Revert accidentally deprecated rules S2255 and S4787, remove deprecated

S2583 from the profile

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2255.html

@@ -56,6 +56,4 @@ <h2>See</h2>
   FIO52-J.</a> - Do not store unencrypted sensitive information on the client side </li>
   <li> Derived from FindSecBugs rule <a href="https://find-sec-bugs.github.io/bugs.htm#COOKIE_USAGE">COOKIE_USAGE</a> </li>
 </ul>
-<h2>Deprecated</h2>
-<p>This rule is deprecated, and will eventually be removed.</p>
 

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2255.json

@@ -1,13 +1,15 @@
 {
   "title": "Writing cookies is security-sensitive",
   "type": "SECURITY_HOTSPOT",
-  "status": "deprecated",
+  "status": "ready",
   "remediation": {
     "func": "Constant\/Issue",
     "constantCost": "5min"
   },
   "tags": [
-
+    "cwe",
+    "sans-top25-porous",
+    "owasp-a3"
   ],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-2255",
@@ -16,5 +18,16 @@
     "JAVASCRIPT",
     "TYPESCRIPT"
   ],
-  "scope": "Main"
+  "scope": "Main",
+  "securityStandards": {
+    "CWE": [
+      315,
+      312,
+      565,
+      807
+    ],
+    "OWASP": [
+      "A3"
+    ]
+  }
 }

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4787.html

@@ -84,6 +84,4 @@ <h2>See</h2>
   <li> <a href="http://cwe.mitre.org/data/definitions/327.html">MITRE, CWE-327</a> - Use of a Broken or Risky Cryptographic Algorithm </li>
   <li> <a href="https://www.sans.org/top25-software-errors/#cat3">SANS Top 25</a> - Porous Defenses </li>
 </ul>
-<h2>Deprecated</h2>
-<p>This rule is deprecated, and will eventually be removed.</p>
 

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4787.json

@@ -1,9 +1,12 @@
 {
   "title": "Encrypting data is security-sensitive",
   "type": "SECURITY_HOTSPOT",
-  "status": "deprecated",
+  "status": "ready",
   "tags": [
-
+    "cwe",
+    "owasp-a6",
+    "sans-top25-porous",
+    "owasp-a3"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-4787",
@@ -12,5 +15,21 @@
     "JAVASCRIPT",
     "TYPESCRIPT"
   ],
-  "scope": "Main"
+  "scope": "Main",
+  "securityStandards": {
+    "CWE": [
+      321,
+      322,
+      323,
+      324,
+      325,
+      326,
+      327,
+      522
+    ],
+    "OWASP": [
+      "A3",
+      "A6"
+    ]
+  }
 }

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/Sonar_way_profile.json

@@ -50,7 +50,6 @@
     "S2255",
     "S2259",
     "S2432",
-    "S2583",
     "S2589",
     "S2598",
     "S2681",

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/Sonar_way_recommended_profile.json

@@ -84,7 +84,6 @@
     "S2424",
     "S2428",
     "S2432",
-    "S2583",
     "S2589",
     "S2598",
     "S2681",

sonar-javascript-plugin/src/test/java/org/sonar/plugins/javascript/JavaScriptProfilesDefinitionTest.java

@@ -20,22 +20,38 @@
 package org.sonar.plugins.javascript;
 
 import java.lang.annotation.Annotation;
+import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
 import org.junit.Before;
 import org.junit.Test;
+import org.sonar.api.rule.RuleStatus;
 import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition;
 import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition.BuiltInQualityProfile;
+import org.sonar.api.server.rule.RulesDefinition;
 import org.sonar.check.Rule;
 import org.sonar.javascript.checks.CheckList;
+import org.sonar.plugins.javascript.rules.JavaScriptRulesDefinition;
+import org.sonar.plugins.javascript.rules.TypeScriptRulesDefinition;
 import org.sonarsource.analyzer.commons.BuiltInQualityProfileJsonLoader;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.SONAR_WAY_JSON;
 import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.SONAR_WAY_RECOMMENDED_JSON;
 
 public class JavaScriptProfilesDefinitionTest {
-  private BuiltInQualityProfilesDefinition.Context context = new BuiltInQualityProfilesDefinition.Context();
+  private final BuiltInQualityProfilesDefinition.Context context = new BuiltInQualityProfilesDefinition.Context();
+  private final Set<String> deprecatedJsRules =
+    TestUtils.buildRepository("javascript", new JavaScriptRulesDefinition()).rules().stream()
+      .filter(r -> r.status() == RuleStatus.DEPRECATED)
+      .map(RulesDefinition.Rule::key)
+      .collect(Collectors.toSet());
+
+  private final Set<String> deprecatedTsRules =
+    TestUtils.buildRepository("typescript", new TypeScriptRulesDefinition()).rules().stream()
+      .filter(r -> r.status() == RuleStatus.DEPRECATED)
+      .map(RulesDefinition.Rule::key)
+      .collect(Collectors.toSet());
 
   @Before
   public void setUp() {
@@ -50,6 +66,15 @@ public void sonar_way_js() {
     assertThat(profile.name()).isEqualTo(JavaScriptProfilesDefinition.SONAR_WAY);
     assertThat(profile.rules()).extracting("repoKey").containsOnly(CheckList.JS_REPOSITORY_KEY);
     assertThat(profile.rules().size()).isGreaterThan(50);
+
+    assertThat(deprecatedRulesInProfile(profile, deprecatedJsRules)).isEmpty();
+  }
+
+  private List<String> deprecatedRulesInProfile(BuiltInQualityProfile profile, Set<String> deprecatedRuleKeys) {
+    return profile.rules().stream()
+      .map(BuiltInQualityProfilesDefinition.BuiltInActiveRule::ruleKey)
+      .filter(deprecatedRuleKeys::contains)
+      .collect(Collectors.toList());
   }
 
   @Test
@@ -60,6 +85,8 @@ public void sonar_way_recommended_js() {
     assertThat(profile.name()).isEqualTo("Sonar way Recommended");
     assertThat(profile.rules()).extracting("repoKey").containsOnly("common-js", CheckList.JS_REPOSITORY_KEY);
     assertThat(profile.rules().size()).isGreaterThan(110);
+
+    assertThat(deprecatedRulesInProfile(profile, deprecatedJsRules)).isEmpty();
   }
 
   @Test
@@ -71,6 +98,8 @@ public void sonar_way_ts() {
     assertThat(profile.rules()).extracting("repoKey").containsOnly(CheckList.TS_REPOSITORY_KEY);
     assertThat(profile.rules().size()).isGreaterThan(0);
     assertThat(profile.rules()).extracting(BuiltInQualityProfilesDefinition.BuiltInActiveRule::ruleKey).contains("S5122");
+
+    assertThat(deprecatedRulesInProfile(profile, deprecatedTsRules)).isEmpty();
   }
 
   @Test
@@ -82,6 +111,8 @@ public void sonar_way_recommended_ts() {
     assertThat(profile.rules()).extracting("repoKey").containsOnly("common-ts", CheckList.TS_REPOSITORY_KEY);
     assertThat(profile.rules().size()).isGreaterThan(1);
     assertThat(profile.rules()).extracting(BuiltInQualityProfilesDefinition.BuiltInActiveRule::ruleKey).contains("S5122");
+
+    assertThat(deprecatedRulesInProfile(profile, deprecatedTsRules)).isEmpty();
   }
 
   @Test

sonar-javascript-plugin/src/test/java/org/sonar/plugins/javascript/TestUtils.java

@@ -24,6 +24,8 @@
 import org.sonar.api.batch.fs.internal.DefaultInputFile;
 import org.sonar.api.batch.fs.internal.TestInputFileBuilder;
 import org.sonar.api.batch.sensor.internal.SensorContextTester;
+import org.sonar.api.server.rule.RulesDefinition;
+import org.sonar.plugins.javascript.rules.TypeScriptRulesDefinition;
 
 public class TestUtils {
   public static DefaultInputFile createInputFile(SensorContextTester sensorContext, String content, String relativePath) {
@@ -38,4 +40,10 @@ public static DefaultInputFile createInputFile(SensorContextTester sensorContext
     sensorContext.fileSystem().add(testInputFile);
     return testInputFile;
   }
+
+  public static RulesDefinition.Repository buildRepository(String repositoryKey, RulesDefinition rulesDefinition) {
+    RulesDefinition.Context context = new RulesDefinition.Context();
+    rulesDefinition.define(context);
+    return context.repository(repositoryKey);
+  }
 }

sonar-javascript-plugin/src/test/java/org/sonar/plugins/javascript/rules/JavaScriptRulesDefinitionTest.java

@@ -28,14 +28,15 @@
 import org.sonar.api.server.rule.RulesDefinition.Repository;
 import org.sonar.api.server.rule.RulesDefinition.Rule;
 import org.sonar.javascript.checks.CheckList;
+import org.sonar.plugins.javascript.TestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class JavaScriptRulesDefinitionTest {
 
   @Test
   public void test() {
-    RulesDefinition.Repository repository = buildRepository();
+    RulesDefinition.Repository repository = TestUtils.buildRepository("javascript", new JavaScriptRulesDefinition());
 
     assertThat(repository.name()).isEqualTo("SonarAnalyzer");
     assertThat(repository.language()).isEqualTo("js");
@@ -48,19 +49,11 @@ public void test() {
 
   @Test
   public void sonarlint() {
-    RulesDefinition.Repository repository = buildRepository();
+    RulesDefinition.Repository repository = TestUtils.buildRepository("javascript", new JavaScriptRulesDefinition());
     assertThat(repository.rule("S909").activatedByDefault()).isFalse();
     assertThat(repository.rule("S930").activatedByDefault()).isTrue();
   }
 
-  private RulesDefinition.Repository buildRepository() {
-    JavaScriptRulesDefinition rulesDefinition = new JavaScriptRulesDefinition();
-    RulesDefinition.Context context = new RulesDefinition.Context();
-    rulesDefinition.define(context);
-    RulesDefinition.Repository repository = context.repository("javascript");
-    return repository;
-  }
-
   private void assertParameterProperties(Repository repository) {
     // TooManyLinesInFunctionCheck
     Param max = repository.rule("S138").param("max");

sonar-javascript-plugin/src/test/java/org/sonar/plugins/javascript/rules/TypeScriptRulesDefinitionTest.java

@@ -29,11 +29,11 @@
 import org.junit.Test;
 import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.debt.DebtRemediationFunction.Type;
-import org.sonar.api.server.rule.RulesDefinition;
 import org.sonar.api.server.rule.RulesDefinition.Param;
 import org.sonar.api.server.rule.RulesDefinition.Repository;
 import org.sonar.api.server.rule.RulesDefinition.Rule;
 import org.sonar.javascript.checks.CheckList;
+import org.sonar.plugins.javascript.TestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -43,7 +43,7 @@ public class TypeScriptRulesDefinitionTest {
 
   @Test
   public void test() {
-    Repository repository = buildRepository();
+    Repository repository = TestUtils.buildRepository("typescript", new TypeScriptRulesDefinition());
 
     assertThat(repository.name()).isEqualTo("SonarAnalyzer");
     assertThat(repository.language()).isEqualTo("ts");
@@ -55,7 +55,7 @@ public void test() {
 
   @Test
   public void sonarlint() {
-    Repository repository = buildRepository();
+    Repository repository = TestUtils.buildRepository("typescript", new TypeScriptRulesDefinition());
     assertThat(repository.rule("S3923").activatedByDefault()).isTrue();
   }
 
@@ -108,14 +108,6 @@ private static class RuleJson {
     String sqKey;
   }
 
-  private Repository buildRepository() {
-    TypeScriptRulesDefinition rulesDefinition = new TypeScriptRulesDefinition();
-    RulesDefinition.Context context = new RulesDefinition.Context();
-    rulesDefinition.define(context);
-    Repository repository = context.repository("typescript");
-    return repository;
-  }
-
   private void assertRuleProperties(Repository repository) {
     Rule rule = repository.rule("S3923");
     assertThat(rule).isNotNull();