From d85c20c85a0f3c4bbe014641c14ca659937c4594 Mon Sep 17 00:00:00 2001
From: Brian Sweeney <bsweeney@ciphertechsolutions.com>
Date: Tue, 28 Aug 2018 08:49:02 -0600
Subject: [PATCH] need to verify input before doing anything and disregard what
 codacy says about this

---
 .../centralrepository/datamodel/AbstractSqlEamDb.java      | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
index 3de842cfc4..73159e13cf 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
@@ -1817,6 +1817,9 @@ abstract class AbstractSqlEamDb implements EamDb {
     @Override
     public boolean isArtifactKnownBadByReference(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
         
+        //this should be done here so that we can be certain that aType and value are valid before we proceed
+        String normalizeValued = CorrelationAttributeNormalizer.normalize(aType, value);
+                
         // TEMP: Only support file correlation type
         if (aType.getId() != CorrelationAttributeInstance.FILES_TYPE_ID) {
             return false;
@@ -1829,9 +1832,7 @@ abstract class AbstractSqlEamDb implements EamDb {
         ResultSet resultSet = null;
         String sql = "SELECT count(*) FROM %s WHERE value=? AND known_status=?";
 
-        try {
-            String normalizeValued = CorrelationAttributeNormalizer.normalize(aType, value);
-        
+        try {            
             preparedStatement = conn.prepareStatement(String.format(sql, EamDbUtil.correlationTypeToReferenceTableName(aType)));
             preparedStatement.setString(1, normalizeValued);
             preparedStatement.setByte(2, TskData.FileKnown.BAD.getFileKnownValue());