Create rule S6863: Set appropriate Status Codes on HTTP responses (#3485

)

rules/S6863/java/metadata.json

@@ -0,0 +1,25 @@
+{
+  "title": "Set appropriate Status Codes on HTTP responses",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "spring",
+    "best-practice"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6863",
+  "sqKey": "S6863",
+  "scope": "Main",
+  "defaultQualityProfiles": ["Sonar way"],
+  "quickfix": "infeasible",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "LOW"
+    },
+    "attribute": "DISTINCT"
+  }
+}

rules/S6863/java/rule.adoc

@@ -0,0 +1,61 @@
+== Why is this an issue?
+
+The request handler function in a `Controller` should set the appropriate HTTP status code based on the operation's success or failure.
+This is done by returning a `Response` object with the appropriate status code.
+
+If an exception is thrown during the execution of the handler, the status code should be in the range of 4xx or 5xx.
+Examples of such codes are `BAD_REQUEST`, `UNAUTHORIZED`, `FORBIDDEN`, `NOT_FOUND`, `INTERNAL_SERVER_ERROR`, `BAD_GATEWAY`, `SERVICE_UNAVAILABLE`, etc.
+
+The status code should be 1xx, 2xx, or 3xx if no exception is thrown and the operation is considered successful.
+Such codes include `OK`, `CREATED`, `MOVED_PERMANENTLY`, `FOUND`, etc.
+
+== How to fix it
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,java,diff-id=1,diff-type=noncompliant]
+----
+@Controller
+public class UserController {
+    public ResponseEntity<User> getUserById(Long userId) {
+        try {
+            User user = userService.getUserById(userId);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(user); // Noncompliant: Setting 500 for a successful operation
+        } catch (Exception e) {
+            return ResponseEntity.status(HttpStatus.OK).build(); // Noncompliant: Setting 200 for exception
+        }
+    }
+}
+----
+
+==== Compliant solution
+
+[source,java,diff-id=1,diff-type=compliant]
+----
+@Controller
+public class UserController {
+    public ResponseEntity<User> getUserById(Long userId) {
+        try {
+            User user = userService.getUserById(userId);
+            return ResponseEntity.ok(user); // Compliant: Setting 200 for a successful operation
+        } catch (Exception e) {
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(); // Compliant: Setting 500 for exception
+        }
+    }
+}
+----
+
+== Resources
+
+=== Documentation
+
+* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/HttpStatus.html[Spring Java Documentation - HttpStatus]
+* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/ResponseEntity.html[Spring Java Documentation - ResponseEntity]
+* https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller/ann-methods/responseentity.html[Spring Framework Documentation - ResponseEntity]
+* https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-ann-rest-exceptions.html[Spring Framework Documentation - Exception Handling]
+
+=== Standards
+
+* https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml[IANA - Hypertext Transfer Protocol (HTTP) Status Code Registry]

rules/S6863/metadata.json

@@ -0,0 +1,2 @@
+{
+}