ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,324 Commits 329 Branches 2 Tags
Commit Graph

72 Commits

Author SHA1 Message Date
Fred Tingaud
972b0e39c2 Automatically migrate all rules where defaultSeverity is Blocker and MQR is High 2025-02-20 19:58:25 +01:00
Pierre-Loup
e769e586c9
Update security rules: add OWASP Mobile Top 10 2024 security standard (APPSEC-2383) (#4660) 2025-02-19 17:19:00 +01:00
Jamie Anderson
d255072981
Modify rules: Rename STIG version in metadata (#4098) 
The Security Technical Implementation Guide security standard is being
renamed from its release date (`2023-06-08`) to its official version and
revision number (`V5R3`). This helps to align with the version number
being used internally for reporting purposes.
 2024-07-30 16:10:03 +02:00
Jamie Anderson
9ee16daa47
Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914) 
* Update JSON schema to include STIG ASD 2023-06-08 mapping

* Update rules to add STIG metadata mappings

---------

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
 2024-05-06 08:56:31 +02:00
Loris S
33d2e6dbc8
Modify S2076(python): Improve code samples (#3833) 
* Modify S2076(python): Improve code samples

* Apply suggestions from code review
 2024-03-28 14:13:13 +01:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Fred Tingaud
d3cfe19d7e
Fix broken or dangerous backquotes 
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
 2023-10-30 10:33:56 +01:00
Marco Borgeaud
cd424756a0
Validate asciidoc ifdef/endif (#3311) 
Fix kotlin:S6511
 2023-10-18 09:43:40 +00:00
Marco Borgeaud
8209548e54
Diff blocks: fix incorrect use for python (#2795) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.

An obvious extra use of diff blocks was removed.
 2023-08-21 15:22:49 +02:00
Marco Borgeaud
95ce8c6119
Diff blocks: fix some incorrect use for javascript (#2802) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.
 2023-08-15 09:43:48 +02:00
Marco Borgeaud
7da1e57a15
Diff blocks: fix some incorrect use for java (#2801) 2023-08-10 17:12:37 +02:00
Marco Borgeaud
6550e65756
Diff blocks: fix some incorrect use for php (#2804) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.
 2023-08-10 15:57:24 +02:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Fred Tingaud
51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
 2023-06-22 10:38:01 +02:00
Victor
fe961619f9 migrate rule descriptions to new education format 2023-05-05 16:29:04 +02:00
Jamie Anderson
2d52a31a16
Modify rules: Remove deprecated sans-top25-* tags (#1694) 2023-03-29 15:31:59 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
Ilia Kebets
c80d7f3b4c
Add checks for education format (#1607) 2023-03-07 17:16:47 +01:00
gaetan-ferry-sonarsource
885bf0e968 Modify Multiple Rules: Add consistency accross S2076, S5334 and S5883 rules impact descriptions (APPSEC-340) (#1457) 2023-03-02 19:03:03 +01:00
gaetan-ferry-sonarsource
b64c10e0bf Modify rule S2076: Change text to education framework structure (Py,JS,PHP) [APPSEC-186] (#1359) 2023-03-02 18:22:24 +01:00
Loris S
e52b9671b2 Education text Fix (#1338) 2023-03-02 18:22:24 +01:00
pedro-oliveira-sonarsource
0340dd7ba1 [Education] Modify Rules: Fix OR operand character escape (#1259) 2023-03-02 18:22:24 +01:00
Loris S
8815e23ae8 Modify All Current Education Rules: Support intuitive view (#1256) 2023-03-02 18:22:24 +01:00
Loris S
1253c0a013 Modify Multiple Rules(Education): Standardization of impact files (#1240) 2023-03-02 18:22:24 +01:00
Loris S
00023d6be0 Modify S2076(education): Add common text (#1169) 2023-03-02 18:07:54 +01:00
Loris S
9f062ab1d4 Modify Multiple Rules: Fix Asciidoc errors (#1152) 2023-03-02 18:07:54 +01:00
pedro-oliveira-sonarsource
67b3e1ce20 [APPSEC-56] Modify rule S2076: Educational content (Java) (#1150) 2023-03-02 18:07:54 +01:00
Loris S
312f87d35b Modify Rule S2076(common text): Education Framework (APPSEC-54) (#1120) 2023-03-02 18:07:54 +01:00
Pierre-Loup
5ae60ed305 Modify rule S2076[C#]: Educational content - How to fix it section (APPSEC-55) (#1133) 2023-03-02 18:07:54 +01:00
Pierre-Loup
d8170502f1 Revert "[APPSEC-55] Add C# code examples to S2076" 
This reverts commit 5bae1a301c166179e128db294d3982b7707b10c1.
 2023-03-02 18:07:54 +01:00
Pierre-Loup
2203ba0b7a [APPSEC-55] Add C# code examples to S2076 2023-03-02 18:07:54 +01:00
Loris S
746e99677d
Modify All Current Education Rules: Add Security Principles (#1248) 2022-09-13 16:26:52 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
547094ab3c
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh
f786bd2603
Fix the mistakingly deleted 'See' sections in #362 (#449) 
committed as f6331f7fdca7fe36e52439b927312fd5d5a455c0

The mistake was caused by the uninitialized variable "hasSeeSection" in the
automatic removal script. Fixed here:
f6331f7fdc
 2021-10-05 09:49:00 +02:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
5ba82ae371
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
eric-therond-sonarsource
284ecc2fd8
update s2076 PHP description + common metadata (#264) 2021-08-17 19:33:04 +02:00
Arseniy Zaostrovnykh
b76bc57083
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00
Arseniy Zaostrovnykh
6c1ad2c13c Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00
Arseniy Zaostrovnykh
cdd7690a79 Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00