Issue
i ve been using sonar to test my code quality but i cant resolve the vulnerability issue with my code it said that i should use Dto or pojo class instead of entity class but sill cant resolve it i dont know how to convert my entity to dto class. here is my entiy class:
@Entity
public class Mission implements Serializable {
private static final long serialVersionUID = -5369734855993305723L;
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
private int id;
private String name;
private String description;
@ManyToOne
private Departement departement;
@OneToMany(mappedBy="mission")
private List<Timesheet> timesheets;
public Mission() {
super();
}
public Mission(String name, String description){
this.name = name;
this.description = description;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public Departement getDepartement() {
return departement;
}
public void setDepartement(Departement departement) {
this.departement = departement;
}
public List<Timesheet> getTimesheets() {
return timesheets;
}
public void setTimesheets(List<Timesheet> timesheets) {
this.timesheets = timesheets;
}
and here is the Restcontroller method where i got the isssue:
@PostMapping("/ajouterMission")
@ResponseBody
public int ajouterMission(@RequestBody Mission mission) {
itimesheetservice.ajouterMission(mission);
try {
logger.info("in ajouter Mission");
logger.debug("Je vais commencer l'ajout");
itimesheetservice.ajouterMission(mission);
logger.info("out ajouter Mission");
return mission.getId();
}
catch (Exception e) { logger.error("Erreur dans ajouterMission() : " , e); }
return mission.getId();
}
and this is a screenshot about the sonar vulnerability issue for more details :enter image description here
Solution
DO NOT put your Entity model into Controller method. You must create another model like MissionRequestModel
for @RequestBody
, and then convert your request model to your entity
public class MissionRequestModel {
private String name;
private String description;
}
@PostMapping("/ajouterMission")
@ResponseBody
public int ajouterMission(@RequestBody MissionRequestModel missionRequestModel) {
Mission mission = new Mission(missionRequestModel);
}
Answered By - Thông Nguyễn