rspec/rules/S4434/java/rule.adoc


== Sensitive Code Example

----
DirContext ctx = new InitialDirContext();
// ...
ctx.search(query, filter,
        new SearchControls(scope, countLimit, timeLimit, attributes,
            true, // Noncompliant; allows deserialization
            deref));
----

== Compliant Solution

----
DirContext ctx = new InitialDirContext();
// ...
ctx.search(query, filter,
        new SearchControls(scope, countLimit, timeLimit, attributes,
            false, // Compliant
            deref));
----
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00
			`== Sensitive Code Example`

			`----`
			`DirContext ctx = new InitialDirContext();`
			`// ...`
			`ctx.search(query, filter,`
			`new SearchControls(scope, countLimit, timeLimit, attributes,`
			`true, // Noncompliant; allows deserialization`
			`deref));`
			`----`

			`== Compliant Solution`

			`----`
			`DirContext ctx = new InitialDirContext();`
			`// ...`
			`ctx.search(query, filter,`
			`new SearchControls(scope, countLimit, timeLimit, attributes,`
			`false, // Compliant`
			`deref));`
			`----`