Coverity shows the block of code with unsafe deserialization.
Here the body that i am receiving is internal api call which it treats as external. but i am not sure how to get the fix. is there a way we can validate here so that it is acceptable. i can always mark it as false positive but was looking out for a solution.
this is one of the newer issues that are released with the newer version (Coverity 2022.3)
String str = jacksonObjectMapper.writeValueAsString(body);
ContentDto contentDto = jacksonObjectMapper.readValue(str, ContentDto.class);
//Calling "readValue". This call uses "str" for sensitive computation. (The virtual call resolves to "com.fasterxml.jackson.databind.ObjectMapper.readValue(java.lang.String, java.lang.Class)".)
