I am using restTemplate
for synchronous inter-service communication in a microservices architecture.
When we completed Veracode
scan, we are getting Server-Side Request Forgery (SSRF) (CWE ID 918)
in getForEntity
method.
restTemplate.getForEntity(URL, Entity.class);
Not sure why I am getting this SSRF
issue?.
What would be the possible fix for this?
I have fixed this issue by build the URL using UriComponents before using it in restTemplate.
UriComponents uriComponents = UriComponentsBuilder.newInstance()
.scheme("http").host("www.yourdomain.com").path("/yourPath").build();
Please refer this link to use UriComponents https://www.baeldung.com/spring-uricomponentsbuilder