ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4823/java/rule.adoc

106 lines
2.5 KiB
Plaintext
Raw Normal View History

Add rules 4000-4999
2020-06-30 12:49:37 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
This rule raises an issue as soon as there is a reference to argv, be it for direct use or via a CLI library like JCommander, GetOpt or Apache CLI.
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
----
public class Main {
public static void main (String[] argv) {
String option = argv[0];  // Sensitive: check how the argument is used
}
}
----
----
// === JCommander ===
import com.beust.jcommander.*;
public class Main {
public static void main (String[] argv) {
Main main = new Main();
JCommander.newBuilder()
.addObject(main)
.build()
.parse(argv); // Sensitive
main.run();
}
}
----
----
// === GNU Getopt ===
import gnu.getopt.Getopt;
public class Main {
public static void main (String[] argv) {
Getopt g = new Getopt("myprog", argv, "ab"); // Sensitive
}
}
----
----
// === Apache CLI ===
import org.apache.commons.cli.*;
public class Main {
public static void main (String[] argv) {
Options options = new Options();
CommandLineParser parser = new DefaultParser();
try {
CommandLine line = parser.parse(options, argv); // Sensitive
}
}
}
----
make in-line code blocks verbatim
2021-01-27 13:42:22 +01:00
In the case of Args4J, an issue is created on the ``++public void run++`` method of any class using ``++org.kohsuke.args4j.Option++`` or ``++org.kohsuke.args4j.Argument++``.
Force linebreaks
2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim
2021-01-27 13:42:22 +01:00
Such a class is called directly by ``++org.kohsuke.args4j.Starter++`` outside of any ``++public static void main++`` method. If the class has no ``++run++`` method, no issue will be raised as there must be a ``++public static void main++`` and its argument is already highlighted.
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
Force linebreaks
2021-02-02 15:02:10 +01:00
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
----
// === argv4J ===
import org.kohsuke.args4j.Option;
import org.kohsuke.args4j.Argument;
public class Main {
@Option(name="-myopt",usage="An option")
public String myopt;
@Argument(usage = "An argument", metaVar = "<myArg>")
String myarg;
String file;
@Option(name="-file")
public void setFile(String file) {
this.file = file;
}
String arg2;
@Argument(index=1)
public void setArg2(String arg2) {
this.arg2 = arg2;
}
public void run() { // Sensitive: This function
myarg.toString(); // check how this argument is used
}
}
----
== Exceptions
make in-line code blocks verbatim
2021-01-27 13:42:22 +01:00
The support of Argv4J without the use of ``++org.kohsuke.argv4j.Option++`` is out of scope as there is no way to know which Bean will be used as the mainclass.
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
Force linebreaks
2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim
2021-01-27 13:42:22 +01:00
No issue will be raised on ``++public static void main(String[] argv)++`` if ``++argv++`` is not referenced in the method.
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
include::../see.adoc[]
Reference in New Issue Copy Permalink