From My servlet getting ResourceResolver object and passing as a parameter to service class method, Getting veracode issue at my service class method stating at CWE-99 Resource Injection Issue with syntax resourceResolver.getResource(oldDocsPath); Please find the below screen shots from servlet to service class. Tried with @Scriptvariable , @SlingObject, @reference but veera code scan not clearing the issue. Can anyone please provide solution for the below.
Views
Replies
Total Likes
Hi @AshokThota
Whether migrateDocuments method of ContentMigrationService class is called properly from your servlet ?
I hope you have used @Reference annotation in your servlet class.
In the method: migrateDocuments have you checked resourceResolver object is null or not?
Views
Replies
Total Likes
Whether migrateDocuments method of ContentMigrationService class is called properly from your servlet ?
---> Yes this is calling properly not having any issues with this.
I hope you have used @reference annotation in your servlet class.
---> Yes
In the method: migrateDocuments have you checked resourceResolver object is null or not?
--> Not checking in migrateDocuments method whether its null nor not, Now I'm validating with Null check will keep you post this
Thanks for your reply
In the method: migrateDocuments have you checked resourceResolver object is null or not?
--> validated with null check also but same issue
Views
Replies
Total Likes
Hi @AshokThota
For testing purpose, can you try in sling servlet as well in service class.
resource=resourceResolver.getResource(resourcePath+"/jcr:content");
if(resource !=null) {
ValueMap properties = resource.getValueMap();
String pageTitle = properties.get("testval", String.class);
}
make sure that resourcePath should be a valid path, which is present in your jcr node.
Views
Replies
Total Likes
Tried but still issue persists
Views
Replies
Total Likes
Hi @AshokThota
Can you pass me your servlet file? Remove/change client specific name to generic name. Then pass me the file here.
Views
Replies
Total Likes
See my servlet. I am getting the page title in logger statement.
package com.abc.core.servlets;
import java.io.IOException;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.osgi.service.component.annotations.Component;
import org.apache.sling.api.resource.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Component(service = Servlet.class, property = { "sling.servlet.paths=" + "/bin/dummyURL",
"sling.servlet.methods=GET" }, immediate = true)
public class DummyServlet extends SlingAllMethodsServlet {
private static final long serialVersionUID = 1L;
private static final Logger LOGGER = LoggerFactory.getLogger(DummyServlet.class);
/**
* Method to get parameters to call APi's and give the response
*
* @Param request
* @Param response
* @throws ServletException
* @throws IOException
*/
@Override
protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response)
throws ServletException, IOException {
try {
ResourceResolver resolver = request.getResourceResolver();
Resource resource=resolver.getResource("/content/practice/us/en/jcr:content");
if(resource !=null) {
ValueMap properties = resource.getValueMap();
String pageTitle = properties.get("jcr:title", String.class);
LOGGER.debug("pageTitle="+pageTitle);
}
} catch (Exception e) {
LOGGER.error("IOException occured in SSO Login::", e);
}
response.setContentType("text/html");
}
}
check your import statement too.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies