From 76a7c090b8ba066acfc564b6af256018c5930dcc Mon Sep 17 00:00:00 2001 From: Johann Beleites Date: Fri, 6 Sep 2024 14:05:54 +0000 Subject: [PATCH 1/2] Revert "Modify rules S2259;S2583;S2589;S3518;S3655;S3959 Remove replacement rules and update description for deprecated SE rules (#4207)" This reverts commit d4d145e532aa487392b1e273e205854f68eb1328. --- rules/S2259/java/metadata.json | 7 ++++++- rules/S2259/java/rule.adoc | 4 ---- rules/S2583/java/metadata.json | 7 ++++++- rules/S2583/java/rule.adoc | 4 ---- rules/S2589/java/metadata.json | 7 ++++++- rules/S2589/java/rule.adoc | 4 ---- rules/S3518/java/metadata.json | 7 ++++++- rules/S3518/java/rule.adoc | 4 ---- rules/S3655/java/metadata.json | 7 ++++++- rules/S3655/java/rule.adoc | 6 +----- rules/S3959/java/metadata.json | 8 ++++++++ rules/S3959/java/rule.adoc | 4 ---- 12 files changed, 39 insertions(+), 30 deletions(-) diff --git a/rules/S2259/java/metadata.json b/rules/S2259/java/metadata.json index 4a1c6d50746..fc5e17dd918 100644 --- a/rules/S2259/java/metadata.json +++ b/rules/S2259/java/metadata.json @@ -10,5 +10,10 @@ 476 ] }, - "defaultQualityProfiles": [] + "defaultQualityProfiles": [], + "extra": { + "replacementRules": [ + "RSPEC-6555" + ] + } } diff --git a/rules/S2259/java/rule.adoc b/rules/S2259/java/rule.adoc index d89e67703bc..4fa848da100 100644 --- a/rules/S2259/java/rule.adoc +++ b/rules/S2259/java/rule.adoc @@ -1,7 +1,3 @@ - -_We are deprecating our legacy symbolic execution engine in favor of our more advanced commercial engine. -The legacy engine will remain Open Source for the community as a separate plugin and will receive no further updates by SonarSource._ - == Why is this an issue? A reference to `null` should never be dereferenced/accessed. diff --git a/rules/S2583/java/metadata.json b/rules/S2583/java/metadata.json index c6f8dbbba86..bd2a758b0be 100644 --- a/rules/S2583/java/metadata.json +++ b/rules/S2583/java/metadata.json @@ -11,5 +11,10 @@ 570 ] }, - "defaultQualityProfiles": [] + "defaultQualityProfiles": [], + "extra": { + "replacementRules": [ + "RSPEC-6651" + ] + } } diff --git a/rules/S2583/java/rule.adoc b/rules/S2583/java/rule.adoc index 46fdb38a221..affc10f4043 100644 --- a/rules/S2583/java/rule.adoc +++ b/rules/S2583/java/rule.adoc @@ -1,7 +1,3 @@ - -_We are deprecating our legacy symbolic execution engine in favor of our more advanced commercial engine. -The legacy engine will remain Open Source for the community as a separate plugin and will receive no further updates by SonarSource._ - == Why is this an issue? include::../description.adoc[] diff --git a/rules/S2589/java/metadata.json b/rules/S2589/java/metadata.json index f98143d34cc..6110fb50560 100644 --- a/rules/S2589/java/metadata.json +++ b/rules/S2589/java/metadata.json @@ -1,5 +1,10 @@ { "status": "deprecated", "tags": [], - "defaultQualityProfiles": [] + "defaultQualityProfiles": [], + "extra": { + "replacementRules": [ + "RSPEC-6646" + ] + } } diff --git a/rules/S2589/java/rule.adoc b/rules/S2589/java/rule.adoc index 1331fab9e68..a43d0ceec53 100644 --- a/rules/S2589/java/rule.adoc +++ b/rules/S2589/java/rule.adoc @@ -1,7 +1,3 @@ - -_We are deprecating our legacy symbolic execution engine in favor of our more advanced commercial engine. -The legacy engine will remain Open Source for the community as a separate plugin and will receive no further updates by SonarSource._ - include::../description-common.adoc[] === Code examples diff --git a/rules/S3518/java/metadata.json b/rules/S3518/java/metadata.json index b33c912aa5d..784c133affd 100644 --- a/rules/S3518/java/metadata.json +++ b/rules/S3518/java/metadata.json @@ -13,5 +13,10 @@ "V-222612" ] }, - "defaultQualityProfiles": [] + "defaultQualityProfiles": [], + "extra": { + "replacementRules": [ + "RSPEC-6649" + ] + } } diff --git a/rules/S3518/java/rule.adoc b/rules/S3518/java/rule.adoc index 230d1c056b4..ac83eff1552 100644 --- a/rules/S3518/java/rule.adoc +++ b/rules/S3518/java/rule.adoc @@ -1,8 +1,4 @@ -_We are deprecating our legacy symbolic execution engine in favor of our more advanced commercial engine. -The legacy engine will remain Open Source for the community as a separate plugin and will receive no further updates by SonarSource._ - - If the denominator to an integer division or remainder operation is zero, a `ArithmeticException` is thrown. diff --git a/rules/S3655/java/metadata.json b/rules/S3655/java/metadata.json index 2b6a01b905d..d05102a0dad 100644 --- a/rules/S3655/java/metadata.json +++ b/rules/S3655/java/metadata.json @@ -2,5 +2,10 @@ "title": "Optional value should only be accessed after calling isPresent()", "status": "deprecated", "tags": [], - "defaultQualityProfiles": [] + "defaultQualityProfiles": [], + "extra": { + "replacementRules": [ + "RSPEC-6707" + ] + } } diff --git a/rules/S3655/java/rule.adoc b/rules/S3655/java/rule.adoc index 07dc87bb616..712c1b96e3b 100644 --- a/rules/S3655/java/rule.adoc +++ b/rules/S3655/java/rule.adoc @@ -1,10 +1,6 @@ - -_We are deprecating our legacy symbolic execution engine in favor of our more advanced commercial engine. -The legacy engine will remain Open Source for the community as a separate plugin and will receive no further updates by SonarSource._ - == Why is this an issue? -``++Optional++`` value can hold either a value or not. The value held in the ``++Optional++`` can be accessed using the ``++get()++`` method, but it will throw a +``++Optional++`` value can hold either a value or not. The value held in the ``++Optional++`` can be accessed using the ``++get()++`` method, but it will throw a ``++NoSuchElementException++`` if there is no value present. To avoid the exception, calling the ``++isPresent()++`` or ``++! isEmpty()++`` method should always be done before any call to ``++get()++``. diff --git a/rules/S3959/java/metadata.json b/rules/S3959/java/metadata.json index e6d9749ee7b..42be7474488 100644 --- a/rules/S3959/java/metadata.json +++ b/rules/S3959/java/metadata.json @@ -13,6 +13,14 @@ "constantCost": "10min" }, "tags": [], + "extra": { + "replacementRules": [ + "RSPEC-6976" + ], + "legacyKeys": [ + + ] + }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3959", "sqKey": "S3959", diff --git a/rules/S3959/java/rule.adoc b/rules/S3959/java/rule.adoc index 3be8249f579..60a962cfbb6 100644 --- a/rules/S3959/java/rule.adoc +++ b/rules/S3959/java/rule.adoc @@ -1,7 +1,3 @@ - -_We are deprecating our legacy symbolic execution engine in favor of our more advanced commercial engine. -The legacy engine will remain Open Source for the community as a separate plugin and will receive no further updates by SonarSource._ - == Why is this an issue? Stream operations are divided into intermediate and terminal operations, and are combined to form stream pipelines. After the terminal operation is performed, the stream pipeline is considered consumed, and cannot be used again. Such a reuse will yield unexpected results. From 0a05f018fe97d68e46f330723a165ba21060eb40 Mon Sep 17 00:00:00 2001 From: Johann Beleites Date: Fri, 6 Sep 2024 14:06:12 +0000 Subject: [PATCH 2/2] Revert "SONARJAVA-5102 Deprecate Java SE rules implemented by DBD (#4177)" This reverts commit 952c1cab7b996d1a3e5060bc91745df6543d7eaf. --- rules/S2259/java/metadata.json | 13 +++++-------- rules/S2583/java/metadata.json | 16 ++++++++-------- rules/S2589/java/metadata.json | 14 ++++++-------- rules/S3518/java/metadata.json | 14 ++++++-------- rules/S3655/java/metadata.json | 12 ++++-------- rules/S3959/java/metadata.json | 13 +++++++++---- 6 files changed, 38 insertions(+), 44 deletions(-) diff --git a/rules/S2259/java/metadata.json b/rules/S2259/java/metadata.json index fc5e17dd918..68b7c52b3be 100644 --- a/rules/S2259/java/metadata.json +++ b/rules/S2259/java/metadata.json @@ -1,6 +1,9 @@ { - "status": "deprecated", - "tags": [], + "tags": [ + "cwe", + "cert", + "symbolic-execution" + ], "securityStandards": { "CERT": [ "EXP34-C.", @@ -9,11 +12,5 @@ "CWE": [ 476 ] - }, - "defaultQualityProfiles": [], - "extra": { - "replacementRules": [ - "RSPEC-6555" - ] } } diff --git a/rules/S2583/java/metadata.json b/rules/S2583/java/metadata.json index bd2a758b0be..adc8a2b0762 100644 --- a/rules/S2583/java/metadata.json +++ b/rules/S2583/java/metadata.json @@ -1,6 +1,12 @@ { - "status": "deprecated", - "tags": [], + "tags": [ + "cwe", + "cert", + "unused", + "suspicious", + "pitfall", + "symbolic-execution" + ], "securityStandards": { "CERT": [ "MSC12-C." @@ -10,11 +16,5 @@ 571, 570 ] - }, - "defaultQualityProfiles": [], - "extra": { - "replacementRules": [ - "RSPEC-6651" - ] } } diff --git a/rules/S2589/java/metadata.json b/rules/S2589/java/metadata.json index 6110fb50560..eee5a2f0f83 100644 --- a/rules/S2589/java/metadata.json +++ b/rules/S2589/java/metadata.json @@ -1,10 +1,8 @@ { - "status": "deprecated", - "tags": [], - "defaultQualityProfiles": [], - "extra": { - "replacementRules": [ - "RSPEC-6646" - ] - } + "tags": [ + "cwe", + "suspicious", + "redundant", + "symbolic-execution" + ] } diff --git a/rules/S3518/java/metadata.json b/rules/S3518/java/metadata.json index 784c133affd..ad2fcf5b412 100644 --- a/rules/S3518/java/metadata.json +++ b/rules/S3518/java/metadata.json @@ -1,6 +1,10 @@ { - "status": "deprecated", - "tags": [], + "tags": [ + "cwe", + "denial-of-service", + "cert", + "symbolic-execution" + ], "securityStandards": { "CERT": [ "NUM02-J.", @@ -12,11 +16,5 @@ "STIG ASD_V5R3": [ "V-222612" ] - }, - "defaultQualityProfiles": [], - "extra": { - "replacementRules": [ - "RSPEC-6649" - ] } } diff --git a/rules/S3655/java/metadata.json b/rules/S3655/java/metadata.json index d05102a0dad..30bfb33b844 100644 --- a/rules/S3655/java/metadata.json +++ b/rules/S3655/java/metadata.json @@ -1,11 +1,7 @@ { "title": "Optional value should only be accessed after calling isPresent()", - "status": "deprecated", - "tags": [], - "defaultQualityProfiles": [], - "extra": { - "replacementRules": [ - "RSPEC-6707" - ] - } + "tags": [ + "cwe", + "symbolic-execution" + ] } diff --git a/rules/S3959/java/metadata.json b/rules/S3959/java/metadata.json index 42be7474488..751abfda993 100644 --- a/rules/S3959/java/metadata.json +++ b/rules/S3959/java/metadata.json @@ -7,15 +7,18 @@ }, "attribute": "LOGICAL" }, - "status": "deprecated", + "status": "ready", "remediation": { "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [], + "tags": [ + "java8", + "symbolic-execution" + ], "extra": { "replacementRules": [ - "RSPEC-6976" + ], "legacyKeys": [ @@ -25,6 +28,8 @@ "ruleSpecification": "RSPEC-3959", "sqKey": "S3959", "scope": "All", - "defaultQualityProfiles": [], + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown" }