1. <i id='HBDrQ'><tr id='HBDrQ'><dt id='HBDrQ'><q id='HBDrQ'><span id='HBDrQ'><b id='HBDrQ'><form id='HBDrQ'><ins id='HBDrQ'></ins><ul id='HBDrQ'></ul><sub id='HBDrQ'></sub></form><legend id='HBDrQ'></legend><bdo id='HBDrQ'><pre id='HBDrQ'><center id='HBDrQ'></center></pre></bdo></b><th id='HBDrQ'></th></span></q></dt></tr></i><div id='HBDrQ'><tfoot id='HBDrQ'></tfoot><dl id='HBDrQ'><fieldset id='HBDrQ'></fieldset></dl></div>

      <tfoot id='HBDrQ'></tfoot>

      1. <small id='HBDrQ'></small><noframes id='HBDrQ'>

          <bdo id='HBDrQ'></bdo><ul id='HBDrQ'></ul>
      2. <legend id='HBDrQ'><style id='HBDrQ'><dir id='HBDrQ'><q id='HBDrQ'></q></dir></style></legend>

      3. SonarQube 规则:“使用命令行参数是安全敏感的";在 Spring Boot 应用程序中

        SonarQube rule: quot;Using command line arguments is security-sensitivequot; in Spring Boot application(SonarQube 规则:“使用命令行参数是安全敏感的;在 Spring Boot 应用程序中)
        • <legend id='0ldtu'><style id='0ldtu'><dir id='0ldtu'><q id='0ldtu'></q></dir></style></legend>

          <small id='0ldtu'></small><noframes id='0ldtu'>

          • <bdo id='0ldtu'></bdo><ul id='0ldtu'></ul>
            <tfoot id='0ldtu'></tfoot>

                <tbody id='0ldtu'></tbody>

                  <i id='0ldtu'><tr id='0ldtu'><dt id='0ldtu'><q id='0ldtu'><span id='0ldtu'><b id='0ldtu'><form id='0ldtu'><ins id='0ldtu'></ins><ul id='0ldtu'></ul><sub id='0ldtu'></sub></form><legend id='0ldtu'></legend><bdo id='0ldtu'><pre id='0ldtu'><center id='0ldtu'></center></pre></bdo></b><th id='0ldtu'></th></span></q></dt></tr></i><div id='0ldtu'><tfoot id='0ldtu'></tfoot><dl id='0ldtu'><fieldset id='0ldtu'></fieldset></dl></div>
                • 本文介绍了SonarQube 规则:“使用命令行参数是安全敏感的";在 Spring Boot 应用程序中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  SonarQube 只是在非常基本的 Spring Boot 应用程序中显示了一个严重的安全问题.在 main 方法中.

                  SonarQube is just showing a Critical security issue in the very basic Spring Boot application. In the main method.

                  @SpringBootApplication
                  public class Application {
                  
                      public static void main(String[] args) {
                          SpringApplication.run(Application.class, args);
                      }
                  
                  }
                  

                  SonarQube 要我确保在此处安全使用命令行参数.

                  SonarQube wants me to Make sure that command line arguments are used safely here.

                  我在 StackOverflow 和 Google 上都搜索了这个,我很惊讶我找不到任何关于这个问题的评论.我几乎可以肯定 SpringApplication.run 方法内部已经进行了一些安全检查.而且,我什至不记得有人在调用 SpringApplication.run 之前清理了主要方法参数.我只是想将其标记为 误报 并继续.

                  I searched this on both StackOverflow and Google, and I am surprised that I couldn't find any single comment about this issue. I am almost sure that there are some security checks inside the SpringApplication.run method already. And also, I don't even remember that anyone sanitizes the main method arguments before calling SpringApplication.run. I simply want to tag it as false positive and move on.

                  这里也提出了这个问题的一部分:SonarQube 在 Spring Framework 控制器和 Spring Framework Application 主类中显示安全错误

                  Part of this question is also asked here: SonarQube shows a secuirty error in Spring Framework controllers and in Spring Framework Application main class

                  是误报吗?

                  推荐答案

                  如果你没有使用任何命令行参数,那么你可以避免在run方法中提及args参数.就像下面的代码.

                  If you are not using any command-line arguments ,then you could avoid mentioning the args parameter in the run method .Like the below code.

                  @SpringBootApplication
                  public class Application {
                  
                      public static void main(String[] args) {
                          SpringApplication.run(Application.class);
                      }
                  
                  }
                  

                  这将消除声纳热点问题.

                  This will remove sonarqube hotspot issue.

                  这篇关于SonarQube 规则:“使用命令行参数是安全敏感的";在 Spring Boot 应用程序中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  Slf4j LoggerFactory.getLogger and sonarqube(Slf4j LoggerFactory.getLogger 和 sonarqube)
                  Security - Array is stored directly(安全性 - 数组直接存储)
                  SonarQube quot;Class Not Foundquot; during Main AST Scan(SonarQube“找不到类在主 AST 扫描期间)
                  Integrate Spock#39;s test with Sonar(将 Spock 的测试与声纳集成)
                  How do I make Hudson/Jenkins fail if Sonar thresholds are breached?(如果违反声纳阈值,我如何让 Hudson/Jenkins 失败?)
                  automatically add curly brackets to all if/else/for/while etc. in a java code-base(自动将大括号添加到 java 代码库中的所有 if/else/for/while 等)
                  <tfoot id='adywi'></tfoot>

                      <bdo id='adywi'></bdo><ul id='adywi'></ul>
                    • <i id='adywi'><tr id='adywi'><dt id='adywi'><q id='adywi'><span id='adywi'><b id='adywi'><form id='adywi'><ins id='adywi'></ins><ul id='adywi'></ul><sub id='adywi'></sub></form><legend id='adywi'></legend><bdo id='adywi'><pre id='adywi'><center id='adywi'></center></pre></bdo></b><th id='adywi'></th></span></q></dt></tr></i><div id='adywi'><tfoot id='adywi'></tfoot><dl id='adywi'><fieldset id='adywi'></fieldset></dl></div>

                    • <legend id='adywi'><style id='adywi'><dir id='adywi'><q id='adywi'></q></dir></style></legend>

                          <tbody id='adywi'></tbody>

                        • <small id='adywi'></small><noframes id='adywi'>