As per my understanding, you can only have “sanitized or pure values” in Enums
But this is how sonar looks at the code:
public ResponseEntity<String> answers(
@RequestParam(value = "genderId", required = true)
GenderEnum genderId) { // genderID is tainted as its controlled by User input
SomeObject param = new SomeObject();
param.setGenderId(genderId); //Polluted too, as requestParam is not sanitized
//Lets assume you make some call to DB
String result=dbCall(genderId); //This is tainted too
return "Hello"+genderId; //Result is also tainted as its also using Non-santized input
}
any wrong values to Enum will give you HTTP 400 Bad Request which is perfectly fine.