diff --git a/rules/S6856/java/metadata.json b/rules/S6856/java/metadata.json new file mode 100644 index 00000000000..cb1a7590499 --- /dev/null +++ b/rules/S6856/java/metadata.json @@ -0,0 +1,24 @@ +{ + "title": "\"@PathVariable\" annotation should be present if a path variable is used", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "spring" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6856", + "sqKey": "S6856", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } +} diff --git a/rules/S6856/java/rule.adoc b/rules/S6856/java/rule.adoc new file mode 100644 index 00000000000..4f688833ce6 --- /dev/null +++ b/rules/S6856/java/rule.adoc @@ -0,0 +1,47 @@ +== Why is this an issue? + +The `@PathVariable` annotation in Spring extracts values from the URI path and binds them to method parameters in a Spring MVC controller. +It is commonly used with `@GetMapping`, `@PostMapping`, `@PutMapping`, and `@DeleteMapping` to capture path variables from the URI. +These annotations map HTTP requests to specific handler methods in a controller. +They are part of the Spring Web module and are commonly used to define the routes for different HTTP operations in a RESTful API. + +If a method has a path template containing a placeholder, like "/api/resource/{id}", and there's no `@PathVariable` annotation on a method parameter to capture the id path variable, Spring will disregard the id variable. + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +@GetMapping("/api/resource/{id}") +public ResponseEntity getResourceById(Long id) { // Noncompliant - The 'id' parameter will not be automatically populated with the path variable value + return ResponseEntity.ok("Fetching resource with ID: " + id); +} +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +@GetMapping("/api/resource/{id}") +public ResponseEntity getResourceById(@PathVariable Long id) { // Compliant + return ResponseEntity.ok("Fetching resource with ID: " + id); +} +---- + +== Resources + +=== Documentation + +* https://spring.io/guides/tutorials/rest/[Spring IO - Building REST services with Spring] +* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/PathVariable.html[Spring Framework API - PathVariable] +* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/GetMapping.html[Spring Framework API - GetMapping] +* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/PostMapping.html[Spring Framework API - PostMapping] +* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/PutMapping.html[Spring Framework API - PutMapping] +* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/DeleteMapping.html[Spring Framework API - DeleteMapping] + +=== Articles & blog posts + +* https://www.baeldung.com/spring-pathvariable[Baeldung - Spring @PathVariable] diff --git a/rules/S6856/metadata.json b/rules/S6856/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6856/metadata.json @@ -0,0 +1,2 @@ +{ +}