How to fix issue in Spring mvc trigger: Make sure that exposing this HTTP endpoint is safe here

SonarQube 7.7

how can I fix this rule issue?
Rule:Make sure that exposing this HTTP endpoint is safe here

code:
should replace # to @
#ResponseBody
#PostMapping(value = “/{apiName}”, produces = “application/json;charset=UTF-8”)
public Policy callApi(#PathVariable(“apiName”) String apiName, #RequestBody ParamDomain param, #RequestHeader HttpHeaders headers)

Is there anyone can help on this issue?

Hi @year_520,

Security Hotspot issues are meant to help developers during their code review. They point to locations in the code where vulnerabilities often hide. They do not impact the quality gate. During the review the developer can change issue the status to:

  • “detect” which will change the issue type to “Vulnerability”.
  • “Dismiss” which will mark the issue as “Won’t fix”.

The description of each rule explains the kind of vulnerabilities that can be expected and what are the best practices.

Further documentation is available here and here .

We are currently working on improving the Security Hotspot review workflow. We welcome any feedback regarding the rules and the documentation.

The links and description I am giving here apply to SonarQube 7.7. It has already been improved in SonarQube 7.8 which has been released this week.

We also removed this specific Security Hotspot rule, i.e. “Make sure that exposing this HTTP endpoint is safe here”, because it was not useful enough for developers.

Nicolas