Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3764

Reduce FP for rule S5332 clear-text protocols

    Details

    • Type: False-Positive
    • Status: Closed
    • Priority: Major
    • Resolution: Not an issue
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Rules
    • Labels:
      None

      Description

      Note: this ticket is a copy/paste from SONARPHP-1133.

      The first implementation of the rule resulted in a lot of false-positives due to the detection of URL protocols. The following improvements can be implemented to reduce the amount of false-positives significantly.

      No protocol only

      No issue should be raised if a string consists of an URL protocol only. An issue should be still raised if this string gets concatenated with another string:

      No XML namespaces

      No issue should be raised if the domain is one of the following as they are commonly used for XML or similar namespaces:

      • www.w3.org
      • xml.apache.org
      • schemas.xmlsoap.org
      • schemas.openxmlformats.org
      • rdfs.org
      • purl.org
      • xmlns.com
      • schemas.google.com
      • a9.com
      • ns.adobe.com
      • ltsc.ieee.org
      • docbook.org
      • graphml.graphdrawing.org
      • json-schema.org

      No example domains

      No issue should be raised if the domain is one of the following. Also, no issue should be raised on all sub-domains of this domains:

      • example.com
      • example.org
      • test.com

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                alexandre.gigleux Alexandre Gigleux
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: