ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,095 Commits 329 Branches 2 Tags
Commit Graph

1095 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
quentin-jaquier-sonarsource
a5e1121edd
SONARJAVA-4116 [java] Remove rule S2912 (IndexOfStartPositionCheck) (#681) 2022-01-13 14:36:36 +01:00
Marco Antognini
c3a07c83a5
RULEAPI-635: Document testing process 2022-01-13 10:27:30 +00:00
SonarTech
5d1098dec3 update coverage information 2022-01-13 08:56:32 +00:00
Arseniy Zaostrovnykh
d444d13593
Fix python issues raised by SQ for the old code 2022-01-13 09:25:17 +01:00
dependabot[bot]
f11201086d
[dependabot] Bump color-string from 1.5.4 to 1.9.0 in /frontend (#703) 
Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.4 to 1.9.0.
- [Release notes](https://github.com/Qix-/color-string/releases)
- [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Qix-/color-string/compare/1.5.4...1.9.0)

---
updated-dependencies:
- dependency-name: color-string
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-12 19:24:25 +00:00
dependabot[bot]
3cfb0cfb88
[dependabot] Bump url-parse from 1.4.7 to 1.5.4 in /frontend (#701) 
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.4.
- [Release notes](https://github.com/unshiftio/url-parse/releases)
- [Commits](https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.4)

---
updated-dependencies:
- dependency-name: url-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-12 20:18:23 +01:00
Arseniy Zaostrovnykh
b335def299
Fix the frontend warnings (#696) 
Two warnings descovered when trying to test RulePage component:
- `<div>` nested in `<p>`
- `<Tabs>` component with contradictory attributes: `centered` and `scrollable`
 2022-01-12 17:52:35 +00:00
dependabot[bot]
ff5c279c03
[dependabot] Bump path-parse from 1.0.6 to 1.0.7 in /frontend (#700) 
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-12 16:52:38 +00:00
dependabot[bot]
fd08b091f0
[dependabot]Bump tmpl from 1.0.4 to 1.0.5 in /frontend (#697) 2022-01-12 16:38:45 +00:00
dependabot[bot]
353f6e5a61
[dependabot] Bump tar from 4.4.13 to 4.4.19 in /frontend (#698) 
Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-12 16:25:51 +00:00
Arseniy Zaostrovnykh
a32b29744e
RULEAPI-571: Increase test coverage of the GitHub Page (#692) 2022-01-12 15:58:15 +00:00
Loris S
2d01928240
Modify Rule S5131: Message clarity (#688) 2022-01-12 15:11:54 +00:00
tomasz-kaminski-sonarsource
fb4391ec23
RULEAPI-579: Enable project analysis in SonarQube Next (#693) 2022-01-12 14:45:44 +00:00
Loris S
fc6c52aa04
Modify rule S4423: Fix typo (#684) 2022-01-12 14:20:40 +00:00
github-actions[bot]
19cafdcdbc
Create rule S6384[Java]: Components should not be vulnerable to intent redirection (#597) 
* Create rule S6384

* init rule s6384

Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com>
Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com>
Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com>
 2022-01-12 08:09:15 +01:00
SonarTech
1cc987dfbd update coverage information 2022-01-11 09:36:04 +00:00
Arseniy Zaostrovnykh
5829d5c422
RULEAPI-717: Make sure all rules known to be duplicates on Jira are marked as such on github (#683) 2022-01-11 09:21:43 +00:00
Loris S
488801b155
Modify rule S6387: improved message 
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-11 07:47:33 +00:00
github-actions[bot]
b52e66370a
Create rule S6380[terraform]: Authorizing anonymous access to Azure resources is security-sensitive (#574) 
* Create rule S6380

* Disabling authentication is security-sensitive

* Add Sensitive Keyword

* Add Security Standards References

* Add Message.adoc

* Clarified everything

* refreshed metadata

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* last update : removed cert auth, add redis infos and highlights

* replaced ad auth with app service auth

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* added owasp 2017

* improved title

* Update rules/S6380/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* added secdev reco about anonymous access

* Completed rule description

* add last tweaks

* Update rules/S6380/terraform/metadata.json

* Update rules/S6380/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* applied recommendations

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/rule.adoc

* Update rules/S6380/terraform/metadata.json

* Add missing prefix to azurerm_data_factory_linked_service_odata

* Fix typo in basic_authentication

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-10 14:46:04 +00:00
github-actions[bot]
59fe702d1a
Create rule S6383[terraform]: Disabling Role-Based Access Control on Azure resources is security-sensitive (#595) 
* Create rule S6383

* Add first draft

* Update rules/S6383/terraform/rule.adoc

* rename title

* finished S6383 rule

* Update rules/S6383/terraform/rule.adoc

* Update rules/S6383/terraform/rule.adoc

* Update rules/S6383/terraform/rule.adoc

* Update rules/S6383/terraform/metadata.json

* Update rules/S6383/terraform/metadata.json

* Update rules/S6383/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6383/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6383/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6383/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6383/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* c'est mon dernier mot jean pierre

* Update rules/S6383/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6383/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-10 14:01:54 +00:00
hendrik-buchwald-sonarsource
936b04b3b0
Create rule S4423[terraform]: Add AWS Elasticsearch Domain (#481) 
* Add description

* Fix wrong name

* Add code sample introduction

Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-10 13:37:41 +00:00
Loris S
173e6c70f1
Modify rule S6387: Add newline (#678) 2022-01-07 09:50:42 +00:00
SonarTech
12b89f8540 update coverage information 2022-01-07 08:37:41 +00:00
quentin-jaquier-sonarsource
a4a6df7684
SONARJAVA-3770 Modify rule S6217[java]: Update description (#677) 2022-01-06 16:37:29 +01:00
SonarTech
8df99d19d1 update coverage information 2022-01-06 00:32:44 +00:00
SonarTech
89dd495920 update coverage information 2022-01-05 00:31:21 +00:00
Čaba Šagi
f3e7ff5de3
Modify rule S3442 [csharp]: Improve description of the rule (#676) 2022-01-04 11:58:12 +00:00
github-actions[bot]
448fb50aed
Create rule S6387[terraform]: Azure role assignments that grant access to all resources of a subscription are security-sensitive (#622) 
* Create rule S6387

* Add rule description

* Apply suggestions from code review

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Fix typo in highlighting.adoc filename

Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-04 11:02:05 +00:00
github-actions[bot]
7036a47aa4
Create rule S6382[terraform]: Disabling certificate-based authentication is security-sensitive (#594) 
* Create rule S6382

* Create rule S6382[terraform]: Disabling certificate-based authentication is security-sensitive

* Update rules/S6382/terraform/metadata.json

* Update rules/S6382/terraform/metadata.json

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* improved the rule after recos and S6380 recos

* reworked the sentence for clarity

* Update rules/S6382/terraform/rule.adoc

* Update rules/S6382/terraform/rule.adoc

* Update rules/S6382/terraform/rule.adoc

* Update rules/S6382/terraform/rule.adoc

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6382/terraform/metadata.json

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-03 15:47:06 +00:00
github-actions[bot]
de0c3bc4b5
Create rule S6379[terraform]: Enabling Azure resource-specific admin accounts is security-sensitive (#573) 
* Create rule S6379

* Enabling administrative permissions is security-sensitive

* Update rules/S6379/terraform/metadata.json

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/metadata.json

* Update rules/S6379/terraform/rule.adoc

* improved ident

* add highlighting

* fix md link

* Update rules/S6379/terraform/rule.adoc

* Update rules/S6379/terraform/rule.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6379/terraform/rule.adoc

* Update rules/S6379/terraform/rule.adoc

* Add missing azure tag

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-03 16:39:34 +01:00
github-actions[bot]
9ff6a8b388
Create rule S6375[terraform]: Assigning high privileges Azure Active Directory built-in roles is security-sensitive (#560) 
* Create rule S6375

* Add rule description

* Apply review suggestions

* Apply suggestions from code review

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Update issue location

Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-03 15:23:48 +00:00
github-actions[bot]
e0109d1b26
Create rule S6385[terraform]: Azure custom roles should not grant subscription Owner capabilities (#603) 
* Create rule S6385

* Add rule description

* Apply suggestions from code review

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

* Update rules/S6385/see.adoc

Fix CWE link

* Update rules/S6385/see.adoc

Fix CWE link

* Add missing azure tag

Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-03 15:07:46 +00:00
SonarTech
cf71238dbd update coverage information 2021-12-31 00:32:03 +00:00
Fred Tingaud
a25058afe1
Modify rule S125: support quick fix and add an exception for code documentation (#669) 2021-12-29 23:08:19 +01:00
github-actions[bot]
153d4621c3
Add CloudFormation to rule S2260 (#663) 2021-12-29 08:33:15 +00:00
github-actions[bot]
f55da18555
Create rule S6381[terraform]: Assigning high privileges Azure Resource Manager built-in roles is security-sensitive (#583) 
* Create rule S6381

* Add rule description

* Apply suggestions from code review

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>

Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-12-29 08:22:27 +00:00
Loïc Joly
173e20ad6b
S2665: Align RSPEC with implementation (#673) 2021-12-24 14:23:50 +01:00
Loïc Joly
79a2d73751
Modify Rule S1001: Revert changes introduced by CPP-1307 2021-12-24 09:58:47 +01:00
Loïc Joly
36599be9b6
S1768 Revert changes to the RSPEC that are not in sync with the implementation: (#672) 
* On change was saying wrong things: Enums can have negative values
* The other one is of little value, especially for a deprecated rule.
 2021-12-22 18:24:19 +01:00
Loïc Joly
460b3d7e7b
S1226: CPP-2006 Align RSPEC description with current rule implementation 
The RSPEC was changed, but not the implementation. This PR re-establishes the previous RSPEC. The change will be available in another RSPEC that will only be merged together with the implementation.
 2021-12-22 17:25:34 +01:00
Pavel Mikula
c8e8020780
Modify rule S4275[dotnet]: Fix VB.NET examples (#664) 2021-12-22 15:23:02 +00:00
SonarTech
918ab08104 update coverage information 2021-12-19 00:31:25 +00:00
hendrik-buchwald-sonarsource
651157eb2a
Modify rule S5131: Make description more precise (#665) 2021-12-17 13:38:57 +01:00
SonarTech
13e2b03e80 update coverage information 2021-12-17 00:31:11 +00:00
Pierre-Loup
c6f14b6a20
Add AWS tag to IaC rules (#662) 2021-12-16 15:02:01 +01:00
github-actions[bot]
2a9ea96c76
Create rule S6364: Defining a short backup retention duration is security-sensitive (#453) 2021-12-15 16:51:01 +01:00
SonarTech
e908432514 update coverage information 2021-12-15 06:43:13 +00:00
github-actions[bot]
ed8762d5ac
Create rule S6378[terraform] : Disabling Managed Identities for Azure resources is security-sensitive (#569) 
* clean-up old metadata file

* Create rule S6378

* Add first draft

* added link to managed service resources list

* fix vague title

* add metadata tagging

* add metadata - sec standards

* add owasp ref

* add concise var names

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* add concise var names and reduces identity.type

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6378/description.adoc

* add other distinct code sample

* add down to earth recos

Clear-text credentials || third party systems

* add description - clearer on M-Identities stakes

* changed remediation cost to 1h

* add cleared reco - use system-assigned

* fix layout pb

* fix metadata 'hour' mistake: 'hour'->'h'

* reformulate ask-yourself

* fixed potential confusion

* applied review suggestions

* add highlight

* Update rules/S6378/metadata.json

* Update rules/S6378/message.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6378/metadata.json

* Update rules/S6378/ask-yourself.adoc

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-12-14 09:37:33 +00:00
SonarTech
c6438133a0 update coverage information 2021-12-14 05:44:24 +00:00
Loris S
4774e72dc1
Modify Rules: Multiple typo on missing hyphens (#660) 2021-12-13 16:18:55 +01:00