• Home
• org.sonarsource.java
• java-checks
• 3.13
• source code
• S2653.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S2653.html Maven / Gradle / Ivy

  There is no reason to have a main method in a web application.
  It may have been useful for debugging during application development,
  but such a method should never make it into production.
  Having a main method in a web application opens a door to the application logic
  that an attacker may never be able to reach (but watch out if one does!),
  but it is a sloppy practice and indicates that other problems may be present.


  This rule raises an issue when a main method is found in a servlet or an EJB.


Noncompliant Code Example
public class MyServlet extends HttpServlet {
  public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
    if (userIsAuthorized(req)) {
      updatePrices(req);
    }
  }

  public static void main(String[] args) { // Noncompliant
    updatePrices(req);
  }
}


See

  
MITRE, CWE-489 - Leftover Debug Code