У меня есть следующий код, и я получаю проблему внедрения ресурсов в copyMessages ().
Я не знаю, как исправить проблему?
Abstract: Attackers are able to control the resource identifier argument to copyMessages() at MailboxProcessorServiceImpl.java line 77, which could enable them to access or modify otherwise protected system resources.
FileName:
LineNo: 77
Sink: javax.mail.Folder.copyMessages()
Folder inboxFolder = mailUtil.openFolder(store, "INBOX");
Folder processedFolder = mailUtil.openFolder(store, "Processed");
try {
Flags flaggedFlags = new Flags(Flags.Flag.FLAGGED);
Flags deletedFlags = new Flags(Flags.Flag.DELETED);
Message[] msgs = inboxFolder.search(new FlagTerm(flaggedFlags, false));
log.info("# of new Emails received: " + Integer.toString(msgs.length));
if (msgs.length > 0) {
for (Message msg : msgs) {
log.info(msg.getSubject());
Map<String, InputStream> mis = getAttachments(msg);
if (!CollectionUtils.isEmpty(mis))
saveAndProcessAttachment(mis, msg);
Message[] processedMsgs = { msg };
if (processedMsgs.length > 0) {
inboxFolder.copyMessages(processedMsgs, processedFolder);
}
msg.setFlags(deletedFlags, true);
}
}
inboxFolder.close(true);
processedFolder.close();