DEVHIDE
Login Or Sign up

Getting Server-Side Request Forgery (SSRF) (CWE ID 918) restTemplate.getForEntity

6.5k Views Asked by At

I am using restTemplate for synchronous inter-service communication in a microservices architecture.

When we completed Veracode scan, we are getting Server-Side Request Forgery (SSRF) (CWE ID 918) in getForEntity method.

restTemplate.getForEntity(URL, Entity.class);

Not sure why I am getting this SSRF issue?.
What would be the possible fix for this?

java spring-boot resttemplate veracode ssrf
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

I have fixed this issue by build the URL using UriComponents before using it in restTemplate.

UriComponents uriComponents = UriComponentsBuilder.newInstance()
  .scheme("http").host("www.yourdomain.com").path("/yourPath").build();

Please refer this link to use UriComponents https://www.baeldung.com/spring-uricomponentsbuilder

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in RESTTEMPLATE

Related Questions in VERACODE

Related Questions in SSRF

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.