rspec

Author	SHA1	Message	Date
Pierre-Loup	84d701ffe5	Create rule S5344 for Kotlin (SONARKT-582) (#4803 ) * Create rule S5344 for Kotlin * Apply review suggestions	2025-03-25 15:04:15 +00:00
Pierre-Loup	e769e586c9	Update security rules: add OWASP Mobile Top 10 2024 security standard (APPSEC-2383) (#4660 )	2025-02-19 17:19:00 +01:00
github-actions[bot]	4903879d09	Create rule S5344: Passwords should not be stored in plaintext or with a fast hashing algorithm (#4655 ) * Add go to rule S5344 * Add description for S5344 for Go * Add message * Extend message * Update rules/S5344/go/message.adoc Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com> * Update rules/S5344/go/message.adoc Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com> --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com>	2025-02-12 10:44:28 +01:00
Jamie Anderson	d255072981	Modify rules: Rename STIG version in metadata (#4098 ) The Security Technical Implementation Guide security standard is being renamed from its release date (`2023-06-08`) to its official version and revision number (`V5R3`). This helps to align with the version number being used internally for reporting purposes.	2024-07-30 16:10:03 +02:00
Costin Zaharia	8da8a3ea84	Fix typo and insert space in nocompliant comments (#3952 )	2024-05-31 17:08:01 +02:00
Gregory Paidis	3f9e28f94b	S5344: Fix 2**12 -> 2^12 (#3937 )	2024-05-17 08:53:13 +00:00
Gregory Paidis	933189cd8e	Minor cleanup/refactoring on S5344 for C# and Python (#3936 ) * Fix S5344 numbers 100 000 -> 100,000 * Refactor the message for SCrypt.Generate on C# * Review 1 * Review 1	2024-05-16 14:03:24 +00:00
github-actions[bot]	f616902d5f	Create rule S5344(xml): Web.Config, LayC-compliant (#3710 ) * Add xml to rule S5344 * Add the text * Apply suggestions from code review Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> * Apply suggestions from code review * Apply suggestions from code review --------- Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com> Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>	2024-05-16 15:32:43 +02:00
Gregory Paidis	cdf9fcb632	Fix typo in S5344 (#3931 )	2024-05-16 11:08:15 +02:00
Jamie Anderson	9ee16daa47	Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914 ) * Update JSON schema to include STIG ASD 2023-06-08 mapping * Update rules to add STIG metadata mappings --------- Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>	2024-05-06 08:56:31 +02:00
gaetan-ferry-sonarsource	394d19b554	Modify rule S5344: Set 100k as PBKDF reco & update highlights (APPSEC-1631) (#3843 )	2024-04-03 12:28:20 +00:00
github-actions[bot]	762a21bfa7	Create rule S5344: Passwords should not be stored in plain-text or with a fast hashing algorithm (APPSEC-1631) (#3839 )	2024-04-02 09:43:24 +02:00
github-actions[bot]	c5593190ce	Create rule S5344(python): Passwords should not be stored in plain-text or with a fast hashing algorithm (#3715 )	2024-03-18 17:37:51 +01:00
Loris S	a1f3709876	Modify S5344: Improve common text (#3714 )	2024-03-01 09:57:51 +01:00
Loris S	65898981f1	Modify S5344: Re-arrange the folder for new languages (#3709 ) * Modify S5344: Re-arrange the folder for new languages * modify a file name typo * last tweaks * changed diff * reorg fixes * Apply suggestions from code review	2024-02-29 15:36:57 +01:00
Pierre-Loup	770348d041	Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537 ) * Add check for security standard mismatch * Fix security standard mismatches * Fix Resources/Standards links for secrets rules * Fix check * Fix links and update security standard mapping * Fix maintanability issue * Apply review suggestions * Apply suggestions from code review Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> * Fix typo Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> --------- Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>	2024-01-17 17:20:28 +01:00
Egon Okerman	d1417e82f8	Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529 ) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes	2024-01-15 17:15:56 +01:00
Marco Borgeaud	34814f787b	Remove links to SANS Top 25 CWEs (#3322 ) These links are no longer relevant since SANS now just link to CWE, and we already have links to CWEs.	2023-10-18 13:16:00 +00:00
Sebastien Andrivet	1a5894a5a2	Add texts that were not merged. (#3180 ) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)	2023-09-29 09:36:30 +02:00
Sebastien Andrivet	9666fd7c0e	Modify rule S5344: Change text to education framework format (APPSEC-1106) (#3152 ) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com>	2023-09-29 09:07:00 +02:00
Antonio Aversa	a02bf814d4	Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793 )	2023-08-04 17:19:38 +02:00
Fred Tingaud	9cb6b98e41	Remove unimplemented languages/rules tagged as 'SECURITY_HOTSPOT' or 'VULNERABILITY' Languages for which some unique descriptions remain are kept. This cleaning removes the following rules that were implemented in no language: [S1947, S2085, S2086, S2609, S2610, S2614, S2643, S2773, S2776, S3268, S3272, S3361]	2023-06-22 19:13:37 +02:00
Fred Tingaud	51369b610e	Make sure that includes are always surrounded by empty lines (#2270 ) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.	2023-06-22 10:38:01 +02:00
Victor	fe961619f9	migrate rule descriptions to new education format	2023-05-05 16:29:04 +02:00
Jamie Anderson	2d52a31a16	Modify rules: Remove deprecated `sans-top25-*` tags (#1694 )	2023-03-29 15:31:59 +02:00
Jamie Anderson	2d8892defb	Modify rules: Remove "owasp-aX" tag (#1655 )	2023-03-16 15:25:13 +01:00
Alexandre Gigleux	01bad1b800	Map rules to OWASP ASVS 4 (#1110 ) https://sonarsource.atlassian.net/browse/MMF-2794	2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource	b04b29019c	[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007 )	2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource	4cd575af12	[APPSEC-2] New security standard - PCI DSS 3.2 (#1005 )	2022-05-23 09:00:28 +02:00
jtingsanchali	96d9ddb930	RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926 ) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files	2022-04-07 08:53:59 -05:00
Pierre-Loup	1b061d5ff5	Fix typo in OWASP links from the See section (#807 ) * Fix typos in OWASP Top 10 2017 links * Fixing wrong URI in OWASP Top 10 2021 A4 links	2022-02-10 09:11:45 +01:00
Fred Tingaud	b4161466e6	RULEAPI-661: Add syntax coloring	2022-02-04 16:28:24 +00:00
Pierre-Loup	e7ad1012e3	RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545 )	2021-11-01 15:00:32 +01:00
Pierre-Loup	547094ab3c	Update CWE mapping (#534 )	2021-10-28 10:07:16 +02:00
Arseniy Zaostrovnykh	6a0ec99e78	RULEAPI-706: Add quick fixes metadata	2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh	f786bd2603	Fix the mistakingly deleted 'See' sections in #362 (#449 ) committed as f6331f7fdca7fe36e52439b927312fd5d5a455c0 The mistake was caused by the uninitialized variable "hasSeeSection" in the automatic removal script. Fixed here: `f6331f7fdc`	2021-10-05 09:49:00 +02:00
Arseniy Zaostrovnykh	2301f5808e	RULEAPI-695: remove extra/coveredLanguages field	2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh	ec55b6ead1	RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392 )	2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh	5ba82ae371	RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362 )	2021-09-21 15:40:35 +02:00
Arseniy Zaostrovnykh	f7904cebe7	RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346 )	2021-09-20 13:38:42 +00:00
Arseniy Zaostrovnykh	b76bc57083	RULEAPI-576: add a horizontal rule between rule description and comments	2021-06-08 15:52:13 +02:00
Arseniy Zaostrovnykh	6c1ad2c13c	Fix the comment display: rule-id, timestamp, GH visibility, link direction	2021-06-03 09:05:38 +02:00
Arseniy Zaostrovnykh	cdd7690a79	Export comments and rspec-to-rspec links from jira	2021-06-02 20:44:38 +02:00
Arseniy Zaostrovnykh	af4fdb3a84	Update rules after the fix in the export module	2021-04-26 17:29:13 +02:00
sonartech	8a40b3deb6	Nightly update	2021-02-23 01:11:03 +00:00
Arseniy Zaostrovnykh	acadea59e9	move coveredLangauges and replacementRules into extra field	2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh	1d713451d6	Undo the abuse of compatibleLanguages metadata field	2021-02-16 15:00:44 +01:00
Arseniy Zaostrovnykh	af8cda992b	unescape more things	2021-02-05 10:34:25 +01:00
Arseniy Zaostrovnykh	f6093ee186	Overapproximate compatibleLanguages and tags/standards	2021-02-02 19:11:00 +01:00
Arseniy Zaostrovnykh	7ca29f686f	Force linebreaks	2021-02-02 15:02:10 +01:00

1 2

59 Commits