Revert "Update S4507: Add kotlin code examples (SONARKT-580) (#4708)" (#4755)

This reverts commit d63f01a9b137c9a010f1f81a29cf800fba5cf438.
2025-03-17 13:36:22 +01:00 · 2025-03-17 13:36:22 +01:00 · d608b6dedb
commit d608b6dedb
parent 7c9aad50bf
5 changed files with 10 additions and 77 deletions
--- a/rules/S4507/kotlin/metadata.json
+++ b/rules/S4507/kotlin/metadata.json
@ -1,33 +1,3 @@
 {
-  "tags": [
-    "cwe",
-    "error-handling",
-    "debug",
-    "android",
-    "user-experience"
-  ],
-  "securityStandards": {
-    "CWE": [
-      489,
-      215
-    ],
-    "OWASP Mobile": [
-      "M9",
-      "M10"
-    ],
-    "OWASP Mobile Top 10 2024": [
-      "M7",
-      "M8"
-    ],
-    "MASVS": [
-      "MSTG-CODE-2"
-    ],
-    "OWASP": [
-      "A3"
-    ],
-    "OWASP Top 10 2021": [
-      "A5"
-    ]
-  },
  "quickfix": "unknown"
 }
--- a/rules/S4507/kotlin/rule.adoc
+++ b/rules/S4507/kotlin/rule.adoc
@ -8,20 +8,7 @@ Do not enable debugging features on applications distributed to end users.

 == Sensitive Code Example

-The release build is debuggable:
-
-[source,kotlin]
----
-android {
-    buildTypes {
-        release {
-            isDebuggable = true // Sensitive
-        }
-    }
-}
----
-
-Webview debugging is enabled:
+https://developer.android.com/reference/android/webkit/WebView#setWebContentsDebuggingEnabled(boolean)[WebView.setWebContentsDebuggingEnabled(true)] for Android enables debugging support:

 [source,kotlin]
 ----
@ -32,16 +19,7 @@ WebView.setWebContentsDebuggingEnabled(true) // Sensitive

 == Compliant Solution

-[source,kotlin]
----
-android {
-    buildTypes {
-        release {
-            isDebuggable = false
-        }
-    }
-}
----
+https://developer.android.com/reference/android/webkit/WebView#setWebContentsDebuggingEnabled(boolean)[WebView.setWebContentsDebuggingEnabled(false)] for Android disables debugging support:

 [source,kotlin]
 ----
@ -50,11 +28,7 @@ import android.webkit.WebView
 WebView.setWebContentsDebuggingEnabled(false)
 ----

-include::../see-mobile.adoc[]
-
-* https://developer.android.com/studio/publish/preparing[developer.android.com] - Prepare for release
-* https://developer.android.com/privacy-and-security/risks/android-debuggable[developer.android.com] - android:debuggable
-
+include::../see.adoc[]

 ifdef::env-github,rspecator-view[]

--- a/rules/S4507/see-mobile.adoc
+++ b/rules/S4507/see-mobile.adoc
@ -1,11 +0,0 @@
-== See
-
-* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
-* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m9-reverse-engineering[Mobile Top 10 2016 Category M9 - Reverse Engineering]
-* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m10-extraneous-functionality[Mobile Top 10 2016 Category M10 - Extraneous Functionality]
-* OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m7-insufficient-binary-protection[Mobile Top 10 2024 Category M7 - Insufficient Binary Protection]
-* OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration[Mobile Top 10 2024 Category M8 - Security Misconfiguration]
-* OWASP - https://mas.owasp.org/checklists/MASVS-CODE/[Mobile AppSec Verification Standard - Code Quality and Build Setting Requirements]
-* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code]
-* CWE - https://cwe.mitre.org/data/definitions/215[CWE-215 - Information Exposure Through Debug Information]
--- a/rules/S4507/xml/metadata.json
+++ b/rules/S4507/xml/metadata.json
@ -12,13 +12,8 @@
      215
    ],
    "OWASP Mobile": [
-      "M9",
      "M10"
    ],
-    "OWASP Mobile Top 10 2024": [
-      "M7",
-      "M8"
-    ],
    "MASVS": [
      "MSTG-CODE-2"
    ],
--- a/rules/S4507/xml/rule.adoc
+++ b/rules/S4507/xml/rule.adoc
@ -74,10 +74,15 @@ In a `web.config` file, the `customErrors` element's `mode` attribute is set to
 </configuration>
 ----

-include::../see-mobile.adoc[]
+== See

+* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration]
+* OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
+* OWASP - https://mas.owasp.org/checklists/MASVS-CODE/[Mobile AppSec Verification Standard - Code Quality and Build Setting Requirements]
+* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m10-extraneous-functionality[Mobile Top 10 2016 Category M10 - Extraneous Functionality]
+* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code]
+* CWE - https://cwe.mitre.org/data/definitions/215[CWE-215 - Information Exposure Through Debug Information]
 * https://developer.android.com/studio/publish/preparing[developer.android.com] - Prepare for release
-* https://developer.android.com/privacy-and-security/risks/android-debuggable[developer.android.com] - android:debuggable
 * https://learn.microsoft.com/en-us/aspnet/web-forms/overview/getting-started/getting-started-with-aspnet-45-web-forms/aspnet-error-handling[learn.microsoft.com] - ASP.NET Error Handling

 ifdef::env-github,rspecator-view[]