You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you want to fix it on your fork: SonarCube is complaining because a class is instantiated via a plain string (34).
Though the code in line 61 throws an exception if the class is not "known", it is still possible to instantiate random classes, that could have static initialization blocks with harmful code.
The code could be rewritten with classic "precompiled" class instantiation.
My idea would be to remove line 37 and then replace each case statement with this for example (replace line 39-42:
case ACCESS_CONTROL_DEFAULT_CLASS:
return new SimpleAclsProvider(builderAdminClient);
and do the same for CONFLUENT_CLOUD_CONTROL_CLASS,CONFLUENT_HYBRID_CLOUD_CONTROL_CLASS and RBAC_ACCESS_CONTROL_CLASS.
In the meantime you can make sure that no one can access you julip-ops properties file and insert his malicious class name.
Hi,
My team forked this repository and while running it through SonarQube it detected 2 Security related vulnerabilities.
See the below screenshots :
We humbly welcome any suggestions on how to tackle those defects.
The text was updated successfully, but these errors were encountered: