ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S1148/java/comments-and-links.adoc

39 lines
2.1 KiB
Plaintext
Raw Blame History

=== is related to: S1166
=== on 26 Jul 2013, 13:07:44 Freddy Mallet wrote:
Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-235
=== on 11 Feb 2015, 12:31:00 Sébastien Gioria wrote:
This rule is a OWASP A6 tag candidate
=== on 12 Feb 2015, 13:55:24 Ann Campbell wrote:
Thanks [~sebastien.gioria], but I'm going to pass on this.
=== on 10 Nov 2015, 11:05:50 Thomas Hofer wrote:
Hi! Pretty new around here, so I don't know if it's the best option to discuss some specifics of this rule. I'll welcome any criticism or redirection to another channel of communication!
I'm 100% onboard with flagging calls to ``++Throwable#printStackTrace()++``, without arguments. However, there are (IMHO) valid use cases for printing the stacktrace to a ``++PrintWriter++``, such as displaying relevant error messages in a UI (while still logging it to file / console). Obviously, this only makes sense in local apps and not in webapps at all.
One example of such usage is available on \http://code.makery.ch/blog/javafx-dialogs-official/#exception-dialog. I feel it would be overkill to use a specific Logger for that case.
This rule is flagged as CRITICAL in the default profile, which I find perfectly valid for the genuinely bad calls to ``++Throwable#printStackTrace()++``. However, I would like to be able to set a lower severity level for calls with a specific writer, which reflect a decision from the developper and are not included in the default templates for catch blocks :)
Would you consider splitting this rule in two (with / without args) to allow for different severity levels? Or do you consider this a cornercase, in which case I should add my own rules to override this one?
=== on 10 Nov 2015, 13:56:45 Ann Campbell wrote:
\[~\thomas.geek.hofer@gmail.com], please take this up on the https://groups.google.com/forum/#!forum/sonarqube[SonarQube Google Group]
=== on 10 Nov 2015, 14:06:01 Thomas Hofer wrote:
Thanks, will do!
=== on 20 Nov 2015, 14:02:23 Thomas Hofer wrote:
Done, https://groups.google.com/forum/#!topic/sonarqube/mCgzOFeUjZ4[here].
=== on 19 Mar 2018, 11:09:45 Sébastien GIORIA - AppSecFR wrote:
could be tageed : CWE-497 and OWASP A3:2017
Reference in New Issue View Git Blame Copy Permalink