如何解决checkmarx 中等严重性:可能会无意中允许在对象中设置方法的值
我低于 checkmarx 中突出显示的中等漏洞:
r-config\com\mycompapi\RController.java 中的 rModificationRequest line# 可能会无意中允许设置 saveAndFlush 的值 modifyR,在对象 r-config\com\mycompservices\RService.java 处 行#。
@RestController
@RequestMapping(path = "/api/v1/r",produces = MediaType.APPLICATION_JSON_VALUE)
@Api(tags = "R",value = "Endpoints for managing all the operations related to r")
@Slf4j
@Validated
public class RController {
private final RService rService;
private final ModelMapper modelMapper;
@Autowired
public RController(final RService rService,final ModelMapper modelMapper) {
this.rService = rService;
this.modelMapper = modelMapper;
}
@ApiOperation(value = "Modify r information",nickname = "modifyR")
@PatchMapping
@ResponseStatus(HttpStatus.OK)
public RResponse modifyRInfo(
@RequestParam(name = "r-name") @NotBlank
@Size(max = 256,message = "r name should have less than or equals to {max} characters") final String rName,@Valid @RequestBody RModificationRequest rModificationRequest) {
final RModificationDto rModificationDto = modelMapper.map(rModificationRequest,RModificationDto.class);
final R r = rService.modifyR(rName,rModificationDto);
return modelMapper.map(r,RResponse.class);
}
}
@Service
public class RService {
private final RRepository rRepository;
@Autowired
public RService(final RRepository rRepository) {
this.rRepository = rRepository;
}
@Transactional
@PublishNotification(operationType = OperationType.MODIFY)
public R modifyR(final String rName,final RModificationDto rModificationDto) {
final R r = findByRName(rName);
final R modifiedR = RServiceHelper.getModifiedR(r,rModificationDto);
rRepository.saveAndFlush(modifiedR);
return modifiedR;
}
在这里做什么还是误报?我也没有看到关于声纳立方体扫描有或可能是我不知道的地方的任何评论 - 我是 checkmarx 的新手。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。