUpdate)
        WHERE carrier_id = @carrierId
@@ -46,4 +53,6 @@ CLASS zcl_security_cc_problem_1 IMPLEMENTATION.
     out->write( flights ).
 
   ENDMETHOD.
+
+
 ENDCLASS.

src/zcl_security_cc_problem_2.clas.abap

@@ -18,9 +18,20 @@ ENDCLASS.
 
 
 CLASS zcl_security_cc_problem_2 IMPLEMENTATION.
+
+
   METHOD if_oo_adt_classrun~main.
-    DATA(sql) = `CARRIER_ID = '` && input && `'`.
-    SELECT * FROM /dmo/flight WHERE (sql) INTO table @DATA(results).
-    out->write( results ).
+
+    DATA(sql) = `CARRIER_ID = '` && cl_abap_dyn_prg=>quote( input ) && `'`.
+
+    TRY.
+        SELECT * FROM /dmo/flight WHERE (sql) INTO TABLE @DATA(results).
+        out->write( results ).
+      CATCH cx_sy_dynamic_osql_syntax .
+        out->write( `Wrong input parameter.` ).
+    ENDTRY.
+
   ENDMETHOD.
+
+
 ENDCLASS.

src/zcl_security_cc_problem_3.clas.abap

@@ -10,14 +10,39 @@ CLASS zcl_security_cc_problem_3 DEFINITION
   PRIVATE SECTION.
     "Simulate Input Parameters via a constant to keep example UI/Service/Interface agnostic
     CONSTANTS: dbTable TYPE string VALUE '/DMO/FLIGHT'.
+    CONSTANTS: mainPackage TYPE devclass VALUE `/DMO/FLIGHT`.
+
+    METHODS check_package
+      IMPORTING
+        input TYPE string
+      RAISING
+        lcx_foreign_package.
+
+    METHODS read_inherit_packages
+      IMPORTING
+        input         TYPE devclass
+      RETURNING
+        VALUE(result) TYPE tab_packages.
+
 ENDCLASS.
 
 
 
 CLASS zcl_security_cc_problem_3 IMPLEMENTATION.
+
+
   METHOD if_oo_adt_classrun~main.
+
     DATA dref TYPE REF TO data.
     FIELD-SYMBOLS <results> TYPE STANDARD TABLE.
+
+    TRY.
+        check_package( dbtable ).
+      CATCH lcx_foreign_package.
+        out->write( |Table { dbTable } not allowed.| ).
+        RETURN.
+    ENDTRY.
+
     CREATE DATA dref TYPE STANDARD TABLE OF (dbTable)
                      WITH EMPTY KEY.
     ASSIGN dref->* TO <results>.
@@ -26,5 +51,47 @@ CLASS zcl_security_cc_problem_3 IMPLEMENTATION.
     SELECT * FROM (dbTable) INTO TABLE @<results> UP TO 100 ROWS.
     out->write( |Data for table: { dbTable }| ).
     out->write( <results> ).
+
+  ENDMETHOD.
+
+
+  METHOD check_package.
+
+    SELECT SINGLE devclass
+      FROM tadir
+      WHERE pgmid = `R3TR` AND object = `TABL` AND obj_name = @input
+      INTO  @DATA(tablePackage).
+    IF sy-subrc <> 0.
+      RAISE EXCEPTION TYPE lcx_foreign_package.
+    ELSEIF tablePackage = mainPackage.
+      RETURN.
+    ENDIF.
+
+    DATA(packages) = read_inherit_packages( mainPackage ).
+
+    IF NOT line_exists( packages[ table_line = tablePackage ] ).
+      RAISE EXCEPTION TYPE lcx_foreign_package.
+    ENDIF.
+
+  ENDMETHOD.
+
+
+  METHOD read_inherit_packages.
+
+    SELECT devclass
+      FROM tdevc
+      WHERE parentcl = @input
+      INTO TABLE @DATA(packages).
+    IF sy-subrc <> 0.
+      RETURN.
+    ENDIF.
+
+    result =
+        VALUE #(
+            FOR package IN packages
+            ( LINES OF VALUE #( ( package-devclass ) ( LINES OF read_inherit_packages( package-devclass ) ) ) ) ).
+
   ENDMETHOD.
+
+
 ENDCLASS.

src/zcl_security_cc_problem_3.clas.locals_def.abap

@@ -0,0 +1,2 @@
+CLASS lcx_foreign_package DEFINITION INHERITING FROM cx_static_check.
+ENDCLASS.