我遇到Fortify问题:
Dynamic Code Evaluation: Unsafe Deserialization
在下一行:
rapidMtoorderObj = (MyMessageObject)theMessage.getObject();
我已附上我的JMS代码段。 任何人都可以检查我的JMS代码,并请解释为什么我会遇到此问题并共享此修补程序。
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.ObjectMessage;
public class MyMessageBean extends MessageReceiver {
private static final long serialVersionUID = 1L;
public MyMessageBean() {
super();
}
public void onmessage(Message message) {
MyMessageObject rapidMtoorderObj = new MyMessageObject();
try {
ObjectMessage theMessage = (ObjectMessage)message;
rapidMtoorderObj = (MyMessageObject)theMessage.getObject();
// Getting "Dynamic Code Evaluation: Unsafe Deserialization" in this line
}
}
}