SONARXML-153 Update rules metadata

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S103.json

@@ -12,6 +12,6 @@
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-103",
   "sqKey": "S103",
-  "scope": "Main",
+  "scope": "All",
   "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S105.json

@@ -12,6 +12,6 @@
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-105",
   "sqKey": "S105",
-  "scope": "Main",
+  "scope": "All",
   "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S1134.html

@@ -12,6 +12,6 @@ <h2>Noncompliant Code Example</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="http://cwe.mitre.org/data/definitions/546.html">MITRE, CWE-546</a> - Suspicious Comment </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/546.html">MITRE, CWE-546</a> - Suspicious Comment </li>
 </ul>
 

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S1134.json

@@ -12,7 +12,7 @@
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-1134",
   "sqKey": "S1134",
-  "scope": "Main",
+  "scope": "All",
   "securityStandards": {
     "CWE": [
       546

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S1135.html

@@ -12,6 +12,6 @@ <h2>Noncompliant Code Example</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="http://cwe.mitre.org/data/definitions/546.html">MITRE, CWE-546</a> - Suspicious Comment </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/546.html">MITRE, CWE-546</a> - Suspicious Comment </li>
 </ul>
 

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S1135.json

@@ -12,7 +12,7 @@
   "defaultSeverity": "Info",
   "ruleSpecification": "RSPEC-1135",
   "sqKey": "S1135",
-  "scope": "Main",
+  "scope": "All",
   "securityStandards": {
     "CWE": [
       546

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S125.json

@@ -12,6 +12,6 @@
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-125",
   "sqKey": "S125",
-  "scope": "Main",
+  "scope": "All",
   "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S2068.html

@@ -21,7 +21,7 @@ <h2>Recommended Secure Coding Practices</h2>
   <li> Store the credentials in a configuration file that is not pushed to the code repository. </li>
   <li> Store the credentials in a database. </li>
   <li> Use your cloud provider’s service for managing secrets. </li>
-  <li> If the a password has been disclosed through the source code: change it. </li>
+  <li> If a password has been disclosed through the source code: change it. </li>
 </ul>
 <h2>Sensitive Code Example</h2>
 <p><a href="https://docs.spring.io/spring-social-twitter/docs/1.1.0.RELEASE/reference/htmlsingle/">Spring-social-twitter</a> secrets can be stored
@@ -62,9 +62,11 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> <a href="https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/">OWASP Top 10 2021 Category A7</a> - Identification and
+  Authentication Failures </li>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication">OWASP Top 10 2017 Category A2</a> - Broken Authentication </li>
-  <li> <a href="https://cwe.mitre.org/data/definitions/798">MITRE, CWE-798</a> - Use of Hard-coded Credentials </li>
-  <li> <a href="https://cwe.mitre.org/data/definitions/259">MITRE, CWE-259</a> - Use of Hard-coded Password </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/798.html">MITRE, CWE-798</a> - Use of Hard-coded Credentials </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/259.html">MITRE, CWE-259</a> - Use of Hard-coded Password </li>
   <li> <a href="https://www.sans.org/top25-software-errors/#cat3">SANS Top 25</a> - Porous Defenses </li>
   <li> Derived from FindSecBugs rule <a href="https://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD">Hard Coded Password</a> </li>
 </ul>

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S2068.json

@@ -22,6 +22,9 @@
     ],
     "OWASP": [
       "A2"
+    ],
+    "OWASP Top 10 2021": [
+      "A7"
     ]
   }
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S2260.json

@@ -12,6 +12,6 @@
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-2260",
   "sqKey": "S2260",
-  "scope": "Main",
+  "scope": "All",
   "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S2647.html

@@ -28,11 +28,12 @@ <h2>Exceptions</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> <a href="https://owasp.org/Top10/A03_2021-Injection/">OWASP Top 10 2021 Category A4</a> - Insecure Design </li>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure">OWASP Top 10 2017 Category A3</a> - Sensitive Data Exposure
   </li>
   <li> <a href="https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html#user-authentication">OWASP Web Service Security
   Cheat Sheet</a> </li>
-  <li> <a href="https://cwe.mitre.org/data/definitions/522">MITRE, CWE-522</a> - Insufficiently Protected Credentials </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/522.html">MITRE, CWE-522</a> - Insufficiently Protected Credentials </li>
   <li> <a href="https://www.sans.org/top25-software-errors/#cat3">SANS Top 25</a> - Porous Defenses </li>
 </ul>
 

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S2647.json

@@ -21,6 +21,9 @@
     ],
     "OWASP": [
       "A3"
+    ],
+    "OWASP Top 10 2021": [
+      "A4"
     ]
   },
   "quickfix": "unknown"

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3281.html

@@ -24,6 +24,7 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">OWASP Top 10 2021 Category A5</a> - Security Misconfiguration </li>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration">OWASP Top 10 2017 Category A6</a> - Security
   Misconfiguration </li>
 </ul>

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3281.json

@@ -7,8 +7,7 @@
     "constantCost": "5min"
   },
   "tags": [
-    "owasp-a6",
-    "java"
+    "owasp-a6"
   ],
   "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-3281",
@@ -17,6 +16,10 @@
   "securityStandards": {
     "OWASP": [
       "A6"
+    ],
+    "OWASP Top 10 2021": [
+      "A5"
     ]
-  }
+  },
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3282.json

@@ -7,11 +7,11 @@
     "constantCost": "15min"
   },
   "tags": [
-    "pitfall",
-    "java"
+    "pitfall"
   ],
   "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-3282",
   "sqKey": "S3282",
-  "scope": "Main"
+  "scope": "Main",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3330.html

@@ -38,12 +38,11 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">OWASP Top 10 2021 Category A5</a> - Security Misconfiguration </li>
   <li> <a href="https://www.owasp.org/index.php/HttpOnly">OWASP HttpOnly</a> </li>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)">OWASP Top 10 2017 Category A7</a> - Cross-Site Scripting
   (XSS) </li>
-  <li> <a href="http://cwe.mitre.org/data/definitions/79.html">CWE-79</a> - Improper Neutralization of Input During Web Page Generation ('Cross-site
-  Scripting') </li>
-  <li> <a href="https://cwe.mitre.org/data/definitions/1004.html">CWE-1004</a> - Sensitive Cookie Without 'HttpOnly' Flag </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/1004.html">MITRE, CWE-1004</a> - Sensitive Cookie Without 'HttpOnly' Flag </li>
   <li> <a href="https://www.sans.org/top25-software-errors/#cat1">SANS Top 25</a> - Insecure Interaction Between Components </li>
   <li> Derived from FindSecBugs rule <a href="https://find-sec-bugs.github.io/bugs.htm#HTTPONLY_COOKIE">HTTPONLY_COOKIE</a> </li>
 </ul>

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3330.json

@@ -18,11 +18,13 @@
   "scope": "Main",
   "securityStandards": {
     "CWE": [
-      79,
       1004
     ],
     "OWASP": [
       "A7"
+    ],
+    "OWASP Top 10 2021": [
+      "A5"
     ]
   }
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3355.html

@@ -21,6 +21,7 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">OWASP Top 10 2021 Category A5</a> - Security Misconfiguration </li>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration">OWASP Top 10 2017 Category A6</a> - Security
   Misconfiguration </li>
 </ul>

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3355.json

@@ -7,8 +7,7 @@
     "constantCost": "30min"
   },
   "tags": [
-    "owasp-a6",
-    "java"
+    "owasp-a6"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-3355",
@@ -17,6 +16,10 @@
   "securityStandards": {
     "OWASP": [
       "A6"
+    ],
+    "OWASP Top 10 2021": [
+      "A5"
     ]
-  }
+  },
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3373.json

@@ -9,11 +9,11 @@
   },
   "tags": [
     "brain-overload",
-    "struts",
-    "java"
+    "struts"
   ],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-3373",
   "sqKey": "S3373",
-  "scope": "Main"
+  "scope": "Main",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3374.json

@@ -18,5 +18,6 @@
     "CWE": [
       102
     ]
-  }
+  },
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3417.json

@@ -7,11 +7,11 @@
     "constantCost": "0min"
   },
   "tags": [
-    "maven",
-    "java"
+    "maven"
   ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-3417",
   "sqKey": "S3417",
-  "scope": "Main"
+  "scope": "Main",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3419.json

@@ -8,11 +8,11 @@
   },
   "tags": [
     "convention",
-    "maven",
-    "java"
+    "maven"
   ],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-3419",
   "sqKey": "S3419",
-  "scope": "All"
+  "scope": "All",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3420.json

@@ -13,5 +13,6 @@
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-3420",
   "sqKey": "S3420",
-  "scope": "All"
+  "scope": "All",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3421.json

@@ -13,5 +13,6 @@
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-3421",
   "sqKey": "S3421",
-  "scope": "All"
+  "scope": "All",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3422.json

@@ -13,5 +13,6 @@
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-3422",
   "sqKey": "S3422",
-  "scope": "All"
+  "scope": "All",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3423.json

@@ -13,5 +13,6 @@
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-3423",
   "sqKey": "S3423",
-  "scope": "Main"
+  "scope": "Main",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3438.json

@@ -12,5 +12,6 @@
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-3438",
   "sqKey": "S3438",
-  "scope": "Main"
+  "scope": "Main",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3439.json

@@ -7,11 +7,11 @@
     "constantCost": "2min"
   },
   "tags": [
-    "spring",
-    "java"
+    "spring"
   ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-3439",
   "sqKey": "S3439",
-  "scope": "Main"
+  "scope": "Main",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S3822.json

@@ -8,11 +8,11 @@
   },
   "tags": [
     "hibernate",
-    "sql",
-    "java"
+    "sql"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-3822",
   "sqKey": "S3822",
-  "scope": "All"
+  "scope": "All",
+  "quickfix": "unknown"
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S4507.html

@@ -38,11 +38,12 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">OWASP Top 10 2021 Category A5</a> - Security Misconfiguration </li>
   <li> <a href="https://mobile-security.gitbook.io/masvs/security-requirements/0x12-v7-code_quality_and_build_setting_requirements">Mobile AppSec
   Verification Standard</a> - Code Quality and Build Setting Requirements </li>
   <li> <a href="https://www.owasp.org/index.php/Mobile_Top_10_2016-M10-Extraneous_Functionality">OWASP Mobile Top 10 2016 Category M10</a> -
   Extraneous Functionality </li>
-  <li> <a href="https://cwe.mitre.org/data/definitions/215.html">CWE-215</a> - Information Exposure Through Debug Information </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/215.html">MITRE, CWE-215</a> - Information Exposure Through Debug Information </li>
   <li> <a href="https://developer.android.com/studio/publish/preparing">developer.android.com</a> - Prepare for release </li>
 </ul>
 

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S4507.json

@@ -28,6 +28,12 @@
     ],
     "MASVS": [
       "MSTG-CODE-2"
+    ],
+    "OWASP": [
+      "A3"
+    ],
+    "OWASP Top 10 2021": [
+      "A5"
     ]
   }
 }

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5122.html

@@ -48,6 +48,9 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">OWASP Top 10 2021 Category A5</a> - Security Misconfiguration </li>
+  <li> <a href="https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/">OWASP Top 10 2021 Category A7</a> - Identification and
+  Authentication Failures </li>
   <li> <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">developer.mozilla.org</a> - CORS </li>
   <li> <a href="https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy">developer.mozilla.org</a> - Same origin policy </li>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration">OWASP Top 10 2017 Category A6</a> - Security

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5122.json

@@ -18,6 +18,10 @@
     ],
     "OWASP": [
       "A6"
+    ],
+    "OWASP Top 10 2021": [
+      "A5",
+      "A7"
     ]
   }
 }