rspec/rules/S4825/java/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
// === Java URL connection ===
import java.net.URL;
import java.net.HttpURLConnection;

abstract class URLConnection {
    void foo() throws Exception {
        URL url = new URL("http://example.com");
        HttpURLConnection con = (HttpURLConnection) url.openConnection(); // Sensitive: review how the http connection is used

        doSomething((HttpURLConnection) url.openConnection()); // Sensitive: review how the http connection is used
    }

    abstract void doSomething(HttpURLConnection httpUrlConnection);
}
----

----
// === HttpClient Java 9 ===
import jdk.incubator.http.HttpClient;
import jdk.incubator.http.HttpRequest;
import jdk.incubator.http.HttpResponse;

class JavaNet9 {
    void foo(HttpRequest request, HttpResponse.BodyHandler<Object> responseBodyHandler, HttpResponse.MultiProcessor<?,?> multiProcessor) throws Exception {
        HttpClient client = HttpClient.newHttpClient();
        client.send(request, responseBodyHandler); // Sensitive
        client.sendAsync(request, responseBodyHandler); // Sensitive
        client.sendAsync(request, multiProcessor); // Sensitive
    }
}
----

----
// === HttpClient Java 10 ===
import jdk.incubator.http.HttpClient;
import jdk.incubator.http.HttpRequest;
import jdk.incubator.http.HttpResponse;

class JavaNet10 {
    void foo(HttpRequest request, HttpResponse.BodyHandler<Object> responseBodyHandler, HttpResponse.MultiSubscriber<?,?> multiSubscriber) throws Exception {
        HttpClient client = HttpClient.newHttpClient();
        client.send(request, responseBodyHandler); // Sensitive
        client.sendAsync(request, responseBodyHandler); // Sensitive
        client.sendAsync(request, multiSubscriber); // Sensitive
    }
}
----

----
// === HttpClient Java 11 ===
import java.net.http.HttpClient; 
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

class JavaNet11 {
    void foo(HttpRequest request, HttpResponse.BodyHandler<Object> responseBodyHandler, HttpResponse.PushPromiseHandler<Object> pushPromiseHandler) throws Exception {
        HttpClient client = HttpClient.newHttpClient();
        client.send(request, responseBodyHandler); // Sensitive
        client.sendAsync(request, responseBodyHandler); // Sensitive
        client.sendAsync(request, responseBodyHandler, pushPromiseHandler); // Sensitive
    }
}
----

----
// === apache ===
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.HttpClientConnection;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HttpContext;

class ApacheHttpClient {
    void foo(HttpClientConnection con, HttpHost target, HttpRequest request, HttpContext context,
            ResponseHandler<?> responseHandler, HttpUriRequest uriRequest, HttpEntityEnclosingRequest eeRequest)
            throws Exception {
        HttpClient client = HttpClientBuilder.create().build();

        // All the following are Sensitive
        client.execute(target, request);
        client.execute(target, request, context);
        client.execute(target, request, responseHandler);
        client.execute(target, request, responseHandler, context);
        client.execute(uriRequest);
        client.execute(uriRequest, context);
        client.execute(uriRequest, responseHandler);
        client.execute(uriRequest, responseHandler, context);
        con.sendRequestEntity(eeRequest);
        con.sendRequestHeader(request);
    }
}
----

----
// === google-http-java-client ===
import java.util.concurrent.Executor;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.javanet.NetHttpTransport;

class GoogleHttpClient {
    void foo(Executor executor) throws Exception {
        HttpRequestFactory requestFactory = new NetHttpTransport().createRequestFactory();
        HttpRequest request = requestFactory.buildGetRequest(new GenericUrl("http://example.com"));

        // All the following are Sensitive
        request.execute();
        request.executeAsync();
        request.executeAsync(executor);
    }
}
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]