Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3092

Remove Security Hotspot rules which are not targeting developers

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.13
    • Component/s: Rules
    • Labels:
      None

      Description

      The following rules will be removed:

      • RSPEC-4797 Handling files is security-sensitive
      • RSPEC-4721 Executing OS commands is security-sensitive
      • RSPEC-4825 Sending HTTP requests is security-sensitive (will be replaced by RSPEC-5332 and the taint analysis rules using HTTP requests as sources and sinks)
      • RSPEC-4817 Executing XPath expressions is security-sensitive
      • RSPEC-4529 Exposing HTTP endpoints is security-sensitive
      • RSPEC-1523 Dynamically executing code is security-sensitive (because it only handles introspection, no eval or exec method in Java)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tibor.blenessy Tibor Blenessy
                Reporter:
                nicolas.harraudeau Nicolas Harraudeau
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: