rspec

Author	SHA1	Message	Date
github-actions[bot]	33a29b7555	Create rule S5332 (#3526 )	2024-01-29 15:16:07 +01:00
Pierre-Loup	770348d041	Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537 ) * Add check for security standard mismatch * Fix security standard mismatches * Fix Resources/Standards links for secrets rules * Fix check * Fix links and update security standard mapping * Fix maintanability issue * Apply review suggestions * Apply suggestions from code review Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> * Fix typo Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> --------- Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>	2024-01-17 17:20:28 +01:00
Egon Okerman	d1417e82f8	Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529 ) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes	2024-01-15 17:15:56 +01:00
Fred Tingaud	6f24cc0632	Clean rule at root In some cases, the `rule.adoc` at root of a rule is never included anywhere and thus is dead code. It's a maintenance cost by itself, but also it misses opportunities to inline code that seems used by two documents when in fact only one document is actually rendered. And this missed opportunity, in turn, stops us from applying the correct language tag on the code samples.	2023-10-16 16:34:38 +02:00
daniel-teuchert-sonarsource	9372724e74	Modify rule S5332: Improve RSPEC text and examples (APPSEC-1089) (#3095 ) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)	2023-09-25 09:39:16 +02:00
github-actions[bot]	4532785786	Create rule S5332: Using clear-text protocols is security-sensitive (Go support) (#2874 ) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S5332/go) (updated a few minutes after each push). Related tickets: * Research ticket: [APPSEC-898](https://sonarsource.atlassian.net/browse/APPSEC-898) * Implementation ticket (HTTP): [SONARSLANG-605](https://sonarsource.atlassian.net/browse/SONARSLANG-605) * Implementation ticket (FTP): [SONARSLANG-604](https://sonarsource.atlassian.net/browse/SONARSLANG-604) * Implementation ticket (SMTP): [SONARSLANG-603](https://sonarsource.atlassian.net/browse/SONARSLANG-603) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)	2023-08-15 17:11:21 +01:00
Antonio Aversa	a02bf814d4	Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793 )	2023-08-04 17:19:38 +02:00
hendrik-buchwald-sonarsource	b626a82de9	Create rule S5332: Add BICEP for AzureResourceManager (#1872 ) PR #1839 added the JSON format for Azure Resource Manager. This PR adds BICEP. Since BICEP support will follow later, it can not be merged yet. --------- Co-authored-by: Rudy Regazzoni <110470341+rudy-regazzoni-sonarsource@users.noreply.github.com>	2023-08-03 10:26:18 +02:00
Jonas Wielage	2a037201f3	Modify rule S5332: Add additional implementation message (#2309 )	2023-06-28 10:23:52 +02:00
Fred Tingaud	9cb6b98e41	Remove unimplemented languages/rules tagged as 'SECURITY_HOTSPOT' or 'VULNERABILITY' Languages for which some unique descriptions remain are kept. This cleaning removes the following rules that were implemented in no language: [S1947, S2085, S2086, S2609, S2610, S2614, S2643, S2773, S2776, S3268, S3272, S3361]	2023-06-22 19:13:37 +02:00
Fred Tingaud	51369b610e	Make sure that includes are always surrounded by empty lines (#2270 ) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.	2023-06-22 10:38:01 +02:00
Fred Tingaud	16f6c0aecf	Inline adoc when include has no additional value (#1940 ) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.	2023-05-25 14:18:12 +02:00
github-actions[bot]	3fb0db77cd	Create rule S5332: Add language AzureResourceManager (#1839 )	2023-05-10 14:49:07 +02:00
Rudy Regazzoni	d6a6439e46	Add bicep and json for language support in code example (#1830 )	2023-05-05 11:12:16 +02:00
Jamie Anderson	664d3c5a0f	Modify rules: Remove deprecated `owasp-mX` tags (#1692 )	2023-03-28 11:14:25 +02:00
Jamie Anderson	2d8892defb	Modify rules: Remove "owasp-aX" tag (#1655 )	2023-03-16 15:25:13 +01:00
hendrik-buchwald-sonarsource	9bc6591eab	Modify multiple rules: Clean up texts of MMF-2503 (#1497 )	2023-01-09 15:29:41 +01:00
pedro-oliveira-sonarsource	5862a4162d	Modify Multiple Rules: Remove Non-IAC-Based Standards in Metadata (#1481 )	2022-12-20 15:43:42 +01:00
github-actions[bot]	2fc736ef4b	Create rule S5332: Using clear-text protocols is security-sensitive (#1422 )	2022-11-25 17:07:05 +01:00
pedro-oliveira-sonarsource	2ed6c8e473	Modify rule S5332[javascript]: Using clear-text protocols is security-sensitive (#1317 ) Fixed by https://github.com/SonarSource/SonarJS/issues/3456	2022-10-20 16:15:31 +02:00
Alban Auzeill	b65c1f1515	provide missing quickfixes information	2022-09-30 16:35:53 +02:00
gaetan-ferry-sonarsource	0adc826e00	Modify rule S5332: Adding AWS CDK support for the Python language (#1245 )	2022-09-16 16:28:47 +02:00
Loris S	9d8b209353	Modify Multiple Rules(IAC): Remove Non-IAC-Based Standards in Metadata (APPSEC-5) (#1238 )	2022-09-14 10:29:18 +02:00
Alexandre Gigleux	01bad1b800	Map rules to OWASP ASVS 4 (#1110 ) https://sonarsource.atlassian.net/browse/MMF-2794	2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource	082b3ef269	Modify: Fix old/broken embedded links (#1100 )	2022-07-08 13:58:56 +02:00
pedro-oliveira-sonarsource	b04b29019c	[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007 )	2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource	4cd575af12	[APPSEC-2] New security standard - PCI DSS 3.2 (#1005 )	2022-05-23 09:00:28 +02:00
jtingsanchali	96d9ddb930	RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926 ) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files	2022-04-07 08:53:59 -05:00
hendrik-buchwald-sonarsource	736d58d22b	Modify rule S5332: Fix tags (#923 )	2022-04-04 18:00:00 +02:00
Pierre-Loup	c3ae588343	Modify rule S5332: Update issue message (#874 ) For Terraform and Cloudformation	2022-03-14 14:00:11 +00:00
eric-therond-sonarsource	3069550d46	Modify rule S5332[terraform]: add GCP load balancers (#760 ) * add GCP balancers * rephrase sentence * fix after review * Add code highlighted tag to code example Co-authored-by: Nils Werner <nils.werner@sonarsource.com>	2022-03-02 14:19:10 +00:00
Fred Tingaud	b4161466e6	RULEAPI-661: Add syntax coloring	2022-02-04 16:28:24 +00:00
hendrik-buchwald-sonarsource	6bb423e68e	Modify rule S5332: Add cloud tags (#627 ) * Add Azure tag * Add AWS tag * Move tags to terraform subdir Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>	2022-01-24 11:11:44 +00:00
Pierre-Loup	c6f14b6a20	Add AWS tag to IaC rules (#662 )	2021-12-16 15:02:01 +01:00
hendrik-buchwald-sonarsource	c9cdadd72e	Modify rule S5332: Add message for missing option (#615 )	2021-11-26 17:02:56 +00:00
Karim El Ouerghemmi	3d54ce32f3	Modify rule S5332: Make absence of property clearer for CloudFormation (#579 )	2021-11-10 10:38:31 +01:00
Loris S	baf4eb7abd	Create rule S5332[cloudformation]: Add kinesis data stream (#501 ) * added highlighting tips * removed highlighting tip making no sense * fixed french syntax Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * added streamencryption bloc * Update rules/S5332/cloudformation/rule.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>	2021-11-09 20:49:40 +01:00
hendrik-buchwald-sonarsource	3496d4bedd	Add description (#502 ) Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>	2021-11-09 19:22:37 +00:00
Loris S	0465d16d1d	Create rule S5332[terraform]: Add Kinesis Data Streams (#500 ) * added skeleton * added highlighting tip * added kinesis recommendations * removed template rule leftovers * removed unnecessary clause to avoid confusion * fixed highlighting tip mistake * fixed french syntax Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * fixed french syntax Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * removed quotes Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>	2021-11-09 18:15:28 +01:00
hendrik-buchwald-sonarsource	0ac56f7279	Create rule S5332[cloudformation]: Add ECS Task Definition (#497 ) * Add description * Fix mistake introduced while fixing merge conflicts Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>	2021-11-09 17:12:01 +01:00
Loris S	b9070ab4be	Create rule S5332[cloudformation]: Add AWS Load Balancer Listeners (#506 ) * first cloudformation draft * fixed simple mistakes * simplified highlighting tips * improved highlights, yaml and sensitive comment * simplified and concised highlights * removed french syntax * add AWS namespace to highlights instead of regular name Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>	2021-11-09 16:55:54 +01:00
hendrik-buchwald-sonarsource	122559324f	Create rule S5332[terraform]: Add ElastiCache Replication Group Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>	2021-11-09 14:49:28 +00:00
Pierre-Loup	958811377b	Create rule S5332[cloudformation]: Add AWS Elasticsearch Domain (#496 ) * Add rule description * Add code examples of the EnforceHTTPS option * Apply suggestions from code review Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>	2021-11-09 14:26:57 +01:00
hendrik-buchwald-sonarsource	de99a4a664	Create rule S5332[terraform]: Add ECS Task Definition (#498 ) * Add description * Replace message with highlight Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>	2021-11-09 10:01:19 +00:00
Loris S	a89413a349	Create rule S5332[terraform]: Add AWS Load Balancer Listeners (#508 ) * added rule skeleton * added rule snippets * Adapted highlights to terraform * fixed important mistake * fixed french syntax Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>	2021-11-08 15:41:35 +00:00
Pierre-Loup	48354a4c9a	Create rule S5332[terraform]: Add AWS Elasticsearch Domain (#495 ) * Add rule description * Add code examples of the enforce_https option * Apply suggestions from code review Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Karim El Ouerghemmi <karim.ouerghemmi@sonarsource.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>	2021-11-08 15:31:26 +00:00
github-actions[bot]	4aef8584d8	Create rule S5332[cloudformation]: Add MSK Cluster (#494 ) * Add cloudformation to rule S5332 * added first draft after PR#464 * improved conciseness * improved internal highlighting docs Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>	2021-11-08 14:10:56 +01:00
github-actions[bot]	65ca2afdbb	Create rule S5332[terraform] (#464 ) * Add terraform to rule S5332 * add base vuln rspec * add details about msk in desc * add highlighting rules * mistaken : encryption clauses missing = defaults are secure * Update rules/S5332/terraform/rule.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * Update rules/S5332/terraform/rule.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * removed template rule leftovers * added mention about msk secure defaults * fixed generalization mistake * improved conciseness * improved internal highlighting docs Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com> Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>	2021-11-08 10:49:47 +00:00
Pierre-Loup	e7ad1012e3	RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545 )	2021-11-01 15:00:32 +01:00
Pierre-Loup	547094ab3c	Update CWE mapping (#534 )	2021-10-28 10:07:16 +02:00

1 2

88 Commits