SonarSource · github-actions · Oct 24, 2025 · Oct 24, 2025 · Oct 24, 2025
diff --git a/rules/S8223/java/metadata.json b/rules/S8223/java/metadata.json
@@ -0,0 +1,27 @@
+{
+  "title": "JodaTime methods with ambiguous long duration parameters should use explicit Duration objects",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant/Issue",
+    "constantCost": "5 min"
+  },
+  "tags": [
+    "joda-time",
+    "confusing"
+  ],
+  "defaultSeverity": "Blocker",
+  "ruleSpecification": "RSPEC-8223",
+  "sqKey": "S8223",
+  "scope": "Main",
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "BLOCKER"
+    },
+    "attribute": "CLEAR"
+  }
+}
diff --git a/rules/S8223/java/rule.adoc b/rules/S8223/java/rule.adoc
@@ -0,0 +1,41 @@
+This is an issue when using JodaTime methods `plus(long)`, `minus(long)`, or `withDurationAdded(long, int)` where the time units of the long parameter are unclear.
+
+== Why is this an issue?
+
+JodaTime provides methods that accept `long` parameters to represent time durations, but these methods are ambiguous because the units are not clear from the method signature.
+
+When you call `dateTime.plus(5000)`, it's not obvious whether you're adding 5000 milliseconds, seconds, or another unit. This can lead to bugs when developers make incorrect assumptions about time units.
+
+The affected methods (`plus(long)`, `minus(long)`, and `withDurationAdded(long, int)`) interpret the `long` parameter as milliseconds, but this is not evident from the method signature alone.
+
+=== What is the potential impact?
+
+Using ambiguous duration methods can lead to incorrect time calculations in your application. If developers assume the wrong time units, operations like scheduling, timeouts, or time-based logic may behave unexpectedly. This can result in features that don't work as intended or, in worst cases, security issues if time-based access controls are misconfigured.
+
+== How to fix it
+
+Replace the ambiguous long parameter with an explicit Duration object using Duration.millis(). This makes it clear that the parameter represents milliseconds.
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,java,diff-id=1,diff-type=noncompliant]
+----
+DateTime dateTime = new DateTime();
+DateTime result = dateTime.plus(5000); // Noncompliant
+----
+
+==== Compliant solution
+
+[source,java,diff-id=1,diff-type=compliant]
+----
+DateTime dateTime = new DateTime();
+DateTime result = dateTime.plus(Duration.millis(5000));
+----
+
+== Resources
+
+=== Documentation
+
+ * JodaTime Duration Documentation - https://www.joda.org/joda-time/apidocs/org/joda/time/Duration.html[Official documentation for JodaTime Duration class and its factory methods]
diff --git a/rules/S8223/metadata.json b/rules/S8223/metadata.json
@@ -0,0 +1,2 @@
+{
+}