Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3223

S5122 should support CorsRegistry from Spring

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.1
    • Component/s: Rules
    • Labels:

      Description

      Reference: https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

      Noncompliant Code

      import org.springframework.web.servlet.config.annotation.CorsRegistry;
      import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
      
      public class S5122_Insecure implements WebMvcConfigurer {
      
          @Override
          public void addCorsMappings(CorsRegistry registry) {
              registry.addMapping("/**")
                      .allowedOrigins("*") // Noncompliant
                      .allowedMethods("GET","POST","PUT", "DELETE")
                      .allowCredentials(true).maxAge(3600);
          }
      }
      

      Compliant Code

      import org.springframework.web.servlet.config.annotation.CorsRegistry;
      import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
      
      public class S5122_Safe implements WebMvcConfigurer {
      
          @Override
          public void addCorsMappings(CorsRegistry registry) {
              registry.addMapping("/**")
                      .allowedOrigins("safe.com") // Compliant
                      .allowedMethods("GET","POST","PUT", "DELETE")
                      .allowCredentials(true).maxAge(3600);
          }
      }
      

      TODO: update the RSPEC to list supported APIs

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                quentin.jaquier Quentin Jaquier
                Reporter:
                alexandre.gigleux Alexandre Gigleux
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: