ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,921 Commits 329 Branches 2 Tags
Commit Graph

35 Commits

Author SHA1 Message Date
Pierre-Loup
770348d041
Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537) 
* Add check for security standard mismatch

* Fix security standard mismatches

* Fix Resources/Standards links for secrets rules

* Fix check

* Fix links and update security standard mapping

* Fix maintanability issue

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

* Fix typo

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>

---------

Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2024-01-17 17:20:28 +01:00
Egon Okerman
d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
 2024-01-15 17:15:56 +01:00
Pierre-Loup
241c6bbf54
Modify rule S6287: Add FastAPI support (APPSEC-1252) (#3390) 2023-12-18 11:17:43 +01:00
Marco Borgeaud
6550e65756
Diff blocks: fix some incorrect use for php (#2804) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.
 2023-08-10 15:57:24 +02:00
Antonio Aversa
a02bf814d4
Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793) 2023-08-04 17:19:38 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
Ilia Kebets
c80d7f3b4c
Add checks for education format (#1607) 2023-03-07 17:16:47 +01:00
Egon Okerman
18e9a4a7e4 [APPSEC-292] Modify rule S6287 (PHP): Change text to the education framework format (#1425) 
* Add PHP files

* Add Symfony

* Add Laravel

* Add Core PHP

* Fix Laravel example

* Update Core PHP to use a function

* Fix Symfony imports

* Remove "taintable data" from common explanation
 2023-03-02 19:03:03 +01:00
Egon Okerman
d17da6f6a6 [APPSEC-293] Modify rule S6287 (JS/TS): Change text to the education framework format (#1421) 
* Add JS

* Add noncompliant comment

* Apply review changes
 2023-03-02 19:03:03 +01:00
Egon Okerman
78d0d063b9 [APPSEC-291] Modify rule S6287 (Python): Change text to the education framework format (#1415) 
* Add Python rule

* Apply review changes
 2023-03-02 19:03:03 +01:00
Loris S
e52b9671b2 Education text Fix (#1338) 2023-03-02 18:22:24 +01:00
Loris S
eae1d4bcfc Modify S6287: Severity and Title (APPSEC-123) (#1241) 2023-03-02 18:22:24 +01:00
Loris S
8815e23ae8 Modify All Current Education Rules: Support intuitive view (#1256) 2023-03-02 18:22:24 +01:00
Loris S
1253c0a013 Modify Multiple Rules(Education): Standardization of impact files (#1240) 2023-03-02 18:22:24 +01:00
pedro-oliveira-sonarsource
162c3285fd [APPSEC-116] Modify rule S6287: Educational content (#1216) 2023-03-02 18:22:24 +01:00
Loris S
746e99677d
Modify All Current Education Rules: Add Security Principles (#1248) 2022-09-13 16:26:52 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Loris S
4774e72dc1
Modify Rules: Multiple typo on missing hyphens (#660) 2021-12-13 16:18:55 +01:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
547094ab3c
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00
hendrik-buchwald-sonarsource
faba98c05a
Use example without tainted key (#478) 2021-10-12 14:53:05 +02:00
hendrik-buchwald-sonarsource
a60040f016
Modify rule S6287: Add code samples (#336) 2021-10-07 13:41:08 +02:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
sonartech
4fd7e4eb3b Nightly update 2021-06-02 01:18:38 +00:00
sonartech
63000b3949 Nightly update 2021-06-01 01:19:13 +00:00
sonartech
4bcc25bf6c Nightly update 2021-05-30 01:18:29 +00:00
sonartech
bc226d6049 Nightly update 2021-05-29 01:19:26 +00:00