squid:S4684 (Persistent entities should not be used as arguments of "@RequestMapping" methods) false-positive on @pathvariable annotated arguments

(Istvan Ratkai) #1

If the controller-method’s entity-like argument is annotated with @Pathvariable then the argument is created by an unique argument-resolver, which usually means finding the entity by id.
So there are no parameter-binding behind it.
And actually this is the RECOMMENDED way to implement a RESTful API controller.

The rule should be extended in a way that it shouldn’t be triggered if the entity-like argument is annotated with @Pathvariable.