{ "id": "http://www.sonarsource.org/rule-schema-v1.1", "title": "Rule Implementation", "type": "object", "description": "we must have one of these files for each implemented rule", "additionalProperties": false, "properties": { "title": { "type": "string" }, "type": { "type": "string", "enum": ["CODE_SMELL","BUG","VULNERABILITY","SECURITY_HOTSPOT"] }, "status": { "type": "string", "enum": ["beta","ready","deprecated","superseded", "closed"] }, "extra": { "type": "object", "properties": { "additionalProperties": false, "replacementRules": { "type": "array", "items": { "type": "string", "uniqueItems": true }, "description": "The rule ids that replace this rule" }, "legacyKeys": { "type": "array", "items": { "type": "string" }, "uniqueItems": true } } }, "remediation": { "type": "object", "oneOf": [ { "additionalProperties": false, "properties": { "func": { "const": "Constant/Issue" }, "constantCost": { "$ref": "#/definitions/time" } } }, { "additionalProperties": false, "properties": { "func": { "const": "Linear" }, "linearDesc": { "type": "string" }, "linearFactor": { "$ref": "#/definitions/time" } } }, { "additionalProperties": false, "properties": { "func": { "const": "Linear with offset" }, "linearDesc": { "type": "string" }, "linearOffset": { "$ref": "#/definitions/time" }, "linearFactor": { "$ref": "#/definitions/time" } } } ] }, "tags": { "type": "array", "minItems": 0, "items": { "type": "string" }, "uniqueItems": true }, "standards": { "type": "array", "minItems": 0, "items": { "type": "string" }, "uniqueItems": true }, "defaultSeverity": { "type": "string", "enum": ["Info","Minor","Major","Critical","Blocker"] }, "ruleSpecification": { "type": "string", "description": "id of the RSPEC, in the form 'RSPEC-XXXX'" }, "sqKey": { "type": "string", "description": "the key used to save issues on SQ. Often a legacy key" }, "compatibleLanguages": { "type": "array", "minItems": 1, "items": { "type": "string" }, "uniqueItems": true }, "scope": { "type": "string", "enum": ["Main","Tests","All"], "description": "scope the rule applies to" }, "template": { "type": "boolean" }, "securityStandards": { "type": "object", "additionalProperties": false, "properties": { "CWE": { "type": "array", "minItems": 0, "items": { "type": "integer" }, "uniqueItems": true }, "OWASP": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^A([1-9]|10)$" }, "uniqueItems": true }, "OWASP Top 10 2021": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^A([1-9]|10)$" }, "uniqueItems": true }, "OWASP Mobile": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^M([1-9]|10)$" }, "uniqueItems": true }, "PCI DSS 3.2": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^([0-9]{1,3}\\.?){1,4}$" }, "uniqueItems": true }, "PCI DSS 4.0": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^([0-9]{1,3}\\.?){1,4}$" }, "uniqueItems": true }, "CIS": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^([0-9]{1,3}\\.?){1,3}$" }, "uniqueItems": true }, "HIPAA": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^([0-9]{1,3}\\.?){2}$" }, "uniqueItems": true }, "CERT": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^[A-Z0-9]+-[A-Z]+\\.$" }, "uniqueItems": true }, "MASVS": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^MSTG-[A-Z]+-[0-9]+$" }, "uniqueItems": true }, "ASVS 4.0": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^\\d+\\.\\d+\\.\\d+$" }, "uniqueItems": true }, "STIG ASD_V5R3": { "type": "array", "minItems": 0, "items": { "type": "string", "pattern": "^V-\\d+$" }, "uniqueItems": true } } }, "defaultQualityProfiles": { "type": "array", "items": { "type": "string"}, "uniqueItems": true }, "educationPrinciples": { "type": "array", "items": { "type": "string", "enum": ["defense_in_depth", "never_trust_user_input"] }, "uniqueItems": true }, "quickfix": { "type": "string", "enum": [ "unknown", "covered", "partial", "infeasible", "targeted" ], "description": "Can issues of the rule have a quick fix?" }, "code": { "type": "object", "description": "Information related to clean code taxonomy", "additionalProperties": false, "properties": { "impacts": { "type": "object", "description": "Software qualities", "additionalProperties": false, "minProperties": 1, "properties": { "MAINTAINABILITY": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH"] }, "RELIABILITY": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH"] }, "SECURITY": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH"] } } }, "attribute": { "type": "string", "description": "Clean code attribute", "enum": ["FORMATTED", "CONVENTIONAL", "IDENTIFIABLE", "CLEAR", "LOGICAL", "COMPLETE", "EFFICIENT", "FOCUSED", "DISTINCT", "MODULAR", "TESTED", "LAWFUL", "TRUSTWORTHY", "RESPECTFUL"] } }, "required": ["impacts", "attribute"] } }, "if": { "properties": {"status": {"const": "closed"}} }, "then": { "required": [] }, "else": { "if": { "properties": {"type": {"const": "SECURITY_HOTSPOT"}} }, "then": { "required": ["title","type","status","tags","defaultSeverity","ruleSpecification","sqKey","scope"] }, "else": { "required": ["title","type","status","remediation","tags","defaultSeverity","ruleSpecification","sqKey","scope", "quickfix"] } }, "definitions": { "time": { "type": "string", "pattern": "^[ ]*[0-9]+[ ]*(min|h|d)$" } } }