我的 spring boot 应用程序中有方法从系统环境变量中获取数据,该方法按预期工作,但 sonarQube 说“确保此处安全使用环境变量”,我试图找到解决此问题的替代方法,但我是找不到解决办法,方法如下:
我该如何处理这个安全问题,除了从环境变量中获取值之外,我不能使用任何其他方法。
public Map<String, Object> getConfigurations() {
Map<String, Object> result = new HashMap<>();
HttpResponse response = null;
try {
String xVaultToken = System.getenv("XVaultToken");
String cityAppConfig = System.getenv("CityApp_Config");
@SuppressWarnings("deprecation")
HttpClient client = HttpClients.custom().setSSLHostnameVerifier(new NoopHostnameVerifier())
.setSslcontext(
new SSLContextBuilder().loadTrustMaterial(null, (x509Certificates, s) -> true).build())
.build();
Map<String, Object> headerDatas = new HashMap<>();
headerDatas.put("Content-Type", "application/json");
headerDatas.put("X-Vault-Token", xVaultToken);
HttpGet get = new HttpGet(cityAppConfig);
Set<String> keys = headerDatas.keySet();
for (String key : keys) {
get.setHeader(key, headerDatas.get(key).toString());
}
response = client.execute(get);
try(BufferedReader rd = …