I am using restTemplate
for synchronous inter-service communication in a microservices architecture.
When we completed Veracode
scan, we are getting Server-Side Request Forgery (SSRF) (CWE ID 918)
in getForEntity
method.
restTemplate.getForEntity(URL, Entity.class);
Not sure why I am getting this SSRF
issue?.
What would be the possible fix for this?
I have fixed this issue by build the URL using UriComponents before using it in restTemplate.
UriComponents uriComponents = UriComponentsBuilder.newInstance()
.scheme("http").host("www.yourdomain.com").path("/yourPath").build();
Please refer this link to use UriComponents https://www.baeldung.com/spring-uricomponentsbuilder
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.