Spring中的java WebRequest在sonar qube中引发漏洞
在我的代码中,我实现了ResponseEntityExceptionHandle来处理异常
当我重写handleMissingServletRequestParameter方法时。Sonar qube抱怨可变WebRequest请求存在漏洞问题
方法定义
@Override
protected ResponseEntity<Object> handleMissingServletRequestParameter(
final MissingServletRequestParameterException ex, final HttpHeaders
headers,
final HttpStatus status, final WebRequest request) {
final String error = ex.getParameterName() + " parameter is missing";
final ExceptionResponse exceptionResponse =
new ExceptionResponse(HttpStatus.BAD_REQUEST, ex.getLocalizedMessage(), error);
return constructResponseEntity(exceptionResponse, headers, request, ex);
}
Sonar qube错误显示在最后一条返回语句中,如下所示
[request] not sanitized with standard sanitization methods: normalize,
encode [Note: As applicable, validate class member variables of type String,
StringBuffer, CharSequence]
如何解决这个问题
共 (0) 个答案