Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3112

FN on Rule S3330: Update the implementation to raise on cookie instantiation

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.1
    • Component/s: Rules
    • Labels:

      Description

      Note: This ticket is very similar SONARJAVA-3100 but for rule RSPEC-3330 instead of RSPEC-2092.

      The current implementation raises the issue on the cookie variable declaration instead of the cookie instantiation or where the "HttpOnly" attribute is set to false. It makes the issue harder to understand when the cookie is instantiated on a different line and creates some false negatives when there is no variable at all.

      Example of false negative. Note that it happens for other cookie APIs too.

      import javax.servlet.http.Cookie; 
      class JavaNet { 
          Cookie httpCookie(HttpServletResponse response) { 
              Cookie cookie = new Cookie("name", "value"); // an issue is raised here 
              response.addCookie(new Cookie("name", "value")); // NO issue raised here 
              return new Cookie("name", "value"); // an issue is raised here
          } 
      } 
      

      When the cookie is a variable, the issue should be raised on the instantiation.

      import java.net.HttpCookie;
      
      class JavaNet {
          public HttpCookie getCookie() { return null; }
           
          void httpCookie() {
              HttpCookie cookie = getCookie();
              if (cookie == null) {
                  cookie = new HttpCookie("name", "value");  // issue should be raised here
              }
          }
      }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              alban.auzeill Alban Auzeill
              Reporter:
              nicolas.harraudeau Nicolas Harraudeau (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: