在checkMarx扫描过程中,我正在对不信任的数据进行反序列化(在代码中找到与安全相关的漏洞),该方法正在接收JMS消息:
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
public void onmessage(Message message) {
log.debug("Code Run Started - In Queue");
if (message instanceof ObjectMessage) {
ObjectMessage objMes = (ObjectMessage) message;
try {
ChangeOperationType changeOperation = null;
changeOperation = (ChangeOperationType) objMes.getObject();
} catch (JMSException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
log.error("Message Type is incorrect (Not ChangeOperationType). ",e1);
}
try {
callBackEndpoint = message.getStringProperty(CRMCommonProcessing.CALLBACK_ENDPOINT_URI_PROPERTY);
} catch (JMSException e) {
log.error("CALLBACK ENDPOINT VALUE ERROR. ",e);
}
change(changeOperation);
} else {
log.error("WRONG MESSAGE TYPE GIVEN");
}
log.debug("Code Run Complete - In Queue");
}
该问题的任何解决方法或解决方案吗?