The version of SonarJava that is currently used on SonarCloud reports that Persistent entities should not be used as arguments of “
Whilst I can see the argument for this rule for controllers that use the standard
@Controller annotation I don’t believe that this should apply to
@RestController it is possible to use
@JsonIgnore to control which object attributes can be modified.
I would argue that creating DTO’s creates code duplication. I don’t believe that CWE-915 requires that software uses DTO’s, in fact it specifically refers to using whitelists or blacklists (
The Spring Data Rest project uses entities as arguments for
@RequestMappting methods. Project using Spring Data Rest would automatically fail this rule.
Thank you for considering my suggestion.