ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,185 Commits 329 Branches 2 Tags
Commit Graph

54 Commits

Author SHA1 Message Date
Fred Tingaud
972b0e39c2 Automatically migrate all rules where defaultSeverity is Blocker and MQR is High 2025-02-20 19:58:25 +01:00
github-actions[bot]
504835d1bf
Create rule S5147(C#): NoSQL operations should not be vulnerable to injection attacks APPSEC-2024 (#4165) 
* Add csharp to rule S5147

* Add the text

* Fixed filename

* Apply suggestions from code review

Co-authored-by: Hendrik Buchwald <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* Apply suggestions from code review

* Update rules/S5147/csharp/how-to-fix-it/mongodb-csharp-driver.adoc

* Update rules/S5147/common/fix/builder-pattern.adoc

Co-authored-by: Hendrik Buchwald <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

---------

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Hendrik Buchwald <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
 2024-08-23 12:10:19 +00:00
Jamie Anderson
d255072981
Modify rules: Rename STIG version in metadata (#4098) 
The Security Technical Implementation Guide security standard is being
renamed from its release date (`2023-06-08`) to its official version and
revision number (`V5R3`). This helps to align with the version number
being used internally for reporting purposes.
 2024-07-30 16:10:03 +02:00
Pierre-Loup
d8c45777df
Modify S5147: Add context specific code examples for Spring Data MongoDB (#3912) 
Co-authored-by: Thomas Serre <118730793+thomas-serre-sonarsource@users.noreply.github.com>
 2024-07-11 11:35:10 +02:00
Jamie Anderson
9ee16daa47
Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914) 
* Update JSON schema to include STIG ASD 2023-06-08 mapping

* Update rules to add STIG metadata mappings

---------

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
 2024-05-06 08:56:31 +02:00
gaetan-ferry-sonarsource
173a43b3dd
Modify rule S5147: Adding a how to fix section for Spring Data Redis (APPSEC-1565) (#3870) 2024-04-18 14:09:08 +00:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Loris S
cd7c6fc72f
Modify S5147(python): Improved the description (#3317) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
 2023-10-17 15:57:18 +00:00
Marco Borgeaud
95ce8c6119
Diff blocks: fix some incorrect use for javascript (#2802) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.
 2023-08-15 09:43:48 +02:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
Victor
fe961619f9 migrate rule descriptions to new education format 2023-05-05 16:29:04 +02:00
Jamie Anderson
2d52a31a16
Modify rules: Remove deprecated sans-top25-* tags (#1694) 2023-03-29 15:31:59 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
Ilia Kebets
c80d7f3b4c
Add checks for education format (#1607) 2023-03-07 17:16:47 +01:00
pedro-oliveira-sonarsource
a95e5405ad Modify rule S5147: Change text to the education framework format [Python][APPSEC-232] (#1389) 2023-03-02 18:48:41 +01:00
Pierre-Loup
98874d53a2 Modify rule S5147[JS/TS]: Change text to the education framework format (APPSEC-233) (#1384) 2023-03-02 18:48:41 +01:00
Loris S
e52b9671b2 Education text Fix (#1338) 2023-03-02 18:22:24 +01:00
Loris S
8815e23ae8 Modify All Current Education Rules: Support intuitive view (#1256) 2023-03-02 18:22:24 +01:00
Loris S
1253c0a013 Modify Multiple Rules(Education): Standardization of impact files (#1240) 2023-03-02 18:22:24 +01:00
Loris S
cec8459153 Modify S5147(multiple languages): Update to the education framework (APPSEC-89) (#1192) 2023-03-02 18:22:24 +01:00
Loris S
746e99677d
Modify All Current Education Rules: Add Security Principles (#1248) 2022-09-13 16:26:52 +02:00
Pierre-Loup
8920bd8e10
Fix CWE mapping (#1128) 2022-08-18 10:33:50 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
github-actions[bot]
2cd5a58120
Create rule S5147[python] (#680) 2022-01-31 14:14:40 +01:00
Loris S
8f7349a0af
Create rule S5147[Java]: NoSQL operations should not be vulnerable to injections (#668) 
* RSPEC-S5147 Java

* Update rules/S5147/java/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S5147/java/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S5147/description.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S5147/description.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S5147/description.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S5147/description.adoc

* applied some recommendations

* improved code

* message

* removed vuln odm

* split a sentence into multiple files

* removed pléonasmes

* Update rules/S5147/java/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S5147/java/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* applied recommendations

* Update rules/S5147/php/rule.adoc

Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com>

* Update rules/S5147/java/rule.adoc

* Update rules/S5147/java/rule.adoc

* Update rules/S5147/java/rule.adoc

* Update rules/S5147/java/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com>
Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com>
 2022-01-31 11:01:20 +01:00
Loris S
4774e72dc1
Modify Rules: Multiple typo on missing hyphens (#660) 2021-12-13 16:18:55 +01:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh
f786bd2603
Fix the mistakingly deleted 'See' sections in #362 (#449) 
committed as f6331f7fdca7fe36e52439b927312fd5d5a455c0

The mistake was caused by the uninitialized variable "hasSeeSection" in the
automatic removal script. Fixed here:
f6331f7fdc
 2021-10-05 09:49:00 +02:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
5ba82ae371
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
Arseniy Zaostrovnykh
acadea59e9 move coveredLangauges and replacementRules into extra field 2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh
1d713451d6 Undo the abuse of compatibleLanguages metadata field 2021-02-16 15:00:44 +01:00
Arseniy Zaostrovnykh
a09a26d560 fix hading of {{\+}} and sort the compatible languages 2021-02-08 12:42:26 +01:00
Arseniy Zaostrovnykh
b62862646c move typescript rules to javascript directory 2021-02-08 10:49:37 +01:00
sonartech
0ffbfb133d Nightly update 2021-02-06 04:10:49 +00:00
Arseniy Zaostrovnykh
af8cda992b unescape more things 2021-02-05 10:34:25 +01:00
Arseniy Zaostrovnykh
402a7d7be3 sort metadata fields 2021-02-04 12:27:03 +01:00
Arseniy Zaostrovnykh
f6093ee186 Overapproximate compatibleLanguages and tags/standards 2021-02-02 19:11:00 +01:00
Arseniy Zaostrovnykh
7ca29f686f Force linebreaks 2021-02-02 15:02:10 +01:00
Arseniy Zaostrovnykh
1a22006270 Add coveredLanguages field 2021-01-29 15:53:23 +01:00
Arseniy Zaostrovnykh
0a8c5eafce add replacementRules metadata field 2021-01-26 16:58:13 +01:00