diff --git a/rules/S8325/groovy/metadata.json b/rules/S8325/groovy/metadata.json new file mode 100644 index 00000000000..af81a4af5b1 --- /dev/null +++ b/rules/S8325/groovy/metadata.json @@ -0,0 +1,29 @@ +{ + "title": "Variables declared with \"def\" or explicit types in scripts should be undeclared to be accessible through Binding", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant/Issue", + "constantCost": "5 min" + }, + "tags": [ + "groovy", + "binding", + "runtime" + ], + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-8325", + "sqKey": "S8325", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown", + "code": { + "impacts": { + "RELIABILITY": "BLOCKER", + "MAINTAINABILITY": "BLOCKER" + }, + "attribute": "COMPLETE" + } +} \ No newline at end of file diff --git a/rules/S8325/groovy/rule.adoc b/rules/S8325/groovy/rule.adoc new file mode 100644 index 00000000000..e25549fe994 --- /dev/null +++ b/rules/S8325/groovy/rule.adoc @@ -0,0 +1,55 @@ +This is an issue when declaring variables with `def` or explicit types (like `int`, `String`) in Groovy scripts that are intended to share data with the calling application through a `Binding` object. + +== Why is this an issue? + +When Groovy scripts are executed with a shared `Binding` object, variables can be shared between the script and the calling application. However, this data sharing only works with undeclared variables. + +Using `def` or explicit type declarations (like `int foo = 123` or `def bar = "hello"`) creates local variables within the script scope. These local variables are not accessible from the calling application through the `Binding` object. + +This behavior often surprises developers who expect all variables in a script to be automatically shared. When the calling application tries to access these variables using `binding.getProperty()` or similar methods, it will fail with a `MissingPropertyException` or return null, leading to runtime errors or unexpected behavior. + +The issue is particularly problematic because: + +* The script executes without errors, making the problem hard to detect during development +* The failure only occurs when the calling application tries to access the variable +* It violates the principle of least surprise, as developers naturally expect declared variables to be accessible + +=== What is the potential impact? + +The application may fail at runtime when trying to access variables from the script through the Binding object. This can lead to `MissingPropertyException` errors or null values where data was expected, potentially causing application crashes or incorrect behavior in production systems. + +== How to fix it + +Remove the variable declaration keyword to make the variable undeclared. This allows it to be written to the shared Binding object and accessed by the calling application. + +=== Code examples + +==== Noncompliant code example + +[source,groovy,diff-id=1,diff-type=noncompliant] +---- +// In Groovy script executed with GroovyShell +def result = "Hello World" // Noncompliant +int count = 42 // Noncompliant +String message = "Done" // Noncompliant +---- + +==== Compliant solution + +[source,groovy,diff-id=1,diff-type=compliant] +---- +// In Groovy script executed with GroovyShell +result = "Hello World" // Writes to binding +count = 42 // Writes to binding +message = "Done" // Writes to binding +---- + +== Resources + +=== Documentation + + * Groovy Integration Guide - Sharing data between script and application - https://groovy-lang.org/integrating.html#_sharing_data_between_a_script_and_the_application[Official Groovy documentation explaining how to share data between scripts and applications using Binding objects] + + * Groovy GroovyShell Documentation - https://docs.groovy-lang.org/latest/html/api/groovy/lang/GroovyShell.html[API documentation for GroovyShell class used for script execution] + + * Groovy Binding Documentation - https://docs.groovy-lang.org/latest/html/api/groovy/lang/Binding.html[API documentation for Binding class used for sharing variables between script and application] diff --git a/rules/S8325/metadata.json b/rules/S8325/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S8325/metadata.json @@ -0,0 +1,2 @@ +{ +}