rspec/rspec-tools/rspec_tools/validation/rule-metadata-schema.json

{
  "id": "http://www.sonarsource.org/rule-schema-v1.1",
  "title": "Rule Implementation",
  "type": "object",
  "description": "we must have one of these files for each implemented rule",
  "additionalProperties": false,
  "properties": {
    "title": {
      "type": "string"
    },
    "type": {
      "type": "string",
      "enum": ["CODE_SMELL","BUG","VULNERABILITY","SECURITY_HOTSPOT"]
    },
    "status": {
      "type": "string",
      "enum": ["beta","ready","deprecated","superseded", "closed"]
    },
    "extra": {
      "type": "object",
      "properties": {
        "additionalProperties": false,
        "replacementRules": {
          "type": "array",
          "items": {
            "type": "string",
            "uniqueItems": true
          },
          "description": "The rule ids that replace this rule"
        },
        "legacyKeys": {
          "type": "array",
          "items": { "type": "string" },
          "uniqueItems": true
        }
      }
    },
    "remediation": {
      "type": "object",
      "oneOf": [
        {
          "additionalProperties": false,
          "properties": {
            "func": {
              "const": "Constant/Issue"
            },
            "constantCost": {
              "$ref": "#/definitions/time"
            }
          }
        }, {
          "additionalProperties": false,
          "properties": {
            "func": {
              "const": "Linear"
            },
            "linearDesc": {
              "type": "string"
            },
            "linearFactor": {
              "$ref": "#/definitions/time"
            }
          }
        }, {
          "additionalProperties": false,
          "properties": {
            "func": {
              "const": "Linear with offset"
            },
            "linearDesc": {
              "type": "string"
            },
            "linearOffset": {
              "$ref": "#/definitions/time"
            },
            "linearFactor": {
              "$ref": "#/definitions/time"
            }
          }
        }
      ]
    },
    "tags": {
      "type": "array",
      "minItems": 0,
      "items": { "type": "string" },
      "uniqueItems": true
    },
    "standards": {
      "type": "array",
      "minItems": 0,
      "items": { "type": "string" },
      "uniqueItems": true
    },
    "defaultSeverity": {
      "type": "string",
      "enum": ["Info","Minor","Major","Critical","Blocker"]
    },

    "ruleSpecification": {
      "type": "string",
      "description": "id of the RSPEC, in the form 'RSPEC-XXXX'"
    },
    "sqKey": {
      "type": "string",
      "description": "the key used to save issues on SQ. Often a legacy key"
    },
    "compatibleLanguages": {
      "type": "array",
      "minItems": 1,
      "items": { "type": "string" },
      "uniqueItems": true
    },
    "scope": {
      "type": "string",
      "enum": ["Main","Tests","All"],
      "description": "scope the rule applies to"
    },
    "template": {
      "type": "boolean"
    },
    "securityStandards": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "CWE": {
          "type": "array",
          "minItems": 0,
          "items": { "type": "integer" },
          "uniqueItems": true
        },
        "OWASP": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^A([1-9]|10)$"
          },
          "uniqueItems": true
        },
        "OWASP Top 10 2021": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^A([1-9]|10)$"
          },
          "uniqueItems": true
        },
        "OWASP Mobile": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^M([1-9]|10)$"
          },
          "uniqueItems": true
        },
        "PCI DSS 3.2": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^([0-9]{1,3}\\.?){1,4}$"
          },
          "uniqueItems": true
        },
        "PCI DSS 4.0": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^([0-9]{1,3}\\.?){1,4}$"
          },
          "uniqueItems": true
        },
        "CIS": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^([0-9]{1,3}\\.?){1,3}$" 
          },
          "uniqueItems": true
        },
        "HIPAA": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^([0-9]{1,3}\\.?){2}$"
          },
          "uniqueItems": true
        },
        "CERT": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^[A-Z0-9]+-[A-Z]+\\.$"
          },
          "uniqueItems": true
        },
        "MASVS": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^MSTG-[A-Z]+-[0-9]+$"
          },
          "uniqueItems": true
        },
        "ASVS 4": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^\\d+\\.\\d+\\.\\d+$"
          },
          "uniqueItems": true 
        }
      }
    },
    "defaultQualityProfiles": {
      "type": "array",
      "items": { "type": "string"},
      "uniqueItems": true
    },
    "quickfix": {
      "type": "string",
      "enum": [
        "unknown",
        "covered",
        "partial",
        "infeasible",
        "targeted"
      ],
      "description": "Can issues of the rule have a quick fix?"
    }
  },
  "if": {
    "properties": {"status": {"const": "closed"}}
  },
  "then": {
    "required": []
  },
  "else": {
    "if": {
      "properties": {"type": {"const": "SECURITY_HOTSPOT"}}
    },
    "then": {
      "required": ["title","type","status","tags","defaultSeverity","ruleSpecification","sqKey","scope"]
    },
    "else": {
      "required": ["title","type","status","remediation","tags","defaultSeverity","ruleSpecification","sqKey","scope", "quickfix"]
    }
  },
  "definitions": {
    "time": {
      "type": "string",
      "pattern": "^[ ]*[0-9]+[ ]*(min|h|d)$"
    }
  }
}
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`{`
			`"id": "http://www.sonarsource.org/rule-schema-v1.1",`
			`"title": "Rule Implementation",`
			`"type": "object",`
			`"description": "we must have one of these files for each implemented rule",`
RULEAPI-654: Clarify the rule creation process (#115) 2021-06-11 07:58:58 +02:00			`"additionalProperties": false,`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`"properties": {`
			`"title": {`
			`"type": "string"`
			`},`
			`"type": {`
			`"type": "string",`
			`"enum": ["CODE_SMELL","BUG","VULNERABILITY","SECURITY_HOTSPOT"]`
			`},`
			`"status": {`
			`"type": "string",`
RUELAPI-615 Ignore closed RSPEC in "validate_asciidoc" check 2021-05-25 11:00:40 +02:00			`"enum": ["beta","ready","deprecated","superseded", "closed"]`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`},`
RULEAPI-654: Clarify the rule creation process (#115) 2021-06-11 07:58:58 +02:00			`"extra": {`
			`"type": "object",`
			`"properties": {`
			`"additionalProperties": false,`
			`"replacementRules": {`
			`"type": "array",`
			`"items": {`
			`"type": "string",`
			`"uniqueItems": true`
			`},`
			`"description": "The rule ids that replace this rule"`
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00			`},`
			`"legacyKeys": {`
			`"type": "array",`
			`"items": { "type": "string" },`
			`"uniqueItems": true`
RULEAPI-654: Clarify the rule creation process (#115) 2021-06-11 07:58:58 +02:00			`}`
			`}`
			`},`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`"remediation": {`
			`"type": "object",`
			`"oneOf": [`
			`{`
			`"additionalProperties": false,`
			`"properties": {`
			`"func": {`
			`"const": "Constant/Issue"`
			`},`
			`"constantCost": {`
			`"$ref": "#/definitions/time"`
			`}`
			`}`
			`}, {`
			`"additionalProperties": false,`
			`"properties": {`
			`"func": {`
			`"const": "Linear"`
			`},`
			`"linearDesc": {`
			`"type": "string"`
			`},`
			`"linearFactor": {`
			`"$ref": "#/definitions/time"`
			`}`
			`}`
			`}, {`
			`"additionalProperties": false,`
			`"properties": {`
			`"func": {`
			`"const": "Linear with offset"`
			`},`
			`"linearDesc": {`
			`"type": "string"`
			`},`
			`"linearOffset": {`
			`"$ref": "#/definitions/time"`
			`},`
			`"linearFactor": {`
			`"$ref": "#/definitions/time"`
			`}`
			`}`
			`}`
			`]`
			`},`
			`"tags": {`
			`"type": "array",`
			`"minItems": 0,`
			`"items": { "type": "string" },`
			`"uniqueItems": true`
			`},`
			`"standards": {`
			`"type": "array",`
			`"minItems": 0,`
			`"items": { "type": "string" },`
			`"uniqueItems": true`
			`},`
			`"defaultSeverity": {`
			`"type": "string",`
			`"enum": ["Info","Minor","Major","Critical","Blocker"]`
			`},`

			`"ruleSpecification": {`
			`"type": "string",`
			`"description": "id of the RSPEC, in the form 'RSPEC-XXXX'"`
			`},`
			`"sqKey": {`
			`"type": "string",`
			`"description": "the key used to save issues on SQ. Often a legacy key"`
			`},`
			`"compatibleLanguages": {`
			`"type": "array",`
			`"minItems": 1,`
			`"items": { "type": "string" },`
			`"uniqueItems": true`
			`},`
			`"scope": {`
			`"type": "string",`
			`"enum": ["Main","Tests","All"],`
			`"description": "scope the rule applies to"`
			`},`
			`"template": {`
			`"type": "boolean"`
			`},`
			`"securityStandards": {`
			`"type": "object",`
			`"additionalProperties": false,`
			`"properties": {`
			`"CWE": {`
			`"type": "array",`
			`"minItems": 0,`
			`"items": { "type": "integer" },`
			`"uniqueItems": true`
			`},`
			`"OWASP": {`
			`"type": "array",`
			`"minItems": 0,`
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^A([1-9]\|10)$"`
			`},`
			`"uniqueItems": true`
add owasp mobile security standard to schema validation (#94) 2021-06-07 11:20:46 +02:00			`},`
RULEAPI-698: Support OWASP Top 10 2021 security standard (#466) 2021-10-15 09:37:46 +02:00			`"OWASP Top 10 2021": {`
			`"type": "array",`
			`"minItems": 0,`
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^A([1-9]\|10)$"`
			`},`
			`"uniqueItems": true`
RULEAPI-698: Support OWASP Top 10 2021 security standard (#466) 2021-10-15 09:37:46 +02:00			`},`
add owasp mobile security standard to schema validation (#94) 2021-06-07 11:20:46 +02:00			`"OWASP Mobile": {`
			`"type": "array",`
			`"minItems": 0,`
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^M([1-9]\|10)$"`
			`},`
			`"uniqueItems": true`
add missing and future security standards (#103) 2021-06-07 19:13:19 +02:00			`},`
Support of PCI DSS v3.2 (#925) * Rename "PCI DSS" to "PCI DSS 3.2" because the security standard is versioned * Update metadata.json of one rule using the wrong "PCI DSS" 2022-04-12 21:58:21 +02:00			`"PCI DSS 3.2": {`
add missing and future security standards (#103) 2021-06-07 19:13:19 +02:00			`"type": "array",`
			`"minItems": 0,`
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^([0-9]{1,3}\\.?){1,4}$"`
			`},`
			`"uniqueItems": true`
			`},`
			`"PCI DSS 4.0": {`
			`"type": "array",`
			`"minItems": 0,`
			`"items": {`
			`"type": "string",`
			`"pattern": "^([0-9]{1,3}\\.?){1,4}$"`
			`},`
			`"uniqueItems": true`
add missing and future security standards (#103) 2021-06-07 19:13:19 +02:00			`},`
			`"CIS": {`
			`"type": "array",`
			`"minItems": 0,`
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^([0-9]{1,3}\\.?){1,3}$"`
			`},`
			`"uniqueItems": true`
add missing and future security standards (#103) 2021-06-07 19:13:19 +02:00			`},`
			`"HIPAA": {`
			`"type": "array",`
			`"minItems": 0,`
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^([0-9]{1,3}\\.?){2}$"`
			`},`
			`"uniqueItems": true`
add missing and future security standards (#103) 2021-06-07 19:13:19 +02:00			`},`
			`"CERT": {`
			`"type": "array",`
			`"minItems": 0,`
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^[A-Z0-9]+-[A-Z]+\\.$"`
			`},`
			`"uniqueItems": true`
add missing and future security standards (#103) 2021-06-07 19:13:19 +02:00			`},`
			`"MASVS": {`
			`"type": "array",`
			`"minItems": 0,`
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^MSTG-[A-Z]+-[0-9]+$"`
			`},`
			`"uniqueItems": true`
RULEAPI-699: Support OWASP ASVS 4 security standard 2021-10-08 10:23:39 +02:00			`},`
			`"ASVS 4": {`
			`"type": "array",`
			`"minItems": 0,`
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00			`"items": {`
			`"type": "string",`
			`"pattern": "^\\d+\\.\\d+\\.\\d+$"`
			`},`
			`"uniqueItems": true`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`}`
			`}`
RULEAPI-654: Clarify the rule creation process (#115) 2021-06-11 07:58:58 +02:00			`},`
			`"defaultQualityProfiles": {`
			`"type": "array",`
			`"items": { "type": "string"},`
			`"uniqueItems": true`
RULEAPI-706: Add quick fixes metadata 2021-10-07 11:23:15 +02:00			`},`
			`"quickfix": {`
			`"type": "string",`
			`"enum": [`
			`"unknown",`
			`"covered",`
			`"partial",`
			`"infeasible",`
			`"targeted"`
			`],`
			`"description": "Can issues of the rule have a quick fix?"`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`}`
			`},`
RULEAPI-604 Make an exception for Security Hotspots in the validation schema for "remediation cost" field 2021-04-30 14:11:09 +02:00			`"if": {`
RUELAPI-615 Ignore closed RSPEC in "validate_asciidoc" check 2021-05-25 11:00:40 +02:00			`"properties": {"status": {"const": "closed"}}`
RULEAPI-604 Make an exception for Security Hotspots in the validation schema for "remediation cost" field 2021-04-30 14:11:09 +02:00			`},`
			`"then": {`
RUELAPI-615 Ignore closed RSPEC in "validate_asciidoc" check 2021-05-25 11:00:40 +02:00			`"required": []`
RULEAPI-604 Make an exception for Security Hotspots in the validation schema for "remediation cost" field 2021-04-30 14:11:09 +02:00			`},`
			`"else": {`
RUELAPI-615 Ignore closed RSPEC in "validate_asciidoc" check 2021-05-25 11:00:40 +02:00			`"if": {`
			`"properties": {"type": {"const": "SECURITY_HOTSPOT"}}`
			`},`
			`"then": {`
			`"required": ["title","type","status","tags","defaultSeverity","ruleSpecification","sqKey","scope"]`
			`},`
			`"else": {`
RULEAPI-706: Add quick fixes metadata 2021-10-07 11:23:15 +02:00			`"required": ["title","type","status","remediation","tags","defaultSeverity","ruleSpecification","sqKey","scope", "quickfix"]`
RUELAPI-615 Ignore closed RSPEC in "validate_asciidoc" check 2021-05-25 11:00:40 +02:00			`}`
RULEAPI-604 Make an exception for Security Hotspots in the validation schema for "remediation cost" field 2021-04-30 14:11:09 +02:00			`},`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`"definitions": {`
			`"time": {`
			`"type": "string",`
Replace remediation cost time unit 'mn' with 'min' (#1104) 2022-07-13 15:02:38 +02:00			`"pattern": "^[ ][0-9]+[ ](min\|h\|d)$"`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`}`
			`}`
RULEAPI-604 Make an exception for Security Hotspots in the validation schema for "remediation cost" field 2021-04-30 14:11:09 +02:00			`}`