TorkB80
Reputation: 89
SonarQube shows a security error in Spring Framework controllers and in Spring Framework Application main class
Should I take this security warning seriously, this warning shows up in every controller
https://rules.sonarsource.com/java/RSPEC-4529
when I declare a controller like this
@RequestMapping(path = "/profile", method = RequestMethod.GET)
public UserProfile getUserProfile(String name) {
...
}
and this warning shows up in the application class
https://rules.sonarsource.com/java/RSPEC-4823
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
Upvotes: 1
Views: 2032
Answers (1)
Atul Dwivedi
Reputation: 1462
Yes, you should take security warnings seriously. At least for enterprise application.
If you have developed this application for learning something then it's totally your choice. Otherwise securing HTTP endpoint is best practice.
SonarQube hotspot rule is helping you to identify all such endpoints which show security vulnerability.
Upvotes: 1
Related Questions
- SonarQube rule: "Using command line arguments is security-sensitive" in Spring Boot application
- SonarQube complains: Either log or rethrow this exception
- Sonar complaining logging or rethrowing the exception
- Sonarqube is throwing undertow-core vulnerability finding. How to resolve
- Spring App SonarQube Issue S3749
- SonarQube warning in AuthorizationService on getAuthority()
- Getting Sonar Critical defect on HTTP Security Configuration authorizeRequests()
- Spring boot configuration issues with sonar
- Sonar complains about Spring Boot configuration
- Spring Security error