2

I am using restTemplate for synchronous inter-service communication in a microservices architecture.

When we completed Veracode scan, we are getting Server-Side Request Forgery (SSRF) (CWE ID 918) in getForEntity method.

restTemplate.getForEntity(URL, Entity.class);

Not sure why I am getting this SSRF issue?.
What would be the possible fix for this?

SSK
  • 3,444
  • 6
  • 32
  • 59

1 Answers1

3

I have fixed this issue by build the URL using UriComponents before using it in restTemplate.

UriComponents uriComponents = UriComponentsBuilder.newInstance()
  .scheme("http").host("www.yourdomain.com").path("/yourPath").build();

Please refer this link to use UriComponents https://www.baeldung.com/spring-uricomponentsbuilder

Dharman
  • 30,962
  • 25
  • 85
  • 135
Sankar
  • 687
  • 1
  • 13
  • 25