Merge branch 'master' into rule/S5542-add-go

SonarSource · Jan 31, 2025 · 2553949 · 2553949
2 parents 13ebf70 + 8c0356d
commit 2553949
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 5 deletions.
diff --git a/rspec-tools/rspec_tools/coverage.py b/rspec-tools/rspec_tools/coverage.py
@@ -18,7 +18,7 @@
   'sonar-dataflow-bug-detection',
   'sonar-dotnet-enterprise',
   'sonar-flex',
-  'sonar-go',
+  'sonar-go-enterprise',
   'sonar-html',
   'sonar-iac-enterprise',
   'sonar-java',

diff --git a/rules/S4487/csharp/rule.adoc b/rules/S4487/csharp/rule.adoc
@@ -13,13 +13,13 @@ public class Rectangle
   {
     this.length = length;
     this.width = width;
-  }
+  } 
 
   public int Surface
   {
     get
     {
-      return length * width;
+      return length * length;
     }
   }
 }
@@ -56,4 +56,4 @@ public class Rectangle
 
 * CWE - https://cwe.mitre.org/data/definitions/563[CWE-563 - Assignment to Variable without Use ('Unused Variable')]
 
-include::../rspecator.adoc[]
+include::../rspecator.adoc[]
diff --git a/rules/S5443/go/metadata.json b/rules/S5443/go/metadata.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/rules/S5443/go/rule.adoc b/rules/S5443/go/rule.adoc
@@ -0,0 +1,65 @@
+include::../description.adoc[]
+
+include::../ask-yourself.adoc[]
+
+include::../recommended.adoc[]
+
+== Sensitive Code Example
+
+Examples of sensitive file creation:
+
+[source,go]
+----
+file, _ = os.Create("/tmp/tempfile.txt") // Sensitive
+
+file, _ = os.Create(os.TempDir()+"/tempfile.txt") // Sensitive
+
+file, _ := os.OpenFile("/tmp/tempfile.txt", os.O_CREATE, 0755) // Sensitive
+
+os.WriteFile("/tmp/tempfile.txt", []byte{"sensitive"}, 0755)  // Sensitive
+----
+
+Example of sensitive directory creation:
+
+[source,go]
+----
+tempdir := "/tmp/tempdir/"
+os.Mkdir(tempdir, 0755)  // Sensitive
+file, _ := os.Create("/tmp/tempdir/tempfile.txt")
+----
+
+== Compliant Solution
+
+Compliant temporary file creation:
+
+[source,go]
+----
+file, _ := os.CreateTemp("", "example-pattern")
+----
+
+Compliant temporary directory creation:
+
+[source,go]
+----
+dir, _ := os.MkdirTemp("", "example-directory")
+filename := filepath.Join(dir, "tempfile.txt")
+file, _ := os.Create(filename)
+----
+
+include::../see.adoc[]
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+'''
+== Comments And Links
+(visible only on this page)
+
+include::../comments-and-links.adoc[]
+
+endif::env-github,rspecator-view[]
diff --git a/rules/S7180/java/rule.adoc b/rules/S7180/java/rule.adoc
@@ -1,6 +1,7 @@
 == Why is this an issue?
 
-Annotating interfaces or interface methods with ``++@Cache*++`` annotations is not recommended. When using CGLIB-based proxies, these annotations will be ignored, and no caching proxy will be created.
+Annotating interfaces or interface methods with ``++@Cache*++`` annotations is not recommended by the official Spring documentation.
+If you use the weaving-based aspect (mode="aspectj"), the ``++@Cache*++`` annotations will be ignored, and no caching proxy will be created.
 
 === What is the potential impact?