ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,921 Commits 329 Branches 2 Tags
Commit Graph

58 Commits

Author SHA1 Message Date
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) 
* Add check for security standard mismatch

* Fix security standard mismatches

* Fix Resources/Standards links for secrets rules

* Fix check

* Fix links and update security standard mapping

* Fix maintanability issue

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

* Fix typo

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

---------

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2024-01-17 17:20:28 +01:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Jamie Anderson
5e8734386e
Modify rule S4507: Add examples for Python Flask (#3042) 2023-11-13 12:01:48 +01:00
Fred Tingaud
d3cfe19d7e
Fix broken or dangerous backquotes 
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
 2023-10-30 10:33:56 +01:00
Fred Tingaud
6f24cc0632
Clean rule at root 
In some cases, the `rule.adoc` at root of a rule is never included
anywhere and thus is dead code.
It's a maintenance cost by itself, but also it misses opportunities to
inline code that seems used by two documents when in fact only one
document is actually rendered. And this missed opportunity, in turn,
stops us from applying the correct language tag on the code samples.
 2023-10-16 16:34:38 +02:00
github-actions[bot]
b5aa16faa3
Create rule S4507: Add "Delivering code in production with debug features activated is security-sensitive" to Go (#2858) 
You can preview this rule
[here](https://sonarsource.github.io/rspec/#/rspec/S4507/go) (updated a
few minutes after each push).

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: sebastien-andrivet-sonarsource <sebastien.andrivet@sonarsource.com>
Co-authored-by: sebastien-andrivet-sonarsource <138577785+sebastien-andrivet-sonarsource@users.noreply.github.com>
Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com>
 2023-08-17 14:25:28 +02:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
gaetan-ferry-sonarsource
66000e5511
Modify rule S4507: Adding support for web.config error handling parameters (XML)(APPSEC-700) (#1938) 2023-07-04 18:38:07 +02:00
Fred Tingaud
51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
 2023-06-22 10:38:01 +02:00
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
Jamie Anderson
664d3c5a0f
Modify rules: Remove deprecated owasp-mX tags (#1692) 2023-03-28 11:14:25 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
github-actions[bot]
7fecd63449
Create rule S4507: add Docker support (APPSEC-441) (#1542) 2023-02-07 15:04:20 +01:00
hendrik-buchwald-sonarsource
9bc6591eab
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00
Roberto Orlandi
cbf3089b30 Modify rule S4507: Update RPG rule description 2022-11-02 11:29:00 +01:00
Alban Auzeill
b65c1f1515 provide missing quickfixes information 2022-09-30 16:35:53 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
2eb4c50a9b
RULEAPI-710: Validate that security-standards are not shadowed 2021-10-29 16:55:50 +00:00
Pierre-Loup
547094ab3c
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00
Pierre-Loup
8f1e968ad7
Update CWE-489 title (#511) 2021-10-21 11:23:23 +02:00
Alban Auzeill
5d16ca1d83
Modify Rule S4507[java]: update sensitive code example with Statics.setWebContentsDebuggingEnabled (#480) 2021-10-12 17:12:55 +02:00
hendrik-buchwald-sonarsource
2a575fd3fb
Modify rule S4507: Add Java/Kotlin examples for WebView (#428) 2021-10-12 09:06:49 +02:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
pynicolas
57c2681f05
Modify rule S4507: WordPress misconfigurations (#227) 2021-08-10 12:03:24 +00:00
Elena Vilchik
4017668a76
Fixes for JavaScript: remove 'Sonar way recommended' profile and legacy keys (#148) 2021-06-25 14:41:11 +02:00
eric-therond-sonarsource
08c011b06a
add mobile security standards, links and tags to mobile rules and add new CWEv4.4 entries (#112) 2021-06-10 10:04:10 +02:00
Arseniy Zaostrovnykh
b76bc57083
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00
Arseniy Zaostrovnykh
6c1ad2c13c Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00
Arseniy Zaostrovnykh
cdd7690a79 Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Arseniy Zaostrovnykh
c3ecf3c175 remove space in the beginning and end of code blocks 2021-02-17 12:23:45 +01:00
Arseniy Zaostrovnykh
acadea59e9 move coveredLangauges and replacementRules into extra field 2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh
1d713451d6 Undo the abuse of compatibleLanguages metadata field 2021-02-16 15:00:44 +01:00
Arseniy Zaostrovnykh
bd054677b5 Disarm the . at the start of a line 2021-02-16 11:54:08 +01:00
Arseniy Zaostrovnykh
f1aa7fbd60 update; grammar fixes 2021-02-11 16:56:46 +01:00
Arseniy Zaostrovnykh
e288eaac59 rename web to html 2021-02-10 17:04:49 +01:00
Arseniy Zaostrovnykh
8a65f40602 unescape the links inside in-line code 2021-02-08 19:11:39 +01:00
Arseniy Zaostrovnykh
a09a26d560 fix hading of {{\+}} and sort the compatible languages 2021-02-08 12:42:26 +01:00
Arseniy Zaostrovnykh
b62862646c move typescript rules to javascript directory 2021-02-08 10:49:37 +01:00
sonartech
0ffbfb133d Nightly update 2021-02-06 04:10:49 +00:00
Arseniy Zaostrovnykh
af8cda992b unescape more things 2021-02-05 10:34:25 +01:00
Arseniy Zaostrovnykh
402a7d7be3 sort metadata fields 2021-02-04 12:27:03 +01:00
Arseniy Zaostrovnykh
f6093ee186 Overapproximate compatibleLanguages and tags/standards 2021-02-02 19:11:00 +01:00
Arseniy Zaostrovnykh
716b335a56 Enable forced linebreaks in quotes; escape -- in url 2021-02-02 16:54:43 +01:00
Arseniy Zaostrovnykh
7ca29f686f Force linebreaks 2021-02-02 15:02:10 +01:00
Arseniy Zaostrovnykh
1a22006270 Add coveredLanguages field 2021-01-29 15:53:23 +01:00