Update RSPEC

docs/header_names/allowed_framework_names.adoc

@@ -44,7 +44,6 @@
 * Java JWT
 * Java SE
 * Java JDBC API
-* Java I/O API
 * Jdom2
 * JSP
 * Legacy Mongo Java API

frontend/public/covered_rules.json

@@ -5191,7 +5191,6 @@
     "S1940": "sonar-kotlin 2.0.0.29",
     "S2053": "sonar-kotlin 2.3.0.609",
     "S2068": "sonar-kotlin 2.0.0.29",
-    "S2083": "sonar-security master",
     "S2097": "sonar-kotlin 2.12.0.1956",
     "S2114": "sonar-kotlin 2.12.0.1956",
     "S2116": "sonar-kotlin 2.12.0.1956",
@@ -5223,7 +5222,6 @@
     "S5322": "sonar-kotlin 2.3.0.609",
     "S5324": "sonar-kotlin 2.2.0.499",
     "S5332": "sonar-kotlin 2.0.0.29",
-    "S5344": "sonar-kotlin master",
     "S5527": "sonar-kotlin 2.0.0.29",
     "S5542": "sonar-kotlin 2.0.0.29",
     "S5547": "sonar-kotlin 2.0.0.29",
@@ -5237,7 +5235,6 @@
     "S5867": "sonar-kotlin 2.6.0.862",
     "S5868": "sonar-kotlin 2.6.0.862",
     "S5869": "sonar-kotlin 2.6.0.862",
-    "S6096": "sonar-security master",
     "S6202": "sonar-kotlin 2.4.0.703",
     "S6207": "sonar-kotlin 2.15.0.2579",
     "S6218": "sonar-kotlin 2.4.0.703",
@@ -5260,7 +5257,6 @@
     "S6318": "sonar-kotlin 2.1.0.344",
     "S6362": "sonar-kotlin 2.5.0.754",
     "S6363": "sonar-kotlin 2.5.0.754",
-    "S6384": "sonar-security master",
     "S6432": "sonar-kotlin 2.11.0.1828",
     "S6474": "sonar-kotlin master",
     "S6508": "sonar-kotlin 2.14.0.2352",

rules/S2083/java/how-to-fix-it/java-se.adoc

@@ -1,4 +1,4 @@
-== How to fix it in Java I/O API
+== How to fix it in Java SE
 
 === Code examples
 
@@ -67,7 +67,7 @@ that the string `targetDirectory` does not end with a path separator:
 static private String targetDirectory = "/Users/John";
 
 @GetMapping(value = "/endpoint")
-public void endpoint(@RequestParam("folder") File fileName) throws IOException {
+public void endpoint(@RequestParam("folder") fileName) throws IOException {
 
     String canonicalizedFileName = fileName.getCanonicalPath();
 

rules/S2083/java/rule.adoc

@@ -6,7 +6,7 @@ include::../impact.adoc[]
 
 // How to fix it section
 
-include::how-to-fix-it/java-io-api.adoc[]
+include::how-to-fix-it/java-se.adoc[]
 
 == Resources
 

rules/S2083/kotlin/how-to-fix-it/java-io-api.adoc

@@ -1,94 +0,0 @@
-== How to fix it in Java I/O API
-
-=== Code examples
-
-:code_impact: delete
-
-include::../../common/fix/code-rationale.adoc[]
-
-==== Noncompliant code example
-
-[source,kotlin,diff-id=1,diff-type=noncompliant]
-----
-@Controller
-class ExampleController {
-    companion object {
-        private const val TARGET_DIRECTORY = "/path/to/target/directory/"
-    }
-
-    @GetMapping("/delete")
-    fun delete(@RequestParam("filename") filename: String) {
-        val file = File(TARGET_DIRECTORY + filename)
-        file.delete()
-    }
-}
-----
-
-==== Compliant solution
-
-[source,kotlin,diff-id=1,diff-type=compliant]
-----
-@Controller
-class ExampleController {
-    companion object {
-        private const val TARGET_DIRECTORY = "/path/to/target/directory/"
-        private val TARGET_PATH = File(TARGET_DIRECTORY).toPath().normalize()
-    }
-
-    @GetMapping("/delete")
-    fun delete(@RequestParam("filename") filename: String) {
-        val file = File(TARGET_PATH.toString() + filename)
-        if (!file.toPath().normalize().startsWith(TARGET_PATH)) {
-            throw IOException("Entry is outside of the target directory")
-        }
-        file.delete()
-    }
-}
-----
-
-=== How does this work?
-
-:canonicalization_function: java.io.File.getCanonicalPath
-
-include::../../common/fix/self-validation.adoc[]
-
-=== Pitfalls
-
-include::../../common/pitfalls/partial-path-traversal.adoc[]
-
-For example, the following code is vulnerable to partial path injection. Note
-that the string `targetDirectory` does not end with a path separator:
-
-
-[source, kotlin]
-----
-companion object {
-    private val targetDirectory: String = "/Users/John"
-}
-
-@GetMapping("/endpoint")
-fun endpoint(@RequestParam("folder") file: File) {
-    val canonicalizedFileName = file.getCanonicalPath()
-    if (!canonicalizedFileName .startsWith(targetDirectory)) {
-        throw IOException("Entry is outside of the target directory");
-    }
-    file.delete()
-}
-----
-
-This check can be bypassed because `"/Users/Johnny".startsWith("/Users/John")`
-returns `true`. Thus, for validation, `"/Users/John"` should actually be
-`"/Users/John/"`.
-
-**Warning**: Some functions, such as `.getCanonicalPath`, remove the
-terminating path separator in their return value. +
-The validation code should be tested to ensure that it cannot be impacted by this
-issue.
-
-https://github.com/aws/aws-sdk-java/security/advisories/GHSA-c28r-hw5m-5gv3[Here is a real-life example of this vulnerability.]
-
-
-:joining_docs: https://docs.oracle.com/javase/8/docs/api/java/nio/file/Path.html
-:joining_func: java.nio.file.Path.resolve
-
-include::../../common/pitfalls/oob-specific-path-joining.adoc[]

rules/S2083/kotlin/metadata.json

@@ -1,33 +0,0 @@
-{
-  "securityStandards": {
-    "CWE": [
-      20,
-      22
-    ],
-    "OWASP": [
-      "A5",
-      "A1"
-    ],
-    "OWASP Top 10 2021": [
-      "A1",
-      "A3"
-    ],
-    "OWASP Mobile Top 10 2024": [
-      "M4"
-    ],
-    "PCI DSS 3.2": [
-      "6.5.8"
-    ],
-    "PCI DSS 4.0": [
-      "6.2.4"
-    ],
-    "ASVS 4.0": [
-      "12.3.1",
-      "5.1.3",
-      "5.1.4"
-    ],
-    "STIG ASD_V5R3": [
-      "V-222609"
-    ]
-  }
-}

rules/S2083/kotlin/rule.adoc

@@ -1,29 +0,0 @@
-== Why is this an issue?
-
-include::../rationale.adoc[]
-
-include::../impact.adoc[]
-
-// How to fix it section
-
-include::how-to-fix-it/java-io-api.adoc[]
-
-== Resources
-
-include::../common/resources/standards-mobile.adoc[]
-
-ifdef::env-github,rspecator-view[]
-
-'''
-== Implementation Specification
-(visible only on this page)
-
-include::../message.adoc[]
-
-'''
-== Comments And Links
-(visible only on this page)
-
-include::../comments-and-links.adoc[]
-
-endif::env-github,rspecator-view[]

rules/S3807/cfamily/metadata.json

@@ -1,42 +1,2 @@
 {
-  "title": "Parameter values should be appropriate",
-  "type": "BUG",
-  "code": {
-    "impacts": {
-      "RELIABILITY": "HIGH"
-    },
-    "attribute": "LOGICAL"
-  },
-  "status": "ready",
-  "remediation": {
-    "func": "Constant\/Issue",
-    "constantCost": "5min"
-  },
-  "tags": [
-    "symbolic-execution"
-  ],
-  "extra": {
-    "replacementRules": [
-
-    ],
-    "legacyKeys": [
-
-    ]
-  },
-  "defaultSeverity": "Critical",
-  "ruleSpecification": "RSPEC-3807",
-  "sqKey": "S3807",
-  "scope": "All",
-  "securityStandards": {
-    "CWE": [
-      476
-    ],
-    "CERT": [
-      "EXP01-J."
-    ]
-  },
-  "defaultQualityProfiles": [
-    "Sonar way"
-  ],
-  "quickfix": "infeasible"
 }

rules/S3807/metadata.json

@@ -1,2 +1,42 @@
 {
+  "title": "Parameter values should be appropriate",
+  "type": "BUG",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "HIGH"
+    },
+    "attribute": "LOGICAL"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "symbolic-execution"
+  ],
+  "extra": {
+    "replacementRules": [
+
+    ],
+    "legacyKeys": [
+
+    ]
+  },
+  "defaultSeverity": "Critical",
+  "ruleSpecification": "RSPEC-3807",
+  "sqKey": "S3807",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      476
+    ],
+    "CERT": [
+      "EXP01-J."
+    ]
+  },
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
+  "quickfix": "infeasible"
 }

rules/S3807/rust/metadata.json

@@ -0,0 +1,6 @@
+{
+  "title": "Null pointers should not be passed to functions expecting non-null arguments",
+  "tags": [
+    "clippy"
+  ]
+}

rules/S3807/rust/rule.adoc

@@ -0,0 +1,41 @@
+== Why is this an issue?
+
+The standard Rust library includes a variety of functions for pointer manipulations. Many of these functions require non-null ponter parameters, including:
+
+* ``++sym::ptr_read++``
+* ``++sym::ptr_read_unaligned++``
+* ``++sym::ptr_read_volatile++``
+* ``++sym::ptr_replace++``
+* ``++sym::ptr_write++``
+* ``++sym::ptr_write_bytes++``
+* ``++sym::ptr_write_unaligned++``
+* ``++sym::ptr_write_volatile++``
+* ``++sym::slice_from_raw_parts++``
+* ``++sym::slice_from_raw_parts_mut++``
+* ``++sym::ptr_copy++``
+* ``++sym::ptr_copy_nonoverlapping++``
+* ``++sym::ptr_swap++``
+* ``++sym::ptr_swap_nonoverlapping++``
+
+Using ``++ptr::null++`` in unsafe code can result in undefined behavior, compromising the stability and safety of the program. Undefined behavior occurs when the program does something the Rust language specifications do not define, often leading to crashes or security vulnerabilities.
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,rust,diff-id=1,diff-type=noncompliant]
+----
+unsafe { std::slice::from_raw_parts(ptr::null(), 0); } // Noncompliant: Usage of `ptr::null()`.
+----
+
+==== Compliant solution
+
+[source,rust,diff-id=1,diff-type=compliant]
+----
+unsafe { std::slice::from_raw_parts(NonNull::dangling().as_ptr(), 0); } // Compliant: Uses `NonNull::dangling().as_ptr()` to avoid undefined behavior.
+----
+
+== Resources
+=== Documentation
+
+* Clippy Lints - https://rust-lang.github.io/rust-clippy/master/index.html#invalid_null_ptr_usage

rules/S6096/java/how-to-fix-it/java-se.adoc

@@ -1,4 +1,4 @@
-== How to fix it in Java I/O API
+== How to fix it in Java SE
 
 === Code examples
 

rules/S6096/java/rule.adoc

@@ -4,7 +4,7 @@ include::../rationale.adoc[]
 
 include::../impact.adoc[]
 
-include::how-to-fix-it/java-io-api.adoc[]
+include::how-to-fix-it/java-se.adoc[]
 
 == Resources
 

rules/S6096/kotlin/how-to-fix-it/java-io-api.adoc

@@ -1,90 +0,0 @@
-== How to fix it in Java I/O API
-
-=== Code examples
-
-:canonicalization_function1: java.io.File.getCanonicalFile
-:canonicalization_function2: java.io.File.getCanonicalPath
-
-include::../../common/fix/code-rationale.adoc[]
-
-==== Noncompliant code example
-
-[source,kotlin,diff-id=1,diff-type=noncompliant]
-----
-class Example {
-    companion object {
-        private const val TARGET_DIRECTORY = "/example/directory/"
-    }
-    fun extractEntry(zipFile: ZipFile) {
-        val entries = zipFile.entries()
-        val entry = entries.nextElement()
-        val inputStream = zipFile.getInputStream(entry)
-        val file = File(TARGET_DIRECTORY + entry.name)
-        inputStream.copyTo(file.outputStream())
-    }
-}
-----
-
-==== Compliant solution
-
-[source,kotlin,diff-id=1,diff-type=compliant]
-----
-class Example {
-    companion object {
-        private const val TARGET_DIRECTORY = "/example/directory/"
-    }
-    fun extractEntry(zipFile: ZipFile) {
-        val entries = zipFile.entries()
-        val entry = entries.nextElement()
-        val inputStream = zipFile.getInputStream(entry)
-        val file = File(TARGET_DIRECTORY + entry.name)
-        val canonicalDestinationPath = file.canonicalPath
-        if (canonicalDestinationPath.startsWith(TARGET_DIRECTORY)) {
-            inputStream.copyTo(file.outputStream())
-        }
-    }
-}
-----
-
-=== How does this work?
-
-include::../../common/fix/how-does-this-work.adoc[]
-
-=== Pitfalls
-
-include::../../common/pitfalls/partial-path-traversal.adoc[]
-
-For example, the following code is vulnerable to partial path injection. Note
-that the string `targetDirectory` does not end with a path separator:
-
-
-[source, kotlin]
-----
-companion object {
-    private const val targetDirectory = "/Users/John"
-}
-
-fun ExtractEntry(zipFile: ZipFile) {
-    val entries = zipFile.entries()
-    val entry = entries.nextElement()
-    val inputStream = zipFile.getInputStream(entry)
-
-    val file = File(entry.name)
-
-    val canonicalDestinationPath = file.canonicalPath
-    if (canonicalDestinationPath.startsWith(targetDirectory)) {
-        Files.copy(inputStream, file.toPath(), StandardCopyOption.REPLACE_EXISTING, LinkOption.NOFOLLOW_LINKS)
-    }
-}
-----
-
-This check can be bypassed because `"/Users/Johnny".startsWith("/Users/John")`
-returns `true`. Thus, for validation, `"/Users/John"` should actually be
-`"/Users/John/"`.
-
-**Warning**: Some functions, such as `.getCanonicalPath`, remove the
-terminating path separator in their return value. +
-The validation code should be tested to ensure that it cannot be impacted by this
-issue.
-
-https://github.com/aws/aws-sdk-java/security/advisories/GHSA-c28r-hw5m-5gv3[Here is a real-life example of this vulnerability.]

rules/S6096/kotlin/metadata.json

@@ -1,34 +0,0 @@
-{
-  "securityStandards": {
-    "CWE": [
-      20,
-      22
-    ],
-    "OWASP": [
-      "A5",
-      "A1"
-    ],
-    "OWASP Top 10 2021": [
-      "A1",
-      "A3"
-    ],
-    "OWASP Mobile Top 10 2024": [
-      "M4"
-    ],
-    "PCI DSS 3.2": [
-      "6.5.1",
-      "6.5.8"
-    ],
-    "PCI DSS 4.0": [
-      "6.2.4"
-    ],
-    "ASVS 4.0": [
-      "12.3.4",
-      "5.1.3",
-      "5.1.4"
-    ],
-    "STIG ASD_V5R3": [
-      "V-222609"
-    ]
-  }
-}

rules/S6096/kotlin/rule.adoc

@@ -1,23 +0,0 @@
-== Why is this an issue?
-
-include::../rationale.adoc[]
-
-include::../impact.adoc[]
-
-include::how-to-fix-it/java-io-api.adoc[]
-
-== Resources
-
-include::../common/resources/articles.adoc[]
-
-include::../common/resources/standards-mobile.adoc[]
-
-ifdef::env-github,rspecator-view[]
-
-'''
-== Implementation Specification
-(visible only on this page)
-
-include::../message.adoc[]
-
-endif::env-github,rspecator-view[]

rules/S6362/see.adoc

@@ -5,6 +5,3 @@
 * OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration[Mobile Top 10 2024 Category M8 - Security Misconfiguration]
 * CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
-
-=== Related rules
-* S7409 - Exposing Java objects through JavaScript interfaces is security-sensitive

rules/S7409/kotlin/metadata.json

@@ -1,5 +1,5 @@
 {
-  "title": "Exposing Java objects through JavaScript interfaces is security-sensitive",
+  "title": "Exposing Java interfaces in WebViews is security-sensitive",
   "type": "SECURITY_HOTSPOT",
   "status": "ready",
   "remediation": {

rules/S7409/kotlin/rule.adoc

@@ -1,15 +1,15 @@
-Using JavaScript interfaces in WebViews to expose Java objects is unsafe. Doing so allows JavaScript
-to invoke Java methods, potentially giving attackers access to data or sensitive app functionality.
-WebViews might include untrusted sources such as third-party iframes, making this functionality
-particularly risky. As JavaScript interfaces are passed to every frame in the WebView, those iframes
-are also able to access the exposed Java object.
+Using Javascript interfaces in WebViews is unsafe as it allows JavaScript to invoke Java methods,
+potentially giving attackers access to data or sensitive app functionality. WebViews might include
+untrusted sources such as third-party iframes, making this functionality particularly risky. As
+Javascript interfaces are passed to every frame in the WebView, those iframes are also able to
+access the exposed Java methods.
 
 == Ask Yourself Whether
 
 * The content in the WebView is fully trusted and secure.
 * Potentially untrusted iframes could be loaded in the WebView.
-* The JavaScript interface has to be exposed for the entire lifecycle of the WebView.
-* The exposed Java object might be called by untrusted sources.
+* The Javascript interface has to be exposed for the entire lifecycle of the WebView.
+* The exposed Java methods will accept input from potentially untrusted sources.
 
 There is a risk if you answered yes to any of these questions.
 
@@ -18,9 +18,9 @@ There is a risk if you answered yes to any of these questions.
 === Disable JavaScript
 
 If it is possible to disable JavaScript in the WebView, this is the most secure option. By default,
-JavaScript is disabled in a WebView, so ``webSettings.setJavaScriptEnabled(false)`` does not need to
-be explicitly called. Of course, sometimes it is necessary to enable JavaScript, in which case the
-following recommendations should be considered.
+JavaScript is disabled in a WebView, so you do not need to explicitly call
+``webSettings.setJavaScriptEnabled(true)`` in your ``WebSettings`` configuration. Of course, sometimes
+it is necessary to enable JavaScript, in which case the following recommendations should be considered.
 
 === Remove JavaScript interface when loading untrusted content
 
@@ -63,8 +63,7 @@ class ExampleActivity : AppCompatActivity() {
 
 == Compliant Solution
 
-The most secure option is to disable JavaScript entirely. S6362 further explains why it should not be enabled
-unless absolutely necessary.
+The most secure option is to disable JavaScript entirely.
 
 [source,kotlin]
 ----
@@ -97,8 +96,7 @@ class ExampleActivity : AppCompatActivity() {
 }
 ----
 
-If a JavaScript bridge must be used, consider using ``WebViewCompat.addWebMessageListener`` instead. This allows you to restrict
-the origins that can send messages to the JavaScript bridge.
+If a JavaScript bridge must be used, consider using ``WebViewCompat.addWebMessageListener`` instead. This allows you to restrict the origins that can send messages to the JavaScript bridge.
 
 [source,kotlin]
 ----
@@ -137,6 +135,3 @@ class ExampleActivity : AppCompatActivity() {
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation.html[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration.html[Mobile Top 10 2024 Category M8 - Security Misconfiguration]
 * CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation]
-
-=== Related rules
-* S6362 - Enabling JavaScript support for WebViews is security-sensitive