One of our developers complained that code got flagged with “Annotate this member with “@Autowired”, “@Resource”, “@Inject”, or “@Value”, or remove it.” and responded with
This particular rule doesn’t seem to take into consideration Setter Injections or Constructor Injections. It’s flagged under a security vulnerability and is failing our builds.
All our dependencies are injected via a setter or a constructor.
Is there a way this rule can be amended to factor in all forms of DIs,
if not then can this rule be removed?
I’m not sure if I can change the rule in our 9.9.0-Enterprise server.
Thanks! Since your developer says these resources are either setter- or constructor-injected, could you expand your code sample (preferably text-code vs a screenshot ) to include the actual injection of at least one resource?
Thanks for the report. Indeed, this rule currently does not consider setter injection but only property and constructor injection. I’ve created a ticket to track this issue.