该规则仅在商业上可用,我想创建有关HTTP请求方向的自定义规则
下面的代码是合规和不合规的
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String location = req.getParameter("url");
resp.sendRedirect(location); // Noncompliant {{non- compliant}}
}
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String location = req.getParameter("url");
if (!urlWhiteList.contains(location))
throw new IOException();
resp.sendRedirect(location);
}
这些规则使用一些更高级的算法进行静态分析。本文https://wiki.mozilla.org/Abstract_Interpretation提供了很好的高级介绍。那么您可能会对https://en.wikipedia.org/wiki/Pointer_analysis
感兴趣一旦掌握了基础知识,就可以按照https://github.com/SonarSource/sonar-java/blob/master/docs/CUSTOM_RULES_101.md来开始实施。>