Improper Resource Access Authorization in JPA repository

Question

I have below JPA repository code :

@RepositoryRestResource(path="attributes",itemResourceRel="attribute",excerptProjection=AttributeHeaderProjection.class,exported = false)
public interface AttributeHeaderDataRestRepository extends JpaRepository<AttributeHeader, String> {

    @Query(" SELECT HDR FROM AttributeHeader HDR, AttributeObject OBJ "
            + "WHERE HDR.attribute=OBJ.attribute "
            + " AND OBJ.objName= ?1 ")
    List<AttributeHeader> byName( String name);
}

I am getting

"Improper Resource Access Authorization"

CheckMarx issue for the above code.

How to resolve this types of CheckMarx issue?

see my answer here that is related to your question. you need to add some form of access control check https://stackoverflow.com/questions/57824178/checkmarx-improper-resource-access-authorization/57863422#57863422. Please upvote if it helped — securecodeninja, Sep 20 '19 at 05:41

score 0 · Answer 1 · answered Sep 19 '19 at 11:50

0

Could you please remove @RepositoryRestResource from repository level and make it as normal jpa repository that might work.

answered Sep 19 '19 at 11:50

Shubham Shinde

1

this won't help. – Simon Logic May 19 '21 at 10:03

Improper Resource Access Authorization in JPA repository

1 Answers1