Search code examples
javaspringspring-bootsonarqubesonarqube-scan

Replace this persistent entity with a simple POJO or DTO object?

i ve been using sonar to test my code quality but i cant resolve the vulnerability issue with my code it said that i should use Dto or pojo class instead of entity class but sill cant resolve it i dont know how to convert my entity to dto class. here is my entiy class:

@Entity
public class Mission implements Serializable {

private static final long serialVersionUID = -5369734855993305723L;


@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
private int id;

private String name;

private String description;

@ManyToOne
private Departement departement;

@OneToMany(mappedBy="mission")
private  List<Timesheet> timesheets;

public Mission() {
    super();
}

public Mission(String name, String description){
    this.name = name;
    this.description = description;
}


public int getId() {
    return id;
}

public void setId(int id) {
    this.id = id;
}

public String getName() {
    return name;
}

public void setName(String name) {
    this.name = name;
}

public String getDescription() {
    return description;
}

public void setDescription(String description) {
    this.description = description;
}

public Departement getDepartement() {
    return departement;
}

public void setDepartement(Departement departement) {
    this.departement = departement;
}

public List<Timesheet> getTimesheets() {
    return timesheets;
}

public void setTimesheets(List<Timesheet> timesheets) {
    this.timesheets = timesheets;
}

and here is the Restcontroller method where i got the isssue:

    @PostMapping("/ajouterMission")
@ResponseBody
public int ajouterMission(@RequestBody Mission mission) {
    itimesheetservice.ajouterMission(mission);
    try {
        logger.info("in ajouter Mission");
        logger.debug("Je vais commencer l'ajout");
        itimesheetservice.ajouterMission(mission);
        logger.info("out ajouter Mission");
        return mission.getId();
        }
    catch (Exception e) { logger.error("Erreur dans ajouterMission() : " , e); }
    return mission.getId();
}

and this is a screenshot about the sonar vulnerability issue for more details :enter image description here

Solution

  • DO NOT put your Entity model into Controller method. You must create another model like MissionRequestModel for @RequestBody, and then convert your request model to your entity

    public class MissionRequestModel {
private String name;
private String description;
}

    @PostMapping("/ajouterMission")
@ResponseBody
public int ajouterMission(@RequestBody MissionRequestModel missionRequestModel) {
     Mission mission = new Mission(missionRequestModel);
}