51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
53 lines
1.3 KiB
Plaintext
53 lines
1.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
class A {
|
|
void foo(String fmt, Object args) throws Exception {
|
|
// Sensitive. Check how the standard input is used.
|
|
System.in.read();
|
|
|
|
// Sensitive. Check how safe this new InputStream is.
|
|
System.setIn(new java.io.FileInputStream("test.txt"));
|
|
|
|
java.io.Console console = System.console();
|
|
// Sensitive. All the following calls should be reviewed as they use the standard input.
|
|
console.reader();
|
|
console.readLine();
|
|
console.readLine(fmt, args);
|
|
console.readPassword();
|
|
console.readPassword(fmt, args);
|
|
}
|
|
}
|
|
----
|
|
|
|
== Exceptions
|
|
|
|
All references to ``++System.in++`` will create issues except direct calls to ``++System.in.close()++``.
|
|
|
|
|
|
Command line parsing libraries such as JCommander often read standard input when asked for passwords. However this rule doesn't raise any issue in this case as another hotspot rule covers command line arguments.
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|