From 1a2d2fe25a29007ade7a0a00f0c18c3d189d8fbe Mon Sep 17 00:00:00 2001
From: erwan-serandour <erwan-serandour@users.noreply.github.com>
Date: Fri, 24 Oct 2025 08:55:11 +0000
Subject: [PATCH 1/3] Create rule S8223

---
 rules/S8223/java/metadata.json | 25 +++++++++++++++++++
 rules/S8223/java/rule.adoc     | 44 ++++++++++++++++++++++++++++++++++
 rules/S8223/metadata.json      |  2 ++
 3 files changed, 71 insertions(+)
 create mode 100644 rules/S8223/java/metadata.json
 create mode 100644 rules/S8223/java/rule.adoc
 create mode 100644 rules/S8223/metadata.json

diff --git a/rules/S8223/java/metadata.json b/rules/S8223/java/metadata.json
new file mode 100644
index 00000000000..a896fd84b0d
--- /dev/null
+++ b/rules/S8223/java/metadata.json
@@ -0,0 +1,25 @@
+{
+  "title": "FIXME",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-8223",
+  "sqKey": "S8223",
+  "scope": "All",
+  "defaultQualityProfiles": ["Sonar way"],
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "HIGH",
+      "RELIABILITY": "MEDIUM",
+      "SECURITY": "LOW"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}
diff --git a/rules/S8223/java/rule.adoc b/rules/S8223/java/rule.adoc
new file mode 100644
index 00000000000..4172043c9d3
--- /dev/null
+++ b/rules/S8223/java/rule.adoc
@@ -0,0 +1,44 @@
+FIXME: add a description
+
+// If you want to factorize the description uncomment the following line and create the file.
+//include::../description.adoc[]
+
+== Why is this an issue?
+
+FIXME: remove the unused optional headers (that are commented out)
+
+//=== What is the potential impact?
+
+== How to fix it
+//== How to fix it in FRAMEWORK NAME
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,java,diff-id=1,diff-type=noncompliant]
+----
+FIXME
+----
+
+==== Compliant solution
+
+[source,java,diff-id=1,diff-type=compliant]
+----
+FIXME
+----
+
+//=== How does this work?
+
+//=== Pitfalls
+
+//=== Going the extra mile
+
+
+//== Resources
+//=== Documentation
+//=== Articles & blog posts
+//=== Conference presentations
+//=== Standards
+//=== External coding guidelines
+//=== Benchmarks
diff --git a/rules/S8223/metadata.json b/rules/S8223/metadata.json
new file mode 100644
index 00000000000..2c63c085104
--- /dev/null
+++ b/rules/S8223/metadata.json
@@ -0,0 +1,2 @@
+{
+}

From 26ced0801fc1a096d052b11f002d3a382b53e6a4 Mon Sep 17 00:00:00 2001
From: erwan-serandour <erwan.serandour@sonarsource.com>
Date: Fri, 24 Oct 2025 11:37:15 +0200
Subject: [PATCH 2/3] Update rules/S8223/java/rule.adoc in PR #5788

---
 rules/S8223/java/rule.adoc | 39 ++++++++++++++++++--------------------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/rules/S8223/java/rule.adoc b/rules/S8223/java/rule.adoc
index 4172043c9d3..152a958c3f6 100644
--- a/rules/S8223/java/rule.adoc
+++ b/rules/S8223/java/rule.adoc
@@ -1,16 +1,20 @@
-FIXME: add a description
-
-// If you want to factorize the description uncomment the following line and create the file.
-//include::../description.adoc[]
+This is an issue when using JodaTime methods `plus(long)`, `minus(long)`, or `withDurationAdded(long, int)` where the time units of the long parameter are unclear.
 
 == Why is this an issue?
 
-FIXME: remove the unused optional headers (that are commented out)
+JodaTime provides methods that accept `long` parameters to represent time durations, but these methods are ambiguous because the units are not clear from the method signature.
+
+When you call `dateTime.plus(5000)`, it's not obvious whether you're adding 5000 milliseconds, seconds, or another unit. This can lead to bugs when developers make incorrect assumptions about time units.
+
+The affected methods (`plus(long)`, `minus(long)`, and `withDurationAdded(long, int)`) interpret the `long` parameter as milliseconds, but this is not evident from the method signature alone.
+
+=== What is the potential impact?
 
-//=== What is the potential impact?
+Using ambiguous duration methods can lead to incorrect time calculations in your application. If developers assume the wrong time units, operations like scheduling, timeouts, or time-based logic may behave unexpectedly. This can result in features that don't work as intended or, in worst cases, security issues if time-based access controls are misconfigured.
 
 == How to fix it
-//== How to fix it in FRAMEWORK NAME
+
+Replace the ambiguous long parameter with an explicit Duration object using Duration.millis(). This makes it clear that the parameter represents milliseconds.
 
 === Code examples
 
@@ -18,27 +22,20 @@ FIXME: remove the unused optional headers (that are commented out)
 
 [source,java,diff-id=1,diff-type=noncompliant]
 ----
-FIXME
+DateTime dateTime = new DateTime();
+DateTime result = dateTime.plus(5000); // Noncompliant
 ----
 
 ==== Compliant solution
 
 [source,java,diff-id=1,diff-type=compliant]
 ----
-FIXME
+DateTime dateTime = new DateTime();
+DateTime result = dateTime.plus(Duration.millis(5000));
 ----
 
-//=== How does this work?
-
-//=== Pitfalls
-
-//=== Going the extra mile
+== Resources
 
+=== Documentation
 
-//== Resources
-//=== Documentation
-//=== Articles & blog posts
-//=== Conference presentations
-//=== Standards
-//=== External coding guidelines
-//=== Benchmarks
+ * JodaTime Duration Documentation - https://www.joda.org/joda-time/apidocs/org/joda/time/Duration.html[Official documentation for JodaTime Duration class and its factory methods]

From 6ba01f55f5a3b99ccc75089b8b742076dd44d31a Mon Sep 17 00:00:00 2001
From: erwan-serandour <erwan.serandour@sonarsource.com>
Date: Fri, 24 Oct 2025 11:37:19 +0200
Subject: [PATCH 3/3] Update rules/S8223/java/metadata.json in PR #5788

---
 rules/S8223/java/metadata.json | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/rules/S8223/java/metadata.json b/rules/S8223/java/metadata.json
index a896fd84b0d..1d1ed778466 100644
--- a/rules/S8223/java/metadata.json
+++ b/rules/S8223/java/metadata.json
@@ -1,25 +1,27 @@
 {
-  "title": "FIXME",
+  "title": "JodaTime methods with ambiguous long duration parameters should use explicit Duration objects",
   "type": "CODE_SMELL",
   "status": "ready",
   "remediation": {
-    "func": "Constant\/Issue",
-    "constantCost": "5min"
+    "func": "Constant/Issue",
+    "constantCost": "5 min"
   },
   "tags": [
+    "joda-time",
+    "confusing"
   ],
-  "defaultSeverity": "Major",
+  "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-8223",
   "sqKey": "S8223",
-  "scope": "All",
-  "defaultQualityProfiles": ["Sonar way"],
+  "scope": "Main",
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
   "quickfix": "unknown",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH",
-      "RELIABILITY": "MEDIUM",
-      "SECURITY": "LOW"
+      "MAINTAINABILITY": "BLOCKER"
     },
-    "attribute": "CONVENTIONAL"
+    "attribute": "CLEAR"
   }
-}
+}
\ No newline at end of file