ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
875 Commits 329 Branches 2 Tags
Commit Graph

596 Commits

Author SHA1 Message Date
hendrik-buchwald-sonarsource
936b04b3b0
Create rule S4423[terraform]: Add AWS Elasticsearch Domain (#481) 
* Add description

* Fix wrong name

* Add code sample introduction

Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-10 13:37:41 +00:00
Loris S
173e6c70f1
Modify rule S6387: Add newline (#678) 2022-01-07 09:50:42 +00:00
quentin-jaquier-sonarsource
a4a6df7684
SONARJAVA-3770 Modify rule S6217[java]: Update description (#677) 2022-01-06 16:37:29 +01:00
Čaba Šagi
f3e7ff5de3
Modify rule S3442 [csharp]: Improve description of the rule (#676) 2022-01-04 11:58:12 +00:00
github-actions[bot]
448fb50aed
Create rule S6387[terraform]: Azure role assignments that grant access to all resources of a subscription are security-sensitive (#622) 
* Create rule S6387

* Add rule description

* Apply suggestions from code review

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Fix typo in highlighting.adoc filename

Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-04 11:02:05 +00:00
github-actions[bot]
7036a47aa4
Create rule S6382[terraform]: Disabling certificate-based authentication is security-sensitive (#594) 
* Create rule S6382

* Create rule S6382[terraform]: Disabling certificate-based authentication is security-sensitive

* Update rules/S6382/terraform/metadata.json

* Update rules/S6382/terraform/metadata.json

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* improved the rule after recos and S6380 recos

* reworked the sentence for clarity

* Update rules/S6382/terraform/rule.adoc

* Update rules/S6382/terraform/rule.adoc

* Update rules/S6382/terraform/rule.adoc

* Update rules/S6382/terraform/rule.adoc

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/metadata.json

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-03 15:47:06 +00:00
github-actions[bot]
de0c3bc4b5
Create rule S6379[terraform]: Enabling Azure resource-specific admin accounts is security-sensitive (#573) 
* Create rule S6379

* Enabling administrative permissions is security-sensitive

* Update rules/S6379/terraform/metadata.json

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/metadata.json

* Update rules/S6379/terraform/rule.adoc

* improved ident

* add highlighting

* fix md link

* Update rules/S6379/terraform/rule.adoc

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

* Update rules/S6379/terraform/rule.adoc

* Add missing azure tag

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-03 16:39:34 +01:00
github-actions[bot]
9ff6a8b388
Create rule S6375[terraform]: Assigning high privileges Azure Active Directory built-in roles is security-sensitive (#560) 
* Create rule S6375

* Add rule description

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Update issue location

Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-03 15:23:48 +00:00
github-actions[bot]
e0109d1b26
Create rule S6385[terraform]: Azure custom roles should not grant subscription Owner capabilities (#603) 
* Create rule S6385

* Add rule description

* Apply suggestions from code review

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Update rules/S6385/see.adoc

Fix CWE link

* Update rules/S6385/see.adoc

Fix CWE link

* Add missing azure tag

Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-03 15:07:46 +00:00
Fred Tingaud
a25058afe1
Modify rule S125: support quick fix and add an exception for code documentation (#669) 2021-12-29 23:08:19 +01:00
github-actions[bot]
153d4621c3
Add CloudFormation to rule S2260 (#663) 2021-12-29 08:33:15 +00:00
github-actions[bot]
f55da18555
Create rule S6381[terraform]: Assigning high privileges Azure Resource Manager built-in roles is security-sensitive (#583) 
* Create rule S6381

* Add rule description

* Apply suggestions from code review

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-12-29 08:22:27 +00:00
Loïc Joly
173e20ad6b
S2665: Align RSPEC with implementation (#673) 2021-12-24 14:23:50 +01:00
Loïc Joly
79a2d73751
Modify Rule S1001: Revert changes introduced by CPP-1307 2021-12-24 09:58:47 +01:00
Loïc Joly
36599be9b6
S1768 Revert changes to the RSPEC that are not in sync with the implementation: (#672) 
* On change was saying wrong things: Enums can have negative values
* The other one is of little value, especially for a deprecated rule.
 2021-12-22 18:24:19 +01:00
Loïc Joly
460b3d7e7b
S1226: CPP-2006 Align RSPEC description with current rule implementation 
The RSPEC was changed, but not the implementation. This PR re-establishes the previous RSPEC. The change will be available in another RSPEC that will only be merged together with the implementation.
 2021-12-22 17:25:34 +01:00
Pavel Mikula
c8e8020780
Modify rule S4275[dotnet]: Fix VB.NET examples (#664) 2021-12-22 15:23:02 +00:00
hendrik-buchwald-sonarsource
651157eb2a
Modify rule S5131: Make description more precise (#665) 2021-12-17 13:38:57 +01:00
Pierre-Loup
c6f14b6a20
Add AWS tag to IaC rules (#662) 2021-12-16 15:02:01 +01:00
github-actions[bot]
2a9ea96c76
Create rule S6364: Defining a short backup retention duration is security-sensitive (#453) 2021-12-15 16:51:01 +01:00
github-actions[bot]
ed8762d5ac
Create rule S6378[terraform] : Disabling Managed Identities for Azure resources is security-sensitive (#569) 
* clean-up old metadata file

* Create rule S6378

* Add first draft

* added link to managed service resources list

* fix vague title

* add metadata tagging

* add metadata - sec standards

* add owasp ref

* add concise var names

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* add concise var names and reduces identity.type

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6378/description.adoc

* add other distinct code sample

* add down to earth recos

Clear-text credentials || third party systems

* add description - clearer on M-Identities stakes

* changed remediation cost to 1h

* add cleared reco - use system-assigned

* fix layout pb

* fix metadata 'hour' mistake: 'hour'->'h'

* reformulate ask-yourself

* fixed potential confusion

* applied review suggestions

* add highlight

* Update rules/S6378/metadata.json

* Update rules/S6378/message.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6378/metadata.json

* Update rules/S6378/ask-yourself.adoc

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-12-14 09:37:33 +00:00
Loris S
4774e72dc1
Modify Rules: Multiple typo on missing hyphens (#660) 2021-12-13 16:18:55 +01:00
Čaba Šagi
6c68ac52d7
Modify rule S2222[csharp, vbnet]: Change scope to Main (#658) 2021-12-13 07:52:16 +00:00
Loïc Joly
8009f3733a
Modify rule S5319: Remove reference to non-implemented rule 2021-12-12 09:47:14 +00:00
Loïc Joly
c9caaf840d
Remove CFamily rules that wont be implemented(S800, S1719, S1120, S1262, and S3395) and add cert link 2021-12-09 18:45:27 +00:00
Pierre-Loup
5a2828b558
Modify rule S5131: improve description (#633) 2021-12-09 11:26:12 +00:00
quentin-jaquier-sonarsource
c320b4010d
MMF-2326 [Java/XML] Move rules from Java to XML 2021-12-09 09:11:27 +01:00
github-actions[bot]
109719cd68
Create rule S6369: Coroutine should have co_return on each execution path or provide return_void 2021-12-08 17:52:58 +01:00
Čaba Šagi
03a026c8a9
Modify rule S2222[csharp, vbnet]: Improve noncompliant example (#647) 2021-12-08 15:40:25 +01:00
Čaba Šagi
280361aa11
Remove from SonarWay (#646) 2021-12-08 11:21:54 +01:00
github-actions[bot]
b006f130e4
Create rule S6365: Use symmetric transfer to switch execution between coroutines 2021-12-08 09:01:56 +00:00
github-actions[bot]
90a68665a8
Create rule S6389: Using bidirectional characters is security-sensitive (#634) 
* Create rule S6389

* Update metadata

* Add empty files

* First draft description

* Add recommended draft

* add first AYW draft

* Add recommended draft

* add first see draft

* add first msg dragt

* added first highlighting draft

* added highlighting

* improvement ayw

* del newlin

* Homogenize ask-yourself

* added reco suggestion

* add unicode-friendly IDEs

* fix typos see

* Add CWE-94

* Add code samples

* Add code samples

* Add missing s

* Update message

Co-authored-by: nils-werner-sonarsource <nils-werner-sonarsource@users.noreply.github.com>
Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
 2021-12-06 16:07:45 +01:00
github-actions[bot]
f94c32af9c
Create rule S6391: Coroutines should not take const references as parameters 2021-12-03 15:29:52 +01:00
github-actions[bot]
1ba88256b4
Create rule S2222[vbnet] (#638) 2021-12-02 13:42:27 +00:00
github-actions[bot]
60e55cbdbe
Create rule S6366: Use conditional suspension to resume current coroutine 2021-12-02 14:35:15 +01:00
Čaba Šagi
8775aa505f
Modify rule S2222[CSharp]: improve description and code example (#635) 2021-12-02 14:29:24 +01:00
github-actions[bot]
3ab703fcd7
Create rule S6367: Thread local variables should not be used in coroutines 2021-12-01 14:13:36 +00:00
github-actions[bot]
16de2ee219
Create rule S6372: "await_suspend" should accept type-erased "coroutine_handle" when it uses it in a generic way 2021-12-01 13:32:11 +00:00
Loïc Joly
30d637cd9e
Delete the RSPECs related to the "underlying type system" 
These RSPECs rely on the "underlying type system" of MISA C++2008, which will be replaced in the next MISRA. We don't plan to implement them.
 2021-11-29 17:41:02 +01:00
quentin-jaquier-sonarsource
9ed3f1764e
Modify rule S2122[Java/Kotlin]: Change code delimiter (#626) 2021-11-29 14:35:27 +00:00
quentin-jaquier-sonarsource
3c615c9fd9
Modify rule S5843: Fix duplicate description parts (#629) 2021-11-29 12:59:01 +01:00
hendrik-buchwald-sonarsource
c9cdadd72e
Modify rule S5332: Add message for missing option (#615) 2021-11-26 17:02:56 +00:00
Marco Antognini
6d274180e0
Modify rule S1763[cfamily]: cover co_return and [[noreturn]] (#605) 2021-11-26 17:18:04 +01:00
Arseniy Zaostrovnykh
643041d481
Modify rule S6194: replace Function with Coroutine 2021-11-26 15:25:18 +00:00
quentin-jaquier-sonarsource
911e9a25ff
Modify rule S4682, S4454[Java]: add quick fix (#620) 2021-11-26 15:56:17 +01:00
Arseniy Zaostrovnykh
538d799553
Modify rule S6192: infeasible quickfix; verbose param name 2021-11-26 14:19:54 +01:00
Arseniy Zaostrovnykh
e3e86d61c5
Modify rule S6194: mark quick fix as infeasible 2021-11-25 17:07:04 +00:00
Arseniy Zaostrovnykh
8eb774e1fc
Modify rule S6184: grammar fix (#611) 2021-11-25 16:08:21 +00:00
Arseniy Zaostrovnykh
1e4785ea2a
Modify rule S6184: quickfix is infeasible 2021-11-25 15:35:14 +01:00
Marco Antognini
6887226e5b
Modify rule S6193: mark quick fix as infeasible (#618) 2021-11-25 12:35:30 +01:00