teemu-rytilahti-sonarsource
8586551b59
Add newlines around includes in secrets template ( #4718 )
...
* Add newlines around includes in secrets template
* Mention that new lines are needed around includes
---------
Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com>
Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
2025-03-04 09:50:45 +01:00
teemu-rytilahti-sonarsource
d76bab68bd
SONARTEXT-328 Improve generic secret template ( #4714 )
...
* Revise the secret rspec template
* Set status=beta for new secrets
* Revert back to old values for example_{secret,name,env} vars
2025-03-03 10:25:53 +00:00
Pierre-Loup
e769e586c9
Update security rules: add OWASP Mobile Top 10 2024 security standard (APPSEC-2383) ( #4660 )
2025-02-19 17:19:00 +01:00
Fred Tingaud
4a2fe22a72
Fix Secrets template rule
2025-02-14 16:12:09 +01:00
Ghislain Piot
c5efdf6797
SONARPY-2586 Point coverage script to the enterprise sonar-python repository ( #4649 )
2025-02-05 14:14:22 +01:00
daniel-teuchert-sonarsource
5be0d9daa7
Adjust language label for go ( #4650 )
2025-02-05 11:56:49 +01:00
Peter Trifanov
14c80b84d0
[NO-JIRA] Point coverage script to the enterprise sonar-go repository ( #4635 )
2025-01-30 10:19:54 +01:00
Fred Tingaud
5fb2c9dd39
RULEAPI-824 Sort tags by version number instead of commited date when computing coverage
2024-12-12 16:58:20 +01:00
Fred Tingaud
efa7462eae
RULEAPI-823 Don't consider tags that are not version numbers in coverage computation
2024-12-12 16:58:20 +01:00
Fred Tingaud
741e23121b
RULEAPI-822 Don't consider sonar-css that is deprecated, when computing coverage
...
sonar-css-plugin is no longer used and the sonar-css repository is archived. Rules that are only in
sonar-css should be considered as deleted and rules that are moved in sonarJS should be displayed
as in sonarJS.
The current coverage format cannot represent perfectly this repository change, so removing sonar-css
from the list seems like the simplest approach to get a good enough result.
2024-12-12 16:58:20 +01:00
Fred Tingaud
c480f9a4b0
RULEAPI-821 Skip all profile files, not only Sonar_way_profile
2024-12-12 16:58:20 +01:00
Fred Tingaud
a6f4f03031
RULEAPI-820 Don't indiscriminately crop rule names on "_" in coverage computation
2024-12-12 16:58:20 +01:00
Jonas Wielage
604db8c2c3
[NO-JIRA] Fix rule coverage for Text and Secrets ( #4555 )
2024-12-04 12:39:47 +01:00
Fred Tingaud
f0b8295b12
Fix link checker ( #4519 )
2024-11-20 17:57:55 +01:00
Mary Georgiou
402a45849d
NET-578 Update coverage.py script in RSpec repo to point to the new enterprise repository ( #4520 )
2024-11-20 16:41:32 +01:00
erwan.serandour
47956ba750
allow INFO and BLOCKER for CCT rule quality severity to support Multi-Quality Rule mode
2024-11-05 16:33:31 +01:00
Marco Borgeaud
33780b6d3a
Detect title as subsections ( #4407 )
2024-10-14 14:48:37 +00:00
Dorian Burihabwa
dcf8ddd32f
[NO-JIRA] Fix rule coverage for Apex, Go, Ruby and Scala
...
Replaced the old reference to slang-enterprise with references to split
repos and JIRA projects for each of the former SLang languages (Apex, Go, Ruby and Scala).
2024-10-07 15:07:25 +02:00
GabinL21
686c4056dc
Modify S2260: add Ansible ( #4360 )
2024-10-02 11:22:27 +02:00
leonardo-pilastri-sonarsource
570e581908
Include "sonar-architecture" in the list of repos for updating rules coverage script ( #4337 )
2024-10-01 12:24:49 +02:00
Hendrik Buchwald
f481234ef0
Add a new language identifier for Ansible ( #4332 )
2024-09-30 08:27:51 +00:00
Marharyta
8ae6c27693
Include "sonar-dart" in the list of repos for updating rules coverage script ( #4317 )
2024-09-25 11:42:14 +02:00
Marco Borgeaud
63be5d2666
Do not validate drupal.org links
2024-08-22 09:59:26 +02:00
Marco Borgeaud
3afafafcb9
Do not validate CERT links
2024-08-22 09:59:26 +02:00
Marco Borgeaud
00eee176da
Improve probing frequency to reduce time spent on CI
...
Checks links every two to three days instead of every 24h to 25h40.
This improve the distribution of checks on CI runs.
2024-08-22 09:59:26 +02:00
Marco Borgeaud
71fa9cb6d3
Print statistics about cache hit/miss
2024-08-22 09:59:26 +02:00
Jamie Anderson
d255072981
Modify rules: Rename STIG version in metadata ( #4098 )
...
The Security Technical Implementation Guide security standard is being
renamed from its release date (`2023-06-08`) to its official version and
revision number (`V5R3`). This helps to align with the version number
being used internally for reporting purposes.
2024-07-30 16:10:03 +02:00
Mate Molnar
c0a5024363
BUILD-4175: use secrets from Vault
...
* Fix SQ issue Unexpected string concatenation
* Allow testing of the coverage update workflow by checking out all
branches and referencing the SHA of the triggering event
* Fix repository url for coverage update
* Add a manual trigger for coverage update
2024-07-17 10:38:43 +02:00
Mate Molnar
62870a2202
Revert "BUILD-4733: update clone command to use a github access-token"
...
This reverts commit 8a20fdca5e8a16320f7864c2fbe2052dc932a917.
2024-07-17 10:38:43 +02:00
Mate Molnar
cf35ea3595
Revert "BUILD-4733: Use the correct url format for cloning with an access token"
...
This reverts commit 72febdb50709c0edba5ead3d6b139812cb557f8c.
2024-07-17 10:38:43 +02:00
Mate Molnar
7d64c96a75
Revert "BUILD-4733: Use COVERAGE_GITHUB_TOKEN from the vault instead of the default GITHUB_TOKEN"
...
This reverts commit 9a14e956754adfffdfb53bd22d4a230cb97acaae.
2024-07-17 10:38:43 +02:00
Fred Tingaud
0fd7e2c4b0
Fix language in rule creation script
2024-07-09 17:07:27 +02:00
Marharyta
782cae5eca
RULEAPI-809 Add a new language identifier for Dart ( #4020 )
2024-07-09 16:43:50 +02:00
Hendrik Buchwald
f740f91b5e
Modify rule S6992/S6999: Add missing variables (APPSEC-1885) ( #4047 )
2024-07-09 09:39:30 +00:00
Tom
9a14e95675
BUILD-4733: Use COVERAGE_GITHUB_TOKEN from the vault instead of the default GITHUB_TOKEN
2024-07-05 17:01:17 +02:00
tomverin
72febdb507
BUILD-4733: Use the correct url format for cloning with an access token
2024-07-04 16:05:28 +02:00
tomverin
8a20fdca5e
BUILD-4733: update clone command to use a github access-token
2024-07-04 15:48:47 +02:00
Jamie Anderson
bed74da521
Create specialized single-language rules ( #3996 )
2024-06-26 09:52:29 +01:00
Johann Beleites
e2c4c4b8fe
RULEAPI-770 Fix bug due to multiple sonarpedia.json files ( #3983 )
...
When there are multiple sonarpedia.json files for the same language, the rules
picked up for the next sonarpedia.json file will override the ones picked up
previously. With this fix, the rules are not overwritten but all are collected,
so one repository can have multiple sonarpedia.json files for the same language.
2024-06-11 12:15:51 +02:00
Fred Tingaud
50b4d12a75
Forbid adding direct links to rules.sonarsource.com
2024-05-15 15:10:41 +02:00
Jamie Anderson
9ee16daa47
Modify rules: Add STIG AS&D 2023-06-08 mappings ( #3914 )
...
* Update JSON schema to include STIG ASD 2023-06-08 mapping
* Update rules to add STIG metadata mappings
---------
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
2024-05-06 08:56:31 +02:00
Rudy Regazzoni
718931dce3
Add language JCL as a supported language ( #3604 )
2024-02-07 10:10:43 +01:00
leonardo-pilastri-sonarsource
90dd1316f0
Add dbd to plugin list to compute rules coverage ( #3602 )
2024-02-05 12:03:14 +01:00
Fred Tingaud
1ebb437042
Allow free titles in 'How to fix it'
2024-02-02 16:57:26 +00:00
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) ( #3537 )
...
* Add check for security standard mismatch
* Fix security standard mismatches
* Fix Resources/Standards links for secrets rules
* Fix check
* Fix links and update security standard mapping
* Fix maintanability issue
* Apply review suggestions
* Apply suggestions from code review
Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
* Fix typo
Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
---------
Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
2024-01-17 17:20:28 +01:00
Fred Tingaud
1012001409
RULEAPI-800 Detect usages of C++ instead of {cpp} in asciidoc
2023-12-22 13:58:58 +01:00
Fred Tingaud
d3cfe19d7e
Fix broken or dangerous backquotes
...
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
2023-10-30 10:33:56 +01:00
Arseniy Zaostrovnykh
5c3437e99d
Update Pipfile.lock to latest package versions
...
To address Dependabot reports
2023-10-16 12:28:49 +00:00
dependabot[bot]
1430fad659
Bump gitpython from 3.1.32 to 3.1.34 in /rspec-tools ( #3020 )
...
Bumps [gitpython](https://github.com/gitpython-developers/GitPython )
from 3.1.32 to 3.1.34.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gitpython-developers/GitPython/releases ">gitpython's
releases</a>.</em></p>
<blockquote>
<h2>3.1.34 - fix resource leaking</h2>
<h2>What's Changed</h2>
<ul>
<li>util: close lockfile after opening successfully by <a
href="https://github.com/skshetry "><code>@skshetry</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1639 ">gitpython-developers/GitPython#1639</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/skshetry "><code>@skshetry</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1639 ">gitpython-developers/GitPython#1639</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.33...3.1.34 ">https://github.com/gitpython-developers/GitPython/compare/3.1.33...3.1.34 </a></p>
<h2>v3.1.33 - with security fix</h2>
<h2>What's Changed</h2>
<ul>
<li>WIP Quick doc by <a
href="https://github.com/LeoDaCoda "><code>@LeoDaCoda</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1608 ">gitpython-developers/GitPython#1608</a></li>
<li>Partial clean up wrt mypy and black by <a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1617 ">gitpython-developers/GitPython#1617</a></li>
<li>Disable merge_includes in config writers by <a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1618 ">gitpython-developers/GitPython#1618</a></li>
<li>feat: full typing for "progress" parameter in Repo class
by <a
href="https://github.com/madebylydia "><code>@madebylydia</code></a> in
<a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1634 ">gitpython-developers/GitPython#1634</a></li>
<li>Fix CVE-2023-40590 by <a
href="https://github.com/EliahKagan "><code>@EliahKagan</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1636 ">gitpython-developers/GitPython#1636</a></li>
<li><a
href="https://redirect.github.com/gitpython-developers/GitPython/issues/1566 ">#1566</a>
Creating a lock now uses python built-in "open()" method to
work arou… by <a
href="https://github.com/HageMaster3108 "><code>@HageMaster3108</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1619 ">gitpython-developers/GitPython#1619</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/LeoDaCoda "><code>@LeoDaCoda</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1608 ">gitpython-developers/GitPython#1608</a></li>
<li><a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1617 ">gitpython-developers/GitPython#1617</a></li>
<li><a
href="https://github.com/EliahKagan "><code>@EliahKagan</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1636 ">gitpython-developers/GitPython#1636</a></li>
<li><a
href="https://github.com/HageMaster3108 "><code>@HageMaster3108</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1619 ">gitpython-developers/GitPython#1619</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.33 ">https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.33 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2a2ae7768247147406a5https://redirect.github.com/gitpython-developers/GitPython/issues/1639 ">#1639</a>
from skshetry/close-lockfile</li>
<li><a
href="3e829eb516f882cd8422993f04588aa1c472bd31https://redirect.github.com/gitpython-developers/GitPython/issues/1619 ">#1619</a>
from HageMaster3108/bugfix/use-python-builtin-open-m...</li>
<li><a
href="70924c42658b75434e2chttps://redirect.github.com/gitpython-developers/GitPython/issues/1636 ">#1636</a>
from EliahKagan/cve-2023-40590</li>
<li><a
href="7611cd909b94e0fb0794https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.34 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-22 19:31:23 +02:00
Fred Tingaud
e261bd4b21
Fix Sonar warnings
...
Fix a bunch of Sonar warnings that somehow appear as "New warnings"
although they are a few years old.
2023-09-22 14:41:56 +00:00
