SONARJAVA-5079 S6857 FP when SpEL don't have "#{...}" (#4868)

SonarSource · Sep 19, 2024 · cbd3b34 · cbd3b34
1 parent f0fde14
commit cbd3b34
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 6 deletions.
diff --git a/its/autoscan/src/test/resources/autoscan/diffs/diff_S6857.json b/its/autoscan/src/test/resources/autoscan/diffs/diff_S6857.json
@@ -1,6 +1,6 @@
 {
   "ruleKey": "S6857",
   "hasTruePositives": false,
-  "falseNegatives": 65,
+  "falseNegatives": 63,
   "falsePositives": 0
-}
+}
diff --git a/java-checks-test-sources/default/src/main/java/checks/spring/SpelExpressionCheckSample.java b/java-checks-test-sources/default/src/main/java/checks/spring/SpelExpressionCheckSample.java
@@ -72,13 +72,13 @@ public class SpelExpressionCheckSample {
   @Value("${user.region:defaultRegion}") // Compliant
   private String default1;
 
-  @Value("${user.region::defaultRegion}") // Noncompliant {{Correct this malformed property placeholder.}}
+  @Value("${user.region::defaultRegion}") // Compliant (default string can contain any character, including ':')
   private String default2;
 
   @Value("${:user.region:defaultRegion}") // Noncompliant {{Correct this malformed property placeholder.}}
   private String default3;
 
-  @Value("${user.region:defaultRegion:}") // Noncompliant
+  @Value("${user.region:defaultRegion:}") // Compliant (default string can contain any character, including ':')
   private String default4;
 
   @Value("${  user.region  : defaultRegion  }") // Compliant
@@ -430,4 +430,15 @@ public static class RequestController2 { }
 
   @Value("#{(42)})") // Compliant
   String spel11;
+
+  @Value("file:${foo/bar/config}") // Compliant
+  String sonarJava5079PropertyNameContainsSlash;
+
+  @Value("${a:b:c}") // Compliant
+  private String sonarJava5079DefaultValueContainsColon1;
+
+  @Value("${demo.soap.sp.client.ssl.keystore.path:" + MOCKED_SOAP_SP_CLIENT_SSL + "}") // Compliant
+  private String sonarJava5079DefaultValueContainsColon2;
+
+  private static final String MOCKED_SOAP_SP_CLIENT_SSL = "classpath:mocked-soap-sp-client-ssl.jks";
 }
diff --git a/java-checks/src/main/java/org/sonar/java/checks/spring/SpelExpressionCheck.java b/java-checks/src/main/java/org/sonar/java/checks/spring/SpelExpressionCheck.java
@@ -69,7 +69,7 @@ public class SpelExpressionCheck extends IssuableSubscriptionVisitor {
    * </pre>
    */
   private static final Pattern PROPERTY_PLACEHOLDER_PATTERN = Pattern.compile(
-    "[a-zA-Z0-9_-]++(\\[\\d++])*+(\\.[a-zA-Z0-9_-]++(\\[\\d++])*+)*+"
+    "[a-zA-Z0-9/_-]++(\\[\\d++])*+(\\.[a-zA-Z0-9/_-]++(\\[\\d++])*+)*+"
   );
 
   public List<Tree.Kind> nodesToVisit() {
@@ -268,7 +268,7 @@ private static boolean isValidPropertyPlaceholderDefaultSegment(String segment,
       var endIndex = parseDelimitersAndContents(stripped, 1, startColumn + 2, contentsParser);
       return endIndex == segment.stripTrailing().length();
     }
-    return segment.indexOf(':') < 0;
+    return true;
   }
 
   private static ObjIntConsumer<String> getContentsParser(String contents) {