[英]Code injection issue for class.forname in Java during Checkmarx scan
[英]Checkmarx scan is reporting Leftover Debug Code for main method in Springboot Application
Checkmarx扫描在我的Springboot Application上作为CI/CD中的一个步骤运行。
在扫描结果中, Checkmarx报告了Leftover Debug Code问题,因为我将main
方法作为Springboot Application的入口点。
如何通过Checkmarx扫描?
@SpringBootApplication(exclude = {JNDIConnectionFactoryAutoConfiguration.class, HibernateJpaAutoConfiguration.class, JpaRepositoriesAutoConfiguration.class, DataSourceTransactionManagerAutoConfiguration.class, TransactionAutoConfiguration.class})
@ImportResource({"classpath:applicatiomContext.xml"})
public class MyApplication extends SpringBootServletInitializer {
public static void main(String args []) {
SpringApplication springApplication = new SpringApplication(MyApplication.class);
springApplication.run(args);
}
}
Leftover Debug Code Checkmarx 查询显然是在寻找“public”和“static”关键字,因此请尝试将修饰符更改为 private 或 protected:
@SpringBootApplication(exclude = {JNDIConnectionFactoryAutoConfiguration.class, HibernateJpaAutoConfiguration.class, JpaRepositoriesAutoConfiguration.class, DataSourceTransactionManagerAutoConfiguration.class, TransactionAutoConfiguration.class})
@ImportResource({"classpath:applicatiomContext.xml"})
public class MyApplication extends SpringBootServletInitializer {
protected static void main(String args []) {
SpringApplication springApplication = new SpringApplication(MyApplication.class);
springApplication.run(args);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.