Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3444

Deprecate 10 security-hotspot rules that overlap with security-injection rules

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.5
    • Component/s: Rules
    • Labels:
      None

      Description

      The following rules are deprecated and will eventually be removed because their overlap with security-injection rules:

      • S4508 RSPEC-4508 Deserializing objects from an untrusted source is security-sensitive
      • S4510 RSPEC-4510 Deserializing with XMLDecoder is security-sensitive
      • S4530 RSPEC-4530 Using Struts 1 ActionForm is security-sensitive
      • S4531 RSPEC-4531 Using setters in Struts 2 ActionSupport is security-sensitive
      • S4818 RSPEC-4818 Using Sockets is security-sensitive
      • S4823 RSPEC-4823 Using command line arguments is security-sensitive
      • S4829 RSPEC-4829 Reading the Standard Input is security-sensitive
      • S5300 RSPEC-5300 Sending emails is security-sensitive
      • S5304 RSPEC-5304 Using environment variables is security-sensitive
      • S5326 RSPEC-5326 Validating SSL/TLS connections is security-sensitive

        Attachments

          Activity

            People

            • Assignee:
              alban.auzeill Alban Auzeill
              Reporter:
              alban.auzeill Alban Auzeill
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: