21 lines
1.1 KiB
Plaintext
21 lines
1.1 KiB
Plaintext
|
=== On 2014-10-20T18:37:01Z Ann Campbell Wrote:
|
||
|
|
\[~nicolas.peru] note that this rule that was originally written for ABAP has been extended for Java & an exception added for a comment in the block, making ABAP outdated.
|
||
|
|
|
||
|
|
=== On 2014-10-21T15:36:55Z Nicolas Peru Wrote:
|
||
|
|
This will be covered by \http://jira.sonarsource.com/browse/RSPEC-108
|
||
|
|
|
||
|
|
=== On 2015-02-27T09:57:42Z Freddy Mallet Wrote:
|
||
|
|
\[~ann.campbell.2], this spec should be linked to \http://cwe.mitre.org/data/definitions/391.html
|
||
|
|
|
||
|
|
=== On 2018-03-21T18:09:23Z Alexandre Gigleux Wrote:
|
||
|
|
\[~ann.campbell.2] I don't think this one should be classified as a "Bug Detection". No bug/failure will happen if you keep the code like this.
|
||
|
|
|
||
|
|
I think it should be classified as a "Vulnerability Detection". This RSPEC was classified like this in the past (2015) thanks to the tag "security". I don't see any good reason why we changed that. Also, we have an OWASP TOP 10 tag on the RSPEC replacing this one (RSPEC-2486) which is another justification to classify it as a "Vulnerability Detection".
|
||
|
|
|
||
|
|
|
||
|
|
Do you agree?
|
||
|
|
|
||
|
|
=== On 2018-03-21T19:04:23Z Ann Campbell Wrote:
|
||
|
|
Fine for me [~alexandre.gigleux]
|
||
|
|
|