ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,299 Commits 329 Branches 2 Tags
Commit Graph

62 Commits

Author SHA1 Message Date
Pierre-Loup
e769e586c9
Update security rules: add OWASP Mobile Top 10 2024 security standard (APPSEC-2383) (#4660) 2025-02-19 17:19:00 +01:00
github-actions[bot]
c79083491d
Create rule S3329: Cipher Block Chaining IVs should be unpredictable (#4658) 
* Add go to rule S3329

* Add description for S3329 for Go

* Update rules/S3329/go/rule.adoc

Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com>

---------

Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com>
Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com>
Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com>
 2025-02-12 10:19:39 +01:00
Alex Meseldzija
2dc3a33c3b
NET-1038 Add symbolic-execution tag to our rules (#4621) 2025-01-28 15:06:03 +01:00
Maksim Grebeniuk
e0ab6ac55d
SONARPY-2399 update rules tags (#4553) 2024-12-04 14:08:49 +01:00
daniel-teuchert-sonarsource
a2b0adf225
Modify rule S3329: Correct example code (#4242) 
* Modify rule S3329: Correct example code

* Aligned compliant and noncompliant code

* Use AES/CBC/PKCS5Padding in all examples for Java and Kotlin
 2024-09-06 15:47:04 +02:00
Egon Okerman
afdfdf77d0
Update URLs to point to mas.owasp.org (#4126) 2024-08-08 09:50:21 +02:00
daniel-teuchert-sonarsource
86fe56eceb
Minor fix in S3329 Java code example (#3705) 2024-02-28 16:16:08 +01:00
Loris S
96811524d7
Modify JVM Crypto rules: Change framework name (#3550) 
* Modify JVM Crypto rules: Change title

* changed names

* Apply suggestions from code review

* fixed includes
 2024-01-25 15:18:07 +01:00
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) 
* Add check for security standard mismatch

* Fix security standard mismatches

* Fix Resources/Standards links for secrets rules

* Fix check

* Fix links and update security standard mapping

* Fix maintanability issue

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

* Fix typo

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

---------

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2024-01-17 17:20:28 +01:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Marco Borgeaud
8209548e54
Diff blocks: fix incorrect use for python (#2795) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.

An obvious extra use of diff blocks was removed.
 2023-08-21 15:22:49 +02:00
Loris S
5a15b560fd
APPSEC-843 Modify S3329: Mention FIPS-compliant PRNG (#2904) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
 2023-08-21 07:55:20 +00:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Zsolt Kolbay
dd620580d4
Update S3329: Change quickfix field (#2620) 2023-07-24 16:54:14 +02:00
Zsolt Kolbay
2cb1203925
Modify Rule S3329: Add VB.NET rule description (#2473) 2023-07-19 18:06:56 +02:00
Loris S
981e54d330
Modify S3329: Learn-As-You-Code migration (#2293) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [x] logical errors and incorrect information
- [x] information gaps and missing content
- [x] text style and tone
- [x] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
 2023-06-28 17:25:56 +02:00
Fred Tingaud
9cb6b98e41
Remove unimplemented languages/rules tagged as 'SECURITY_HOTSPOT' or 'VULNERABILITY' 
Languages for which some unique descriptions remain are kept.

This cleaning removes the following rules that were implemented in no
language:
[S1947, S2085, S2086, S2609, S2610, S2614, S2643, S2773, S2776, S3268,
S3272, S3361]
 2023-06-22 19:13:37 +02:00
Fred Tingaud
51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
 2023-06-22 10:38:01 +02:00
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
Victor
fe961619f9 migrate rule descriptions to new education format 2023-05-05 16:29:04 +02:00
Jamie Anderson
664d3c5a0f
Modify rules: Remove deprecated owasp-mX tags (#1692) 2023-03-28 11:14:25 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
leonardo-pilastri-sonarsource
9db73d254b
Modify rule S3329: update code example (#1494) 2023-01-06 16:17:10 +01:00
github-actions[bot]
3f6a2c59ab
Create rule S6432 (#1024) 2022-12-02 14:53:09 +01:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Arseniy Zaostrovnykh
5829d5c422
RULEAPI-717: Make sure all rules known to be duplicates on Jira are marked as such on github (#683) 2022-01-11 09:21:43 +00:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
547094ab3c
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
Johann Beleites
09ce6edecc
Use correct plural form of IVs (#246) 2021-08-02 17:01:21 +02:00
eric-therond-sonarsource
08c011b06a
add mobile security standards, links and tags to mobile rules and add new CWEv4.4 entries (#112) 2021-06-10 10:04:10 +02:00
Arseniy Zaostrovnykh
b76bc57083
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00
Arseniy Zaostrovnykh
6c1ad2c13c Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00
Arseniy Zaostrovnykh
cdd7690a79 Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Arseniy Zaostrovnykh
af4fdb3a84 Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00
Arseniy Zaostrovnykh
acadea59e9 move coveredLangauges and replacementRules into extra field 2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh
1d713451d6 Undo the abuse of compatibleLanguages metadata field 2021-02-16 15:00:44 +01:00
Arseniy Zaostrovnykh
a09a26d560 fix hading of {{\+}} and sort the compatible languages 2021-02-08 12:42:26 +01:00
Arseniy Zaostrovnykh
b62862646c move typescript rules to javascript directory 2021-02-08 10:49:37 +01:00
sonartech
0ffbfb133d Nightly update 2021-02-06 04:10:49 +00:00
Arseniy Zaostrovnykh
af8cda992b unescape more things 2021-02-05 10:34:25 +01:00
Arseniy Zaostrovnykh
402a7d7be3 sort metadata fields 2021-02-04 12:27:03 +01:00
Arseniy Zaostrovnykh
f6093ee186 Overapproximate compatibleLanguages and tags/standards 2021-02-02 19:11:00 +01:00
Arseniy Zaostrovnykh
716b335a56 Enable forced linebreaks in quotes; escape -- in url 2021-02-02 16:54:43 +01:00