ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,185 Commits 329 Branches 2 Tags
Commit Graph

12 Commits

Author SHA1 Message Date
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) 
* Add check for security standard mismatch

* Fix security standard mismatches

* Fix Resources/Standards links for secrets rules

* Fix check

* Fix links and update security standard mapping

* Fix maintanability issue

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

* Fix typo

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

---------

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2024-01-17 17:20:28 +01:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Egon Okerman
905365e865
Modify rule S6380: Add language AzureResourceManager (Bicep) (#2298) 2023-09-13 10:27:43 +02:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Egon Okerman
ea7cefd5a9
Modify rule S6380: Fix message inconsistencies (ARM) (#2687) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [x] logical errors and incorrect information
- [x] information gaps and missing content
- [x] text style and tone
- [x] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
 2023-07-27 14:29:27 +02:00
github-actions[bot]
4ec7f8ed07
Create rule S6380: add language AzureResourceManager (JSON) (#2274) 
Specification ticket:
[APPSEC-775](https://sonarsource.atlassian.net/browse/APPSEC-775)
Implementation ticket:
[SONARIAC-899](https://sonarsource.atlassian.net/browse/SONARIAC-899)
[RSPEC
Preview](https://sonarsource.github.io/rspec/#/rspec/S6378/azureresourcemanager)

Bicep PR for S6380: #2298 
## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)



[APPSEC-775]:
https://sonarsource.atlassian.net/browse/APPSEC-775?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
[SONARIAC-899]:
https://sonarsource.atlassian.net/browse/SONARIAC-899?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

---------

Co-authored-by: egon-okerman-sonarsource <egon-okerman-sonarsource@users.noreply.github.com>
Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com>
 2023-07-03 18:04:53 +02:00
Loris S
9d8b209353
Modify Multiple Rules(IAC): Remove Non-IAC-Based Standards in Metadata (APPSEC-5) (#1238) 2022-09-14 10:29:18 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
github-actions[bot]
b52e66370a
Create rule S6380[terraform]: Authorizing anonymous access to Azure resources is security-sensitive (#574) 
* Create rule S6380

* Disabling authentication is security-sensitive

* Add Sensitive Keyword

* Add Security Standards References

* Add Message.adoc

* Clarified everything

* refreshed metadata

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* last update : removed cert auth, add redis infos and highlights

* replaced ad auth with app service auth

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* added owasp 2017

* improved title

* Update rules/S6380/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* added secdev reco about anonymous access

* Completed rule description

* add last tweaks

* Update rules/S6380/terraform/metadata.json

* Update rules/S6380/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* applied recommendations

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/metadata.json

* Add missing prefix to azurerm_data_factory_linked_service_odata

* Fix typo in basic_authentication

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-10 14:46:04 +00:00