Skip to content

SONARJAVA-6242 Deprecate S5042#5610

Merged
dorian-burihabwa-sonarsource merged 1 commit intomasterfrom
db/SONARJAVA-6242
May 8, 2026
Merged

SONARJAVA-6242 Deprecate S5042#5610
dorian-burihabwa-sonarsource merged 1 commit intomasterfrom
db/SONARJAVA-6242

Conversation

@dorian-burihabwa-sonarsource
Copy link
Copy Markdown
Contributor

@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource commented May 7, 2026
edited
Loading

Changes were pulled from https://github.com/SonarSource/rspec/pull/6752 and selectively picked to only reflect the deprecation status change. This PR does not include the changes related to the rule changing from a hotspot to a code smell or any change in severity.

@hashicorp-vault-sonar-prod
Copy link
Copy Markdown
Contributor

hashicorp-vault-sonar-prod Bot commented May 7, 2026
edited by atlassian Bot
Loading

SONARJAVA-6242

@sonar-review-alpha
Copy link
Copy Markdown
Contributor

sonar-review-alpha Bot commented May 7, 2026
edited
Loading

Summary

Rule S5042 (Zip Bomb detection) is being marked as deprecated. The change removes it from default quality profiles, updates its status to "deprecated" with a notice in the rule description, and removes it from autoscan test resources. The PR scope is limited to deprecation only—no changes to rule severity, type, or behavior, as noted in the author's description.

What reviewers should know

Key files to review:

  • S5042.json — status changed from "ready" to "deprecated"
  • S5042.html — deprecation notice added at the top
  • Sonar_way_profile.json and Sonar_agentic_AI_profile.json — rule removed from both profiles
  • JavaAgenticWayProfileTest.java — test assertion updated (468 → 467 rules)
  • Autoscan test resources — diff_S5042.json deleted, entry removed from autoscan-diff-by-rules.json

Notes for reviewers:

  • This PR deliberately does NOT include severity, type, or remediation changes from the upstream rspec PR
  • Existing issues flagged by S5042 will still exist in projects; deprecation only affects new scans going forward
  • The rule remains functional but is no longer recommended for new quality profiles
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next Bot commented May 8, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

Clean, complete deprecation. Every expected touch point is covered: rule status, deprecation notice, both quality profiles, the autoscan resources, and the exact-count assertion in JavaAgenticWayProfileTest. The deprecation notice wording in S5042.html is consistent with the pattern used by other deprecated rules in this repo.

🗣️ Give feedback

@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource merged commit d418a4f into master May 8, 2026
15 checks passed
@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource deleted the db/SONARJAVA-6242 branch May 8, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@alban-auzeill alban-auzeill alban-auzeill approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dorian-burihabwa-sonarsource @alban-auzeill