[英]Code injection issue for class.forname in Java during Checkmarx scan
[英]Checkmarx scan is reporting Leftover Debug Code for main method in Springboot Application
Checkmarx掃描在我的Springboot Application上作為CI/CD中的一個步驟運行。
在掃描結果中, Checkmarx報告了Leftover Debug Code問題,因為我將main
方法作為Springboot Application的入口點。
如何通過Checkmarx掃描?
@SpringBootApplication(exclude = {JNDIConnectionFactoryAutoConfiguration.class, HibernateJpaAutoConfiguration.class, JpaRepositoriesAutoConfiguration.class, DataSourceTransactionManagerAutoConfiguration.class, TransactionAutoConfiguration.class})
@ImportResource({"classpath:applicatiomContext.xml"})
public class MyApplication extends SpringBootServletInitializer {
public static void main(String args []) {
SpringApplication springApplication = new SpringApplication(MyApplication.class);
springApplication.run(args);
}
}
Leftover Debug Code Checkmarx 查詢顯然是在尋找“public”和“static”關鍵字,因此請嘗試將修飾符更改為 private 或 protected:
@SpringBootApplication(exclude = {JNDIConnectionFactoryAutoConfiguration.class, HibernateJpaAutoConfiguration.class, JpaRepositoriesAutoConfiguration.class, DataSourceTransactionManagerAutoConfiguration.class, TransactionAutoConfiguration.class})
@ImportResource({"classpath:applicatiomContext.xml"})
public class MyApplication extends SpringBootServletInitializer {
protected static void main(String args []) {
SpringApplication springApplication = new SpringApplication(MyApplication.class);
springApplication.run(args);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.