version:SonarQube Community Edition Version 7.7
description:
simple spring boot app got this issue:
Make sure that command line arguments are used safely here
how can I fix this?
code:
#EnableCaching
#ServletComponentScan
#SpringBootApplication
public class ApiDispatchApplication extends SpringBootServletInitializer {
public static void main(String args) {
SpringApplication.run(ApiDispatchApplication.class, args);
}
do not use command line paramters can fix this issue.
only for sonar check change code
from:
SpringApplication.run(ApiDispatchApplication.class, args);
to:
SpringApplication.run(ApiDispatchApplication.class);
This rule (S4823) is a Security hotspot. That means you should review it manually and either fix it if it’s a real vulnerability or resolve it as reviewed if it’s safe. It’s up to you to decide if it’s vulnerable in your case.