Add APEX into the covered languages for missing rules

rules/S103/apex/metadata.json

@@ -0,0 +1,3 @@
+{
+  
+}

rules/S103/apex/rule.adoc

@@ -0,0 +1 @@
+include::../rule.adoc[]

rules/S103/metadata.json

@@ -15,33 +15,35 @@
   "coveredLanguages": [
     "C#",
     "T-SQL",
-    "Java",
-    "C++",
     "C",
     "VB.Net",
-    "Scala",
     "Go",
     "HTML",
     "VB6",
     "ABAP",
-    "Kotlin",
     "TypeScript",
     "PL\/SQL",
     "PL\/I",
-    "XML",
     "JavaScript",
-    "Flex",
     "Objective-C",
     "PHP",
-    "Swift",
     "Ruby",
-    "Python"
+    "Python",
+    "Java",
+    "C++",
+    "Scala",
+    "Kotlin",
+    "XML",
+    "Flex",
+    "Swift",
+    "APEX"
   ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-103",
   "sqKey": "S103",
   "compatibleLanguages": [
     "ABAP",
+    "APEX",
     "C",
     "COBOL",
     "CPP",

rules/S104/apex/metadata.json

@@ -0,0 +1,3 @@
+{
+  
+}

rules/S104/apex/rule.adoc

@@ -0,0 +1 @@
+include::../rule.adoc[]

rules/S104/metadata.json

@@ -32,6 +32,7 @@
     "Objective-C",
     "PHP",
     "Swift",
+    "APEX",
     "Ruby",
     "Python"
   ],
@@ -40,6 +41,7 @@
   "sqKey": "S104",
   "compatibleLanguages": [
     "ABAP",
+    "APEX",
     "C",
     "CPP",
     "CSHARPSQUID",

rules/S105/apex/metadata.json

@@ -0,0 +1,3 @@
+{
+  
+}

rules/S105/apex/rule.adoc

@@ -0,0 +1 @@
+include::../rule.adoc[]

rules/S105/metadata.json

@@ -31,6 +31,7 @@
     "Objective-C",
     "PHP",
     "Swift",
+    "APEX",
     "Ruby"
   ],
   "defaultSeverity": "Minor",
@@ -38,6 +39,7 @@
   "sqKey": "S105",
   "compatibleLanguages": [
     "ABAP",
+    "APEX",
     "C",
     "COBOL",
     "CPP",

rules/S1135/apex/metadata.json

@@ -0,0 +1,3 @@
+{
+  
+}

rules/S1135/apex/rule.adoc

@@ -0,0 +1 @@
+include::../rule.adoc[]

rules/S1135/metadata.json

@@ -27,6 +27,7 @@
     "Objective-C",
     "PHP",
     "Swift",
+    "APEX",
     "Ruby"
   ],
   "defaultSeverity": "Info",
@@ -34,6 +35,7 @@
   "sqKey": "S1135",
   "compatibleLanguages": [
     "ABAP",
+    "APEX",
     "C",
     "COBOL",
     "CPP",

rules/S125/apex/metadata.json

@@ -0,0 +1,3 @@
+{
+  
+}

rules/S125/apex/rule.adoc

@@ -0,0 +1 @@
+include::../rule.adoc[]

rules/S125/metadata.json

@@ -32,6 +32,7 @@
     "Objective-C",
     "PHP",
     "Swift",
+    "APEX",
     "Python"
   ],
   "defaultSeverity": "Major",
@@ -39,6 +40,7 @@
   "sqKey": "S125",
   "compatibleLanguages": [
     "ABAP",
+    "APEX",
     "C",
     "COBOL",
     "CPP",

rules/S138/apex/metadata.json

@@ -0,0 +1,3 @@
+{
+  
+}

rules/S138/apex/rule.adoc

@@ -0,0 +1 @@
+include::../rule.adoc[]

rules/S138/metadata.json

@@ -30,6 +30,7 @@
     "Objective-C",
     "PHP",
     "Swift",
+    "APEX",
     "Ruby"
   ],
   "defaultSeverity": "Major",
@@ -37,6 +38,7 @@
   "sqKey": "S138",
   "compatibleLanguages": [
     "ABAP",
+    "APEX",
     "C",
     "CPP",
     "CSHARPSQUID",

rules/S1451/apex/metadata.json

@@ -0,0 +1,3 @@
+{
+  
+}

rules/S1451/apex/rule.adoc

@@ -0,0 +1 @@
+include::../rule.adoc[]

rules/S1451/metadata.json

@@ -32,6 +32,7 @@
     "Objective-C",
     "PHP",
     "Swift",
+    "APEX",
     "Ruby"
   ],
   "defaultSeverity": "Blocker",
@@ -39,6 +40,7 @@
   "sqKey": "S1451",
   "compatibleLanguages": [
     "ABAP",
+    "APEX",
     "C",
     "COBOL",
     "CPP",

rules/S1479/apex/metadata.json

@@ -0,0 +1,3 @@
+{
+  
+}

rules/S1479/apex/rule.adoc

@@ -0,0 +1 @@
+include::../rule.adoc[]

rules/S1479/metadata.json

@@ -29,6 +29,7 @@
     "Objective-C",
     "PHP",
     "Swift",
+    "APEX",
     "Ruby"
   ],
   "defaultSeverity": "Major",
@@ -36,6 +37,7 @@
   "sqKey": "S1479",
   "compatibleLanguages": [
     "ABAP",
+    "APEX",
     "C",
     "COBOL",
     "CPP",

rules/S1612/rule.adoc

@@ -3,7 +3,7 @@ Method/constructor references are commonly agreed to be, most of the time, more
 In some rare cases, when it is not clear from the context what kind of function is being described and reference would not increase the clarity, it might be fine to keep the lambda. 
 
 
-Similarly, ``++null++`` checks can be replaced with references to the ``++Objects::isNull++`` and ``++Objects::nonNull++`` methods.
+Similarly, ``++null++`` checks can be replaced with references to the ``++Objects::isNull++`` and ``++Objects::nonNull++`` methods, ``++casts++`` can be replaced with ``++SomeClass.class::cast++`` and ``++instanceof++`` can be replaced with ``++SomeClass.class::isInstance++``.
 
 
 *Note* that this rule is automatically disabled when the project's ``++sonar.java.source++`` is lower than ``++8++``.
@@ -15,10 +15,14 @@ Similarly, ``++null++`` checks can be replaced with references to the ``++Object
 class A {
   void process(List<A> list) {
     list.stream()
-      .map(a -> a.<String>getObject())
-      .forEach(a -> { System.out.println(a); });
+      .filter(a -> a instanceof B)
+      .map(a -> (B) a)
+      .map(b -> b.<String>getObject())
+      .forEach(b -> { System.out.println(b); });
   }
+}
 
+class B extends A {
   <T> T getObject() {
     return null;
   }
@@ -32,10 +36,14 @@ class A {
 class A {
   void process(List<A> list) {
     list.stream()
+      .filter(B.class::isInstance)
+      .map(B.class::cast)
       .map(A::<String>getObject)
       .forEach(System.out::println);
   }
+}
 
+class B extends A {
   <T> T getObject() {
     return null;
   }

rules/S2612/vbnet/rule.adoc

@@ -15,6 +15,12 @@ include::../recommended.adoc[]
 .Net Framework:
 
 ----
+Dim unsafeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)
+
+Dim fileSecurity = File.GetAccessControl("path")
+fileSecurity.AddAccessRule(unsafeAccessRule) ' Sensitive
+fileSecurity.SetAccessRule(unsafeAccessRule) ' Sensitive
+File.SetAccessControl("fileName", fileSecurity)
 ----
 
 .Net / .Net Core
@@ -39,11 +45,18 @@ fileSystemEntry.FileAccessPermissions = FileAccessPermissions.OtherReadWriteExec
 .Net Framework
 
 ----
+Dim safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny)
+
+Dim fileSecurity = File.GetAccessControl("path")
+fileSecurity.AddAccessRule(safeAccessRule)
+File.SetAccessControl("path", fileSecurity)
 ----
 
 .Net / .Net Core
 
 ----
+Dim safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny)
+
 Dim fileInfo = new FileInfo("path")
 Dim fileSecurity = fileInfo.GetAccessControl()
 fileSecurity.SetAccessRule(safeAccessRule)

rules/S5659/java/rule.adoc

@@ -1,27 +1,22 @@
-If a JSON Web Token (JWT) is not signed with a strong cipher algorithm (or not signed at all) an attacker can forge it and impersonate user identities.
+include::../description.adoc[]
 
-* Don't use ``++none++`` algorithm to sign or verify the validity of a token.
-* Don't use a token without verifying its signature before.
+== Noncompliant Code Example
 
-In addition, be extra careful when using https://github.com/jwtk/jjwt[jwtk/Java JWT] library \"``++parse++``" method, parsing a signed token (JWT + JWS (signature)) or an unsigned one. To guess how to parse the token the parse method will look at the token headers (which are not signed and thus could be forged by an attacker). This attack is sometimes referred as the "None algorithm attack". Instead, you should consider using \"``++parseClaimsJws++``" parsing signed token. If the signature is not provided together with the JWT, the method will fail as expected.
-
-== Noncompliant Code Examples
-
-Using https://github.com/jwtk/jjwt[jwtk/Java JWT] library:
+Using https://github.com/jwtk/jjwt[jwtk/Java JWT] library (to verify a signed token (containing a JWS) don't use the ``++parse++`` method as it doesn't throw an exception if an unsigned token is provided):
 
 ----
-// Signinig:
+// Signing:
 io.jsonwebtoken.Jwts.builder() // Noncompliant, token is not signed.
   .setSubject(USER_LOGIN)
   .compact();
 // Verifying:
-io.jsonwebtoken.Jwts.parser().setSigningKey(SECRET_KEY).parse(token).getBody(); // Noncompliant, if the token has no signature, this method will still parse it correctly.
+io.jsonwebtoken.Jwts.parser().setSigningKey(SECRET_KEY).parse(token).getBody(); // Noncompliant
 ----
 
 Using https://github.com/auth0/java-jwt[auth0/Java JWT] library:
 
 ----
-// Signinig:
+// Signing:
 com.auth0.jwt.JWT.create()
   .withSubject(SUBJECT)
   .sign(Algorithm.none()); // Noncompliant, use only strong cipher algorithms when signing this JWT.
@@ -33,10 +28,10 @@ JWTVerifier nonCompliantVerifier = com.auth0.jwt.JWT.require(Algorithm.none()) /
 
 == Compliant Solution
 
-Using https://github.com/jwtk/jjwt[Java JWT] library:
+Using https://github.com/jwtk/jjwt[Java JWT] library (to verify a signed token (containing a JWS) use the ``++parseClaimsJws++`` method that will throw an exception if an unsigned token is provided):
 
 ----
-// Signinig:
+// Signing:
 Jwts.builder() // Compliant
   .setSubject(USER_LOGIN)
   .signWith(SignatureAlgorithm.HS256, SECRET_KEY)
@@ -45,10 +40,10 @@ Jwts.builder() // Compliant
 Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody(); // Compliant
 ----
 
-Using https://github.com/auth0/java-jwt[auth0/Java JWT] library:
+Using https://github.com/auth0/java-jwt[auth0/Java JWT] library. I
 
 ----
-// Signinig:
+// Signing:
 JWT.create()
   .withSubject(SUBJECT)
   .sign(Algorithm.HMAC256(SECRET_KEY)); // Noncompliant, use only strong cipher algorithms when signing this JWT.