ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,465 Commits 329 Branches 2 Tags
Commit Graph

77 Commits

Author SHA1 Message Date
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
github-actions[bot]
3fb0db77cd
Create rule S5332: Add language AzureResourceManager (#1839) 2023-05-10 14:49:07 +02:00
Rudy Regazzoni
d6a6439e46
Add bicep and json for language support in code example (#1830) 2023-05-05 11:12:16 +02:00
Jamie Anderson
664d3c5a0f
Modify rules: Remove deprecated owasp-mX tags (#1692) 2023-03-28 11:14:25 +02:00
Jamie Anderson
2d8892defb
Modify rules: Remove "owasp-aX" tag (#1655) 2023-03-16 15:25:13 +01:00
hendrik-buchwald-sonarsource
9bc6591eab
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00
pedro-oliveira-sonarsource
5862a4162d
Modify Multiple Rules: Remove Non-IAC-Based Standards in Metadata (#1481) 2022-12-20 15:43:42 +01:00
github-actions[bot]
2fc736ef4b
Create rule S5332: Using clear-text protocols is security-sensitive (#1422) 2022-11-25 17:07:05 +01:00
pedro-oliveira-sonarsource
2ed6c8e473
Modify rule S5332[javascript]: Using clear-text protocols is security-sensitive (#1317) 
Fixed by https://github.com/SonarSource/SonarJS/issues/3456
 2022-10-20 16:15:31 +02:00
Alban Auzeill
b65c1f1515 provide missing quickfixes information 2022-09-30 16:35:53 +02:00
gaetan-ferry-sonarsource
0adc826e00
Modify rule S5332: Adding AWS CDK support for the Python language (#1245) 2022-09-16 16:28:47 +02:00
Loris S
9d8b209353
Modify Multiple Rules(IAC): Remove Non-IAC-Based Standards in Metadata (APPSEC-5) (#1238) 2022-09-14 10:29:18 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource
082b3ef269
Modify: Fix old/broken embedded links (#1100) 2022-07-08 13:58:56 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource
4cd575af12
[APPSEC-2] New security standard - PCI DSS 3.2 (#1005) 2022-05-23 09:00:28 +02:00
jtingsanchali
96d9ddb930
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) 
* Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files
 2022-04-07 08:53:59 -05:00
hendrik-buchwald-sonarsource
736d58d22b
Modify rule S5332: Fix tags (#923) 2022-04-04 18:00:00 +02:00
Pierre-Loup
c3ae588343
Modify rule S5332: Update issue message (#874) 
For Terraform and Cloudformation
 2022-03-14 14:00:11 +00:00
eric-therond-sonarsource
3069550d46
Modify rule S5332[terraform]: add GCP load balancers (#760) 
* add GCP balancers

* rephrase sentence

* fix after review

* Add code highlighted tag to code example

Co-authored-by: Nils Werner <nils.werner@sonarsource.com>
 2022-03-02 14:19:10 +00:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
hendrik-buchwald-sonarsource
6bb423e68e
Modify rule S5332: Add cloud tags (#627) 
* Add Azure tag

* Add AWS tag

* Move tags to terraform subdir

Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-24 11:11:44 +00:00
Pierre-Loup
c6f14b6a20
Add AWS tag to IaC rules (#662) 2021-12-16 15:02:01 +01:00
hendrik-buchwald-sonarsource
c9cdadd72e
Modify rule S5332: Add message for missing option (#615) 2021-11-26 17:02:56 +00:00
Karim El Ouerghemmi
3d54ce32f3
Modify rule S5332: Make absence of property clearer for CloudFormation (#579) 2021-11-10 10:38:31 +01:00
Loris S
baf4eb7abd
Create rule S5332[cloudformation]: Add kinesis data stream (#501) 
* added highlighting tips

* removed highlighting tip making no sense

* fixed french syntax

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* added streamencryption bloc

* Update rules/S5332/cloudformation/rule.adoc

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 20:49:40 +01:00
hendrik-buchwald-sonarsource
3496d4bedd
Add description (#502) 
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 19:22:37 +00:00
Loris S
0465d16d1d
Create rule S5332[terraform]: Add Kinesis Data Streams (#500) 
* added skeleton

* added highlighting tip

* added kinesis recommendations

* removed template rule leftovers

* removed unnecessary clause to avoid confusion

* fixed highlighting tip mistake

* fixed french syntax

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* fixed french syntax

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* removed quotes

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-11-09 18:15:28 +01:00
hendrik-buchwald-sonarsource
0ac56f7279
Create rule S5332[cloudformation]: Add ECS Task Definition (#497) 
* Add description

* Fix mistake introduced while fixing merge conflicts

Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 17:12:01 +01:00
Loris S
b9070ab4be
Create rule S5332[cloudformation]: Add AWS Load Balancer Listeners (#506) 
* first cloudformation draft

* fixed simple mistakes

* simplified highlighting tips

* improved highlights, yaml and sensitive comment

* simplified and concised highlights

* removed french syntax

* add AWS namespace to highlights instead of regular name

Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 16:55:54 +01:00
hendrik-buchwald-sonarsource
122559324f
Create rule S5332[terraform]: Add ElastiCache Replication Group 
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-11-09 14:49:28 +00:00
Pierre-Loup
958811377b
Create rule S5332[cloudformation]: Add AWS Elasticsearch Domain (#496) 
* Add rule description

* Add code examples of the EnforceHTTPS option

* Apply suggestions from code review

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-09 14:26:57 +01:00
hendrik-buchwald-sonarsource
de99a4a664
Create rule S5332[terraform]: Add ECS Task Definition (#498) 
* Add description

* Replace message with highlight

Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-11-09 10:01:19 +00:00
Loris S
a89413a349
Create rule S5332[terraform]: Add AWS Load Balancer Listeners (#508) 
* added rule skeleton

* added rule snippets

* Adapted highlights to terraform

* fixed important mistake

* fixed french syntax

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-11-08 15:41:35 +00:00
Pierre-Loup
48354a4c9a
Create rule S5332[terraform]: Add AWS Elasticsearch Domain (#495) 
* Add rule description

* Add code examples of the enforce_https option

* Apply suggestions from code review

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <karim.ouerghemmi@sonarsource.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-08 15:31:26 +00:00
github-actions[bot]
4aef8584d8
Create rule S5332[cloudformation]: Add MSK Cluster (#494) 
* Add cloudformation to rule S5332

* added first draft after PR#464

* improved conciseness

* improved internal highlighting docs

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-08 14:10:56 +01:00
github-actions[bot]
65ca2afdbb
Create rule S5332[terraform] (#464) 
* Add terraform to rule S5332

* add base vuln rspec

* add details about msk in desc

* add highlighting rules

* mistaken : encryption clauses missing = defaults are secure

* Update rules/S5332/terraform/rule.adoc

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* Update rules/S5332/terraform/rule.adoc

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* removed template rule leftovers

* added mention about msk secure defaults

* fixed generalization mistake

* improved conciseness

* improved internal highlighting docs

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-11-08 10:49:47 +00:00
Pierre-Loup
e7ad1012e3
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00
Pierre-Loup
547094ab3c
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00
quentin-jaquier-sonarsource
7045e7434b
[java] fix formatting in rules descriptions (#504) 2021-10-18 16:27:36 +02:00
Pierre-Loup
cf92b1d361
Modify rule S5332[kotlin]: support Android WebView insecure mixed content policy (#457) 2021-10-15 10:58:45 +02:00
Pierre-Loup
18261edb3e
Modify rule S5332: Improve description (#474) 2021-10-14 16:12:59 +02:00
github-actions[bot]
2136dca525
Create rule S5332[xml] (#455) 2021-10-13 12:21:04 +02:00
Pierre-Loup
0fd3980865
Modify rule S5332[java]: support Android WebView insecure mixed content policy (#458) 2021-10-12 09:21:31 +02:00
Arseniy Zaostrovnykh
2301f5808e
RULEAPI-695: remove extra/coveredLanguages field 2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh
f7904cebe7
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 13:38:42 +00:00
pynicolas
0da133709f
Modify rule S5332: WordPress misconfigurations (#228) 
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
 2021-08-16 11:40:21 +00:00
Elena Vilchik
4017668a76
Fixes for JavaScript: remove 'Sonar way recommended' profile and legacy keys (#148) 2021-06-25 14:41:11 +02:00
eric-therond-sonarsource
08c011b06a
add mobile security standards, links and tags to mobile rules and add new CWEv4.4 entries (#112) 2021-06-10 10:04:10 +02:00