rspec/rules/S2083/comments-and-links.adoc

=== relates to: S4797

=== on 2 Oct 2014, 08:14:01 Nicolas Peru wrote:
I have some doubt about that one as for instance in Java plugin code base I have the following:

----
private File resolvePath(File baseDir, String fileName) {
    File file = new File(fileName);
    if (!file.isAbsolute()) {
      file = new File(baseDir, fileName);
    }
    return file;
  }
----
Which is based on a property coming from SQ and filled by the user to be able to access libraries of a java project. So you actually _want_ to support access to some files eventually located in relative directories... 

=== on 2 Oct 2014, 14:12:34 Ann Campbell wrote:
\[~nicolas.peru] there are 2 CWE's we're covering here, one about absolute path traversal and another about relative traversal.


In any case, the point of your code is to read files on paths provided by the user. Since your code runs on the user's machine, there's no problem with that and I wouldn't expect this rule to be activated. I'll switch this to off by default.

=== on 8 Oct 2014, 08:40:09 Nicolas Peru wrote:
Probably easier with CFG.

=== on 14 May 2018, 12:04:03 Dinesh Bolkensteyn wrote:
FYI, I fail to understand your 4 years old comment [~nicolas.peru] - is it still relevant? feel free to delete it otherwise
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== relates to: S4797`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 2 Oct 2014, 08:14:01 Nicolas Peru wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`I have some doubt about that one as for instance in Java plugin code base I have the following:`

			`----`
			`private File resolvePath(File baseDir, String fileName) {`
			`File file = new File(fileName);`
			`if (!file.isAbsolute()) {`
			`file = new File(baseDir, fileName);`
			`}`
			`return file;`
			`}`
			`----`
			`Which is based on a property coming from SQ and filled by the user to be able to access libraries of a java project. So you actually _want_ to support access to some files eventually located in relative directories...`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 2 Oct 2014, 14:12:34 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~nicolas.peru] there are 2 CWE's we're covering here, one about absolute path traversal and another about relative traversal.`


			`In any case, the point of your code is to read files on paths provided by the user. Since your code runs on the user's machine, there's no problem with that and I wouldn't expect this rule to be activated. I'll switch this to off by default.`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 8 Oct 2014, 08:40:09 Nicolas Peru wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`Probably easier with CFG.`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 14 May 2018, 12:04:03 Dinesh Bolkensteyn wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`FYI, I fail to understand your 4 years old comment [~nicolas.peru] - is it still relevant? feel free to delete it otherwise`