Create rule S6856: "@PathVariable" annotation should be present if a …

…path variable is used (#3462)
SonarSource · Dec 1, 2023 · 4ed4c84 · 4ed4c84
1 parent 21a6f21
commit 4ed4c84
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 0 deletions.
diff --git a/rules/S6856/java/metadata.json b/rules/S6856/java/metadata.json
@@ -0,0 +1,24 @@
+{
+  "title": "\"@PathVariable\" annotation should be present if a path variable is used",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "spring"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6856",
+  "sqKey": "S6856",
+  "scope": "Main",
+  "defaultQualityProfiles": ["Sonar way"],
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "MEDIUM"
+    },
+    "attribute": "LOGICAL"
+  }
+}
diff --git a/rules/S6856/java/rule.adoc b/rules/S6856/java/rule.adoc
@@ -0,0 +1,47 @@
+== Why is this an issue?
+
+The `@PathVariable` annotation in Spring extracts values from the URI path and binds them to method parameters in a Spring MVC controller.
+It is commonly used with `@GetMapping`, `@PostMapping`, `@PutMapping`, and `@DeleteMapping` to capture path variables from the URI.
+These annotations map HTTP requests to specific handler methods in a controller.
+They are part of the Spring Web module and are commonly used to define the routes for different HTTP operations in a RESTful API.
+
+If a method has a path template containing a placeholder, like "/api/resource/{id}", and there's no `@PathVariable` annotation on a method parameter to capture the id path variable, Spring will disregard the id variable.
+
+== How to fix it
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,java,diff-id=1,diff-type=noncompliant]
+----
+@GetMapping("/api/resource/{id}")
+public ResponseEntity<String> getResourceById(Long id) { // Noncompliant - The 'id' parameter will not be automatically populated with the path variable value
+  return ResponseEntity.ok("Fetching resource with ID: " + id);
+}
+----
+
+==== Compliant solution
+
+[source,java,diff-id=1,diff-type=compliant]
+----
+@GetMapping("/api/resource/{id}")
+public ResponseEntity<String> getResourceById(@PathVariable Long id) { // Compliant
+  return ResponseEntity.ok("Fetching resource with ID: " + id);
+}
+----
+
+== Resources
+
+=== Documentation
+
+* https://spring.io/guides/tutorials/rest/[Spring IO - Building REST services with Spring]
+* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/PathVariable.html[Spring Framework API - PathVariable]
+* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/GetMapping.html[Spring Framework API - GetMapping]
+* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/PostMapping.html[Spring Framework API - PostMapping]
+* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/PutMapping.html[Spring Framework API - PutMapping]
+* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/DeleteMapping.html[Spring Framework API - DeleteMapping]
+
+=== Articles & blog posts
+
+* https://www.baeldung.com/spring-pathvariable[Baeldung - Spring @PathVariable]
diff --git a/rules/S6856/metadata.json b/rules/S6856/metadata.json
@@ -0,0 +1,2 @@
+{
+}