ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,388 Commits 329 Branches 2 Tags
Commit Graph

105 Commits

Author SHA1 Message Date
tomverin
72febdb507
BUILD-4733: Use the correct url format for cloning with an access token 2024-07-04 16:05:28 +02:00
tomverin
8a20fdca5e
BUILD-4733: update clone command to use a github access-token 2024-07-04 15:48:47 +02:00
Jamie Anderson
bed74da521
Create specialized single-language rules (#3996) 2024-06-26 09:52:29 +01:00
Johann Beleites
e2c4c4b8fe
RULEAPI-770 Fix bug due to multiple sonarpedia.json files (#3983) 
When there are multiple sonarpedia.json files for the same language, the rules
picked up for the next sonarpedia.json file will override the ones picked up
previously. With this fix, the rules are not overwritten but all are collected,
so one repository can have multiple sonarpedia.json files for the same language.
 2024-06-11 12:15:51 +02:00
Fred Tingaud
50b4d12a75
Forbid adding direct links to rules.sonarsource.com 2024-05-15 15:10:41 +02:00
Jamie Anderson
9ee16daa47
Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914) 
* Update JSON schema to include STIG ASD 2023-06-08 mapping

* Update rules to add STIG metadata mappings

---------

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
 2024-05-06 08:56:31 +02:00
Rudy Regazzoni
718931dce3
Add language JCL as a supported language (#3604) 2024-02-07 10:10:43 +01:00
leonardo-pilastri-sonarsource
90dd1316f0
Add dbd to plugin list to compute rules coverage (#3602) 2024-02-05 12:03:14 +01:00
Fred Tingaud
1ebb437042
Allow free titles in 'How to fix it' 2024-02-02 16:57:26 +00:00
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) 
* Add check for security standard mismatch

* Fix security standard mismatches

* Fix Resources/Standards links for secrets rules

* Fix check

* Fix links and update security standard mapping

* Fix maintanability issue

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

* Fix typo

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

---------

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2024-01-17 17:20:28 +01:00
Fred Tingaud
1012001409
RULEAPI-800 Detect usages of C++ instead of {cpp} in asciidoc 2023-12-22 13:58:58 +01:00
Fred Tingaud
d3cfe19d7e
Fix broken or dangerous backquotes 
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
 2023-10-30 10:33:56 +01:00
Fred Tingaud
e261bd4b21
Fix Sonar warnings 
Fix a bunch of Sonar warnings that somehow appear as "New warnings"
although they are a few years old.
 2023-09-22 14:41:56 +00:00
Jonas Wielage
b4fa02a24c
Added secrets language to LANG_TO_SOURCE dict (#2820) 2023-08-08 09:44:10 +02:00
Michael Jabbour
32232051fd
Add clean code taxonomy properties to metadata schema (#2792) 2023-08-04 16:55:03 +02:00
Amélie Renard
b724d1f7c4
RULEAPI-791 LaYC: add "External coding guidelines" subtitle in the "Resources" section (#2454) 2023-07-13 18:18:01 +02:00
Fred Tingaud
35036fffff
Add check that each section is used only once 
There was already a check for section duplication, but only in "How to
fix it". This changes the test to cover all sections.
And fixing the rules that this new validation fails on.

Also making test_modify_rule.py run on Windows.

---------

Co-authored-by: Christophe Zürn <36889251+christophe-zurn-sonarsource@users.noreply.github.com>
 2023-06-13 18:03:28 +02:00
hendrik-buchwald-sonarsource
a315e5de4c
Add review checklist 
This PR adds a small checklist for new PRs that will make it more
visible what parts of the RSPEC were reviewed.
 2023-06-06 17:04:39 +02:00
Christophe Zürn
fb4ba0d61d
Update README and validation to reflect new guidelines (#1951) 
Co-authored-by: Elena Vilchik <elena.vilchik@sonarsource.com>
 2023-05-30 11:00:48 +02:00
Rudy Regazzoni
2f521d1490
Modify LANG_TO_SOURCE map to have azureresourcemanager to bicep (#1838) 2023-05-08 10:53:52 +02:00
Victor
fe961619f9 migrate rule descriptions to new education format 2023-05-05 16:29:04 +02:00
Christophe Zurn
62f01f07fe Update documentation, disallow standard rule format, add allowed sections in 'Why is it an issue?' 2023-05-05 16:29:04 +02:00
Christophe Zurn
daea3fea27 RULEAPI-785 RSPEC: education format "How to fix it" section should be optional 2023-05-05 16:29:04 +02:00
Rudy Regazzoni
d6a6439e46
Add bicep and json for language support in code example (#1830) 2023-05-05 11:12:16 +02:00
Rudy Regazzoni
31f3a23b45
Add language AzureResourceManager as a supported language (#1827) 2023-05-04 11:55:34 +02:00
Costin Zaharia
5352da5b03
Add Benchmarks as a supported section on Resources (#1812) 2023-04-27 10:07:31 +02:00
Ilia Kebets
c80d7f3b4c
Add checks for education format (#1607) 2023-03-07 17:16:47 +01:00
Christophe Zürn
47ba59f3b5 RULEAPI-766 Add documentation and integrity checks for new education rule descriptions format (#1098) 2023-03-02 18:07:54 +01:00
Roberto Orlandi
dc83422098 SONARSEC-3040 Update checks and documentation to fit new rule format (#1004) 2023-03-02 18:07:54 +01:00
Nils Werner
8059dc77b1
Modify rule S2260: Add Docker as new language (RULEAPI-773) (#1391) 2022-11-14 17:33:51 +01:00
Martin Strecker
94f637f126
checklinks.py Fix broken Accept header (#1194) 2022-08-29 19:17:24 +02:00
Christophe Zürn
db2f440797
SONARSEC-3163 Add education principles to S5131 metadata json file (#1155) 2022-08-09 12:06:31 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
Arseniy Zaostrovnykh
84967d6c25
Prohibit non-ASCII characters in rule metadata.json files (#1119) 
Triggered by the deployment failure that was caused by an invisible Unicode character in a rule's metadata.json.
This PR implements three conceptual changes:
- make the deployment parse error more informative
- prohibit the use of non-ASCII characters in the metadata.json files
- remove the existing non-ASCII characters from the existing rules
 2022-07-25 17:19:53 +02:00
Pavel Mikula
bacaac778a
Replace remediation cost time unit 'mn' with 'min' (#1104) 2022-07-13 15:02:38 +02:00
Arseniy Zaostrovnykh
ec478edebc
RULEAPI-763 add an exception for medium.com links in probing script 
The exceptions might be removed once RULEAPI-763 is resolved
 2022-06-08 13:54:26 +02:00
Arseniy Zaostrovnykh
6800da7e05
RULEAPI-762: Fix link-probing cache: cache on failure and success 2022-06-08 13:52:21 +02:00
Pierre-Loup
83209561fe
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00
Loris S
33aaca1316
RULEAPI-760: Add a new language identifier for kubernetes rules (#992) 2022-05-25 10:04:20 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
Arseniy Zaostrovnykh
c475f0d6de RULEAPI-753: Use modern ids and coalesce the coverage for legacy ids 2022-04-13 00:28:19 -07:00
Alexandre Gigleux
9cb2845112
Support of PCI DSS v3.2 (#925) 
* Rename "PCI DSS" to "PCI DSS 3.2" because the security standard is versioned
* Update metadata.json of one rule using the wrong "PCI DSS"
 2022-04-12 21:58:21 +02:00
Arseniy Zaostrovnykh
1911fca994
Mock analyzer repos for the coverage test 
This removes the dependency on online repositories (on GitHub)
and speeds up the test by stripping the number of versions and files to a minimum.
Prepare the ground for RULEAPI-753.
 2022-04-05 09:44:09 +02:00
Arseniy Zaostrovnykh
f7353489fc
Enable rules removal: do not validate deleted rules 2022-03-08 12:26:53 +00:00
Marco Antognini
26e3ebc7ec Refactor rspec-tools and other cleanups 
The main changes are:
 * Split RuleCreator: move some of its content to RspecRepo and to
   RuleEditor in new modules.
 * Refactor tests accordingly.

Other less important changes:
 * Sort and remove unnecessary imports
 * Remove unimplemented functions and unnecessary classes
 * Make some functions private
 * Move pushd from utils to tests where it is only used
 * Reduce code duplication here and there
 * Remove unnecessary Mock in some tests
 * Improve coverage for add_language_to_rule
 2022-02-28 12:08:21 +01:00
Marco Antognini
dbb8027666 RULEAPI-748: Add new workflow to update quickfix status 2022-02-28 12:08:21 +01:00
Fred Tingaud
9ca204f1c9
RULEAPI-744 automatically fill the template source tags with the current language 2022-02-08 17:34:53 +01:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Fred Tingaud
7d868d3f35
Use a more readable form to display parameters 2022-02-01 12:25:23 +00:00
Marco Antognini
b2b116a8e2
RULEAPI-682: Index multiple types and rules with no languages 
* Generate description and metadata for rules with no language, so that they get indexed.
* Index rules with different types in language specializations.
* Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes).
* Write smaller JSON files, reduce their size by 30%.
* Improve test coverage of CLI application.
 2022-01-28 09:51:13 +01:00