[SONARSLANG-497] Rule S1313 should not raise on invalid IP address or part of exceptions - SonarSource

XML

Word

Printable

Details

Type: False-Positive
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.8
Component/s: Apex, Go, Kotlin, Ruby, Scala
Labels:
- hardening
- security

Description

IPv4 addresses with "leading" zero, a zero preceding another digit, are invalid ("0.00.0.0", "1.02.1.1" ...) and we should not raise in this case (it will decrease the number of FPs).

ip = "0.00.0.0" // Compliant
ip = "1.2.03.4" // Compliant

Ruby

ip = "0.00.0.0" # Compliant
ip = "1.2.03.4" # Compliant

Scala

val ip = "0.00.0.0" // Compliant
val ip = "1.2.03.4" // Compliant

Kotlin

val ip = "0.00.0.0" // Compliant
val ip = "1.2.03.4" // Compliant

Apex

String ip = '0.00.0.0'; // Compliant
String ip = '1.2.03.4'; // Compliant

IPv6 addresses are not concerned by these exceptions

Attachments

Issue Links

implements

RSPEC-1313 Using hardcoded IP addresses is security-sensitive

Active

Activity

People

Assignee:: Margarita Nedzelska

Reporter:: Eric Therond

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Due:: 15/Oct/20

Created:: 18/Sep/20 10:18 AM

Updated:: 09/Oct/20 9:09 AM

Resolved:: 09/Oct/20 9:09 AM