Home > OS >  Checkmarx: Improper Exception Handling with Mybatis resultMap in Java
Checkmarx: Improper Exception Handling with Mybatis resultMap in Java

Time:09-05

My project was scanned by Checkmarx, and all the Mybatis xml files show the same risk: Improper Exception Handling.

The report says that every resultMap code like this <resultMap id="resultMap" type="com.example.Test"> may throw expected exceptions, and should be wrapped in a try-catch block.

But we can't write try-catch in xml files. We've done exception handling everywhere we use the sql code, but still get the same result.

Is there anyway to prevent Checkmarx showing this vulnerability?

CodePudding user response:

How about:

If you determine that a vulnerability is a false positive, then you should mark it as Not Exploitable. This will cause Checkmarx to stop showing this vulnerability in subsequent scans within this Application.

taken from here: https://checkmarx.atlassian.net/wiki/spaces/GO/pages/1986658305/SAST Results Review Methodology

CodePudding user response:

Your code does not seem vulnerable. A quick analysis shows a Checkmarx issue with the interpretation of MyBatis and iBatis.

You can mark it as "Not Exploitable" and report the False Positive to Checkmarx.

  • Related