ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,565 Commits 329 Branches 2 Tags
Commit Graph

71 Commits

Author SHA1 Message Date
Egon Okerman
afdfdf77d0
Update URLs to point to mas.owasp.org (#4126) 2024-08-08 09:50:21 +02:00
Jamie Anderson
23afb17784
Modify rule S5542: Change text for rule update (#3719) 2024-03-15 15:49:46 +00:00
Loris S
96811524d7
Modify JVM Crypto rules: Change framework name (#3550) 
* Modify JVM Crypto rules: Change title

* changed names

* Apply suggestions from code review

* fixed includes
 2024-01-25 15:18:07 +01:00
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) 
* Add check for security standard mismatch

* Fix security standard mismatches

* Fix Resources/Standards links for secrets rules

* Fix check

* Fix links and update security standard mapping

* Fix maintanability issue

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

* Fix typo

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

---------

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2024-01-17 17:20:28 +01:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
kevin.hinz
014db5e0bd
Update rationale.adoc (#3520) 2023-12-21 09:09:34 +01:00
Marco Borgeaud
34814f787b
Remove links to SANS Top 25 CWEs (#3322) 
These links are no longer relevant since SANS now just link to CWE, and we already have links to CWEs.
 2023-10-18 13:16:00 +00:00
Marco Borgeaud
8209548e54
Diff blocks: fix incorrect use for python (#2795) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.

An obvious extra use of diff blocks was removed.
 2023-08-21 15:22:49 +02:00
Marco Borgeaud
210246f5d8
Diff blocks: fix incorrect use for CFamily 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.
 2023-08-15 10:14:59 +02:00
Marco Borgeaud
6550e65756
Diff blocks: fix some incorrect use for php (#2804) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.
 2023-08-10 15:57:24 +02:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Fred Tingaud
51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
 2023-06-22 10:38:01 +02:00
Loris S
9e9c990658
Modify S5542: Learn-As-You-Code migration (#2011) 
Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
 2023-06-20 10:27:53 +02:00
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
Victor
fe961619f9 migrate rule descriptions to new education format 2023-05-05 16:29:04 +02:00
Jamie Anderson
2d52a31a16
Modify rules: Remove deprecated sans-top25-* tags (#1694) 2023-03-29 15:31:59 +02:00
Jamie Anderson
664d3c5a0f
Modify rules: Remove deprecated owasp-mX tags (#1692) 2023-03-28 11:14:25 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
Pierre-Loup
3c31fb8713
Modify rule S5542[kotlin]: Detect CBC mode when used with padding (APPSEC-30) (#1054) 2022-11-29 16:29:30 +01:00
Pierre-Loup
b34a3e6d2a
Modify rule S5542[java]: Detect CBC mode when used with padding (APPSEC-31) (#1052) 
* Remove langugages with no implementation

* Update description

* [APPSEC-31] Update rule description

* Apply suggestions from code review

Co-authored-by: pedro-oliveira-sonarsource <104737234+pedro-oliveira-sonarsource@users.noreply.github.com>

Co-authored-by: pedro-oliveira-sonarsource <104737234+pedro-oliveira-sonarsource@users.noreply.github.com>
 2022-11-09 15:20:11 +01:00
Pierre-Loup
49ce836ac3
Update description.adoc (#1207) 2022-09-02 10:42:56 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
Pierre-Loup
fdb29cd2e3
Modify rule S5542: update rule description (#1050) 2022-06-16 22:54:35 +02:00
Pierre-Loup
4859b5747a
Revert "Modify rule S5542[cfamilly]: reconsider if the rule should raise when CBC mode is used (APPSEC-28) (#1046)" (#1049) 
This reverts commit a5979e14153777080a3d797c109dcb0402d926ca.
 2022-06-16 22:41:20 +02:00
Pierre-Loup
a5979e1415
Modify rule S5542[cfamilly]: reconsider if the rule should raise when CBC mode is used (APPSEC-28) (#1046) 2022-06-16 16:53:22 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
2eb4c50a9b
RULEAPI-710: Validate that security-standards are not shadowed 2021-10-29 16:55:50 +00:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
5ba82ae371
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
Arseniy Zaostrovnykh
11c08de44a
Revert "RULEAPI-665: Remove security standards from the irrelevant language-specific rules" (#361) 
This reverts commit 892bccde8ffcdf2a6d662d97ec469cd63de87878.
 2021-09-17 13:50:03 +02:00
Arseniy Zaostrovnykh
892bccde8f
RULEAPI-665: Remove security standards from the irrelevant language-specific rules 2021-09-17 13:44:41 +02:00
eric-therond-sonarsource
b011d5c853
Update S5542 description: ECB mode for RSA (#215) 
* Update S5542 description: ECB mode for RSA

* fix after review
 2021-07-19 09:33:36 +02:00
Elena Vilchik
4017668a76
Fixes for JavaScript: remove 'Sonar way recommended' profile and legacy keys (#148) 2021-06-25 14:41:11 +02:00
eric-therond-sonarsource
08c011b06a
add mobile security standards, links and tags to mobile rules and add new CWEv4.4 entries (#112) 2021-06-10 10:04:10 +02:00
Arseniy Zaostrovnykh
b76bc57083
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00
Arseniy Zaostrovnykh
6fc8e148c2
RULEAPI-644: Export security standards from Jira 2021-06-08 08:36:49 +02:00
Amélie Renard
7b177ec126
RULEAPI-608 Rename unconventional headers in RSPECs and update the validation script in GitHub rspec repository 2021-06-04 14:23:34 +02:00
Arseniy Zaostrovnykh
6c1ad2c13c Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00
Arseniy Zaostrovnykh
cdd7690a79 Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
sonartech
0f7acafa00 Nightly update 2021-05-06 10:42:27 +00:00
Arseniy Zaostrovnykh
3d1e98b941 Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
Arseniy Zaostrovnykh
af4fdb3a84 Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00