=== on 20 Oct 2014, 18:37:01 Ann Campbell wrote:
\[~nicolas.peru] note that this rule that was originally written for ABAP has been extended for Java & an exception added for a comment in the block, making ABAP outdated.

=== on 21 Oct 2014, 15:36:55 Nicolas Peru wrote:
This will be covered by \http://jira.sonarsource.com/browse/RSPEC-108

=== on 27 Feb 2015, 09:57:42 Freddy Mallet wrote:
\[~ann.campbell.2], this spec should be linked to \http://cwe.mitre.org/data/definitions/391.html

=== on 21 Mar 2018, 18:09:23 Alexandre Gigleux wrote:
\[~ann.campbell.2] I don't think this one should be classified as a "Bug Detection". No bug/failure will happen if you keep the code like this.

I think it should be classified as a "Vulnerability Detection". This RSPEC was classified like this in the past (2015) thanks to the tag "security". I don't see any good reason why we changed that. Also, we have an OWASP TOP 10 tag on the RSPEC replacing this one (RSPEC-2486) which is another justification to classify it as a "Vulnerability Detection".


Do you agree? 

=== on 21 Mar 2018, 19:04:23 Ann Campbell wrote:
Fine for me [~alexandre.gigleux]