Skip to content

[java] Update security rules for pmd7#3086

Merged
oowekyala merged 10 commits into
pmd:pmd/7.0.xfrom
adangel:java-update-security-rules
Feb 13, 2021
Merged

[java] Update security rules for pmd7#3086
oowekyala merged 10 commits into
pmd:pmd/7.0.xfrom
adangel:java-update-security-rules

Conversation

@adangel

@adangel adangel commented Jan 28, 2021

Copy link
Copy Markdown
Member

Describe the PR

  • Updated both rules HardCodedCryptoKey and InsecureCryptoIv
  • Enabled the unit tests
  • Introduced a common package-private base class, since both rules do actually the same - checking for hard coded constructor arguments

Related issues

Ready?

  • Added unit tests for fixed bug/feature
  • Passing all unit tests
  • Complete build ./mvnw clean verify passes (checked automatically by travis)
  • Added (in-code) documentation (if needed)

@adangel adangel added this to the 7.0.0 milestone Jan 28, 2021
@adangel adangel mentioned this pull request Jan 28, 2021
Closed
@ghost

ghost commented Jan 28, 2021
edited by ghost
Loading

Copy link
Copy Markdown
2 Messages
📖 Compared to pmd/7.0.x:
This changeset changes 0 violations,
introduces 0 new violations, 0 new errors and 0 new configuration errors,
removes 0 violations, 0 errors and 0 configuration errors.
Full report
📖 Compared to master:
This changeset changes 1606 violations,
introduces 4187 new violations, 2 new errors and 0 new configuration errors,
removes 6137 violations, 10 errors and 2 configuration errors.
Full report
Compared to pmd/7.0.x:
This changeset changes 0 violations,
introduces 0 new violations, 0 new errors and 0 new configuration errors,
removes 0 violations, 1 errors and 0 configuration errors.
Full report
Compared to master:
This changeset changes 1606 violations,
introduces 4187 new violations, 1 new errors and 0 new configuration errors,
removes 6137 violations, 10 errors and 2 configuration errors.
Full report
Compared to pmd/7.0.x:
This changeset changes 0 violations,
introduces 0 new violations, 2 new errors and 0 new configuration errors,
removes 0 violations, 0 errors and 0 configuration errors.
Full report
Compared to master:
This changeset changes 1606 violations,
introduces 4187 new violations, 3 new errors and 0 new configuration errors,
removes 6137 violations, 9 errors and 2 configuration errors.
Full report

Generated by 🚫 Danger

@adangel

adangel commented Jan 28, 2021
edited
Loading

Copy link
Copy Markdown
Member Author
  • need to enable the rules for regression tester -> https://github.com/pmd/pmd/blob/pmd/7.0.x/.ci/files/all-java.xml
  • Figure out, what's wrong with pmd-regression-tester not finding the ruleset...
    --> The regression tester searches for changed classes the end with "Rule" and assumes this is a rule and creates a customized ruleset. But the base class is not a rule and can't be instantiated...Solution: Renamed this base class

@oowekyala oowekyala self-requested a review January 30, 2021 15:41
@adangel
[java] Rename base class for security rules
9b9c6fa 
The regression tester searches for changed classes
the end with "Rule" and assumes this is a rule
and creates a customized ruleset. But the base
class is not a rule and can't be instantiated...
@adangel
[ci] Enable security rules for regression tester
c740bde
@adangel
[java] Handle type resolve errors for qualified constructor calls
0b86a4f
@oowekyala oowekyala self-assigned this Feb 13, 2021
@oowekyala
Merge branch '7.0.x' into pr/3086
70b5abe
@oowekyala
Remove nullability in CtorInvocMirror
c1fe578 
We just use ts.UNKNOWN, and don't create a fake symbol (yet?)
@oowekyala
Doc
1bf7a23
@oowekyala oowekyala merged commit 59bfd93 into pmd:pmd/7.0.x Feb 13, 2021
@adangel adangel deleted the java-update-security-rules branch February 19, 2021 13:32
@adangel adangel mentioned this pull request Jan 23, 2023
Closed
55 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oowekyala oowekyala oowekyala left review comments

Assignees

@oowekyala oowekyala

Labels

None yet

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@adangel @oowekyala