Sonarqube 7.9 showing integer value as log tainted in spring controller

vmaheshvm · November 22, 2020, 5:46pm

We are using sonarqube version 7.9
In a spring rest controller, we are getting two integers, one as @RequesteHeader and other is @RequestParam
For String values, we got issue as

Refactor to not to log tainted, user controlled data

that we fixed it. Now SQ is showing same error for Integers also
is it correct one?
please clarify us, what is expectation

Alexandre_Gigleux · November 23, 2020, 1:10pm

Hello,

Thanks for the feedback. This problem has been already fixed with SonarQube 8.2.
It’s recommended to use the latest version of SonarQube Developer Edition to get the best of our SAST engine.

Regards
Alex

system · April 8, 2021, 8:51am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
javasecurity:S5131 : Reported for Java Integer SonarQube Server / Community Build java , sonarqube , security	3	2401	August 3, 2020
False positive tainted input (JavaSecurity:S5145) SonarQube Cloud java , security	5	3625	May 3, 2021
Refactor this code to not place tainted, user-controlled data in the header Report False-positive / False-negative... sonarqube	2	4994	June 2, 2021
Spring Controller @AuthenticationPrincipal object treated as tainted for "user-controlled" info Report False-positive / False-negative... java , security , spring	9	2802	October 31, 2023
javasecurity:S5131: Tainted Analysis SonarQube Server / Community Build java , sonarqube , security	3	904	June 28, 2020

Sonarqube 7.9 showing integer value as log tainted in spring controller

Related topics