SONARJAVA-4073 S3751 should accept protected and package scope modifiers

SonarSource · Nov 11, 2021 · 69c74ab · 69c74ab
1 parent fbd6004
commit 69c74ab
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/java-checks/src/main/java/org/sonar/java/checks/spring/RequestMappingMethodPublicCheck.java b/java-checks/src/main/java/org/sonar/java/checks/spring/RequestMappingMethodPublicCheck.java
@@ -57,8 +57,8 @@ public void visitNode(Tree tree) {
 
     if (isClassController(methodSymbol)
       && isRequestMappingAnnotated(methodSymbol)
-      && !methodSymbol.isPublic()) {
-      reportIssue(methodTree.simpleName(), "Make this method \"public\".");
+      && methodSymbol.isPrivate()) {
+      reportIssue(methodTree.simpleName(), "Make this method non \"private\".");
     }
   }
 

diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3751_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3751_java.html
@@ -4,7 +4,7 @@
 <p>So marking a sensitive method <code>private</code> may seem like a good way to control how such code is called. Unfortunately, not all Spring
 frameworks ignore visibility in this way. For instance, if you’ve tried to control web access to your sensitive, <code>private</code>,
 <code>@RequestMapping</code> method by marking it <code>@Secured</code> … it will still be called, whether or not the user is authorized to access
-it. That’s because AOP proxies are not applied to non-public methods.</p>
+it. That’s because AOP proxies are not applied to private methods.</p>
 <p>In addition to <code>@RequestMapping</code>, this rule also considers the annotations introduced in Spring Framework 4.3: <code>@GetMapping</code>,
 <code>@PostMapping</code>, <code>@PutMapping</code>, <code>@DeleteMapping</code>, <code>@PatchMapping</code>.</p>
 <h2>Noncompliant Code Example</h2>

diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3751_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3751_java.json
@@ -1,5 +1,5 @@
 {
-  "title": "\"@RequestMapping\" methods should be \"public\"",
+  "title": "\"@RequestMapping\" methods should not be \"private\"",
   "type": "CODE_SMELL",
   "status": "ready",
   "remediation": {

diff --git a/java-checks/src/test/files/checks/spring/RequestMappingMethodPublicCheck.java b/java-checks/src/test/files/checks/spring/RequestMappingMethodPublicCheck.java
@@ -15,7 +15,7 @@ public String hello(String greetee) { // Compliant
   }
 
   @RequestMapping(value = "/greet", method = GET)
-  private String greet(String greetee) { // Noncompliant [[sc=18;ec=23]] {{Make this method "public".}}
+  private String greet(String greetee) { // Noncompliant [[sc=18;ec=23]] {{Make this method non "private".}}
   }
 
   @GetMapping
@@ -63,7 +63,7 @@ public String hello(String greetee) { // Compliant
   }
 
   @RequestMapping(value = "/greet", method = GET)
-  private String greet(String greetee) { // Noncompliant [[sc=18;ec=23]] {{Make this method "public".}}
+  private String greet(String greetee) { // Noncompliant [[sc=18;ec=23]] {{Make this method non "private".}}
   }
 
   @GetMapping public String a() { }