阿年 发表于 2021-12-8 18:28:48

HTTP请求参数绑定到User所有属性

奇安信代码卫生检查 为中等级缺陷 不安全的框架绑定 只是部分检查截图:

缺陷7
爆发行:java/com/interesting/business/system/controller/SysAnnouncementController.java;81行
跟踪路径1:1   e_zhiyou/interesting-business-center/interesting-business-center-system/src/main/java/com/interesting/business/system/controller/SysAnnouncementController.java;81行queryPageList




缺陷21
爆发行:java/com/interesting/business/system/controller/SysUserController.java;700行
跟踪路径1:1   e_zhiyou/interesting-business-center/interesting-business-center-system/src/main/java/com/interesting/business/system/controller/SysUserController.java;700行queryByDepartId
缺陷22
爆发行:java/com/interesting/modules/demo/controller/TaskInfoController.java;155行
跟踪路径1:1e_zhiyou/interesting-business-center/interesting-business-center-ezhiyou/src/main/java/com/interesting/modules/demo/controller/TaskInfoController.java;155行exportXls
缺陷23
爆发行:java/com/interesting/business/system/controller/SysUserController.java;949行
跟踪路径1:1   e_zhiyou/interesting-business-center/interesting-business-center-system/src/main/java/com/interesting/business/system/controller/SysUserController.java;949行querySysUser
缺陷24
爆发行:java/com/interesting/business/system/controller/ThirdLoginController.java;251行
跟踪路径1:1e_zhiyou/interesting-business-center/interesting-business-center-system/src/main/java/com/interesting/business/system/controller/ThirdLoginController.java;251行bindingThirdPhone

缺陷10
爆发行:java/com/interesting/business/system/controller/SysUserAgentController.java;71行
跟踪路径1:1e_zhiyou/interesting-business-center/interesting-business-center-system/src/main/java/com/interesting/business/system/controller/SysUserAgentController.java;71行queryPageList




页: [1]
查看完整版本: HTTP请求参数绑定到User所有属性