ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,327 Commits 329 Branches 2 Tags
Commit Graph

50 Commits

Author SHA1 Message Date
Pierre-Loup
e769e586c9
Update security rules: add OWASP Mobile Top 10 2024 security standard (APPSEC-2383) (#4660) 2025-02-19 17:19:00 +01:00
erwan.serandour
47956ba750 allow INFO and BLOCKER for CCT rule quality severity to support Multi-Quality Rule mode 2024-11-05 16:33:31 +01:00
Marco Borgeaud
33780b6d3a
Detect title as subsections (#4407) 2024-10-14 14:48:37 +00:00
Jamie Anderson
d255072981
Modify rules: Rename STIG version in metadata (#4098) 
The Security Technical Implementation Guide security standard is being
renamed from its release date (`2023-06-08`) to its official version and
revision number (`V5R3`). This helps to align with the version number
being used internally for reporting purposes.
 2024-07-30 16:10:03 +02:00
Fred Tingaud
50b4d12a75
Forbid adding direct links to rules.sonarsource.com 2024-05-15 15:10:41 +02:00
Jamie Anderson
9ee16daa47
Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914) 
* Update JSON schema to include STIG ASD 2023-06-08 mapping

* Update rules to add STIG metadata mappings

---------

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
 2024-05-06 08:56:31 +02:00
Fred Tingaud
1ebb437042
Allow free titles in 'How to fix it' 2024-02-02 16:57:26 +00:00
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) 
* Add check for security standard mismatch

* Fix security standard mismatches

* Fix Resources/Standards links for secrets rules

* Fix check

* Fix links and update security standard mapping

* Fix maintanability issue

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

* Fix typo

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

---------

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2024-01-17 17:20:28 +01:00
Fred Tingaud
1012001409
RULEAPI-800 Detect usages of C++ instead of {cpp} in asciidoc 2023-12-22 13:58:58 +01:00
Fred Tingaud
d3cfe19d7e
Fix broken or dangerous backquotes 
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
 2023-10-30 10:33:56 +01:00
Fred Tingaud
e261bd4b21
Fix Sonar warnings 
Fix a bunch of Sonar warnings that somehow appear as "New warnings"
although they are a few years old.
 2023-09-22 14:41:56 +00:00
Michael Jabbour
32232051fd
Add clean code taxonomy properties to metadata schema (#2792) 2023-08-04 16:55:03 +02:00
Amélie Renard
b724d1f7c4
RULEAPI-791 LaYC: add "External coding guidelines" subtitle in the "Resources" section (#2454) 2023-07-13 18:18:01 +02:00
Fred Tingaud
35036fffff
Add check that each section is used only once 
There was already a check for section duplication, but only in "How to
fix it". This changes the test to cover all sections.
And fixing the rules that this new validation fails on.

Also making test_modify_rule.py run on Windows.

---------

Co-authored-by: Christophe Zürn <36889251+christophe-zurn-sonarsource@users.noreply.github.com>
 2023-06-13 18:03:28 +02:00
Christophe Zürn
fb4ba0d61d
Update README and validation to reflect new guidelines (#1951) 
Co-authored-by: Elena Vilchik <elena.vilchik@sonarsource.com>
 2023-05-30 11:00:48 +02:00
Victor
fe961619f9 migrate rule descriptions to new education format 2023-05-05 16:29:04 +02:00
Christophe Zurn
62f01f07fe Update documentation, disallow standard rule format, add allowed sections in 'Why is it an issue?' 2023-05-05 16:29:04 +02:00
Christophe Zurn
daea3fea27 RULEAPI-785 RSPEC: education format "How to fix it" section should be optional 2023-05-05 16:29:04 +02:00
Costin Zaharia
5352da5b03
Add Benchmarks as a supported section on Resources (#1812) 2023-04-27 10:07:31 +02:00
Ilia Kebets
c80d7f3b4c
Add checks for education format (#1607) 2023-03-07 17:16:47 +01:00
Christophe Zürn
47ba59f3b5 RULEAPI-766 Add documentation and integrity checks for new education rule descriptions format (#1098) 2023-03-02 18:07:54 +01:00
Christophe Zürn
db2f440797
SONARSEC-3163 Add education principles to S5131 metadata json file (#1155) 2022-08-09 12:06:31 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
Pavel Mikula
bacaac778a
Replace remediation cost time unit 'mn' with 'min' (#1104) 2022-07-13 15:02:38 +02:00
Pierre-Loup
83209561fe
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
Alexandre Gigleux
9cb2845112
Support of PCI DSS v3.2 (#925) 
* Rename "PCI DSS" to "PCI DSS 3.2" because the security standard is versioned
* Update metadata.json of one rule using the wrong "PCI DSS"
 2022-04-12 21:58:21 +02:00
Fred Tingaud
9ca204f1c9
RULEAPI-744 automatically fill the template source tags with the current language 2022-02-08 17:34:53 +01:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Fred Tingaud
7d868d3f35
Use a more readable form to display parameters 2022-02-01 12:25:23 +00:00
Marco Antognini
b2b116a8e2
RULEAPI-682: Index multiple types and rules with no languages 
* Generate description and metadata for rules with no language, so that they get indexed.
* Index rules with different types in language specializations.
* Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes).
* Write smaller JSON files, reduce their size by 30%.
* Improve test coverage of CLI application.
 2022-01-28 09:51:13 +01:00
Fred Tingaud
171580f86a
Revert "RULEAPI-614: mark unpredictable remediation cost" 
We should validate functionally this change with PMs before putting it in production.
Reverting for now.
 2022-01-19 19:07:03 +00:00
Fred Tingaud
ebfa8932d1
RULEAPI-614: mark unpredictable remediation cost 2022-01-19 16:39:02 +01:00
Arseniy Zaostrovnykh
d444d13593
Fix python issues raised by SQ for the old code 2022-01-13 09:25:17 +01:00
Pierre-Loup
2eb4c50a9b
RULEAPI-710: Validate that security-standards are not shadowed 2021-10-29 16:55:50 +00:00
Pierre-Loup
2026ac6b8c
RULEAPI-698: Support OWASP Top 10 2021 security standard (#466) 2021-10-15 09:37:46 +02:00
Pierre-Loup
72a1ac7423
RULEAPI-699: Support OWASP ASVS 4 security standard 2021-10-08 10:23:39 +02:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Čaba Šagi
6d8404981c
RULEAPI-642: Validate the level of section headers in asciidoc: make sure there are no level-0 2021-09-30 11:52:56 +02:00
Elena Vilchik
c357e2e7f7
RULEAPI-603 Fail ci metadata check if rule with replacement has 'ready' status (#398) 2021-09-30 11:45:09 +02:00
Arseniy Zaostrovnykh
090a5c725d
RULEAPI-696: adapt the rspec/readme.adoc narrative to not mention "coveredLanguages" and to menation -branch in rule-api (#408) 2021-09-29 16:04:43 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
eric-therond-sonarsource
520573b838
RULEAPI-654: Clarify the rule creation process (#115) 2021-06-11 05:58:58 +00:00
eric-therond-sonarsource
cf26c8d270
add missing and future security standards (#103) 2021-06-07 19:13:19 +02:00
eric-therond-sonarsource
8421f9fb41
add owasp mobile security standard to schema validation (#94) 2021-06-07 11:20:46 +02:00
Amélie Renard
7b177ec126
RULEAPI-608 Rename unconventional headers in RSPECs and update the validation script in GitHub rspec repository 2021-06-04 14:23:34 +02:00
Amélie Renard
4dbfe9d0ef
RUELAPI-615 Ignore closed RSPEC in "validate_asciidoc" check 2021-05-25 11:00:40 +02:00
Arseniy Zaostrovnykh
9fe4334933
RULEAPI-574 Validate RSPEC description structure 2021-05-04 09:58:49 +02:00
Arseniy Zaostrovnykh
0b1ee21341
RULEAPI-604 Make an exception for Security Hotspots in the validation schema for "remediation cost" field 2021-04-30 14:11:09 +02:00
nicolas-harraudeau-sonarsource
763c935b63
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00