include::../summary.adoc[]

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/java-se.adoc[]

== Resources

include::../common/resources/docs.adoc[]

* https://docs.oracle.com/javase/tutorial/essential/environment/properties.html[Java Properties]

include::../common/resources/articles.adoc[]

include::../common/resources/presentations.adoc[]

include::../common/resources/standards.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

=== Highlighting

* Primary: The whole function call to {code}DriverManager.getConnection(...){code}
* Secondary: if the password is a variable, highlight the value assigned to this variable.
** message: "Empty password value."
** message: "URL containing the empty password."


'''
== Comments And Links
(visible only on this page)

=== on 16 Aug 2018, 11:06:29 Nicolas Harraudeau wrote:
In order to avoid False Positives this rule will limit its detection when the only parameter is the "URL", i.e. ``++DriverManager.getConnection("jdbc:...")++``

The rule then focuses on empty passwords. Example:

----
 DriverManager.getConnection"jdbc:mysql://localhost/test?user=fred&password="); // empty password, detected
 DriverManager.getConnection"jdbc:mysql://localhost/test?user=fred"); // no password, not detected
----
The reason is that there are many different formats to provide a password in a JDBC connection string and it would create many False Positive to match only some of them.

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]