rspec/rules/S2095/comments-and-links.adoc

=== Related: RSPEC-5485

=== Related: RSPEC-3546

=== Relates: RSPEC-2930

=== On 2015-02-02T14:28:37Z Sébastien Gioria Wrote:
Could be tag 

* OWASP Top10 2013 A5 (Denial Of Service fall mostly in this category because finishing most the time in stacktrace of the JavaVM. )
* CERT Secure Coding FIO04-J


=== On 2015-02-04T13:11:12Z Ann Campbell Wrote:
Thanks for the CERT reference [~sebastien.gioria], but I don't understand the OWASP tie.

=== On 2015-02-11T23:02:32Z Freddy Mallet Wrote:
This one can lead to a denial of service.

=== On 2015-04-24T07:55:03Z Michael Gumowski Wrote:
As for the moment we are not making cross-file or cross-method analysis (it is planned), we are not able to tell if it is the responsibility of the method to close a Closeable/AutoCloseable retrieved using method invocation. There is no existing annotation neither which would provide the information. I changed the non-compliant example and compliant solution to something that we can actually detect.

=== On 2015-06-11T18:57:32Z Ann Campbell Wrote:
\[~michael.gumowski], would it be appropriate to map this rule to the CodePro rule https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.possibleErrors#com.instantiations.assist.eclipse.audit.closeInFinally[Close In Finally]?


I'm asking first for an answer based on the current implementation.

And if that answer's "no" my second question is whether we should go ahead & do the mapping & extend the implementation.


As a followup, there is also this CodePro rule: https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.jdbc#com.instantiations.assist.eclipse.audit.closeOrder[Close Order]

=== On 2015-06-17T14:18:04Z Ann Campbell Wrote:
CodePro: Close In Finally
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`=== Related: RSPEC-5485`

			`=== Related: RSPEC-3546`

			`=== Relates: RSPEC-2930`

			`=== On 2015-02-02T14:28:37Z Sébastien Gioria Wrote:`
			`Could be tag`

			`* OWASP Top10 2013 A5 (Denial Of Service fall mostly in this category because finishing most the time in stacktrace of the JavaVM. )`
			`* CERT Secure Coding FIO04-J`


			`=== On 2015-02-04T13:11:12Z Ann Campbell Wrote:`
			`Thanks for the CERT reference [~sebastien.gioria], but I don't understand the OWASP tie.`

			`=== On 2015-02-11T23:02:32Z Freddy Mallet Wrote:`
			`This one can lead to a denial of service.`

			`=== On 2015-04-24T07:55:03Z Michael Gumowski Wrote:`
			`As for the moment we are not making cross-file or cross-method analysis (it is planned), we are not able to tell if it is the responsibility of the method to close a Closeable/AutoCloseable retrieved using method invocation. There is no existing annotation neither which would provide the information. I changed the non-compliant example and compliant solution to something that we can actually detect.`

			`=== On 2015-06-11T18:57:32Z Ann Campbell Wrote:`
			`\[~michael.gumowski], would it be appropriate to map this rule to the CodePro rule https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.possibleErrors#com.instantiations.assist.eclipse.audit.closeInFinally[Close In Finally]?`


			`I'm asking first for an answer based on the current implementation.`

			`And if that answer's "no" my second question is whether we should go ahead & do the mapping & extend the implementation.`


			`As a followup, there is also this CodePro rule: https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.jdbc#com.instantiations.assist.eclipse.audit.closeOrder[Close Order]`

			`=== On 2015-06-17T14:18:04Z Ann Campbell Wrote:`
			`CodePro: Close In Finally`