TechQA.

MALICIOUS_CODE EI_EXPOSE_REP2 may expose internal representation by storing an externally mutable object into MyService.webClient

318 views Asked by At

What I would like to achieve:

Having a SpringBoot @Service class (called MyService) to send HTTP requests without the SonarQube and SpotBugs flag may expose internal representation by storing an externally mutable object into MyService.webClient

What I tried:

Here is the code

@Configuration
public class MyWebClientConfiguration {

    @Bean
    public WebClient getWebClient() {
        return WebClient.builder().baseUrl("http://somehost.com").build();
    }

@Service
public class MyService {

    private final WebClient webClient;

@Autowired
public MyService(WebClient client) {
        this.webClient = client;
    }

Issue:

Reproducible 100% of the time, SonarQube and Spotbugs flag this as MALICIOUS_CODE EI_EXPOSE_REP2 may expose internal representation by storing an externally mutable object into MyService.webClient

Even if I use WebClient.mutate(), issue still persists.

Question:

How to fix this vulnerability?

java sonarqube spring-webclient spotbugs
Original Q&A
0

There are 0 answers

Related Questions in JAVA

Related Questions in SONARQUBE

Related Questions in SPRING-WEBCLIENT

Related Questions in SPOTBUGS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions