I am getting below medium vulnerability highlighted in checkmarx:
The rModificationRequest at r-config\com\mycompapi\RController.java in line# may unintentionally allow setting the value of saveAndFlush in modifyR, in the object r-config\com\mycompservices\RService.java at line#.
@RestController
@RequestMapping(path = "/api/v1/r", produces = MediaType.APPLICATION_JSON_VALUE)
@Api(tags = "R", value = "Endpoints for managing all the operations related to r")
@Slf4j
@Validated
public class RController {
private final RService rService;
private final ModelMapper modelMapper;
@Autowired
public RController(final RService rService,
final ModelMapper modelMapper) {
this.rService = rService;
this.modelMapper = modelMapper;
}
@ApiOperation(value = "Modify r information", nickname = "modifyR")
@PatchMapping
@ResponseStatus(HttpStatus.OK)
public RResponse modifyRInfo(
@RequestParam(name = "r-name") @NotBlank
@Size(max = 256, message = "r name should have less than or equals to {max} characters") final String rName,
@Valid @RequestBody RModificationRequest rModificationRequest) {
final RModificationDto rModificationDto = modelMapper.map(rModificationRequest,
RModificationDto.class);
final R r = rService.modifyR(rName, rModificationDto);
return modelMapper.map(r, RResponse.class);
}
}
@Service
public class RService {
private final RRepository rRepository;
@Autowired
public RService(final RRepository rRepository) {
this.rRepository = rRepository;
}
@Transactional
@PublishNotification(operationType = OperationType.MODIFY)
public R modifyR(final String rName, final RModificationDto rModificationDto) {
final R r = findByRName(rName);
final R modifiedR = RServiceHelper.getModifiedR(r, rModificationDto);
rRepository.saveAndFlush(modifiedR);
return modifiedR;
}
What to do here or is it false positive? I don't see any comment also of what to do like sonar-cube scans have or may be its somewhere I don't know - I am new to checkmarx.