rspec/rules/S2245/comments-and-links.adoc

=== relates to: S3329

=== relates to: S4347

=== on 16 Jan 2015, 08:54:49 Sébastien Gioria wrote:
This rule should be tag OWASP-Top10. It's part of OWASP Top10 A6-Sensitive_Data_Exposure.


It could bee tag also : 


* CWE Entry 310 on Cryptographic Issues  (\http://cwe.mitre.org/data/definitions/310.html)
* CWE Entry 326 on Weak Encryption (\http://cwe.mitre.org/data/definitions/326.html) 

=== on 19 Jan 2015, 09:04:43 Ann Campbell wrote:
Thanks [~sebastien.gioria]

=== on 27 Jul 2018, 20:50:24 Ann Campbell wrote:
\[~nicolas.harraudeau] where do you expect the issue to be raised? On the ``++rand()++`` call or where the value is used?

=== on 30 Jul 2018, 10:05:05 Nicolas Harraudeau wrote:
\[~ann.campbell.2] On the rand() call. This is a hotspot because we are not yet able to detect if the context is dangerous or not.


We could later detect that an encryption function or a hash is using the generated value, but it would then be classified as a Vulnerability instead of a Hotspot.
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== relates to: S3329`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== relates to: S4347`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 16 Jan 2015, 08:54:49 Sébastien Gioria wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`This rule should be tag OWASP-Top10. It's part of OWASP Top10 A6-Sensitive_Data_Exposure.`


			`It could bee tag also :`


			`* CWE Entry 310 on Cryptographic Issues (\http://cwe.mitre.org/data/definitions/310.html)`
			`* CWE Entry 326 on Weak Encryption (\http://cwe.mitre.org/data/definitions/326.html)`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 19 Jan 2015, 09:04:43 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`Thanks [~sebastien.gioria]`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 27 Jul 2018, 20:50:24 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			\[~nicolas.harraudeau] where do you expect the issue to be raised? On the ``++rand()++`` call or where the value is used?

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 30 Jul 2018, 10:05:05 Nicolas Harraudeau wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~ann.campbell.2] On the rand() call. This is a hotspot because we are not yet able to detect if the context is dangerous or not.`


			`We could later detect that an encryption function or a hash is using the generated value, but it would then be classified as a Vulnerability instead of a Hotspot.`