Sonarqube 7.9 showing integer value as log tainted in spring controller

vmaheshvm · November 22, 2020, 5:46pm

We are using sonarqube version 7.9
In a spring rest controller, we are getting two integers, one as @RequesteHeader and other is @RequestParam
For String values, we got issue as

Refactor to not to log tainted, user controlled data

that we fixed it. Now SQ is showing same error for Integers also
is it correct one?
please clarify us, what is expectation

Alexandre_Gigleux · November 23, 2020, 1:10pm

Hello,

Thanks for the feedback. This problem has been already fixed with SonarQube 8.2.
It’s recommended to use the latest version of SonarQube Developer Edition to get the best of our SAST engine.

Regards
Alex

Topic		Replies	Views
javasecurity:S5131 : Reported for Java Integer SonarQube Server / Community Build java , sonarqube , security	3	2513	August 3, 2020
Error in tainted data analyze Report False-positive / False-negative... java	3	1206	December 20, 2022
SonarLint for IntelliJ 4.14.1 released - Taint vulnerabilities in the IDE Releases intellij , sonarqube-ide	2	4619	February 19, 2021
Taint Vulnerabilities - JavaSecurity:S5145 false positive SonarQube Server / Community Build java , sonarqube , security , spring , taint-analysis	2	1660	April 4, 2023
Help with warning about logging user controlled data SonarQube Cloud java , security	5	11615	September 14, 2020

Sonarqube 7.9 showing integer value as log tainted in spring controller

Related topics