rspec

Author	SHA1	Message	Date
Fred Tingaud	972b0e39c2	Automatically migrate all rules where defaultSeverity is Blocker and MQR is High	2025-02-20 19:58:25 +01:00
daniel-teuchert-sonarsource	58f256f85c	Modify rule S5146: Add fix for Blazor (APPSEC-1905) (#4128 ) Co-authored-by: Thomas Serre <118730793+thomas-serre-sonarsource@users.noreply.github.com>	2024-09-02 14:56:08 +02:00
Pierre-Loup	770348d041	Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537 ) * Add check for security standard mismatch * Fix security standard mismatches * Fix Resources/Standards links for secrets rules * Fix check * Fix links and update security standard mapping * Fix maintanability issue * Apply review suggestions * Apply suggestions from code review Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> * Fix typo Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> --------- Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>	2024-01-17 17:20:28 +01:00
Egon Okerman	d1417e82f8	Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529 ) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes	2024-01-15 17:15:56 +01:00
Marco Borgeaud	8209548e54	Diff blocks: fix incorrect use for python (#2795 ) Improvement identified in #2790. Add a prefix to the diff-id when it is used multiple times in different "how to fix it in XYZ" sections to avoid ambiguity and pedantically follow the spec: > A single and unique diff-id should be used only once for each type of code example as shown in the description of a rule. Obvious typos around `diff-type` were fixed. An obvious extra use of diff blocks was removed.	2023-08-21 15:22:49 +02:00
Marco Borgeaud	6550e65756	Diff blocks: fix some incorrect use for php (#2804 ) Improvement identified in #2790. Add a prefix to the diff-id when it is used multiple times in different "how to fix it in XYZ" sections to avoid ambiguity and pedantically follow the spec: > A single and unique diff-id should be used only once for each type of code example as shown in the description of a rule. Obvious typos around `diff-type` were fixed.	2023-08-10 15:57:24 +02:00
Antonio Aversa	a02bf814d4	Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793 )	2023-08-04 17:19:38 +02:00
John-Clifton-SonarSource	4861cfa476	Modify rule S5146: Fix invalid Python sample (#2239 ) I couldn't get Sonarcloud to trigger this issue using the provided noncompliant code example. I think the code examples as written end up being circular because the local function 'redirect()' will call itself rather than the imported 'redirect()' function of the same name. The fix is to change the local function name to be redirecting(). I changed the API endpoint name as well so that it matched. Once I had made this change, the noncompliant code example did lead to Sonarcloud spotting the issue. ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)	2023-06-29 14:57:46 +01:00
Fred Tingaud	16f6c0aecf	Inline adoc when include has no additional value (#1940 ) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.	2023-05-25 14:18:12 +02:00
Jamie Anderson	2d52a31a16	Modify rules: Remove deprecated `sans-top25-*` tags (#1694 )	2023-03-29 15:31:59 +02:00
Jamie Anderson	2d8892defb	Modify rules: Remove "owasp-aX" tag (#1655 )	2023-03-16 15:25:13 +01:00
Ilia Kebets	c80d7f3b4c	Add checks for education format (#1607 )	2023-03-07 17:16:47 +01:00
Roberto Orlandi	976fccee08	Fix format errors due to missing empty line in the .adoc files (#1404 )	2023-03-02 18:48:41 +01:00
pedro-oliveira-sonarsource	b48fbbc971	Modify S5146(multiple languages): Update to the education framework (APPSEC-185) (#1330 )	2023-03-02 18:22:24 +01:00
Loris S	e52b9671b2	Education text Fix (#1338 )	2023-03-02 18:22:24 +01:00
Loris S	c774044661	Modify Education Rules S514{4,6}: Add trailing slash pitfall (#1262 )	2023-03-02 18:22:24 +01:00
Loris S	8815e23ae8	Modify All Current Education Rules: Support intuitive view (#1256 )	2023-03-02 18:22:24 +01:00
Loris S	1253c0a013	Modify Multiple Rules(Education): Standardization of impact files (#1240 )	2023-03-02 18:22:24 +01:00
pedro-oliveira-sonarsource	88a429b10f	[APPSEC-59] Modify rule S5146: Educational content (Java) (#1146 )	2023-03-02 18:07:54 +01:00
hendrik-buchwald-sonarsource	135d4e8869	[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138 )	2023-03-02 18:07:54 +01:00
pedro-oliveira-sonarsource	babbfeceb6	[APPSEC-57] Modify rule S5146: Educational content (Commons) (#1132 )	2023-03-02 18:07:54 +01:00
Loris S	746e99677d	Modify All Current Education Rules: Add Security Principles (#1248 )	2022-09-13 16:26:52 +02:00
hendrik-buchwald-sonarsource	1e8216f005	Modify rule S5146: Fix incorrect Java code sample (#1129 )	2022-08-01 15:20:33 +02:00
Alexandre Gigleux	01bad1b800	Map rules to OWASP ASVS 4 (#1110 ) https://sonarsource.atlassian.net/browse/MMF-2794	2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource	082b3ef269	Modify: Fix old/broken embedded links (#1100 )	2022-07-08 13:58:56 +02:00
pedro-oliveira-sonarsource	b04b29019c	[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007 )	2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource	4cd575af12	[APPSEC-2] New security standard - PCI DSS 3.2 (#1005 )	2022-05-23 09:00:28 +02:00
jtingsanchali	96d9ddb930	RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926 ) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files	2022-04-07 08:53:59 -05:00
Fred Tingaud	b4161466e6	RULEAPI-661: Add syntax coloring	2022-02-04 16:28:24 +00:00
Loris S	4774e72dc1	Modify Rules: Multiple typo on missing hyphens (#660 )	2021-12-13 16:18:55 +01:00
Pierre-Loup	2378417fdd	Modify rule S5146 - Support Location header (#315 )	2021-11-05 13:12:29 +00:00
Pierre-Loup	e7ad1012e3	RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545 )	2021-11-01 15:00:32 +01:00
Pierre-Loup	547094ab3c	Update CWE mapping (#534 )	2021-10-28 10:07:16 +02:00
Arseniy Zaostrovnykh	6a0ec99e78	RULEAPI-706: Add quick fixes metadata	2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh	2301f5808e	RULEAPI-695: remove extra/coveredLanguages field	2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh	ec55b6ead1	RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392 )	2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh	f7904cebe7	RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346 )	2021-09-20 13:38:42 +00:00
Arseniy Zaostrovnykh	1e3834e79c	Fixed nightly update: mark the closed rules	2021-05-21 17:48:13 +02:00
sonartech	e992218b4e	Nightly update	2021-05-21 01:24:06 +00:00
Arseniy Zaostrovnykh	af4fdb3a84	Update rules after the fix in the export module	2021-04-26 17:29:13 +02:00
Arseniy Zaostrovnykh	acadea59e9	move coveredLangauges and replacementRules into extra field	2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh	1d713451d6	Undo the abuse of compatibleLanguages metadata field	2021-02-16 15:00:44 +01:00
Arseniy Zaostrovnykh	a09a26d560	fix hading of {{\+}} and sort the compatible languages	2021-02-08 12:42:26 +01:00
Arseniy Zaostrovnykh	b62862646c	move typescript rules to javascript directory	2021-02-08 10:49:37 +01:00
sonartech	0ffbfb133d	Nightly update	2021-02-06 04:10:49 +00:00
Arseniy Zaostrovnykh	af8cda992b	unescape more things	2021-02-05 10:34:25 +01:00
Arseniy Zaostrovnykh	402a7d7be3	sort metadata fields	2021-02-04 12:27:03 +01:00
Arseniy Zaostrovnykh	f6093ee186	Overapproximate compatibleLanguages and tags/standards	2021-02-02 19:11:00 +01:00
Arseniy Zaostrovnykh	716b335a56	Enable forced linebreaks in quotes; escape -- in url	2021-02-02 16:54:43 +01:00
Arseniy Zaostrovnykh	7ca29f686f	Force linebreaks	2021-02-02 15:02:10 +01:00

1 2

57 Commits