问题
Should I take this security warning seriously, this warning shows up in every controller
https://rules.sonarsource.com/java/RSPEC-4529
when I declare a controller like this
@RequestMapping(path = "/profile", method = RequestMethod.GET)
public UserProfile getUserProfile(String name) {
...
}
and this warning shows up in the application class
https://rules.sonarsource.com/java/RSPEC-4823
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
回答1:
Yes, you should take security warnings seriously. At least for enterprise application.
If you have developed this application for learning something then it's totally your choice. Otherwise securing HTTP endpoint is best practice.
SonarQube hotspot rule is helping you to identify all such endpoints which show security vulnerability.
来源:https://stackoverflow.com/questions/54856544/sonarqube-shows-a-security-error-in-spring-framework-controllers-and-in-spring-f