我从客户端获取SUBSCRIPTION_JSON,将其转换为String,然后使用gson库将其设置为Model Object。在Fortify安全性上运行代码时,它在以下代码上给我Json注入错误,并显示以下消息:
这是错误:
On line 159 of ActionHelper.java, the method jsonToObject() writes unvalidated input into JSON. This call could allow an attacker to inject arbitrary elements or attributes into the JSON entity.The method writes unvalidated input into JSON. This call could allow an attacker to inject arbitrary elements or attributes into the JSON entity.
Explanation
JSON injection occurs when:
1. Data enters a program from an untrusted source.
In this case the data enters at getString() in **SubscriptionAction.java** …