该规则仅在商业中可用,我想创建一个关于HTTP请求方向的自定义规则
下面的代码是合规和不合规
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String location = req.getParameter("url");
resp.sendRedirect(location); // Noncompliant {{non- compliant}}
}
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String location = req.getParameter("url");
if (!urlWhiteList.contains(location))
throw new IOException();
resp.sendRedirect(location);
}
这些规则使用一些更高级的算法进行静态分析。本文 https://wiki.mozilla.org/Abstract_Interpretation 提供了一个很好的高级介绍。那么你可能对 https://en.wikipedia.org/wiki/Pointer_analysis 感兴趣
掌握基础知识后,您可以按照以下 https://github.com/SonarSource/sonar-java/blob/master/docs/CUSTOM_RULES_101.md 开始实施