ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,322 Commits 329 Branches 2 Tags
Commit Graph

70 Commits

Author SHA1 Message Date
Eric Morand
7c9aad50bf
RULEAPI-836 - Add compatibleLanguages to javascript rule manifests (#4731) 2025-03-17 09:58:46 +00:00
Sebastien Andrivet
51c5882cdf
Modify S2612: add Ansible (#4356) 2024-10-08 10:51:07 +02:00
Jamie Anderson
d255072981
Modify rules: Rename STIG version in metadata (#4098) 
The Security Technical Implementation Guide security standard is being
renamed from its release date (`2023-06-08`) to its official version and
revision number (`V5R3`). This helps to align with the version number
being used internally for reporting purposes.
 2024-07-30 16:10:03 +02:00
Jamie Anderson
9ee16daa47
Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914) 
* Update JSON schema to include STIG ASD 2023-06-08 mapping

* Update rules to add STIG metadata mappings

---------

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
 2024-05-06 08:56:31 +02:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Marco Borgeaud
34814f787b
Remove links to SANS Top 25 CWEs (#3322) 
These links are no longer relevant since SANS now just link to CWE, and we already have links to CWEs.
 2023-10-18 13:16:00 +00:00
Marco Borgeaud
76791bbfe8
Remove link to CERT Java from CFamily (#3296) 
Remove irrelevant links from C/C++ descriptions. No effort was made to
replace them when there wasn't already a link to CERT C. This will be
done as part of a separate effort, one day.
 2023-10-18 10:49:02 +00:00
Egon Okerman
e0b8bea72f
Modify rule S2612, S4423 (Go): fix diff-view errors (#3005) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
 2023-09-04 14:23:47 +02:00
github-actions[bot]
adac450cab
Create rule S2612: add Go (APPSEC-908) (#2869) 
You can preview this rule
[here](https://sonarsource.github.io/rspec/#/rspec/S2612/go) (updated a
few minutes after each push).

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: egon-okerman-sonarsource <egon-okerman-sonarsource@users.noreply.github.com>
Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2023-08-16 11:42:20 +02:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Fred Tingaud
9cb6b98e41
Remove unimplemented languages/rules tagged as 'SECURITY_HOTSPOT' or 'VULNERABILITY' 
Languages for which some unique descriptions remain are kept.

This cleaning removes the following rules that were implemented in no
language:
[S1947, S2085, S2086, S2609, S2610, S2614, S2643, S2773, S2776, S3268,
S3272, S3361]
 2023-06-22 19:13:37 +02:00
Fred Tingaud
51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
 2023-06-22 10:38:01 +02:00
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
gaetan-ferry-sonarsource
9221f4d7af
Modify rule S2612: Change the message for docker related permission issues. (APPSEC-621) (#1748) 2023-04-13 15:28:47 +02:00
Jamie Anderson
2d52a31a16
Modify rules: Remove deprecated sans-top25-* tags (#1694) 2023-03-29 15:31:59 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
pedro-oliveira-sonarsource
86c7a71144
Modify Rule S2612: Add Docker (APPSEC-440) (#1560) 2023-02-10 09:35:50 +01:00
Alban Auzeill
b65c1f1515 provide missing quickfixes information 2022-09-30 16:35:53 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Pierre-Loup
1b061d5ff5
Fix typo in OWASP links from the See section (#807) 
* Fix typos in OWASP Top 10 2017 links
* Fixing wrong URI in OWASP Top 10 2021 A4 links
 2022-02-10 09:11:45 +01:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
2eb4c50a9b
RULEAPI-710: Validate that security-standards are not shadowed 2021-10-29 16:55:50 +00:00
Pierre-Loup
547094ab3c
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
5ba82ae371
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
Arseniy Zaostrovnykh
11c08de44a
Revert "RULEAPI-665: Remove security standards from the irrelevant language-specific rules" (#361) 
This reverts commit 892bccde8ffcdf2a6d662d97ec469cd63de87878.
 2021-09-17 13:50:03 +02:00
Arseniy Zaostrovnykh
892bccde8f
RULEAPI-665: Remove security standards from the irrelevant language-specific rules 2021-09-17 13:44:41 +02:00
Elena Vilchik
4017668a76
Fixes for JavaScript: remove 'Sonar way recommended' profile and legacy keys (#148) 2021-06-25 14:41:11 +02:00
Arseniy Zaostrovnykh
b76bc57083
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00
Arseniy Zaostrovnykh
6fc8e148c2
RULEAPI-644: Export security standards from Jira 2021-06-08 08:36:49 +02:00
Arseniy Zaostrovnykh
6c1ad2c13c Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00
Arseniy Zaostrovnykh
cdd7690a79 Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Arseniy Zaostrovnykh
af4fdb3a84 Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00
Arseniy Zaostrovnykh
ccbe056c4d update 2021-02-18 15:34:33 +01:00
Arseniy Zaostrovnykh
acadea59e9 move coveredLangauges and replacementRules into extra field 2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh
1d713451d6 Undo the abuse of compatibleLanguages metadata field 2021-02-16 15:00:44 +01:00
Arseniy Zaostrovnykh
bd054677b5 Disarm the . at the start of a line 2021-02-16 11:54:08 +01:00
Arseniy Zaostrovnykh
c4b46ee96c Add APEX into the covered languages for missing rules 2021-02-15 17:20:44 +01:00
Arseniy Zaostrovnykh
f543279c4b update 2021-02-15 12:31:39 +01:00
Arseniy Zaostrovnykh
b6cdecf9ea Update rules metadata 2021-02-15 10:42:33 +01:00
Arseniy Zaostrovnykh
89dacf641c fix the links with underscores 2021-02-09 12:11:03 +01:00
Arseniy Zaostrovnykh
a09a26d560 fix hading of {{\+}} and sort the compatible languages 2021-02-08 12:42:26 +01:00
Arseniy Zaostrovnykh
b62862646c move typescript rules to javascript directory 2021-02-08 10:49:37 +01:00