From cbd3b34e49dc107e44270ed51c04d7b91032ba41 Mon Sep 17 00:00:00 2001 From: Marco Kaufmann <83189575+kaufco@users.noreply.github.com> Date: Thu, 19 Sep 2024 11:06:20 +0200 Subject: [PATCH] SONARJAVA-5079 S6857 FP when SpEL don't have "#{...}" (#4868) --- .../test/resources/autoscan/diffs/diff_S6857.json | 4 ++-- .../checks/spring/SpelExpressionCheckSample.java | 15 +++++++++++++-- .../java/checks/spring/SpelExpressionCheck.java | 4 ++-- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/its/autoscan/src/test/resources/autoscan/diffs/diff_S6857.json b/its/autoscan/src/test/resources/autoscan/diffs/diff_S6857.json index 74bede4c31f..becb4d249d3 100644 --- a/its/autoscan/src/test/resources/autoscan/diffs/diff_S6857.json +++ b/its/autoscan/src/test/resources/autoscan/diffs/diff_S6857.json @@ -1,6 +1,6 @@ { "ruleKey": "S6857", "hasTruePositives": false, - "falseNegatives": 65, + "falseNegatives": 63, "falsePositives": 0 -} \ No newline at end of file +} diff --git a/java-checks-test-sources/default/src/main/java/checks/spring/SpelExpressionCheckSample.java b/java-checks-test-sources/default/src/main/java/checks/spring/SpelExpressionCheckSample.java index 5fa93a51162..89feae57da8 100644 --- a/java-checks-test-sources/default/src/main/java/checks/spring/SpelExpressionCheckSample.java +++ b/java-checks-test-sources/default/src/main/java/checks/spring/SpelExpressionCheckSample.java @@ -72,13 +72,13 @@ public class SpelExpressionCheckSample { @Value("${user.region:defaultRegion}") // Compliant private String default1; - @Value("${user.region::defaultRegion}") // Noncompliant {{Correct this malformed property placeholder.}} + @Value("${user.region::defaultRegion}") // Compliant (default string can contain any character, including ':') private String default2; @Value("${:user.region:defaultRegion}") // Noncompliant {{Correct this malformed property placeholder.}} private String default3; - @Value("${user.region:defaultRegion:}") // Noncompliant + @Value("${user.region:defaultRegion:}") // Compliant (default string can contain any character, including ':') private String default4; @Value("${ user.region : defaultRegion }") // Compliant @@ -430,4 +430,15 @@ public static class RequestController2 { } @Value("#{(42)})") // Compliant String spel11; + + @Value("file:${foo/bar/config}") // Compliant + String sonarJava5079PropertyNameContainsSlash; + + @Value("${a:b:c}") // Compliant + private String sonarJava5079DefaultValueContainsColon1; + + @Value("${demo.soap.sp.client.ssl.keystore.path:" + MOCKED_SOAP_SP_CLIENT_SSL + "}") // Compliant + private String sonarJava5079DefaultValueContainsColon2; + + private static final String MOCKED_SOAP_SP_CLIENT_SSL = "classpath:mocked-soap-sp-client-ssl.jks"; } diff --git a/java-checks/src/main/java/org/sonar/java/checks/spring/SpelExpressionCheck.java b/java-checks/src/main/java/org/sonar/java/checks/spring/SpelExpressionCheck.java index 926179d1859..3e084cc9062 100644 --- a/java-checks/src/main/java/org/sonar/java/checks/spring/SpelExpressionCheck.java +++ b/java-checks/src/main/java/org/sonar/java/checks/spring/SpelExpressionCheck.java @@ -69,7 +69,7 @@ public class SpelExpressionCheck extends IssuableSubscriptionVisitor { * */ private static final Pattern PROPERTY_PLACEHOLDER_PATTERN = Pattern.compile( - "[a-zA-Z0-9_-]++(\\[\\d++])*+(\\.[a-zA-Z0-9_-]++(\\[\\d++])*+)*+" + "[a-zA-Z0-9/_-]++(\\[\\d++])*+(\\.[a-zA-Z0-9/_-]++(\\[\\d++])*+)*+" ); public List nodesToVisit() { @@ -268,7 +268,7 @@ private static boolean isValidPropertyPlaceholderDefaultSegment(String segment, var endIndex = parseDelimitersAndContents(stripped, 1, startColumn + 2, contentsParser); return endIndex == segment.stripTrailing().length(); } - return segment.indexOf(':') < 0; + return true; } private static ObjIntConsumer getContentsParser(String contents) {