rspec

Author	SHA1	Message	Date
gaetan-ferry-sonarsource	394d19b554	Modify rule S5344: Set 100k as PBKDF reco & update highlights (APPSEC-1631) (#3843 )	2024-04-03 12:28:20 +00:00
github-actions[bot]	762a21bfa7	Create rule S5344: Passwords should not be stored in plain-text or with a fast hashing algorithm (APPSEC-1631) (#3839 )	2024-04-02 09:43:24 +02:00
github-actions[bot]	c5593190ce	Create rule S5344(python): Passwords should not be stored in plain-text or with a fast hashing algorithm (#3715 )	2024-03-18 17:37:51 +01:00
Loris S	a1f3709876	Modify S5344: Improve common text (#3714 )	2024-03-01 09:57:51 +01:00
Loris S	65898981f1	Modify S5344: Re-arrange the folder for new languages (#3709 ) * Modify S5344: Re-arrange the folder for new languages * modify a file name typo * last tweaks * changed diff * reorg fixes * Apply suggestions from code review	2024-02-29 15:36:57 +01:00
Pierre-Loup	770348d041	Avoid OWASP Top 10 security-standard mismatch between metadata and description links (RULEAPI-798) (#3537 ) * Add check for security standard mismatch * Fix security standard mismatches * Fix Resources/Standards links for secrets rules * Fix check * Fix links and update security standard mapping * Fix maintanability issue * Apply review suggestions * Apply suggestions from code review Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> * Fix typo Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> --------- Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>	2024-01-17 17:20:28 +01:00
Egon Okerman	d1417e82f8	Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529 ) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes	2024-01-15 17:15:56 +01:00
Marco Borgeaud	34814f787b	Remove links to SANS Top 25 CWEs (#3322 ) These links are no longer relevant since SANS now just link to CWE, and we already have links to CWEs.	2023-10-18 13:16:00 +00:00
Sebastien Andrivet	1a5894a5a2	Add texts that were not merged. (#3180 ) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)	2023-09-29 09:36:30 +02:00
Sebastien Andrivet	9666fd7c0e	Modify rule S5344: Change text to education framework format (APPSEC-1106) (#3152 ) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com>	2023-09-29 09:07:00 +02:00
Antonio Aversa	a02bf814d4	Clean Code Taxonomy: add "code" to all non-obsolete metadata.json (#2793 )	2023-08-04 17:19:38 +02:00
Fred Tingaud	9cb6b98e41	Remove unimplemented languages/rules tagged as 'SECURITY_HOTSPOT' or 'VULNERABILITY' Languages for which some unique descriptions remain are kept. This cleaning removes the following rules that were implemented in no language: [S1947, S2085, S2086, S2609, S2610, S2614, S2643, S2773, S2776, S3268, S3272, S3361]	2023-06-22 19:13:37 +02:00
Fred Tingaud	51369b610e	Make sure that includes are always surrounded by empty lines (#2270 ) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.	2023-06-22 10:38:01 +02:00
Victor	fe961619f9	migrate rule descriptions to new education format	2023-05-05 16:29:04 +02:00
Jamie Anderson	2d52a31a16	Modify rules: Remove deprecated `sans-top25-*` tags (#1694 )	2023-03-29 15:31:59 +02:00
Jamie Anderson	2d8892defb	Modify rules: Remove "owasp-aX" tag (#1655 )	2023-03-16 15:25:13 +01:00
Alexandre Gigleux	01bad1b800	Map rules to OWASP ASVS 4 (#1110 ) https://sonarsource.atlassian.net/browse/MMF-2794	2022-07-29 13:35:38 +02:00
pedro-oliveira-sonarsource	b04b29019c	[APPSEC-3] Security rules are mapped to PCI DSS 4.0 (#1007 )	2022-05-24 16:19:27 +02:00
pedro-oliveira-sonarsource	4cd575af12	[APPSEC-2] New security standard - PCI DSS 3.2 (#1005 )	2022-05-23 09:00:28 +02:00
jtingsanchali	96d9ddb930	RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926 ) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files	2022-04-07 08:53:59 -05:00
Pierre-Loup	1b061d5ff5	Fix typo in OWASP links from the See section (#807 ) * Fix typos in OWASP Top 10 2017 links * Fixing wrong URI in OWASP Top 10 2021 A4 links	2022-02-10 09:11:45 +01:00
Fred Tingaud	b4161466e6	RULEAPI-661: Add syntax coloring	2022-02-04 16:28:24 +00:00
Pierre-Loup	e7ad1012e3	RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545 )	2021-11-01 15:00:32 +01:00
Pierre-Loup	547094ab3c	Update CWE mapping (#534 )	2021-10-28 10:07:16 +02:00
Arseniy Zaostrovnykh	6a0ec99e78	RULEAPI-706: Add quick fixes metadata	2021-10-07 09:23:15 +00:00
Arseniy Zaostrovnykh	f786bd2603	Fix the mistakingly deleted 'See' sections in #362 (#449 ) committed as f6331f7fdca7fe36e52439b927312fd5d5a455c0 The mistake was caused by the uninitialized variable "hasSeeSection" in the automatic removal script. Fixed here: `f6331f7fdc`	2021-10-05 09:49:00 +02:00
Arseniy Zaostrovnykh	2301f5808e	RULEAPI-695: remove extra/coveredLanguages field	2021-09-28 13:36:45 +02:00
Arseniy Zaostrovnykh	ec55b6ead1	RULEAPI-687: Migrate legacy keys from Jira RSPEC (#392 )	2021-09-24 09:08:46 +02:00
Arseniy Zaostrovnykh	5ba82ae371	RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362 )	2021-09-21 15:40:35 +02:00
Arseniy Zaostrovnykh	f7904cebe7	RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346 )	2021-09-20 13:38:42 +00:00
Arseniy Zaostrovnykh	b76bc57083	RULEAPI-576: add a horizontal rule between rule description and comments	2021-06-08 15:52:13 +02:00
Arseniy Zaostrovnykh	6c1ad2c13c	Fix the comment display: rule-id, timestamp, GH visibility, link direction	2021-06-03 09:05:38 +02:00
Arseniy Zaostrovnykh	cdd7690a79	Export comments and rspec-to-rspec links from jira	2021-06-02 20:44:38 +02:00
Arseniy Zaostrovnykh	af4fdb3a84	Update rules after the fix in the export module	2021-04-26 17:29:13 +02:00
sonartech	8a40b3deb6	Nightly update	2021-02-23 01:11:03 +00:00
Arseniy Zaostrovnykh	acadea59e9	move coveredLangauges and replacementRules into extra field	2021-02-16 17:52:17 +01:00
Arseniy Zaostrovnykh	1d713451d6	Undo the abuse of compatibleLanguages metadata field	2021-02-16 15:00:44 +01:00
Arseniy Zaostrovnykh	af8cda992b	unescape more things	2021-02-05 10:34:25 +01:00
Arseniy Zaostrovnykh	f6093ee186	Overapproximate compatibleLanguages and tags/standards	2021-02-02 19:11:00 +01:00
Arseniy Zaostrovnykh	7ca29f686f	Force linebreaks	2021-02-02 15:02:10 +01:00
Arseniy Zaostrovnykh	1a22006270	Add coveredLanguages field	2021-01-29 15:53:23 +01:00
Arseniy Zaostrovnykh	d4598ce0f9	make in-line code blocks verbatim	2021-01-27 13:42:22 +01:00
Arseniy Zaostrovnykh	0a8c5eafce	add replacementRules metadata field	2021-01-26 16:58:13 +01:00
Arseniy Zaostrovnykh	fb261af631	Quality profiles for customized rules	2021-01-07 12:13:35 +01:00
Arseniy Zaostrovnykh	232269f3ce	Add default quality profiles	2021-01-07 11:08:42 +01:00
Arseniy Zaostrovnykh	d96d948333	change the inline-code delimitters	2020-12-23 14:59:06 +01:00
Arseniy Zaostrovnykh	ed53c1610b	Add all rules, update all rules fixing the inline code syntax	2020-12-21 15:38:52 +01:00
Alban Auzeill	2c306d110e	Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space	2020-06-30 17:16:12 +02:00
Alban Auzeill	0329b1564c	Add rules 5000-5999	2020-06-30 17:16:12 +02:00

49 Commits