From 25eed88e41445c2f1685307584b4a966b0fe083b Mon Sep 17 00:00:00 2001 From: denis-troller Date: Sun, 9 Nov 2025 20:22:59 +0000 Subject: [PATCH 1/3] Create rule S8318 --- rules/S8318/groovy/metadata.json | 25 ++++++++++++++++++ rules/S8318/groovy/rule.adoc | 44 ++++++++++++++++++++++++++++++++ rules/S8318/metadata.json | 2 ++ 3 files changed, 71 insertions(+) create mode 100644 rules/S8318/groovy/metadata.json create mode 100644 rules/S8318/groovy/rule.adoc create mode 100644 rules/S8318/metadata.json diff --git a/rules/S8318/groovy/metadata.json b/rules/S8318/groovy/metadata.json new file mode 100644 index 00000000000..87cae1bbbe0 --- /dev/null +++ b/rules/S8318/groovy/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "FIXME", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-8318", + "sqKey": "S8318", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "HIGH", + "RELIABILITY": "MEDIUM", + "SECURITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } +} diff --git a/rules/S8318/groovy/rule.adoc b/rules/S8318/groovy/rule.adoc new file mode 100644 index 00000000000..16a0f60963c --- /dev/null +++ b/rules/S8318/groovy/rule.adoc @@ -0,0 +1,44 @@ +FIXME: add a description + +// If you want to factorize the description uncomment the following line and create the file. +//include::../description.adoc[] + +== Why is this an issue? + +FIXME: remove the unused optional headers (that are commented out) + +//=== What is the potential impact? + +== How to fix it +//== How to fix it in FRAMEWORK NAME + +=== Code examples + +==== Noncompliant code example + +[source,groovy,diff-id=1,diff-type=noncompliant] +---- +FIXME +---- + +==== Compliant solution + +[source,groovy,diff-id=1,diff-type=compliant] +---- +FIXME +---- + +//=== How does this work? + +//=== Pitfalls + +//=== Going the extra mile + + +//== Resources +//=== Documentation +//=== Articles & blog posts +//=== Conference presentations +//=== Standards +//=== External coding guidelines +//=== Benchmarks diff --git a/rules/S8318/metadata.json b/rules/S8318/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S8318/metadata.json @@ -0,0 +1,2 @@ +{ +} From c85d728a8867e8357babb6c68990bfff89bbf072 Mon Sep 17 00:00:00 2001 From: denis-troller Date: Sun, 9 Nov 2025 21:53:02 +0100 Subject: [PATCH 2/3] Update rules/S8318/groovy/rule.adoc in PR #5904 --- rules/S8318/groovy/rule.adoc | 62 +++++++++++++++++++++++++----------- 1 file changed, 43 insertions(+), 19 deletions(-) diff --git a/rules/S8318/groovy/rule.adoc b/rules/S8318/groovy/rule.adoc index 16a0f60963c..fba55ee7e3b 100644 --- a/rules/S8318/groovy/rule.adoc +++ b/rules/S8318/groovy/rule.adoc @@ -1,16 +1,25 @@ -FIXME: add a description - -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] +This rule raises an issue when code directly references or uses `java.sql.Connection` instead of using Groovy's `Sql` abstraction layer. == Why is this an issue? -FIXME: remove the unused optional headers (that are commented out) +Direct use of `java.sql.Connection` in Groovy applications goes against idiomatic Groovy practices and creates unnecessary complexity. + +Groovy provides the `Sql` class as a higher-level abstraction over JDBC that offers several advantages: + +* **Automatic resource management**: The `Sql` class handles connection, statement, and result set cleanup automatically, reducing the risk of resource leaks. +* **Concise syntax**: Groovy's `Sql` provides methods like `eachRow()`, `rows()`, and `execute()` that eliminate boilerplate code. +* **Built-in error handling**: The abstraction layer includes better exception handling and resource cleanup in error scenarios. +* **Groovy-friendly result handling**: Results are returned as `GroovyRowResult` objects that can be accessed using property syntax. + +Using raw JDBC connections requires manual resource management, verbose try-catch-finally blocks, and explicit handling of statements and result sets. This approach is more error-prone and harder to maintain. + +=== What is the potential impact? -//=== What is the potential impact? +Using direct JDBC connections can lead to resource leaks if connections, statements, or result sets are not properly closed. This can cause database connection pool exhaustion and application performance degradation. Additionally, the code becomes more verbose and harder to maintain compared to using Groovy's idiomatic database access patterns. == How to fix it -//== How to fix it in FRAMEWORK NAME + +Replace direct Connection usage with Groovy's Sql class. Use the Sql constructor with a DataSource and leverage its convenient methods for database operations. === Code examples @@ -18,27 +27,42 @@ FIXME: remove the unused optional headers (that are commented out) [source,groovy,diff-id=1,diff-type=noncompliant] ---- -FIXME +import java.sql.Connection +import java.sql.Statement +import java.sql.ResultSet + +Connection conn = dataSource.getConnection() // Noncompliant +Statement stmt = conn.createStatement() +ResultSet rs = stmt.executeQuery('SELECT * FROM users') +while (rs.next()) { + println rs.getString('name') +} +rs.close() +stmt.close() +conn.close() ---- ==== Compliant solution [source,groovy,diff-id=1,diff-type=compliant] ---- -FIXME +import groovy.sql.Sql + +Sql sql = new Sql(dataSource) +sql.eachRow('SELECT * FROM users') { row -> + println row.name +} +sql.close() ---- -//=== How does this work? +== Resources + +=== Documentation -//=== Pitfalls + * Groovy Sql Documentation - https://docs.groovy-lang.org/latest/html/api/groovy/sql/Sql.html[Official Groovy documentation for the Sql class and its methods] -//=== Going the extra mile + * Groovy Database Programming - https://groovy-lang.org/databases.html[Groovy guide on database programming using the Sql abstraction] +=== Related rules -//== Resources -//=== Documentation -//=== Articles & blog posts -//=== Conference presentations -//=== Standards -//=== External coding guidelines -//=== Benchmarks + * CodeNarc-JdbcConnectionReference - https://codenarc.org/codenarc-rules-jdbc.html#jdbcconnectionreference-rule[CodeNarc rule that checks for direct use of java.sql.Connection] From 0d62c872144416a7e9cc4e05a0422b9b1157b086 Mon Sep 17 00:00:00 2001 From: denis-troller Date: Sun, 9 Nov 2025 21:53:05 +0100 Subject: [PATCH 3/3] Update rules/S8318/groovy/metadata.json in PR #5904 --- rules/S8318/groovy/metadata.json | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/rules/S8318/groovy/metadata.json b/rules/S8318/groovy/metadata.json index 87cae1bbbe0..f0692d3eb17 100644 --- a/rules/S8318/groovy/metadata.json +++ b/rules/S8318/groovy/metadata.json @@ -1,25 +1,29 @@ { - "title": "FIXME", + "title": "Direct JDBC Connection references should be avoided in favor of Groovy's Sql abstraction", "type": "CODE_SMELL", "status": "ready", "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" + "func": "Constant/Issue", + "constantCost": "30 min" }, "tags": [ + "groovy", + "jdbc", + "database" ], - "defaultSeverity": "Major", + "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-8318", "sqKey": "S8318", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "HIGH", - "RELIABILITY": "MEDIUM", - "SECURITY": "LOW" + "RELIABILITY": "BLOCKER", + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" } -} +} \ No newline at end of file