SONARJAVA-5284 Create rule S7178: Injecting data into static fields is not supported by Spring (#4611)
This commit is contained in:
github-actions[bot]
GitHub
parent
9a672e7951
commit
11dd942825
26
rules/S7178/java/metadata.json
Normal file
26
rules/S7178/java/metadata.json
Normal file
@ -0,0 +1,26 @@
|
||||
{
|
||||
"title": "Injecting data into static fields is not supported by Spring",
|
||||
"type": "CODE_SMELL",
|
||||
"status": "ready",
|
||||
"remediation": {
|
||||
"func": "Constant\/Issue",
|
||||
"constantCost": "5min"
|
||||
},
|
||||
"tags": [
|
||||
"spring"
|
||||
],
|
||||
"defaultSeverity": "Major",
|
||||
"ruleSpecification": "RSPEC-7178",
|
||||
"sqKey": "S7178",
|
||||
"scope": "Main",
|
||||
"defaultQualityProfiles": ["Sonar way"],
|
||||
"quickfix": "unknown",
|
||||
"code": {
|
||||
"impacts": {
|
||||
"MAINTAINABILITY": "LOW",
|
||||
"RELIABILITY": "HIGH",
|
||||
"SECURITY": "LOW"
|
||||
},
|
||||
"attribute": "LOGICAL"
|
||||
}
|
||||
}
|
||||
46
rules/S7178/java/rule.adoc
Normal file
46
rules/S7178/java/rule.adoc
Normal file
@ -0,0 +1,46 @@
|
||||
== Why is this an issue?
|
||||
|
||||
Spring dependency injection framework does not support injecting data into static fields. When @Value, @Inject, or @Autowired are applied to static fields, they are ignored.
|
||||
|
||||
=== What is the potential impact?
|
||||
|
||||
* *Null Values*: Uninitialized static fields annotated with @Value, @Inject, or @Autowired will not be initialized by Spring, potentially causing NullPointerException at runtime.
|
||||
* *Confusing Code*: The presence of injection annotations on static fields can mislead developers into believing that the fields will be populated by Spring.
|
||||
|
||||
This rule raises an issue when a static field is annotated with @Value, @Inject, or @Autowired.
|
||||
|
||||
== How to fix it
|
||||
|
||||
Either use an instance field instead of a static field or remove the @Value, @Inject, or @Autowired annotation and initialize the field.
|
||||
|
||||
=== Code examples
|
||||
|
||||
==== Noncompliant code example
|
||||
|
||||
[source,java,diff-id=1,diff-type=noncompliant]
|
||||
----
|
||||
@Component
|
||||
public class MyComponent {
|
||||
|
||||
@Value("${my.app.prop}")
|
||||
private static SomeDependency dependency; // non compliant, @Value will be ignored and no value will be injected
|
||||
// ...
|
||||
}
|
||||
----
|
||||
|
||||
==== Compliant solution
|
||||
|
||||
[source,java,diff-id=1,diff-type=compliant]
|
||||
----
|
||||
@Component
|
||||
public class MyComponent {
|
||||
|
||||
@Value("${my.app.prop}")
|
||||
private final SomeDependency dependency;
|
||||
// ...
|
||||
}
|
||||
----
|
||||
|
||||
== Resources
|
||||
=== Articles & blog posts
|
||||
* Java Guides - https://www.baeldung.com/spring-inject-static-field[Injecting a Value in a Static Field in Spring]
|
||||
2
rules/S7178/metadata.json
Normal file
2
rules/S7178/metadata.json
Normal file
@ -0,0 +1,2 @@
|
||||
{
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user