Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3535

Rule S3749 should not raise when the singleton has @ConfigurationProperties annotation

    XMLWordPrintable

    Details

      Description

      A SonarCloud user gave this feedback:
      "Spring @ConfigurationProperties are configured by Spring similar to @Autowired. Scanner is unable to exclude the configuration properties. Also Lombok is in play and is creating the getter/setters."

      @Data
@Component
@ConfigurationProperties("token.cachemanager")
public class TokenCacheManagerConfigProperties {

    // HSDP OAuth2 Access Token has a 30 minutes, so cache expirery must be less than 30.
    private long expiryMinutes = 25; // Noncompliant but FP

    @PostConstruct
    public void postConstruct() {
        isTrue(expiryMinutes > 0L &&  expiryMinutes < 30,
                "token.cachemanager.expiryminutes is a required configuration, a positive value less than 30");
    }
}

      The rule should not raise for any kind of members when @ConfigurationProperties annotation is set on a singleton by the developer (@ConfigurationProperties annotation has a similar meaning than @Value annotation that is a compliant solution for this rule)

        Attachments

          Issue Links

          relates to

          Vulnerability Detection - RSPEC-3749 Members of Spring components should be injected

          • Active
          links to

          Web Link SQ Community Forum feedback

            Activity

              People

              Assignee:
              michael.gumowski Michael Gumowski
              Reporter:
              eric.therond Eric Therond
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: