19 lines
966 B
Plaintext
19 lines
966 B
Plaintext
=== on 27 Feb 2015, 20:14:42 Ann Campbell wrote:
|
|
\[~nicolas.peru] I've written this rule more narrowly than the CWE example shows: i.e. I've written that we'll raise an issue when a servlet class uses ``++DriverManager++``, but the CWE example shows a delegate class being used to interact with ``++DriverManager++``.
|
|
|
|
|
|
I'm guessing that detecting this case as well will take CFG?
|
|
|
|
=== on 13 Apr 2015, 14:48:39 Nicolas Peru wrote:
|
|
\[~ann.campbell.2]just to be sure of my understanding : you are talking about a servlet using a class of the project using ``++DriverManager++`` ?
|
|
|
|
|
|
This is not related to CFG, but more to an analysis of what is in the project or not. We can find way to do it but it is not easy given the current implementation of things right now to know if a class is defined in the project or not.
|
|
|
|
|
|
I would probably stick to this simpler implementation as a first step.
|
|
|
|
=== on 20 Jul 2015, 07:37:26 Ann Campbell wrote:
|
|
Tagged java-top by Ann
|
|
|