From a84a68d8e1237242f7a6f5bc7fc901cea20f6de1 Mon Sep 17 00:00:00 2001
From: Irina Batinic
 <117161143+irina-batinic-sonarsource@users.noreply.github.com>
Date: Wed, 24 Apr 2024 14:41:22 +0200
Subject: [PATCH] SONARJAVA-4953 Update External Linters Metadata (#4779)

---
 .../rules/spotbugs/findsecbugs-rules.json     | 18 +++++++
 .../java/rules/spotbugs/spotbugs-rules.json   | 49 +++++++++++++++++++
 2 files changed, 67 insertions(+)

diff --git a/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/findsecbugs-rules.json b/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/findsecbugs-rules.json
index d3ead1d946e..8cc118c25e4 100644
--- a/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/findsecbugs-rules.json
+++ b/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/findsecbugs-rules.json
@@ -371,6 +371,12 @@
     "type": "VULNERABILITY",
     "url": "https://find-sec-bugs.github.io/bugs.htm#PLAY_UNVALIDATED_REDIRECT"
   },
+  {
+    "key": "POTENTIAL_XML_INJECTION",
+    "name": "An unsafe string is potentially injected into an XML string",
+    "type": "VULNERABILITY",
+    "url": "https://find-sec-bugs.github.io/bugs.htm#POTENTIAL_XML_INJECTION"
+  },
   {
     "key": "PREDICTABLE_RANDOM",
     "name": "Predictable pseudorandom number generator",
@@ -821,6 +827,18 @@
     "type": "VULNERABILITY",
     "url": "https://find-sec-bugs.github.io/bugs.htm#XXE_SAXPARSER"
   },
+  {
+    "key": "XXE_SCHEMA_FACTORY",
+    "name": "XML schema processing vulnerable to XXE",
+    "type": "VULNERABILITY",
+    "url": "https://find-sec-bugs.github.io/bugs.htm#XXE_SCHEMA_FACTORY"
+  },
+  {
+    "key": "XXE_VALIDATOR",
+    "name": "XML validation vulnerable to XXE",
+    "type": "VULNERABILITY",
+    "url": "https://find-sec-bugs.github.io/bugs.htm#XXE_VALIDATOR"
+  },
   {
     "key": "XXE_XMLREADER",
     "name": "XML parsing vulnerable to XXE (XMLReader)",
diff --git a/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/spotbugs-rules.json b/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/spotbugs-rules.json
index 03a4841157c..77606f458e6 100644
--- a/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/spotbugs-rules.json
+++ b/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/spotbugs-rules.json
@@ -1623,6 +1623,13 @@
     "severity": "MAJOR",
     "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mc-overridable-method-call-in-constructor"
   },
+  {
+    "key": "MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT",
+    "name": "Malicious code - An overridable method is called from the readObject method.",
+    "type": "CODE_SMELL",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mc-overridable-method-call-in-read-object"
+  },
   {
     "key": "ME_ENUM_FIELD_SETTER",
     "name": "Bad practice - Public enum method unconditionally sets its field",
@@ -2876,6 +2883,48 @@
     "severity": "MAJOR",
     "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sic-threadlocal-deadly-embrace"
   },
+  {
+    "key": "SING_SINGLETON_GETTER_NOT_SYNCHRONIZED",
+    "name": "Correctness - Instance-getter method of class using singleton design pattern is not synchronized.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-getter-not-synchronized"
+  },
+  {
+    "key": "SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR",
+    "name": "Correctness - Class using singleton design pattern has non-private constructor.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-has-nonprivate-constructor"
+  },
+  {
+    "key": "SING_SINGLETON_IMPLEMENTS_CLONEABLE",
+    "name": "Correctness - Class using singleton design pattern directly implements Cloneable interface.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-implements-cloneable"
+  },
+  {
+    "key": "SING_SINGLETON_IMPLEMENTS_CLONE_METHOD",
+    "name": "Correctness - Class using singleton design pattern implements clone() method without being an unconditional CloneNotSupportedException-thrower.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-implements-clone-method"
+  },
+  {
+    "key": "SING_SINGLETON_IMPLEMENTS_SERIALIZABLE",
+    "name": "Correctness - Class using singleton design pattern directly or indirectly implements Serializable interface.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-implements-serializable"
+  },
+  {
+    "key": "SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE",
+    "name": "Correctness - Class using singleton design pattern indirectly implements Cloneable interface.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-indirectly-implements-cloneable"
+  },
   {
     "key": "SIO_SUPERFLUOUS_INSTANCEOF",
     "name": "Correctness - Unnecessary type check done using instanceof operator",