Hi @Anders ,
Thank you for this code sample.
From what I see you expect to have the java.beans.PropertyDescriptor.getReadMethod() method added to the other Java reflection methods that are already found by rule S1523.
We can’t do it as this rule have been dropped lately when we decides to elevated Security Hotspots to first-class citizen status. Raising security hotpots on reflection methods was generating too much noise, so we felt that it was bringing more trouble than real value to the developer.
If you think we should have kept this rule, please give use your feedback on this thread. You could, for instance, detail what is the underlying security risk in the code sample you provided.
Regards.
Pierre-Loup