Skip to content

SONARJAVA-6477 Update rule metadata #5678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
asya-vorobeva merged 1 commit into from
Jun 18, 2026
Merged

SONARJAVA-6477 Update rule metadata #5678

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5852.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ <h4>Denial of service</h4>
<h2>How to fix it</h2>
<p>To fix a vulnerable regular expression, consider the following strategies:</p>
<ul>
<li>Use possessive quantifiers (<code>+`, `*</code>, <code>?+</code>) or atomic grouping to prevent the regex engine from keeping backtracking
positions.</li>
<li>Replace <code>.</code> with negated character classes to exclude separators where applicable (e.g., <code><strong></strong></code><strong>
instead of <code>.</code></strong> before <code></code>).</li>
<li>Use possessive quantifiers (<code>++</code>, <code>*+</code>, <code>?+</code>) or atomic grouping to prevent the regex engine from keeping
backtracking positions.</li>
<li>Replace <code>.</code> with negated character classes to exclude separators where applicable (e.g., <code>[^_]*</code> instead of
<code>.*</code> before <code>_</code>).</li>
<li>Use bounded quantifiers such as <code>{1,5}</code> to limit repetitions.</li>
<li>Restructure nested quantifiers so the inner group can match in only one way.</li>
<li>Use a non-backtracking implementation such as <a href="https://github.com/google/re2j">RE2/J</a>.</li>
Expand Down Expand Up @@ -58,4 +58,8 @@ <h3>Standards</h3>
<li>CWE - <a href="https://cwe.mitre.org/data/definitions/1333">CWE-1333 - Inefficient Regular Expression Complexity</a></li>
<li>OWASP - <a href="https://owasp.org/Top10/A04_2021-Insecure_Design/">Top 10 2021 Category A4 - Insecure Design</a></li>
</ul>
<h3>Related rules</h3>
<ul>
<li>{rule:java:S8786} - Regular expressions should not cause non-linear backtracking</li>
</ul>

3 changes: 2 additions & 1 deletion sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7186.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ <h3>Documentation</h3>
</ul>
<h3>Articles &amp; blog posts</h3>
<ul>
<li>Spring Guides - <a href="https://reflectoring.io/spring-boot-paging/">Paging with Spring Boot</a></li>
<li>Spring Guides - <a href="https://medium.com/@dulanjayasandaruwan1998/pagination-with-spring-boot-566448c12c95">Pagination with Spring
Boot</a></li>
</ul>

2 changes: 1 addition & 1 deletion sonarpedia.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"languages": [
"JAVA"
],
"latest-update": "2026-06-11T12:08:17.325440743Z",
"latest-update": "2026-06-18T09:33:18.987005213Z",
"options": {
"no-language-in-filenames": true,
"preserve-filenames": false
Expand Down
Loading