16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
72 lines
1.4 KiB
Plaintext
72 lines
1.4 KiB
Plaintext
== Why is this an issue?
|
|
|
|
When a method doesn't match it's ``++super++`` method in visibility (``++public++``, ``++protected++``, ...), malicious callers could take advantage of the over-broad access offered by the child class to undermine the application.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,swift]
|
|
----
|
|
public class Parent {
|
|
|
|
protected void foo() {
|
|
//...
|
|
}
|
|
}
|
|
|
|
public class Child extends Parent {
|
|
|
|
public void foo() { // Noncompliant
|
|
// ...
|
|
super.foo();
|
|
}
|
|
}
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,swift]
|
|
----
|
|
public class Parent {
|
|
|
|
protected void foo() {
|
|
//...
|
|
}
|
|
}
|
|
|
|
public class Child extends Parent {
|
|
|
|
protected void foo() {
|
|
// ...
|
|
super.foo();
|
|
}
|
|
}
|
|
----
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
* Decrease the accessibility of this method to "xxx" to match the parent class implementation.
|
|
|
|
|
|
=== Highlighting
|
|
|
|
* visibility modifier
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 31 Oct 2018, 11:57:13 Tibor Blenessy wrote:
|
|
This rule was forked from RSPEC-3551 to allow RSPEC-3551 to focus only on synchronization which is Java specific concept and real bug. I am actually not really sure about the value of this rule, that's why it is not included in the default profile. However, I am really sure about the value of RSPEC-3551 so I wanted to remove this fuzzy part from it.
|
|
|
|
endif::env-github,rspecator-view[]
|