rspec/rules/S2095/comments-and-links.adoc

=== relates to: S5485

=== is related to: S3546

=== is related to: S2930

=== on 2 Feb 2015, 14:28:37 Sébastien Gioria wrote:
Could be tag 

* OWASP Top10 2013 A5 (Denial Of Service fall mostly in this category because finishing most the time in stacktrace of the JavaVM. )
* CERT Secure Coding FIO04-J


=== on 4 Feb 2015, 13:11:12 Ann Campbell wrote:
Thanks for the CERT reference [~sebastien.gioria], but I don't understand the OWASP tie.

=== on 11 Feb 2015, 23:02:32 Freddy Mallet wrote:
This one can lead to a denial of service.

=== on 24 Apr 2015, 07:55:03 Michael Gumowski wrote:
As for the moment we are not making cross-file or cross-method analysis (it is planned), we are not able to tell if it is the responsibility of the method to close a Closeable/AutoCloseable retrieved using method invocation. There is no existing annotation neither which would provide the information. I changed the non-compliant example and compliant solution to something that we can actually detect.

=== on 11 Jun 2015, 18:57:32 Ann Campbell wrote:
\[~michael.gumowski], would it be appropriate to map this rule to the CodePro rule https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.possibleErrors#com.instantiations.assist.eclipse.audit.closeInFinally[Close In Finally]?


I'm asking first for an answer based on the current implementation.

And if that answer's "no" my second question is whether we should go ahead & do the mapping & extend the implementation.


As a followup, there is also this CodePro rule: https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.jdbc#com.instantiations.assist.eclipse.audit.closeOrder[Close Order]

=== on 17 Jun 2015, 14:18:04 Ann Campbell wrote:
CodePro: Close In Finally
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== relates to: S5485`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== is related to: S3546`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== is related to: S2930`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 2 Feb 2015, 14:28:37 Sébastien Gioria wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`Could be tag`

			`* OWASP Top10 2013 A5 (Denial Of Service fall mostly in this category because finishing most the time in stacktrace of the JavaVM. )`
			`* CERT Secure Coding FIO04-J`


Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 4 Feb 2015, 13:11:12 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`Thanks for the CERT reference [~sebastien.gioria], but I don't understand the OWASP tie.`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 11 Feb 2015, 23:02:32 Freddy Mallet wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`This one can lead to a denial of service.`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 24 Apr 2015, 07:55:03 Michael Gumowski wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`As for the moment we are not making cross-file or cross-method analysis (it is planned), we are not able to tell if it is the responsibility of the method to close a Closeable/AutoCloseable retrieved using method invocation. There is no existing annotation neither which would provide the information. I changed the non-compliant example and compliant solution to something that we can actually detect.`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 11 Jun 2015, 18:57:32 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~michael.gumowski], would it be appropriate to map this rule to the CodePro rule https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.possibleErrors#com.instantiations.assist.eclipse.audit.closeInFinally[Close In Finally]?`


			`I'm asking first for an answer based on the current implementation.`

			`And if that answer's "no" my second question is whether we should go ahead & do the mapping & extend the implementation.`


			`As a followup, there is also this CodePro rule: https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.jdbc#com.instantiations.assist.eclipse.audit.closeOrder[Close Order]`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 17 Jun 2015, 14:18:04 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`CodePro: Close In Finally`