ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,185 Commits 329 Branches 2 Tags
Commit Graph

30 Commits

Author SHA1 Message Date
GabinL21
2e155a926e
SONARIAC-1892 Modify rule S6975: Fix how to fix it section split (#4604) 2025-01-20 11:46:15 +01:00
Sebastien Andrivet
5c2d48fba7
Modify S6321: Add Ansible (#4324) 
* Add RSPEC for S6321 for Ansible
 2024-10-01 09:40:58 +02:00
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) 
* Add check for security standard mismatch

* Fix security standard mismatches

* Fix Resources/Standards links for secrets rules

* Fix check

* Fix links and update security standard mapping

* Fix maintanability issue

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

* Fix typo

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

---------

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2024-01-17 17:20:28 +01:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Marco Borgeaud
cd424756a0
Validate asciidoc ifdef/endif (#3311) 
Fix kotlin:S6511
 2023-10-18 09:43:40 +00:00
daniel-teuchert-sonarsource
9f5a87c298
Arm/make examples schema compliant (#3047) 
This PR changes the JSON examples for ARM rules to make sure that the
code samples will be scanned by sonar-iac-plugin.
To ensure this all resources need a name field and the schema URL has to
be an https and not http URL.

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
 2023-09-13 15:48:50 +02:00
Loris S
e6506c521c
Modify S6388(IAC): Fix diff IDs (#3004) 
## Why
https://cirrus-ci.com/task/4983664824549376?logs=asciidoc_tests#L117

## Outcome


https://github.com/SonarSource/rspec/blob/master/rules/S6388/azureresourcemanager/examples/Microsoft.Compute_disks.noncompliant.adoc
is empty for no reason

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
 2023-09-04 14:36:39 +02:00
Peter Trifanov
ba2c5c0a6a
Modify rule S6321: Add language AzureResourceManager (Bicep) (#2781) 2023-08-10 13:54:24 +02:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Loris S
b979fdd6e5
Modify S6321(Cfn): Improve samples (#2588) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [x] logical errors and incorrect information
- [x] information gaps and missing content
- [x] text style and tone
- [x] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
 2023-07-21 10:06:22 +02:00
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
github-actions[bot]
55f24df0fd
Create rule S6321: Add language AzureResourceManager (and education format) (#1877) 2023-05-16 08:47:16 +02:00
Victor
fe961619f9 migrate rule descriptions to new education format 2023-05-05 16:29:04 +02:00
Rudy Regazzoni
d6a6439e46
Add bicep and json for language support in code example (#1830) 2023-05-05 11:12:16 +02:00
github-actions[bot]
3115a13675
Create rule S6321: Administration services access should be restricted to specific IP addresses [JS][APPSEC-168] (#1306) 2022-10-06 12:56:45 +02:00
github-actions[bot]
1d89475ea1
Create rule S6321: Administration services access should be restricted to specific IP addresses (APPSEC-146)(#1279) 2022-09-27 11:22:38 +02:00
Loris S
9d8b209353
Modify Multiple Rules(IAC): Remove Non-IAC-Based Standards in Metadata (APPSEC-5) (#1238) 2022-09-14 10:29:18 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
hendrik-buchwald-sonarsource
f4696dbf01
Modify rule S6321: Add GCP examples (#689) 
* Remove AWS specific words

* Add Azure code samples

* Add Azure link

* Add missing tags

* Add samples

* Update rules/S6321/metadata.json

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Update rules/S6321/terraform/metadata.json

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Remove AWS tag

* Make description more generic

* Update rules/S6321/description.adoc

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Remove GCP tag

* Update rules/S6321/see.adoc

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Remove Azure tag

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-02-11 08:19:08 +00:00
hendrik-buchwald-sonarsource
9bbd4c135e
Modify rule S6321: Turn into generic rule (#649) 
* Remove AWS specific words

* Add Azure code samples

* Add Azure link

* Add missing tags

* Update description

* Fix asciidoc and metadata

Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <nils.werner@sonarsource.com>
 2022-02-07 10:08:29 +00:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Pierre-Loup
c6f14b6a20
Add AWS tag to IaC rules (#662) 2021-12-16 15:02:01 +01:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
github-actions[bot]
6611dde0fd
Create rule S6321: Administration services access should be restricted to specific IP addresses (#188) 
* Create rule S6321

* init S6321

* adjust title to follow guidelines

* fix incorrect CWE link

* some fixes

* fix cis category

* fix after review

Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com>
Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com>
 2021-09-15 08:10:36 +00:00