checkmarx:不安全的对象绑定

56lgkhnf  于 2021-07-23  发布在  Java
关注(0)|答案(0)|浏览(649)

我们使用的是javaspring框架。我们有一个用于传递电子邮件对象的端点。

@RequestMapping(method = RequestMethod.POST, path = "/api/messaging/v1/emailMessages/actions/send")
String sendEmail(@RequestBody Email email);

这里马克思说: email 可能无意中允许设置 ccLinkedList<> ,在对象中 Email .
电子邮件对象如下:

public class Email {

private List<String> bcc = new LinkedList<>();

private List<String> cc = new LinkedList<>();

private String content;

private ContentType contentType = ContentType.TXT;

private String from;

private String returnPath;

private Date sent;

private String subject;

private List<EmailAttachment> attachments = new LinkedList<>();

private List<String> to = new LinkedList<>();

public List<String> getBcc() {
    return bcc;
}

public void setBcc(String bcc) {
    this.bcc = Collections.singletonList(bcc);
}

public void setBcc(List<String> bcc) {
    this.bcc = bcc;
}

public List<String> getCc() {
    return cc;
}

public void setCc(String cc) {
    this.cc = Collections.singletonList(cc);
}

public void setCc(List<String> cc) {
    this.cc = cc;
}

public String getContent() {
    return content;
}

public void setContent(String content) {
    this.content = content;
}

public ContentType getContentType() {
    return contentType;
}

public void setContentType(ContentType contentType) {
    this.contentType = contentType;
}

public String getFrom() {
    return from;
}

public void setFrom(String from) {
    this.from = from;
}

public String getReturnPath() {
    return returnPath;
}

public void setReturnPath(String returnPath) {
    this.returnPath = returnPath;
}

public Date getSent() {
    return sent;
}

public void setSent(Date sent) {
    this.sent = sent;
}

public String getSubject() {
    return subject;
}

public void setSubject(String subject) {
    this.subject = subject;
}

public List<String> getTo() {
    return to;
}

public void setTo(String to) {
    this.to = Collections.singletonList(to);
}

public void setTo(List<String> to) {
    this.to = to;
}

public List<EmailAttachment> getAttachments() {
    return attachments;
}

public void setAttachments(List<EmailAttachment> attachments) {
    this.attachments = attachments;
}

public boolean equals(Object object) {
    boolean equals = false;
    if (object instanceof Email) {
        Email that = (Email) object;
        equals = Objects.equal(this.from, that.from)
                && Objects.equal(this.to, that.to)
                && Objects.equal(this.subject, that.subject)
                && Objects.equal(this.content, that.content);
    }

    return equals;
}

}
我不明白这些发现,如何解决这个问题。

springspring-securitycheckmarxsecure-codingcheckmark

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com