feat(微信支付):新增微信支付银行组件模块#2644
Conversation
![sonatype-lift[bot]](https://avatars-githubusercontent-com-gh.computerqwq.top/in/9843?s=60&v=4){kind=small}
| * | ||
| * @author zhongjun | ||
| **/ | ||
| @RequiredArgsConstructor |
There was a problem hiding this comment.
SameNameButDifferent: The name @RequiredArgsConstructor refers to [java.lang.SuppressWarnings, com.github.binarywang.wxpay.service.WxPayService] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
|
||
| @Override | ||
| public String getV3WithWechatPaySerial(String url) throws WxPayException { | ||
| HttpGet httpGet = new HttpGet(url); |
There was a problem hiding this comment.
HTTP_PARAMETER_POLLUTION: Concatenating user-controlled input into a URL
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| @@ -241,7 +241,17 @@ public String getV3(String url) throws WxPayException { | |||
| HttpGet httpGet = new HttpGet(url); | |||
There was a problem hiding this comment.
HTTP_PARAMETER_POLLUTION: Concatenating user-controlled input into a URL
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
I've recorded this as ignored for this pull request. If you change your mind, just comment @sonatype-lift unignore.
| HttpGet httpGet = new HttpGet(url); | ||
| httpGet.addHeader("Accept", "application/json"); | ||
| httpGet.addHeader("Content-Type", "application/json"); | ||
| String serialNumber = getConfig().getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase(); |
There was a problem hiding this comment.
NULL_DEREFERENCE: object returned by getConfig().getVerifier() could be null and is dereferenced at line 252.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
如果不是你这次提交代码引入的lift问题可以忽略 |
2 participants
文档地址: 银行组件
#2543
@binarywang 麻烦看下这些检查的问题需要处理吗?直接请求微信接口的,需要考虑攻击吗?