rsenden
commented
3 years ago Actually not an issue; each switch branch also contains a return statement
Closed rsenden closed 3 years ago
rsenden
commented
3 years ago Actually not an issue; each switch branch also contains a return statement
The
embed(SSCApplicationVersionsQueryBuilder qb, SSCEmbedConfig config)method defined in https://github.com/fortify/FortifyVulnerabilityExporter/blob/main/FortifyVulnerabilityExporter-plugin-from-ssc/src/main/java/com/fortify/vulnexport/from/ssc/FromSSCVulnerabilityLoader.java provides special processing if the sub-entity to be embedded equalscurrentStaticScan,currentDynamicScan, orcurrentSonatypeScan. However, even when special processing takes place, theSSCApplicationVersionsQueryBuilder#embed(config)method is called again at the end of this method.This is most likely not intended, but doesn't seem to cause any runtime issues. Further research is needed to investigate whether this might result in extra, invalid requests to SSC, and why these invalid requests are not logged.