Create rule S6832: Non-singleton Spring beans should not be injected in a Singleton bean #3355

github-actions · 2023-10-23T14:51:54Z

You can preview this rule here (updated a few minutes after each push).

Review

A dedicated reviewer checked the rule description successfully for:

logical errors and incorrect information
information gaps and missing content
text style and tone
PR summary and labels follow the guidelines

…in a Singleton bean

johann-beleites-sonarsource

Nice rule and nicely detailed explanation!

rules/S6832/java/metadata.json

rules/S6832/java/rule.adoc

Co-authored-by: Johann Beleites <johann.beleites@sonarsource.com>

sonarqube-next · 2023-10-24T15:28:20Z

SonarQube Quality Gate for 'rspec-tools'

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

sonarqube-next · 2023-10-24T15:33:17Z

SonarQube Quality Gate for 'rspec-frontend'

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.8.4 to 3.8.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.8.5</h2> <h2>Security bugfixes</h2> <ul> <li> <p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:<code>webknjaz</code> and :user:<code>Dreamsorcerer</code>.</p> <p>Thanks to :user:<code>sethmlarson</code> for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see <a href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w</a>.</p> <p>.. _llhttp: <a href="https://llhttp.org">https://llhttp.org</a></p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7346">#7346</a>)</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added information to C parser exceptions to show which character caused the error. -- by :user:<code>Dreamsorcerer</code></p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7366">#7366</a>)</p> </li> </ul> <h2>Bugfixes</h2> <ul> <li> <p>Fixed a transport is :data:<code>None</code> error -- by :user:<code>Dreamsorcerer</code>.</p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/3355">#3355</a>)</p> </li> </ul> <hr /> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/v3.8.5/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.8.5 (2023-07-19)</h1> <h2>Security bugfixes</h2> <ul> <li> <p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:<code>webknjaz</code> and :user:<code>Dreamsorcerer</code>.</p> <p>Thanks to :user:<code>sethmlarson</code> for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see <a href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w</a>.</p> <p>.. _llhttp: <a href="https://llhttp.org">https://llhttp.org</a></p> <p><code>[#7346](aio-libs/aiohttp#7346) <https://github.com/aio-libs/aiohttp/issues/7346></code>_</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added information to C parser exceptions to show which character caused the error. -- by :user:<code>Dreamsorcerer</code></p> <p><code>[#7366](aio-libs/aiohttp#7366) <https://github.com/aio-libs/aiohttp/issues/7366></code>_</p> </li> </ul> <h2>Bugfixes</h2> <ul> <li> <p>Fixed a transport is :data:<code>None</code> error -- by :user:<code>Dreamsorcerer</code>.</p> <p><code>[#3355](aio-libs/aiohttp#3355) <https://github.com/aio-libs/aiohttp/issues/3355></code>_</p> </li> </ul> <hr /> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681"><code>9c13a52</code></a> Bump aiohttp to v3.8.5 a security release</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/7c02129567bc4ec59be467b70fc937c82920948c"><code>7c02129</code></a>  Bump pypa/cibuildwheel to v2.14.1</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/135a45e9d655d56e4ebad78abe84f1cb7b5c62dc"><code>135a45e</code></a> Improve error messages from C parser (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7366">#7366</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7380">#7380</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40"><code>9337fb3</code></a> Fix bump llhttp to v8.1.1 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7367">#7367</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7377">#7377</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/f07e9b44b5cb909054a697c8dd447b30dbf8073e"><code>f07e9b4</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7373">#7373</a>/66e261a5 backport][3.8] Drop azure mention (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7374">#7374</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/01d9b70e5477cd746561b52225992d8a2ebde953"><code>01d9b70</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7370">#7370</a>/22c264ce backport][3.8] fix: Spelling error fixed (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7371">#7371</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/3577b1e3719d4648fa973dbdec927f78f9df34dd"><code>3577b1e</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7359">#7359</a>/7911f1e9 backport][3.8]  Set up secretless publishing to PyPI (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7360">#7360</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8d45f9c99511cd80140d6658bd9c11002c697f1c"><code>8d45f9c</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7333">#7333</a>/3a54d378 backport][3.8] Fix TLS transport is <code>None</code> error (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7357">#7357</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/dd8e24e77351df9c0f029be49d3c6d7862706e79"><code>dd8e24e</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7343">#7343</a>/18057581 backport][3.8] Mention encoding in <code>yarl.URL</code> (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7355">#7355</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/40874103ebfaa1007d47c25ecc4288af873a07cf"><code>4087410</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7346">#7346</a>/346fd202 backport][3.8]  Bump vendored llhttp to v8.1.1 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7352">#7352</a>)</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.8.4...v3.8.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.8.4&new-version=3.8.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SonarSource/rspec/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Create rule S6832

32feda9

github-actions bot assigned ADarko22 Oct 23, 2023

github-actions bot added the java label Oct 23, 2023

ADarko22 changed the title ~~Create rule S6832~~ Create rule S6832: Spring beans should not be injected in an incompatible scope Oct 23, 2023

ADarko22 force-pushed the rule/add-RSPEC-S6832 branch from 394b628 to 773cfe0 Compare October 24, 2023 11:59

ADarko22 marked this pull request as ready for review October 24, 2023 11:59

ADarko22 changed the title ~~Create rule S6832: Spring beans should not be injected in an incompatible scope~~ Create rule S6832: Non-singleton Spring beans should not be injected in a Singleton bean Oct 24, 2023

Create rule S6832: Non-singleton Spring beans should not be injected …

81231ca

…in a Singleton bean

ADarko22 force-pushed the rule/add-RSPEC-S6832 branch from 98545eb to 81231ca Compare October 24, 2023 12:09

johann-beleites-sonarsource reviewed Oct 24, 2023

View reviewed changes

ADarko22 and others added 6 commits October 24, 2023 17:10

Update rules/S6832/java/metadata.json

27c7734

Co-authored-by: Johann Beleites <johann.beleites@sonarsource.com>

Update rules/S6832/java/rule.adoc

5fcd325

Co-authored-by: Johann Beleites <johann.beleites@sonarsource.com>

Update rules/S6832/java/rule.adoc

5a66cc0

Co-authored-by: Johann Beleites <johann.beleites@sonarsource.com>

Update rules/S6832/java/rule.adoc

4a1d358

Co-authored-by: Johann Beleites <johann.beleites@sonarsource.com>

Update rules/S6832/java/rule.adoc

82daa07

Co-authored-by: Johann Beleites <johann.beleites@sonarsource.com>

Update rule S6832 according to review comments

335539c

ADarko22 force-pushed the rule/add-RSPEC-S6832 branch from fe2cf17 to 335539c Compare October 24, 2023 15:24

johann-beleites-sonarsource approved these changes Oct 25, 2023

View reviewed changes

ADarko22 merged commit 6bf8859 into master Nov 6, 2023
11 checks passed

ADarko22 deleted the rule/add-RSPEC-S6832 branch November 6, 2023 09:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create rule S6832: Non-singleton Spring beans should not be injected in a Singleton bean #3355

Create rule S6832: Non-singleton Spring beans should not be injected in a Singleton bean #3355

github-actions bot commented Oct 23, 2023

johann-beleites-sonarsource left a comment

sonarqube-next bot commented Oct 24, 2023

sonarqube-next bot commented Oct 24, 2023

Create rule S6832: Non-singleton Spring beans should not be injected in a Singleton bean #3355

Create rule S6832: Non-singleton Spring beans should not be injected in a Singleton bean #3355

Conversation

github-actions bot commented Oct 23, 2023

Review

johann-beleites-sonarsource left a comment

Choose a reason for hiding this comment

sonarqube-next bot commented Oct 24, 2023

sonarqube-next bot commented Oct 24, 2023