【公众号】提供了获取稳定版获取access token的接口#3085
Conversation
Sonatype Lift is retiringSonatype Lift will be retiring on Sep 12, 2023, with its analysis stopping on Aug 12, 2023. We understand that this news may come as a disappointment, and Sonatype is committed to helping you transition off it seamlessly. If you’d like to retain your data, please export your issues from the web console. |
SKYhuangjing
changed the title
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| try { | ||
| do { | ||
| locked = lock.tryLock(100, TimeUnit.MILLISECONDS); | ||
| if (!forceRefresh && !this.getWxMpConfigStorage().isAccessTokenExpired()) { |
There was a problem hiding this comment.
THREAD_SAFETY_VIOLATION: Read/Write race. Non-private method BaseWxMpServiceImpl.getAccessToken(...) indirectly reads without synchronization from this.configStorageMap. Potentially races with write in method BaseWxMpServiceImpl.setWxMpConfigStorage(...).
Reporting because this access may occur on a background thread.
❗❗ 2 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| weixin-java-mp/src/main/java/me/chanjar/weixin/mp/api/impl/BaseWxMpServiceImpl.java | 257 |
| weixin-java-mp/src/main/java/me/chanjar/weixin/mp/api/impl/BaseWxMpServiceImpl.java | 252 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| return this.extractAccessToken(new BasicResponseHandler().handleResponse(response)); | ||
| } finally { | ||
| httpGet.releaseConnection(); | ||
| httpGet = new HttpGet(url); |
There was a problem hiding this comment.
HTTP_PARAMETER_POLLUTION: Concatenating user-controlled input into a URL
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
2 participants
参考 PR #3004 移植支持 公众号获取access token的接口
如何使用
直接配置类 WxMpConfigStorage#useStableAccessToken 开启使用稳定版获取access_token接口,默认未开启