rspec/rules/S4639/see.adoc

== Resources

* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]
* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection]
* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection]
* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control]
* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation]
* CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')]
* Snyk Research Team: https://snyk.io/research/zip-slip-vulnerability[Zip Slip Vulnerability]
* https://nvd.nist.gov/vuln/detail/CVE-2016-0709
* https://nvd.nist.gov/vuln/detail/CVE-2017-5946
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) * Add check for security standard mismatch * Fix security standard mismatches * Fix Resources/Standards links for secrets rules * Fix check * Fix links and update security standard mapping * Fix maintanability issue * Apply review suggestions * Apply suggestions from code review Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> * Fix typo Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> --------- Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> 2024-01-17 17:20:28 +01:00			`* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]`
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes 2024-01-15 17:15:56 +01:00			`* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection]`
			`* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection]`
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) * Add check for security standard mismatch * Fix security standard mismatches * Fix Resources/Standards links for secrets rules * Fix check * Fix links and update security standard mapping * Fix maintanability issue * Apply review suggestions * Apply suggestions from code review Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> * Fix typo Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> --------- Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> 2024-01-17 17:20:28 +01:00			`* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control]`
			`* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation]`
			`* CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')]`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`* Snyk Research Team: https://snyk.io/research/zip-slip-vulnerability[Zip Slip Vulnerability]`
			`* https://nvd.nist.gov/vuln/detail/CVE-2016-0709`
			`* https://nvd.nist.gov/vuln/detail/CVE-2017-5946`