diff --git a/rules/S6863/java/metadata.json b/rules/S6863/java/metadata.json new file mode 100644 index 00000000000..d0671bceb2d --- /dev/null +++ b/rules/S6863/java/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "Set appropriate Status Codes on HTTP responses", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "spring", + "best-practice" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6863", + "sqKey": "S6863", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "RELIABILITY": "LOW" + }, + "attribute": "DISTINCT" + } +} diff --git a/rules/S6863/java/rule.adoc b/rules/S6863/java/rule.adoc new file mode 100644 index 00000000000..c526b9ab580 --- /dev/null +++ b/rules/S6863/java/rule.adoc @@ -0,0 +1,61 @@ +== Why is this an issue? + +The request handler function in a `Controller` should set the appropriate HTTP status code based on the operation's success or failure. +This is done by returning a `Response` object with the appropriate status code. + +If an exception is thrown during the execution of the handler, the status code should be in the range of 4xx or 5xx. +Examples of such codes are `BAD_REQUEST`, `UNAUTHORIZED`, `FORBIDDEN`, `NOT_FOUND`, `INTERNAL_SERVER_ERROR`, `BAD_GATEWAY`, `SERVICE_UNAVAILABLE`, etc. + +The status code should be 1xx, 2xx, or 3xx if no exception is thrown and the operation is considered successful. +Such codes include `OK`, `CREATED`, `MOVED_PERMANENTLY`, `FOUND`, etc. + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +@Controller +public class UserController { + public ResponseEntity getUserById(Long userId) { + try { + User user = userService.getUserById(userId); + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(user); // Noncompliant: Setting 500 for a successful operation + } catch (Exception e) { + return ResponseEntity.status(HttpStatus.OK).build(); // Noncompliant: Setting 200 for exception + } + } +} +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +@Controller +public class UserController { + public ResponseEntity getUserById(Long userId) { + try { + User user = userService.getUserById(userId); + return ResponseEntity.ok(user); // Compliant: Setting 200 for a successful operation + } catch (Exception e) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(); // Compliant: Setting 500 for exception + } + } +} +---- + +== Resources + +=== Documentation + +* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/HttpStatus.html[Spring Java Documentation - HttpStatus] +* https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/ResponseEntity.html[Spring Java Documentation - ResponseEntity] +* https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller/ann-methods/responseentity.html[Spring Framework Documentation - ResponseEntity] +* https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-ann-rest-exceptions.html[Spring Framework Documentation - Exception Handling] + +=== Standards + +* https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml[IANA - Hypertext Transfer Protocol (HTTP) Status Code Registry] diff --git a/rules/S6863/metadata.json b/rules/S6863/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6863/metadata.json @@ -0,0 +1,2 @@ +{ +}