Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fix request: Request without GET or POST

See original GitHub issue

Greetings,

We are researchers and we are have identified insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of @RequestMapping" methods without POST or GET . According to the Common Weakness Enumeration and JAVA OWASP, this is a security weakness and needs to be avoided.

We request for a fix for this issue. Looking forward for your feedback.

Source:

https://github.com/ewolff/microservice/blob/fd8fd5ef6afaa5be4b5f81e8972474917002d727/microservice-demo/microservice-demo-catalog/src/main/java/com/ewolff/microservice/catalog/web/CatalogController.java#L25

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:6 (4 by maintainers)

Top GitHub Comments

3reactions

ewolffcommented, Jul 8, 2020

Actually you are right. Without method POST and GET are both executed.

1reaction

akondasifcommented, Jul 6, 2020

@ewolff

Our pleasure. As future work, we are planning to automatically repair these instances so that it is less work for for developers … any feedback on how we can do that?