-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SONARJAVA-5284 Create rule S7178: Injecting data into static fields i…
…s not supported by Spring (#4611)
- Loading branch information
1 parent
9a672e7
commit 11dd942
Showing
3 changed files
with
74 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| { | ||
| "title": "Injecting data into static fields is not supported by Spring", | ||
| "type": "CODE_SMELL", | ||
| "status": "ready", | ||
| "remediation": { | ||
| "func": "Constant\/Issue", | ||
| "constantCost": "5min" | ||
| }, | ||
| "tags": [ | ||
| "spring" | ||
| ], | ||
| "defaultSeverity": "Major", | ||
| "ruleSpecification": "RSPEC-7178", | ||
| "sqKey": "S7178", | ||
| "scope": "Main", | ||
| "defaultQualityProfiles": ["Sonar way"], | ||
| "quickfix": "unknown", | ||
| "code": { | ||
| "impacts": { | ||
| "MAINTAINABILITY": "LOW", | ||
| "RELIABILITY": "HIGH", | ||
| "SECURITY": "LOW" | ||
| }, | ||
| "attribute": "LOGICAL" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| == Why is this an issue? | ||
|
|
||
| Spring dependency injection framework does not support injecting data into static fields. When @Value, @Inject, or @Autowired are applied to static fields, they are ignored. | ||
|
|
||
| === What is the potential impact? | ||
|
|
||
| * *Null Values*: Uninitialized static fields annotated with @Value, @Inject, or @Autowired will not be initialized by Spring, potentially causing NullPointerException at runtime. | ||
| * *Confusing Code*: The presence of injection annotations on static fields can mislead developers into believing that the fields will be populated by Spring. | ||
|
|
||
| This rule raises an issue when a static field is annotated with @Value, @Inject, or @Autowired. | ||
|
|
||
| == How to fix it | ||
|
|
||
| Either use an instance field instead of a static field or remove the @Value, @Inject, or @Autowired annotation and initialize the field. | ||
|
|
||
| === Code examples | ||
|
|
||
| ==== Noncompliant code example | ||
|
|
||
| [source,java,diff-id=1,diff-type=noncompliant] | ||
| ---- | ||
| @Component | ||
| public class MyComponent { | ||
| @Value("${my.app.prop}") | ||
| private static SomeDependency dependency; // non compliant, @Value will be ignored and no value will be injected | ||
| // ... | ||
| } | ||
| ---- | ||
|
|
||
| ==== Compliant solution | ||
|
|
||
| [source,java,diff-id=1,diff-type=compliant] | ||
| ---- | ||
| @Component | ||
| public class MyComponent { | ||
| @Value("${my.app.prop}") | ||
| private final SomeDependency dependency; | ||
| // ... | ||
| } | ||
| ---- | ||
|
|
||
| == Resources | ||
| === Articles & blog posts | ||
| * Java Guides - https://www.baeldung.com/spring-inject-static-field[Injecting a Value in a Static Field in Spring] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| { | ||
| } |