ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
973 Commits 329 Branches 2 Tags
Commit Graph

56 Commits

Author SHA1 Message Date
hendrik-buchwald-sonarsource
6bb423e68e
Modify rule S5332: Add cloud tags (#627) 
* Add Azure tag

* Add AWS tag

* Move tags to terraform subdir

Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-24 11:11:44 +00:00
Pierre-Loup
c6f14b6a20
Add AWS tag to IaC rules (#662) 2021-12-16 15:02:01 +01:00
hendrik-buchwald-sonarsource
c9cdadd72e
Modify rule S5332: Add message for missing option (#615) 2021-11-26 17:02:56 +00:00
Karim El Ouerghemmi
3d54ce32f3
Modify rule S5332: Make absence of property clearer for CloudFormation (#579) 2021-11-10 10:38:31 +01:00
Loris S
baf4eb7abd
Create rule S5332[cloudformation]: Add kinesis data stream (#501) 
* added highlighting tips

* removed highlighting tip making no sense

* fixed french syntax

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* added streamencryption bloc

* Update rules/S5332/cloudformation/rule.adoc

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 20:49:40 +01:00
hendrik-buchwald-sonarsource
3496d4bedd
Add description (#502) 
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 19:22:37 +00:00
Loris S
0465d16d1d
Create rule S5332[terraform]: Add Kinesis Data Streams (#500) 
* added skeleton

* added highlighting tip

* added kinesis recommendations

* removed template rule leftovers

* removed unnecessary clause to avoid confusion

* fixed highlighting tip mistake

* fixed french syntax

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* fixed french syntax

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* removed quotes

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-11-09 18:15:28 +01:00
hendrik-buchwald-sonarsource
0ac56f7279
Create rule S5332[cloudformation]: Add ECS Task Definition (#497) 
* Add description

* Fix mistake introduced while fixing merge conflicts

Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 17:12:01 +01:00
Loris S
b9070ab4be
Create rule S5332[cloudformation]: Add AWS Load Balancer Listeners (#506) 
* first cloudformation draft

* fixed simple mistakes

* simplified highlighting tips

* improved highlights, yaml and sensitive comment

* simplified and concised highlights

* removed french syntax

* add AWS namespace to highlights instead of regular name

Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 16:55:54 +01:00
hendrik-buchwald-sonarsource
122559324f
Create rule S5332[terraform]: Add ElastiCache Replication Group 
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-11-09 14:49:28 +00:00
Pierre-Loup
958811377b
Create rule S5332[cloudformation]: Add AWS Elasticsearch Domain (#496) 
* Add rule description

* Add code examples of the EnforceHTTPS option

* Apply suggestions from code review

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 14:26:57 +01:00
hendrik-buchwald-sonarsource
de99a4a664
Create rule S5332[terraform]: Add ECS Task Definition (#498) 
* Add description

* Replace message with highlight

Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-11-09 10:01:19 +00:00
Loris S
a89413a349
Create rule S5332[terraform]: Add AWS Load Balancer Listeners (#508) 
* added rule skeleton

* added rule snippets

* Adapted highlights to terraform

* fixed important mistake

* fixed french syntax

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-11-08 15:41:35 +00:00
Pierre-Loup
48354a4c9a
Create rule S5332[terraform]: Add AWS Elasticsearch Domain (#495) 
* Add rule description

* Add code examples of the enforce_https option

* Apply suggestions from code review

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <karim.ouerghemmi@sonarsource.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-08 15:31:26 +00:00
github-actions[bot]
4aef8584d8
Create rule S5332[cloudformation]: Add MSK Cluster (#494) 
* Add cloudformation to rule S5332

* added first draft after PR#464

* improved conciseness

* improved internal highlighting docs

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-08 14:10:56 +01:00
github-actions[bot]
65ca2afdbb
Create rule S5332[terraform] (#464) 
* Add terraform to rule S5332

* add base vuln rspec

* add details about msk in desc

* add highlighting rules

* mistaken : encryption clauses missing = defaults are secure

* Update rules/S5332/terraform/rule.adoc

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* Update rules/S5332/terraform/rule.adoc

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* removed template rule leftovers

* added mention about msk secure defaults

* fixed generalization mistake

* improved conciseness

* improved internal highlighting docs

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-08 10:49:47 +00:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
547094ab3c
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00
quentin-jaquier-sonarsource
7045e7434b
[java] fix formatting in rules descriptions (#504) 2021-10-18 16:27:36 +02:00
Pierre-Loup
cf92b1d361
Modify rule S5332[kotlin]: support Android WebView insecure mixed content policy (#457) 2021-10-15 10:58:45 +02:00
Pierre-Loup
18261edb3e
Modify rule S5332: Improve description (#474) 2021-10-14 16:12:59 +02:00
github-actions[bot]
2136dca525
Create rule S5332[xml] (#455) 2021-10-13 12:21:04 +02:00
Pierre-Loup
0fd3980865
Modify rule S5332[java]: support Android WebView insecure mixed content policy (#458) 2021-10-12 09:21:31 +02:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
pynicolas
0da133709f
Modify rule S5332: WordPress misconfigurations (#228) 
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-08-16 11:40:21 +00:00
Elena Vilchik
4017668a76
Fixes for JavaScript: remove 'Sonar way recommended' profile and legacy keys (#148) 2021-06-25 14:41:11 +02:00
eric-therond-sonarsource
08c011b06a
add mobile security standards, links and tags to mobile rules and add new CWEv4.4 entries (#112) 2021-06-10 10:04:10 +02:00
Arseniy Zaostrovnykh
af4fdb3a84 Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00
sonartech
8a40b3deb6 Nightly update 2021-02-23 01:11:03 +00:00
Arseniy Zaostrovnykh
acadea59e9 move coveredLangauges and replacementRules into extra field 2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh
1d713451d6 Undo the abuse of compatibleLanguages metadata field 2021-02-16 15:00:44 +01:00
sonartech
3026a2b385 Nightly update 2021-02-15 10:52:35 +00:00
Arseniy Zaostrovnykh
b6cdecf9ea Update rules metadata 2021-02-15 10:42:33 +01:00
Arseniy Zaostrovnykh
a09a26d560 fix hading of {{\+}} and sort the compatible languages 2021-02-08 12:42:26 +01:00
Arseniy Zaostrovnykh
b62862646c move typescript rules to javascript directory 2021-02-08 10:49:37 +01:00
sonartech
0ffbfb133d Nightly update 2021-02-06 04:10:49 +00:00
Arseniy Zaostrovnykh
af8cda992b unescape more things 2021-02-05 10:34:25 +01:00
Arseniy Zaostrovnykh
402a7d7be3 sort metadata fields 2021-02-04 12:27:03 +01:00
Arseniy Zaostrovnykh
f6093ee186 Overapproximate compatibleLanguages and tags/standards 2021-02-02 19:11:00 +01:00
Arseniy Zaostrovnykh
716b335a56 Enable forced linebreaks in quotes; escape -- in url 2021-02-02 16:54:43 +01:00
Arseniy Zaostrovnykh
7ca29f686f Force linebreaks 2021-02-02 15:02:10 +01:00
Arseniy Zaostrovnykh
1a22006270 Add coveredLanguages field 2021-01-29 15:53:23 +01:00
Arseniy Zaostrovnykh
d4598ce0f9 make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00
Arseniy Zaostrovnykh
0a8c5eafce add replacementRules metadata field 2021-01-26 16:58:13 +01:00
sonartech
6616f25a4b Nightly update 2021-01-23 04:07:47 +00:00
sonartech
7ade796037 Nightly update 2021-01-22 04:06:24 +00:00
sonartech
e7f5c93153 Nightly update 2021-01-21 04:09:13 +00:00
Arseniy Zaostrovnykh
ca0ff69338 update the rspecs 2021-01-08 09:39:48 +01:00