ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S3417/xml/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

78 lines
2.3 KiB
Plaintext
Raw Blame History

== Why is this an issue?
Whether they are disallowed locally for security, license, or dependability reasons, forbidden dependencies should not be used.
This rule raises an issue when the group or artifact id of a direct dependency matches the configured forbidden dependency pattern.
=== Noncompliant code example
With a parameter of: ``++*:.*log4j.*++``
[source,xml]
----
<dependency> <!-- Noncompliant -->
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
----
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Remove this forbidden dependency.
=== Parameters
.dependencyName
****
Pattern describing forbidden dependencies group and artifact ids. E.G. ``++*:.*log4j++``, or ``++x.y:*++``
****
.version
****
Dependency version pattern or dash-delimited range. Leave blank for all versions. E.G. ``++1.3.*++``, ``++1.0-3.1++``, ``++1.0-*++`` or ``++*-3.1++``
****
=== Highlighting
dependency name
'''
== Comments And Links
(visible only on this page)
=== deprecates: S1212
=== on 24 Nov 2015, 17:27:41 Ann Campbell wrote:
\[~michael.gumowski] it is possible that this should be a rule template (to allow customization of the message per dependency) rather than a rule with parameters. WDYT?
=== on 30 Nov 2015, 14:02:30 Michael Gumowski wrote:
I would also prefer a rule template [~ann.campbell.2].
Now, I'm just wondering about the best format of the parameters, and I really wonder what should be the best one to use. Maybe we need to define it a bit more explicitly, as usually, we define dependencies with a groupId and an artifactId (``++groupId:artifactId++``).
For instance you may want to allow all the dependencies from ``++X.Y.Z++``, but absolutely forbid ``++X.Y.Z:A++``, or forbid only a given version of an artifact, or more complex, a range of version!
I would then say that, by default, you are providing as parameter the groupId to forbid, if usage of column (``++:++``), then it's a given artifact, which can follow patterns (``++*:*.log4j++`` ?). For the versions, I have no idea how explicitly mention it however, but I'm pretty sure it's required. Any idea?
=== on 1 Dec 2015, 14:14:24 Ann Campbell wrote:
Check out the parameters now [~michael.gumowski]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink