37 lines
1.8 KiB
Plaintext
37 lines
1.8 KiB
Plaintext
=== relates to: S5485
|
|
|
|
=== is related to: S3546
|
|
|
|
=== is related to: S2930
|
|
|
|
=== on 2 Feb 2015, 14:28:37 Sébastien Gioria wrote:
|
|
Could be tag
|
|
|
|
* OWASP Top10 2013 A5 (Denial Of Service fall mostly in this category because finishing most the time in stacktrace of the JavaVM. )
|
|
* CERT Secure Coding FIO04-J
|
|
|
|
|
|
=== on 4 Feb 2015, 13:11:12 Ann Campbell wrote:
|
|
Thanks for the CERT reference [~sebastien.gioria], but I don't understand the OWASP tie.
|
|
|
|
=== on 11 Feb 2015, 23:02:32 Freddy Mallet wrote:
|
|
This one can lead to a denial of service.
|
|
|
|
=== on 24 Apr 2015, 07:55:03 Michael Gumowski wrote:
|
|
As for the moment we are not making cross-file or cross-method analysis (it is planned), we are not able to tell if it is the responsibility of the method to close a Closeable/AutoCloseable retrieved using method invocation. There is no existing annotation neither which would provide the information. I changed the non-compliant example and compliant solution to something that we can actually detect.
|
|
|
|
=== on 11 Jun 2015, 18:57:32 Ann Campbell wrote:
|
|
\[~michael.gumowski], would it be appropriate to map this rule to the CodePro rule https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.possibleErrors#com.instantiations.assist.eclipse.audit.closeInFinally[Close In Finally]?
|
|
|
|
|
|
I'm asking first for an answer based on the current implementation.
|
|
|
|
And if that answer's "no" my second question is whether we should go ahead & do the mapping & extend the implementation.
|
|
|
|
|
|
As a followup, there is also this CodePro rule: https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.jdbc#com.instantiations.assist.eclipse.audit.closeOrder[Close Order]
|
|
|
|
=== on 17 Jun 2015, 14:18:04 Ann Campbell wrote:
|
|
CodePro: Close In Finally
|
|
|