rspec/rules/S6350/see.adoc

== See

* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection]
* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection]
* CWE - https://cwe.mitre.org/data/definitions/88[CWE-88 - Argument Injection or Modification]
* https://blog.sonarsource.com/php-supply-chain-attack-on-composer[CVE-2021-29472] - PHP Supply Chain Attack on Composer
* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities.
Create rule S6350: Constructing arguments of system commands from user input is security-sensitive (#260) * Create rule S6350 * Update description * Add code samples * Make stdin more verbose * Make stdin more verbose * Update recommended * Improve description * Extend ask yourself * Add compliant solutions and rename tainted variables * Add input var * Add link to blog post * Use find as example * Update csharp example * Add OWASP Top 10 2021 mapping * add missing message * fix metadata * Use type-safe in_array for PHP Co-authored-by: hendrik-buchwald-sonarsource <hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com> Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com> 2021-11-09 15:01:30 +01:00			`== See`

Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes 2024-01-15 17:15:56 +01:00			`* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection]`
			`* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection]`
			`* CWE - https://cwe.mitre.org/data/definitions/88[CWE-88 - Argument Injection or Modification]`
Create rule S6350: Constructing arguments of system commands from user input is security-sensitive (#260) * Create rule S6350 * Update description * Add code samples * Make stdin more verbose * Make stdin more verbose * Update recommended * Improve description * Extend ask yourself * Add compliant solutions and rename tainted variables * Add input var * Add link to blog post * Use find as example * Update csharp example * Add OWASP Top 10 2021 mapping * add missing message * fix metadata * Use type-safe in_array for PHP Co-authored-by: hendrik-buchwald-sonarsource <hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com> Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com> 2021-11-09 15:01:30 +01:00			`* https://blog.sonarsource.com/php-supply-chain-attack-on-composer[CVE-2021-29472] - PHP Supply Chain Attack on Composer`
Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914) * Update JSON schema to include STIG ASD 2023-06-08 mapping * Update rules to add STIG metadata mappings --------- Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com> 2024-05-06 07:56:31 +01:00			`* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities.`