如何在@restcontroller中清理请求对象

Question

我正在使用checkmarx进行静态代码分析，这给我带来了@RequestBody的中等漏洞。

将在下面放置示例代码，有人可以帮助我解决此问题。

@RestController
@RequestMapping("/api")
@Slf4j
@Validated
public class Myclass {

@Autowired
SplitClass split;

@PostMapping(path = "/something", consumes = "application/json", produces = "application/json")
public int splitter(@RequestBody SplitRequestVO **splitReq**) {
    int response = 0;
    try {
        int value = split.methodName(splitReq);
        if(value == 1) {
            response = 1;
        }else {
            response = 0;
        }
    }catch(Exception e) {
        log.error("Excpetion in the MY Class controller" +e.getMessage());
    }
    return response;
}

} 每当此util类显示错误时。请检查这堂课有什么问题。

@Slf4j
public class FileUtil {

    private FileUtil() {
        throw new IllegalArgumentException("FileUtil.class");
    }


    public static void createFileFromBytes(String fileName, byte[] bytes) throws IOException {
        File file = new File(fileName);
        try (FileOutputStream fos = new FileOutputStream(file)) {
            fos.write(bytes);
            fos.flush();
        } catch (IOException exc) {
            log.error("Exception in creating file from bytes : "+exc.getMessage());
        }
    }

    public static void deleteFile(String fileName) {
        log.info("Entry into deleteFile method.");
        try {
            File file = new File(fileName);
            if (file.exists()) {
                Files.delete(file.toPath());
                if (log.isDebugEnabled())
                    log.debug("file deleted:" + fileName);
            }
        } catch (Exception e) {
            log.error("Exception in deleting the file : "+e.getMessage());
        }
        log.info("Exit from deleteFile method ");
    }

    public static byte[] getBytesFromFile(File file) throws IOException {
        log.info("Entry into getBytesFromFile method");
        byte[] bytes = null;
        try (InputStream is = new FileInputStream(file)) {
            long length = file.length();
            if (length > 2147483647L) {
                log.error("File Too large:" + file.getName());
            }
            bytes = new byte[(int) length];
            int offset = 0;
            int numRead = 0;
            while (offset < bytes.length && (numRead = is.read(bytes, offset, bytes.length - offset)) >= 0)
                offset += numRead;
            if (offset < bytes.length)
                throw new IOException("Could not completely read file " + file.getName());
        } catch (Exception e) {
            log.error("Exception in getBytesFromFile : "+e.getMessage());
        }
        log.info("Exit from getBytesFromFile method ");
        return bytes;
    }

    public static byte[] getBytesFromFile(String fileName) throws IOException {
        File file = new File(fileName);
        return getBytesFromFile(file);
    }

}

这里我面临着漏洞问题，请用印刷体字母修复。感谢您的帮助。

谢谢。