ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,322 Commits 329 Branches 2 Tags
Commit Graph

41 Commits

Author SHA1 Message Date
Fred Tingaud
972b0e39c2 Automatically migrate all rules where defaultSeverity is Blocker and MQR is High 2025-02-20 19:58:25 +01:00
Jamie Anderson
d255072981
Modify rules: Rename STIG version in metadata (#4098) 
The Security Technical Implementation Guide security standard is being
renamed from its release date (`2023-06-08`) to its official version and
revision number (`V5R3`). This helps to align with the version number
being used internally for reporting purposes.
 2024-07-30 16:10:03 +02:00
Jamie Anderson
9ee16daa47
Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914) 
* Update JSON schema to include STIG ASD 2023-06-08 mapping

* Update rules to add STIG metadata mappings

---------

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
 2024-05-06 08:56:31 +02:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Marco Borgeaud
34814f787b
Remove links to SANS Top 25 CWEs (#3322) 
These links are no longer relevant since SANS now just link to CWE, and we already have links to CWEs.
 2023-10-18 13:16:00 +00:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
Jamie Anderson
2d52a31a16
Modify rules: Remove deprecated sans-top25-* tags (#1694) 2023-03-29 15:31:59 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
Ilia Kebets
c80d7f3b4c
Add checks for education format (#1607) 2023-03-07 17:16:47 +01:00
Egon Okerman
1f4aed2865 Modify S6105: Move to progressive education format (APPSEC-422) (#1519) 
* Move metadata to root

* Define S6105 for JS/TS

* Move message.adoc

* Fix incorrect autolink

* Fix standards header

* Add "noncompliant" to code sample

* Change header styling

* Apply suggestions from code review

Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com>

* Update rules/S6105/common/fix/how-does-this-work.adoc

Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com>

* Update rules/S6105/common/pitfalls/starts-with.adoc

Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com>

* Remove reference to javascript pseudo-protocol

* Update rules/S6105/common/fix/how-does-this-work.adoc

Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com>

* Rewrite startsWith text

* Change framework name

Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com>
 2023-03-02 19:03:03 +01:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
547094ab3c
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
Arseniy Zaostrovnykh
965a2e4592
RULEAPI-555: fix tricky syntax manually. part II 2021-06-04 06:06:22 +02:00
Arseniy Zaostrovnykh
a6e4582881 Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Arseniy Zaostrovnykh
3d1e98b941 Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
Arseniy Zaostrovnykh
af4fdb3a84 Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00
Arseniy Zaostrovnykh
acadea59e9 move coveredLangauges and replacementRules into extra field 2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh
1d713451d6 Undo the abuse of compatibleLanguages metadata field 2021-02-16 15:00:44 +01:00
Arseniy Zaostrovnykh
6fe8bdf8a7 update 2021-02-12 16:35:24 +01:00
Arseniy Zaostrovnykh
8ad659aa24 Escape plaintext urls 2021-02-08 16:21:28 +01:00
Arseniy Zaostrovnykh
f6093ee186 Overapproximate compatibleLanguages and tags/standards 2021-02-02 19:11:00 +01:00
Arseniy Zaostrovnykh
7ca29f686f Force linebreaks 2021-02-02 15:02:10 +01:00
Arseniy Zaostrovnykh
1a22006270 Add coveredLanguages field 2021-01-29 15:53:23 +01:00
Arseniy Zaostrovnykh
d4598ce0f9 make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00
Arseniy Zaostrovnykh
0a8c5eafce add replacementRules metadata field 2021-01-26 16:58:13 +01:00
sonartech
a41dc0b710 nightly update 2021-01-12 16:11:41 +00:00
Arseniy Zaostrovnykh
fb261af631 Quality profiles for customized rules 2021-01-07 12:13:35 +01:00
Arseniy Zaostrovnykh
232269f3ce Add default quality profiles 2021-01-07 11:08:42 +01:00
Arseniy Zaostrovnykh
d96d948333 change the inline-code delimitters 2020-12-23 14:59:06 +01:00
Arseniy Zaostrovnykh
ed53c1610b Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00