我正在使用Veracode验证我的代码,获取错误“CWE-80:网页中与脚本相关的HTML标记的不正当中和(基本XSS)”为“return collectionService.getAllNotificationDrop()” “在下面的方法
@RequestMapping(value = "loadAllNotification", method = RequestMethod.GET)
public @ResponseBody List<UserVO> loadAllNotification() {
try {
**return collectionService.getAllNotificationDrop();**
} catch (Exception e) {
LOGGER.debug(e);
return null;
}
}
public List<UserVO> getAllNotificationDrop() throws Exception {
LOGGER.info("Entered new method ====> getAllNotificationDrop() ");
List<UserVO> users;
Session session = em.unwrap(Session.class);
try {
users = session.createSQLQuery("SELECT login_id as userId,first_name||' '||last_name as firstName "
+ " FROM user_master")
.addScalar("userId", StandardBasicTypes.STRING)
.addScalar("firstName", StandardBasicTypes.STRING)
.setResultTransformer(Transformers.aliasToBean(UserVO.class))
.list();
} catch (Exception e) {
throw new Exception("Error in getAllNotificationDrop",e);
} finally {
session.clear();
}
LOGGER.info("Method End ====> getAllNotificationDrop() ");
return users;
}
请帮助解决这个问题,过去几天没有任何线索。