JSON Injection

[QiAnXinCodeSafe]

sds/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java

Line 43 in 0ac9dbe

heartbeatRequest = JSONObject.parseObject(request.getParameter("client"), HeartbeatRequest.class);

sds/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java

Line 63 in 0ac9dbe

heartbeatRequest = JSONObject.parseObject(request.getParameter("client"), HeartbeatRequest.class);

The method writes unvalidated input into JSON. This call could allow an attacker to inject arbitrary elements or attributes into the JSON entity.