ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,449 Commits 329 Branches 2 Tags
Commit Graph

133 Commits

Author SHA1 Message Date
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 (#1110) 
https://sonarsource.atlassian.net/browse/MMF-2794
 2022-07-29 13:35:38 +02:00
Arseniy Zaostrovnykh
84967d6c25
Prohibit non-ASCII characters in rule metadata.json files (#1119) 
Triggered by the deployment failure that was caused by an invisible Unicode character in a rule's metadata.json.
This PR implements three conceptual changes:
- make the deployment parse error more informative
- prohibit the use of non-ASCII characters in the metadata.json files
- remove the existing non-ASCII characters from the existing rules
 2022-07-25 17:19:53 +02:00
Pavel Mikula
bacaac778a
Replace remediation cost time unit 'mn' with 'min' (#1104) 2022-07-13 15:02:38 +02:00
Arseniy Zaostrovnykh
ec478edebc
RULEAPI-763 add an exception for medium.com links in probing script 
The exceptions might be removed once RULEAPI-763 is resolved
 2022-06-08 13:54:26 +02:00
Arseniy Zaostrovnykh
6800da7e05
RULEAPI-762: Fix link-probing cache: cache on failure and success 2022-06-08 13:52:21 +02:00
Pierre-Loup
83209561fe
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items (#1013) 2022-05-25 16:36:49 +02:00
Loris S
33aaca1316
RULEAPI-760: Add a new language identifier for kubernetes rules (#992) 2022-05-25 10:04:20 +02:00
dependabot[bot]
c2d50e0bdf
[dependabot] Bump pyjwt from 2.1.0 to 2.4.0 in /rspec-tools 
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.1.0 to 2.4.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.1.0...2.4.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-25 08:18:02 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007) 2022-05-24 16:19:27 +02:00
Arseniy Zaostrovnykh
bb042389fa Mock temporary rspec repo 2022-04-13 00:28:19 -07:00
Arseniy Zaostrovnykh
c475f0d6de RULEAPI-753: Use modern ids and coalesce the coverage for legacy ids 2022-04-13 00:28:19 -07:00
Alexandre Gigleux
9cb2845112
Support of PCI DSS v3.2 (#925) 
* Rename "PCI DSS" to "PCI DSS 3.2" because the security standard is versioned
* Update metadata.json of one rule using the wrong "PCI DSS"
 2022-04-12 21:58:21 +02:00
Arseniy Zaostrovnykh
1911fca994
Mock analyzer repos for the coverage test 
This removes the dependency on online repositories (on GitHub)
and speeds up the test by stripping the number of versions and files to a minimum.
Prepare the ground for RULEAPI-753.
 2022-04-05 09:44:09 +02:00
Arseniy Zaostrovnykh
f7353489fc
Enable rules removal: do not validate deleted rules 2022-03-08 12:26:53 +00:00
Arseniy Zaostrovnykh
89c7e09b35
Fix source history information shadowing for rspec-tools project 2022-03-07 09:47:57 +01:00
Marco Antognini
26e3ebc7ec Refactor rspec-tools and other cleanups 
The main changes are:
 * Split RuleCreator: move some of its content to RspecRepo and to
   RuleEditor in new modules.
 * Refactor tests accordingly.

Other less important changes:
 * Sort and remove unnecessary imports
 * Remove unimplemented functions and unnecessary classes
 * Make some functions private
 * Move pushd from utils to tests where it is only used
 * Reduce code duplication here and there
 * Remove unnecessary Mock in some tests
 * Improve coverage for add_language_to_rule
 2022-02-28 12:08:21 +01:00
Marco Antognini
dbb8027666 RULEAPI-748: Add new workflow to update quickfix status 2022-02-28 12:08:21 +01:00
Fred Tingaud
9ca204f1c9
RULEAPI-744 automatically fill the template source tags with the current language 2022-02-08 17:34:53 +01:00
Fred Tingaud
b4161466e6
RULEAPI-661: Add syntax coloring 2022-02-04 16:28:24 +00:00
Fred Tingaud
7d868d3f35
Use a more readable form to display parameters 2022-02-01 12:25:23 +00:00
Marco Antognini
b2b116a8e2
RULEAPI-682: Index multiple types and rules with no languages 
* Generate description and metadata for rules with no language, so that they get indexed.
* Index rules with different types in language specializations.
* Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes).
* Write smaller JSON files, reduce their size by 30%.
* Improve test coverage of CLI application.
 2022-01-28 09:51:13 +01:00
Fred Tingaud
171580f86a
Revert "RULEAPI-614: mark unpredictable remediation cost" 
We should validate functionally this change with PMs before putting it in production.
Reverting for now.
 2022-01-19 19:07:03 +00:00
Fred Tingaud
ebfa8932d1
RULEAPI-614: mark unpredictable remediation cost 2022-01-19 16:39:02 +01:00
Nils Werner
b46b76025c
Rename 'Common' to 'Text' (#714) 2022-01-17 17:05:01 +01:00
tomasz-kaminski-sonarsource
7f5b613ec4
RULEAPI-711: Adjust for underscore in CLOUDFORMATION inside sonar-iac sonarpedia 2022-01-14 14:21:00 +01:00
Marco Antognini
065322db2f
RULEAPI-680: Remove the mention of [label] (#705) 2022-01-13 16:03:40 +00:00
Arseniy Zaostrovnykh
d444d13593
Fix python issues raised by SQ for the old code 2022-01-13 09:25:17 +01:00
tomasz-kaminski-sonarsource
fb4391ec23
RULEAPI-579: Enable project analysis in SonarQube Next (#693) 2022-01-12 14:45:44 +00:00
Nils Werner
0153e37597
RULEAPI-715: Add the "common" language (#632) 2021-12-01 15:18:31 +00:00
Nils Werner
d989c48b3f
Add sonar-iac as repository for coverage (#600) 2021-11-16 16:57:55 +00:00
Arseniy Zaostrovnykh
7ab240738e
Fix the coverage-update test failure following the CSS+JS merge (#588) 2021-11-12 09:51:39 +00:00
Pierre-Loup
2eb4c50a9b
RULEAPI-710: Validate that security-standards are not shadowed 2021-10-29 16:55:50 +00:00
Pierre-Loup
2026ac6b8c
RULEAPI-698: Support OWASP Top 10 2021 security standard (#466) 2021-10-15 09:37:46 +02:00
Pierre-Loup
72a1ac7423
RULEAPI-699: Support OWASP ASVS 4 security standard 2021-10-08 10:23:39 +02:00
Arseniy Zaostrovnykh
6a0ec99e78
RULEAPI-706: Add quick fixes metadata 2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh
0fe8dffe85
RULEAPI-573: Clean and test script generating for each rule the list of plugins covering it (#429) 2021-10-01 14:52:12 +02:00
Arseniy Zaostrovnykh
dd885e0b4e
RULEAPI-606: Fix the url and raise an exception earlier. (#436) 2021-10-01 10:25:35 +02:00
Arseniy Zaostrovnykh
5f8a2e7ec1
RULEAPI-606: github action and underlying script for adding a new language to an existing rule 2021-09-30 15:47:25 +00:00
Čaba Šagi
6d8404981c
RULEAPI-642: Validate the level of section headers in asciidoc: make sure there are no level-0 2021-09-30 11:52:56 +02:00
Elena Vilchik
c357e2e7f7
RULEAPI-603 Fail ci metadata check if rule with replacement has 'ready' status (#398) 2021-09-30 11:45:09 +02:00
Arseniy Zaostrovnykh
090a5c725d
RULEAPI-696: adapt the rspec/readme.adoc narrative to not mention "coveredLanguages" and to menation -branch in rule-api (#408) 2021-09-29 16:04:43 +02:00
Arseniy Zaostrovnykh
ec55b6ead1
RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392) 2021-09-24 09:08:46 +02:00
Elena Vilchik
f782b7a737
RULEAPI-670 Print the metadata.json path for the files that break a json parser (#387) 2021-09-22 15:33:20 +02:00
Pierre-Loup
49aa2dcd4f
RULEAPI-653: Add a new language identifier for secrets detection rules (#154) 2021-07-01 12:26:02 +00:00
Arseniy Zaostrovnykh
1f46fa68b9
Fix the template for multi-lang rule metadata (#157) 2021-07-01 10:00:14 +02:00
eric-therond-sonarsource
520573b838
RULEAPI-654: Clarify the rule creation process (#115) 2021-06-11 05:58:58 +00:00
Arseniy Zaostrovnykh
47cba8a21d
RULEAPI-640: missing file 2021-06-10 14:03:46 +00:00
Arseniy Zaostrovnykh
b0c064cfb7
RULEAPI-640: Add language(s) label(s) to automatically created PR 2021-06-10 09:03:05 +00:00
eric-therond-sonarsource
cf26c8d270
add missing and future security standards (#103) 2021-06-07 19:13:19 +02:00
eric-therond-sonarsource
8421f9fb41
add owasp mobile security standard to schema validation (#94) 2021-06-07 11:20:46 +02:00