rspec/rules/S6173/java/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

----
public void run(javax.servlet.http.HttpServletRequest request) throws ClassNotFoundException {
    String name = request.getParameter("name");
    Class clazz = Class.forName(name);  // Noncompliant
} 
----

== Compliant Solution

----
public void run(javax.servlet.http.HttpServletRequest request) throws ClassNotFoundException {
    String name = request.getParameter("name");
    if (this.allowed.contains(name)) {
        Class clazz = Class.forName(name);
    }
} 
----

include::../see.adoc[]
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

			`----`
			`public void run(javax.servlet.http.HttpServletRequest request) throws ClassNotFoundException {`
			`String name = request.getParameter("name");`
			`Class clazz = Class.forName(name); // Noncompliant`
			`}`
			`----`

			`== Compliant Solution`

			`----`
			`public void run(javax.servlet.http.HttpServletRequest request) throws ClassNotFoundException {`
			`String name = request.getParameter("name");`
			`if (this.allowed.contains(name)) {`
			`Class clazz = Class.forName(name);`
			`}`
			`}`
			`----`

			`include::../see.adoc[]`