We are using reflection API to resolve the method calls Object fData = method.invoke(srchFilterDTO, (Object[]) null);
The srchFilterDTO object comes from UI rest call as the input to method.invoke. So Fortify is complaining for unsafe reflection since the un-validated data(srchFilterDTO object) gets passed to method.invoke call.I am not sure how to validate since its a object not string.Basically I am looking for some suggestions to put the validation in place.Please Share your ideas.Thanks.
Aucun commentaire:
Enregistrer un commentaire