SONARJAVA-5178 Update RSPEC before 8.7 release

SonarSource · Nov 29, 2024 · 352d0cc · 352d0cc
1 parent c89b664
commit 352d0cc
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 3 deletions.
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2077.html b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2077.html
@@ -1,5 +1,5 @@
 <p>Formatted SQL queries can be difficult to maintain, debug and can increase the risk of SQL injection when concatenating untrusted values into the
-query. However, this rule doesn’t detect SQL injections (unlike rule {rule:javasecurity:S3649}), the goal is only to highlight complex/formatted queries.</p>
+query. However, this rule doesn’t detect SQL injections (unlike rule {rule:java:S3649}), the goal is only to highlight complex/formatted queries.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> Some parts of the query come from untrusted values (like user inputs). </li>

diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5411.html b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5411.html
@@ -4,7 +4,7 @@ <h2>Why is this an issue?</h2>
 boolean Values</a>) it will throw a <code>NullPointerException</code> if the value is <code>null</code> (as defined in <a
 href="https://docs.oracle.com/javase/specs/jls/se8/html/jls-5.html#jls-5.1.8">Java Language Specification §5.1.8 Unboxing Conversion</a>).</p>
 <p>It is safer to avoid such conversion altogether and handle the <code>null</code> value explicitly.</p>
-<p>Note, however, that no issues will be raised for Booleans that have already been null-checked.</p>
+<p>Note, however, that no issues will be raised for Booleans that have already been null-checked or are marked <code>@NonNull/@NotNull</code>.</p>
 <h3>Noncompliant code example</h3>
 <pre>
 Boolean b = getBoolean();
@@ -29,6 +29,30 @@ <h3>Compliant solution</h3>
   String test = b ? "test" : "";
 }
 </pre>
+<h3>Exceptions</h3>
+<p>The issue is not raised if the expression is annotated <code>@NonNull</code> / <code>@NotNull</code>. This is useful if a boxed type is an
+instantiation of a generic type parameter and cannot be avoided.</p>
+<pre>
+List&lt;Boolean&gt; list = new ArrayList&lt;&gt;();
+list.add(true);
+list.add(false);
+list.forEach((@NonNull Boolean value) -&gt; {
+  // Compliant
+  if(value) {
+    System.out.println("yes");
+  }
+});
+
+@NonNull Boolean someMethod() { /* ... */ }
+
+// Compliant
+if(someMethod()) { /* ... */ }
+
+@NonNull Boolean boxedNonNull = Boolean.TRUE;
+
+// Compliant
+if(boxedNonNull) { /* ... */ }
+</pre>
 <h2>Resources</h2>
 <ul>
   <li> <a href="https://docs.oracle.com/javase/specs/jls/se8/html/jls-5.html#jls-5.1.8">Java Language Specification §5.1.8 Unboxing Conversion</a>

diff --git a/sonarpedia.json b/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "JAVA"
   ],
-  "latest-update": "2024-11-22T09:48:48.563877Z",
+  "latest-update": "2024-11-29T11:04:25.911576775Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": false