Java SonarQube: Error This use of java/io/PrintWriter.write(Ljava/lang/String;)V could be vulnerable

SonarQube Server / Community Build
, , ,
1

I am getting this error below. When using ResponseWriter. How can I resolve it?

try {
   unifiedResponse = testController.updateData(testRequest);
} catch (RestClientResponseException e) {
	try {
		PrintWriter writer = response.getWriter();
		response.setContentType(MediaType.TEXT_PLAIN);
		response.setStatus(e.getRawStatusCode());
		writer.print(e.getResponseBodyAsString());
	} catch (IOException ex) {
		throw new ServiceException("Cannot get update Password error response body", ex);
	}
}

Error:

This use of java/io/PrintWriter.write(Ljava/lang/String;)V could be vulnerable to XSS

image
image1019×406 20.9 KB

My output is JSON. HTMLEscape and OWASP creates bad formatting, which I need.

{ 
    "message": "Here is a test message"
}

OWASP Output:

{"message":"Here is a test message (e.g. !@#$)."}

SonarQube Rules:

I tried the SonarQube official solution and still giving error.

2

Hi,

This is a Security Hotspot. It is raised on security-sensitive code. Other than removing the call (which is not necessarily what you should do), there’s no definitive fix for it. Instead, go to the Security Hotspot in the SonarQube interface and review it, marking it Safe if you believe it to be so.

 
HTH,
Ann

1 Like