Update RSPEC before 9.18 release (#8616)

SonarSource · Jan 25, 2024 · 3cb326e · 3cb326e
1 parent e11a383
commit 3cb326e
Show file tree

Hide file tree

Showing 27 changed files with 201 additions and 151 deletions.
diff --git a/analyzers/rspec/cs/S106.html b/analyzers/rspec/cs/S106.html
@@ -49,5 +49,7 @@ <h2>Resources</h2>
 <ul>
   <li> OWASP - <a href="https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/">Top 10 2021 Category A9 - Security Logging and
   Monitoring Failures</a> </li>
+  <li> OWASP - <a href="https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
+  Exposure</a> </li>
 </ul>
 
diff --git a/analyzers/rspec/cs/S3260.html b/analyzers/rspec/cs/S3260.html
@@ -67,19 +67,17 @@ <h3>Articles &amp; blog posts</h3>
 <h3>Benchmarks</h3>
 <table>
   <colgroup>
-    <col style="width: 20%;">
-    <col style="width: 20%;">
-    <col style="width: 20%;">
-    <col style="width: 20%;">
-    <col style="width: 20%;">
+    <col style="width: 25%;">
+    <col style="width: 25%;">
+    <col style="width: 25%;">
+    <col style="width: 25%;">
   </colgroup>
   <thead>
     <tr>
       <th>Method</th>
       <th>Runtime</th>
       <th>Mean</th>
-      <th>StdDev</th>
-      <th>Ratio</th>
+      <th>Standard Deviation</th>
     </tr>
   </thead>
   <tbody>
@@ -88,45 +86,44 @@ <h3>Benchmarks</h3>
       <td><p>.NET 5.0</p></td>
       <td><p>918.7 us</p></td>
       <td><p>10.72 us</p></td>
-      <td><p>1.00</p></td>
     </tr>
     <tr>
       <td><p>SealedType</p></td>
       <td><p>.NET 5.0</p></td>
       <td><p>231.2 us</p></td>
       <td><p>3.20 us</p></td>
-      <td><p>0.25</p></td>
     </tr>
     <tr>
       <td><p>UnsealedType</p></td>
       <td><p>.NET 6.0</p></td>
       <td><p>867.9 us</p></td>
       <td><p>5.65 us</p></td>
-      <td><p>1.00</p></td>
     </tr>
     <tr>
       <td><p>SealedType</p></td>
       <td><p>.NET 6.0</p></td>
       <td><p>218.4 us</p></td>
       <td><p>0.59 us</p></td>
-      <td><p>0.25</p></td>
     </tr>
     <tr>
       <td><p>UnsealedType</p></td>
       <td><p>.NET 7.0</p></td>
       <td><p>1,074.5 us</p></td>
       <td><p>3.15 us</p></td>
-      <td><p>1.00</p></td>
     </tr>
     <tr>
       <td><p>SealedType</p></td>
       <td><p>.NET 7.0</p></td>
       <td><p>216.1 us</p></td>
       <td><p>1.19 us</p></td>
-      <td><p>0.20</p></td>
     </tr>
   </tbody>
 </table>
+<h4>Glossary</h4>
+<ul>
+  <li> <a href="https://en.wikipedia.org/wiki/Arithmetic_mean">Mean</a> </li>
+  <li> <a href="https://en.wikipedia.org/wiki/Standard_deviation">Standard Deviation</a> </li>
+</ul>
 <p>The results were generated by running the following snippet with <a href="https://github.com/dotnet/BenchmarkDotNet">BenchmarkDotNet</a>:</p>
 <pre>
 [Params(1_000_000)]

diff --git a/analyzers/rspec/cs/S3329.html b/analyzers/rspec/cs/S3329.html
@@ -88,11 +88,10 @@ <h3>Standards</h3>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
   Exposure</a> </li>
-  <li> OWASP - <a href="https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements">Mobile AppSec
-  Verification Standard - Cryptography Requirements</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography">Mobile Top 10 2016 Category M5 -
-  Insufficient Cryptography</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
+  Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/329">CWE-329 - Not Using an Unpredictable IV with CBC Mode</a> </li>
+  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/780">CWE-780 - Use of RSA Algorithm without OAEP</a> </li>
   <li> <a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf">NIST, SP-800-38A</a> - Recommendation for Block Cipher
   Modes of Operation </li>
 </ul>

diff --git a/analyzers/rspec/cs/S3329.json b/analyzers/rspec/cs/S3329.json
@@ -21,24 +21,29 @@
   "scope": "Main",
   "securityStandards": {
     "CWE": [
-      329
+      327,
+      780
     ],
     "OWASP": [
+      "A6",
       "A3"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-6"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],
+    "PCI DSS 3.2": [
+      "4.1",
+      "6.5.3",
+      "6.5.4"
+    ],
+    "PCI DSS 4.0": [
+      "4.2.1",
+      "6.2.4"
+    ],
     "ASVS 4.0": [
-      "2.3.1",
-      "2.6.2",
-      "2.9.2"
+      "2.9.3",
+      "6.2.2",
+      "8.3.7"
     ]
   },
   "quickfix": "targeted"

diff --git a/analyzers/rspec/cs/S4027.html b/analyzers/rspec/cs/S4027.html
@@ -4,52 +4,46 @@ <h2>Why is this an issue?</h2>
   <li> <code>public MyException()</code> </li>
   <li> <code>public MyException(string)</code> </li>
   <li> <code>public MyException(string, Exception)</code> </li>
-  <li> <code>protected</code> or <code>private MyException(SerializationInfo, StreamingContext)</code> </li>
 </ul>
-<p>That fourth constructor should be <code>protected</code> in unsealed classes, and <code>private</code> in sealed classes.</p>
-<p>Not having this full set of constructors can make it difficult to handle exceptions.</p>
-<h3>Noncompliant code example</h3>
-<pre>
-using System;
-
-namespace MyLibrary
+<p>The absence of these constructors can complicate exception handling and limit the information that can be provided when an exception is thrown.</p>
+<h2>How to fix it</h2>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+public class MyException : Exception // Noncompliant: several constructors are missing
 {
-  public class MyException // Noncompliant: several constructors are missing
-  {
     public MyException()
     {
     }
-  }
 }
 </pre>
-<h3>Compliant solution</h3>
-<pre>
-using System;
-using System.Runtime.Serialization;
-
-namespace MyLibrary
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+public class MyException : Exception
 {
-  public class MyException : Exception
-  {
-      public MyException()
-      {
-      }
-
-      public MyException(string message)
-          :base(message)
-      {
-      }
+    public MyException()
+    {
+    }
 
-      public MyException(string message, Exception innerException)
-          : base(message, innerException)
-      {
-      }
+    public MyException(string message)
+        : base(message)
+    {
+    }
 
-      protected MyException(SerializationInfo info, StreamingContext context)
-          : base(info, context)
-      {
-      }
-  }
+    public MyException(string message, Exception innerException)
+        : base(message, innerException)
+    {
+    }
 }
 </pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li> Microsoft Learn: <a href="https://learn.microsoft.com/en-us/dotnet/standard/exceptions/how-to-create-user-defined-exceptions">How to create
+  user-defined exceptions</a> </li>
+  <li> Microsoft Learn: <a href="https://learn.microsoft.com/en-us/dotnet/api/system.exception">Exception Class</a> </li>
+  <li> Microsoft Learn: <a
+  href="https://learn.microsoft.com/en-us/dotnet/csharp/fundamentals/exceptions/creating-and-throwing-exceptions#define-exception-classes">Define
+  exception classes</a> </li>
+</ul>
 
diff --git a/analyzers/rspec/cs/S4035.html b/analyzers/rspec/cs/S4035.html
@@ -4,7 +4,7 @@ <h2>Why is this an issue?</h2>
 to make a meaningful comparison. Therefore that implicit contract is now broken.</p>
 <p>Alternatively <code>IEqualityComparer&lt;T&gt;</code> provides a safer interface and is used by collections or <code>Equals</code> could be made
 <code>virtual</code>.</p>
-<p>This rule raises an issue when an unsealed, <code>public</code> or <code>protected</code> class implements <code>IEquitable&lt;T&gt;</code> and the
+<p>This rule raises an issue when an unsealed, <code>public</code> or <code>protected</code> class implements <code>IEquatable&lt;T&gt;</code> and the
 <code>Equals</code> is neither <code>virtual</code> nor <code>abstract</code>.</p>
 <h3>Noncompliant code example</h3>
 <pre>

diff --git a/analyzers/rspec/cs/S4423.html b/analyzers/rspec/cs/S4423.html
@@ -110,6 +110,10 @@ <h3>Articles &amp; blog posts</h3>
 <h3>Standards</h3>
 <ul>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
+  <li> OWASP - <a href="https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/">Top 10 2021 Category A7 - Identification and
+  Authentication Failures</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
+  Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
   Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/327">CWE-327 - Use of a Broken or Risky Cryptographic Algorithm</a> </li>

diff --git a/analyzers/rspec/cs/S5042.html b/analyzers/rspec/cs/S5042.html
@@ -77,8 +77,10 @@ <h2>See</h2>
 <ul>
   <li> OWASP - <a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/">Top 10 2021 Category A1 - Broken Access Control</a> </li>
   <li> OWASP - <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">Top 10 2021 Category A5 - Security Misconfiguration</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A6-Security_Misconfiguration">Top 10 2017 Category A6 -
-  Security Misconfiguration</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control">Top 10 2017 Category A5 - Broken Access Control</a>
+  </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
+  Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/409">CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)</a> </li>
   <li> <a href="https://www.bamsoftware.com/hacks/zipbomb/">bamsoftware.com</a> - A better Zip Bomb </li>
 </ul>

diff --git a/analyzers/rspec/cs/S5542.html b/analyzers/rspec/cs/S5542.html
@@ -109,6 +109,8 @@ <h3>Articles &amp; blog posts</h3>
 <h3>Standards</h3>
 <ul>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
+  Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
   Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/327">CWE-327 - Use of a Broken or Risky Cryptographic Algorithm</a> </li>

diff --git a/analyzers/rspec/cs/S5547.html b/analyzers/rspec/cs/S5547.html
@@ -86,6 +86,8 @@ <h3>Standards</h3>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
   Exposure</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
+  Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/327">CWE-327 - Use of a Broken or Risky Cryptographic Algorithm</a> </li>
 </ul>
 
diff --git a/analyzers/rspec/cs/S6610.html b/analyzers/rspec/cs/S6610.html
@@ -38,46 +38,45 @@ <h3>Documentation</h3>
 <h3>Benchmarks</h3>
 <table>
   <colgroup>
-    <col style="width: 25%;">
-    <col style="width: 25%;">
-    <col style="width: 25%;">
-    <col style="width: 25%;">
+    <col style="width: 33.3333%;">
+    <col style="width: 33.3333%;">
+    <col style="width: 33.3334%;">
   </colgroup>
   <thead>
     <tr>
       <th>Method</th>
       <th>Mean</th>
-      <th>StdDev</th>
-      <th>Median</th>
+      <th>Standard Deviation</th>
     </tr>
   </thead>
   <tbody>
     <tr>
       <td><p>StartsWith_String</p></td>
       <td><p>30.965 ms</p></td>
       <td><p>3.2732 ms</p></td>
-      <td><p>29.932 ms</p></td>
     </tr>
     <tr>
       <td><p>StartsWith_Char</p></td>
       <td><p>7.568 ms</p></td>
       <td><p>0.3235 ms</p></td>
-      <td><p>7.534 ms</p></td>
     </tr>
     <tr>
       <td><p>EndsWith_String</p></td>
       <td><p>30.421 ms</p></td>
       <td><p>5.1136 ms</p></td>
-      <td><p>28.101 ms</p></td>
     </tr>
     <tr>
       <td><p>EndsWith_Char</p></td>
       <td><p>8.067 ms</p></td>
       <td><p>0.7092 ms</p></td>
-      <td><p>7.935 ms</p></td>
     </tr>
   </tbody>
 </table>
+<h4>Glossary</h4>
+<ul>
+  <li> <a href="https://en.wikipedia.org/wiki/Arithmetic_mean">Mean</a> </li>
+  <li> <a href="https://en.wikipedia.org/wiki/Standard_deviation">Standard Deviation</a> </li>
+</ul>
 <p>The results were generated by running the following snippet with <a href="https://github.com/dotnet/BenchmarkDotNet">BenchmarkDotNet</a>:</p>
 <pre>
 private List&lt;string&gt; data;