Nightly update

2021-06-01 01:19:13 +00:00 · 2021-06-01 01:19:13 +00:00 · 63000b3949
commit 63000b3949
parent b6ecef7d23
12 changed files with 27 additions and 23 deletions
--- a/rules/S1134/metadata.json
+++ b/rules/S1134/metadata.json
@ -4,7 +4,7 @@
  "status": "ready",
  "remediation": {
    "func": "Constant\/Issue",
-    "constantCost": "1h"
+    "constantCost": "0min"
  },
  "tags": [
    "cwe"
--- a/rules/S1135/metadata.json
+++ b/rules/S1135/metadata.json
@ -4,7 +4,7 @@
  "status": "ready",
  "remediation": {
    "func": "Constant\/Issue",
-    "constantCost": "1h"
+    "constantCost": "0min"
  },
  "tags": [
    "cwe"
--- a/rules/S3767/cobol/metadata.json
+++ b/rules/S3767/cobol/metadata.json
@ -2,6 +2,10 @@
  "title": "SQL statements should not use \"CAST(... AS CHAR\/VARCHAR)\"",
  "type": "CODE_SMELL",
  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "10min"
+  },
  "tags": [
    
  ],
--- a/rules/S3796/javascript/rule.adoc
+++ b/rules/S3796/javascript/rule.adoc
@ -32,7 +32,6 @@ let arr = ["a", "b", "c"];
 let merged = arr.reduce(function(a, b) {
  return a.concat(b);
 }); // merged === "abc"
-
 ----


--- a/rules/S3938/cobol/metadata.json
+++ b/rules/S3938/cobol/metadata.json
@ -2,6 +2,10 @@
  "title": "Track uses of forbidden statements",
  "type": "CODE_SMELL",
  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "0min"
+  },
  "tags": [
    
  ],
--- a/rules/S5348/pli/metadata.json
+++ b/rules/S5348/pli/metadata.json
@ -2,6 +2,10 @@
  "title": "DFHRESP should be used to check EIBRESP values",
  "type": "CODE_SMELL",
  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "10min"
+  },
  "tags": [
    
  ],
--- a/rules/S5680/pli/metadata.json
+++ b/rules/S5680/pli/metadata.json
@ -2,6 +2,10 @@
  "title": "\"VALUE\" should be preferred to \"STATIC\" with \"INIT\"",
  "type": "CODE_SMELL",
  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
  "tags": [
    
  ],
--- a/rules/S6243/java/metadata.json
+++ b/rules/S6243/java/metadata.json
@ -1,5 +1,5 @@
 {
-  "title": "AWS Clients and Database connections should be declared outside of the Lambda function.",
+  "title": "Reusable resources should be initialized at construction time of Lambda functions",
  "type": "CODE_SMELL",
  "status": "ready",
  "remediation": {
--- a/rules/S6243/java/rule.adoc
+++ b/rules/S6243/java/rule.adoc
@ -1,4 +1,4 @@
-When initializing an SDK client or database connection outside of the Lambda function, you optimize your chances to benefit from context reuse, when the same container is reused for multiple function invocations.
+Resources that can be reused across multiple invocations of the Lambda function should be initialized at construction time. For example in the constructor of the class, or in field initializers. This way, when the same container is reused for multiple function invocations, the existing instance can be reused, along with all resources stored in its fields. It is a good practice to reuse SDK clients and database connections by initializing them at class construction time, to avoid recreating them on every lambda invocation. Failing to do so can lead to performance degradation, and when not closed properly, even out of memory errors.


 This rule reports an issue when the SDK client or the database connection is initialized locally inside a Lambda function.
--- a/rules/S6246/java/metadata.json
+++ b/rules/S6246/java/metadata.json
@ -1,5 +1,5 @@
 {
-  "title": "Lambdas should not invoke other lambdas",
+  "title": "Lambdas should not invoke other lambdas synchronously",
  "type": "CODE_SMELL",
  "status": "ready",
  "remediation": {
--- a/rules/S6246/java/rule.adoc
+++ b/rules/S6246/java/rule.adoc
@ -1,10 +1,7 @@
-Invoking other Lambdas from a Lambda is a scalability anti-pattern. As the runtime of your function is bounded, waiting for another Lambda to finish executing could cause a timeout.
+Invoking other Lambdas synchronously from a Lambda is a scalability anti-pattern. Lambdas have a maximum execution time before they timeout (15 minutes as of May 2021). Having to wait for another Lambda to finish its execution could lead to a timeout.


-Alternative solutions include:
-
-* Generating events that can be consumed asynchronously by other Lambdas
-* Making the Lambda invocation asynchronous
+A better solution is to generate events that can be consumed asynchronously by other Lambdas.


 == Noncompliant Code Example
@ -23,18 +20,6 @@ awsLambda.invoke(invokeRequest); // Noncompliant
 ----


-== Compliant solution
-
----
-InvokeRequest invokeRequest = new InvokeRequest()
-         .withFunctionName("myFunction");
-
-AWSLambdaAsync client = AWSLambdaAsyncClientBuilder.defaultClient();
-
-client.invokeAsync(request); // Compliant
----
-
-
 == See

 * https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html[Best practices for working with AWS Lambda functions]
--- a/rules/S6287/metadata.json
+++ b/rules/S6287/metadata.json
@ -2,6 +2,10 @@
  "title": "HTTP responses should not be vulnerable to session fixation",
  "type": "VULNERABILITY",
  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
  "tags": [
    "cwe",
    "owasp-a1"