rspec/rules/S3749/java/comments-and-links.adoc

=== on 17 Oct 2016, 15:23:37 Ann Campbell wrote:
Part of the idea is that constructor injection is declasse now, [~nicolas.peru]

=== on 31 Mar 2017, 09:40:29 Yves Dubois-Pèlerin wrote:
\[~ann.campbell.2]


This is about a https://groups.google.com/forum/#!topic/sonarqube/T-f83S9mvQU[question] on the Google group.


+1 for adding @Resource in this rule. Although annotation @Autowired is well-known among Java developers, it is Spring specific. The newer but standard @Resource annotation is mostly equivalent to @Autowire and should be added to the rule.


I don't know about @Inject - maybe a Guice-specific annotation.


Suggestions:

* Change the rule title into "Members of Spring components should be explicitly injected".
* Give more emphasis to @Resource than to @Autowired, which is slightly outdated. For example, replace
"That is, they should have the @Autowired annotation"

with

"That is, they should have the @Resource (or @Autowired) annotation"


Yves

=== on 4 Apr 2017, 15:23:12 Ann Campbell wrote:
Updated [~yves.duboispelerin]

=== on 19 Mar 2018, 10:01:50 Sébastien GIORIA - AppSecFR wrote:
Could be tagged OWASP A3:2017. This could leak sensitive data

=== on 19 Mar 2018, 10:14:30 Alexandre Gigleux wrote:
\[~SPoint]: thanks for the contribution - it's already tagged OWASP A3:2017 in the RSPEC ticket - as soon as SonarJava 5.2 will be released, the OWASP tags will be updated in SonarQube UI thanks to this ticket: \https://jira.sonarsource.com/browse/SONARJAVA-2682 - we reviewed all the OWASP tags of SonarJava rules to be sure they are aligned with OWASP TOP 10 2017.

=== on 16 Aug 2018, 20:27:21 Ann Campbell wrote:
\[~nicolas.harraudeau] despite the fact that Jira can't properly render its own code markdown when immediately followed by non-space characters, RuleAPI handles this correctly. 


The current version is awkward IMO and should either get the 's'es back, or the word "classes" before "are singletons by default".

=== on 17 Aug 2018, 08:41:28 Nicolas Harraudeau wrote:
\[~ann.campbell.2] Thanks for the info. I'll add "classes" then so that it works in both Jira and RuleAPI.
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 17 Oct 2016, 15:23:37 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`Part of the idea is that constructor injection is declasse now, [~nicolas.peru]`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 31 Mar 2017, 09:40:29 Yves Dubois-Pèlerin wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~ann.campbell.2]`


			`This is about a https://groups.google.com/forum/#!topic/sonarqube/T-f83S9mvQU[question] on the Google group.`


			`+1 for adding @Resource in this rule. Although annotation @Autowired is well-known among Java developers, it is Spring specific. The newer but standard @Resource annotation is mostly equivalent to @Autowire and should be added to the rule.`


			`I don't know about @Inject - maybe a Guice-specific annotation.`


			`Suggestions:`

			`* Change the rule title into "Members of Spring components should be explicitly injected".`
			`* Give more emphasis to @Resource than to @Autowired, which is slightly outdated. For example, replace`
			`"That is, they should have the @Autowired annotation"`

			`with`

			`"That is, they should have the @Resource (or @Autowired) annotation"`


			`Yves`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 4 Apr 2017, 15:23:12 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`Updated [~yves.duboispelerin]`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 19 Mar 2018, 10:01:50 Sébastien GIORIA - AppSecFR wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`Could be tagged OWASP A3:2017. This could leak sensitive data`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 19 Mar 2018, 10:14:30 Alexandre Gigleux wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~SPoint]: thanks for the contribution - it's already tagged OWASP A3:2017 in the RSPEC ticket - as soon as SonarJava 5.2 will be released, the OWASP tags will be updated in SonarQube UI thanks to this ticket: \https://jira.sonarsource.com/browse/SONARJAVA-2682 - we reviewed all the OWASP tags of SonarJava rules to be sure they are aligned with OWASP TOP 10 2017.`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 16 Aug 2018, 20:27:21 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~nicolas.harraudeau] despite the fact that Jira can't properly render its own code markdown when immediately followed by non-space characters, RuleAPI handles this correctly.`


			`The current version is awkward IMO and should either get the 's'es back, or the word "classes" before "are singletons by default".`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 17 Aug 2018, 08:41:28 Nicolas Harraudeau wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~ann.campbell.2] Thanks for the info. I'll add "classes" then so that it works in both Jira and RuleAPI.`