ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4825/java/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

148 lines
4.8 KiB
Plaintext
Raw Permalink Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
// === Java URL connection ===
import java.net.URL;
import java.net.HttpURLConnection;
abstract class URLConnection {
void foo() throws Exception {
URL url = new URL("http://example.com");
HttpURLConnection con = (HttpURLConnection) url.openConnection(); // Sensitive: review how the http connection is used
doSomething((HttpURLConnection) url.openConnection()); // Sensitive: review how the http connection is used
}
abstract void doSomething(HttpURLConnection httpUrlConnection);
}
----
----
// === HttpClient Java 9 ===
import jdk.incubator.http.HttpClient;
import jdk.incubator.http.HttpRequest;
import jdk.incubator.http.HttpResponse;
class JavaNet9 {
void foo(HttpRequest request, HttpResponse.BodyHandler<Object> responseBodyHandler, HttpResponse.MultiProcessor<?,?> multiProcessor) throws Exception {
HttpClient client = HttpClient.newHttpClient();
client.send(request, responseBodyHandler); // Sensitive
client.sendAsync(request, responseBodyHandler); // Sensitive
client.sendAsync(request, multiProcessor); // Sensitive
}
}
----
----
// === HttpClient Java 10 ===
import jdk.incubator.http.HttpClient;
import jdk.incubator.http.HttpRequest;
import jdk.incubator.http.HttpResponse;
class JavaNet10 {
void foo(HttpRequest request, HttpResponse.BodyHandler<Object> responseBodyHandler, HttpResponse.MultiSubscriber<?,?> multiSubscriber) throws Exception {
HttpClient client = HttpClient.newHttpClient();
client.send(request, responseBodyHandler); // Sensitive
client.sendAsync(request, responseBodyHandler); // Sensitive
client.sendAsync(request, multiSubscriber); // Sensitive
}
}
----
----
// === HttpClient Java 11 ===
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
class JavaNet11 {
void foo(HttpRequest request, HttpResponse.BodyHandler<Object> responseBodyHandler, HttpResponse.PushPromiseHandler<Object> pushPromiseHandler) throws Exception {
HttpClient client = HttpClient.newHttpClient();
client.send(request, responseBodyHandler); // Sensitive
client.sendAsync(request, responseBodyHandler); // Sensitive
client.sendAsync(request, responseBodyHandler, pushPromiseHandler); // Sensitive
}
}
----
----
// === apache ===
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.HttpClientConnection;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HttpContext;
class ApacheHttpClient {
void foo(HttpClientConnection con, HttpHost target, HttpRequest request, HttpContext context,
ResponseHandler<?> responseHandler, HttpUriRequest uriRequest, HttpEntityEnclosingRequest eeRequest)
throws Exception {
HttpClient client = HttpClientBuilder.create().build();
// All the following are Sensitive
client.execute(target, request);
client.execute(target, request, context);
client.execute(target, request, responseHandler);
client.execute(target, request, responseHandler, context);
client.execute(uriRequest);
client.execute(uriRequest, context);
client.execute(uriRequest, responseHandler);
client.execute(uriRequest, responseHandler, context);
con.sendRequestEntity(eeRequest);
con.sendRequestHeader(request);
}
}
----
----
// === google-http-java-client ===
import java.util.concurrent.Executor;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.javanet.NetHttpTransport;
class GoogleHttpClient {
void foo(Executor executor) throws Exception {
HttpRequestFactory requestFactory = new NetHttpTransport().createRequestFactory();
HttpRequest request = requestFactory.buildGetRequest(new GenericUrl("http://example.com"));
// All the following are Sensitive
request.execute();
request.executeAsync();
request.executeAsync(executor);
}
}
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
'''
== Comments And Links
(visible only on this page)
=== on 18 Sep 2018, 11:47:59 Nicolas Harraudeau wrote:
The analyzer should create an issue whenever a request is sent.
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink