ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2857/comments-and-links.adoc
Gregory Paidis 4be90168eb Modify rule S2857: LaYC format (#1979)
2023-06-07 12:01:33 +02:00

62 lines
2.2 KiB
Plaintext
Raw Blame History

== Comments And Links
(visible only on this page)
=== on 23 Apr 2015, 05:50:57 Dinesh Bolkensteyn wrote:
LGTM
=== on 30 Sep 2019, 08:47:32 Andrei Epure wrote:
\[~nicolas.harraudeau] - we need to decide the scope of "SQL keywords". For .NET, we could take the https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-2017[SQL Server and Azure SQL Data Warehouse reserved keywords] - is it too much?
As we've discussed, there is a need to take into consideration SQL keywords to identify a SQL statement string. I guess we need to be case sensitive when doing the keyword matching, right?
Also, we can have:
----
string select = "SELECT p.fname," + // No space, but ok
"p.lname," + // No space, but ok
"p.street1," + // No space, but ok
"p.street2" +
" FROM person p" +
" WHERE p.id = 1";
----
Alternatively, we can just make an exception for ``++,++`` and consider the comma like a space ?
=== on 30 Sep 2019, 11:53:34 Andrei Epure wrote:
* take into consideration only files referencing the SQL libraries we currently support for Sonar Security (check ``++using++`` statements)
* consider the hardcoded string concatenations in this file which starts with any of these keywords
** BULK INSERT (Transact-SQL)
** SELECT (Transact-SQL)
** DELETE (Transact-SQL)
** UPDATE (Transact-SQL)
** INSERT (Transact-SQL)
** UPDATETEXT (Transact-SQL)
** MERGE (Transact-SQL)
** WRITETEXT (Transact-SQL)
** READTEXT (Transact-SQL)
* we raise issues only if the previous string ends with an alphanumeric character or ``++*++`` or ``++@++`` and the next one starts with an alphanumeric character (if we have non-alphanumeric characters, we're not sure of the intended behavior - e.g. parentheses, comparisons etc)
Out of scope: concatenation of hardcoded strings and variables
So we will raise on:
----
"SELECT x" + // Noncompliant
"FROM y" + // Noncompliant
"WHERE z =" + var;
----
But we won't raise on
----
"SELECT x" + // compliant
variable +
"WHERE z =" + var;
----
=== on 31 May 2023, 05:50:57 Greg Paidis wrote:
During a .NET LaYC sprint, I removed CFamily, Java, PHP, Python, Swift and VB.NET, since they had dummy specifications with no implementations and no implementation tickets.
Reference in New Issue View Git Blame Copy Permalink