From 9f463a5710a2a70cb12b20dbbe23fe894bd780ae Mon Sep 17 00:00:00 2001
From: Costin Zaharia
<56015273+costin-zaharia-sonarsource@users.noreply.github.com>
Date: Fri, 22 Apr 2022 11:20:28 +0200
Subject: [PATCH] Update RSPEC (#5585)
---
analyzers/rspec/cs/S1104_c#.html | 2 +-
analyzers/rspec/cs/S1121_c#.html | 2 +-
analyzers/rspec/cs/S112_c#.html | 2 +-
analyzers/rspec/cs/S1134_c#.html | 2 +-
analyzers/rspec/cs/S1135_c#.html | 2 +-
analyzers/rspec/cs/S1206_c#.html | 3 +--
analyzers/rspec/cs/S131_c#.html | 2 +-
analyzers/rspec/cs/S1696_c#.html | 4 +--
analyzers/rspec/cs/S1698_c#.html | 4 +--
analyzers/rspec/cs/S1854_c#.html | 2 +-
analyzers/rspec/cs/S1944_c#.html | 4 +--
analyzers/rspec/cs/S2053_c#.html | 4 +--
analyzers/rspec/cs/S2068_c#.html | 6 ++---
analyzers/rspec/cs/S2077_c#.html | 9 +++----
analyzers/rspec/cs/S2092_c#.html | 7 +++--
analyzers/rspec/cs/S2115_c#.html | 2 +-
analyzers/rspec/cs/S2184_c#.html | 2 +-
analyzers/rspec/cs/S2221_c#.html | 2 +-
analyzers/rspec/cs/S2222_c#.html | 2 +-
analyzers/rspec/cs/S2225_c#.html | 2 +-
analyzers/rspec/cs/S2245_c#.html | 10 +++----
analyzers/rspec/cs/S2255_c#.html | 4 +--
analyzers/rspec/cs/S2257_c#.html | 2 +-
analyzers/rspec/cs/S2259_c#.html | 2 +-
analyzers/rspec/cs/S2386_c#.html | 4 +--
analyzers/rspec/cs/S2486_c#.html | 2 +-
analyzers/rspec/cs/S2583_c#.html | 4 +--
analyzers/rspec/cs/S2589_c#.html | 4 +--
analyzers/rspec/cs/S2612_c#.html | 4 +--
analyzers/rspec/cs/S2681_c#.html | 2 +-
analyzers/rspec/cs/S2755_c#.html | 4 +--
analyzers/rspec/cs/S2930_c#.html | 2 +-
analyzers/rspec/cs/S2931_c#.html | 2 +-
analyzers/rspec/cs/S2952_c#.html | 2 +-
analyzers/rspec/cs/S3242_c#.html | 2 +-
analyzers/rspec/cs/S3329_c#.html | 8 +++---
analyzers/rspec/cs/S3330_c#.html | 2 +-
analyzers/rspec/cs/S3655_c#.html | 2 +-
analyzers/rspec/cs/S3884_c#.html | 2 +-
analyzers/rspec/cs/S4036_c#.html | 4 +--
analyzers/rspec/cs/S4423_c#.html | 4 +--
analyzers/rspec/cs/S4426_c#.html | 2 +-
analyzers/rspec/cs/S4433_c#.html | 2 +-
analyzers/rspec/cs/S4487_c#.html | 2 +-
analyzers/rspec/cs/S4502_c#.html | 2 +-
analyzers/rspec/cs/S4507_c#.html | 4 +--
analyzers/rspec/cs/S4564_c#.html | 2 +-
analyzers/rspec/cs/S4787_c#.html | 14 +++++-----
analyzers/rspec/cs/S4790_c#.html | 2 +-
analyzers/rspec/cs/S4792_c#.html | 4 +--
analyzers/rspec/cs/S4818_c#.html | 6 ++---
analyzers/rspec/cs/S4823_c#.html | 4 +--
analyzers/rspec/cs/S4829_c#.html | 2 +-
analyzers/rspec/cs/S4830_c#.html | 2 +-
analyzers/rspec/cs/S4834_c#.html | 8 +++---
analyzers/rspec/cs/S5042_c#.html | 2 +-
analyzers/rspec/cs/S5122_c#.html | 26 ++++++++++++++-----
analyzers/rspec/cs/S5332_c#.html | 4 +--
analyzers/rspec/cs/S5443_c#.html | 6 ++---
analyzers/rspec/cs/S5445_c#.html | 6 ++---
analyzers/rspec/cs/S5542_c#.html | 2 +-
analyzers/rspec/cs/S5547_c#.html | 2 +-
analyzers/rspec/cs/S5659_c#.html | 2 +-
analyzers/rspec/cs/S5693_c#.html | 4 +--
analyzers/rspec/cs/S5753_c#.html | 2 +-
analyzers/rspec/cs/S5766_c#.html | 2 +-
analyzers/rspec/cs/S5773_c#.html | 4 +--
analyzers/rspec/vbnet/S112_vb.net.html | 2 +-
analyzers/rspec/vbnet/S1134_vb.net.html | 2 +-
analyzers/rspec/vbnet/S1135_vb.net.html | 2 +-
analyzers/rspec/vbnet/S131_vb.net.html | 2 +-
analyzers/rspec/vbnet/S2068_vb.net.html | 6 ++---
analyzers/rspec/vbnet/S2077_vb.net.html | 9 +++----
analyzers/rspec/vbnet/S2222_vb.net.html | 2 +-
analyzers/rspec/vbnet/S2255_vb.net.html | 4 +--
analyzers/rspec/vbnet/S2257_vb.net.html | 2 +-
analyzers/rspec/vbnet/S2612_vb.net.html | 4 +--
analyzers/rspec/vbnet/S3884_vb.net.html | 2 +-
analyzers/rspec/vbnet/S4036_vb.net.html | 4 +--
analyzers/rspec/vbnet/S4423_vb.net.html | 4 +--
analyzers/rspec/vbnet/S4507_vb.net.html | 4 +--
analyzers/rspec/vbnet/S4787_vb.net.html | 14 +++++-----
analyzers/rspec/vbnet/S4790_vb.net.html | 2 +-
analyzers/rspec/vbnet/S4792_vb.net.html | 4 +--
analyzers/rspec/vbnet/S4818_vb.net.html | 6 ++---
analyzers/rspec/vbnet/S4823_vb.net.html | 4 +--
analyzers/rspec/vbnet/S4829_vb.net.html | 2 +-
analyzers/rspec/vbnet/S4830_vb.net.html | 2 +-
analyzers/rspec/vbnet/S4834_vb.net.html | 8 +++---
analyzers/rspec/vbnet/S5042_vb.net.html | 2 +-
analyzers/rspec/vbnet/S5443_vb.net.html | 6 ++---
analyzers/rspec/vbnet/S5445_vb.net.html | 6 ++---
analyzers/rspec/vbnet/S5542_vb.net.html | 2 +-
analyzers/rspec/vbnet/S5547_vb.net.html | 2 +-
analyzers/rspec/vbnet/S5659_vb.net.html | 2 +-
analyzers/rspec/vbnet/S5693_vb.net.html | 4 +--
analyzers/rspec/vbnet/S5753_vb.net.html | 2 +-
.../SonarAnalyzer.CSharp/RspecStrings.resx | 2 +-
.../src/SonarAnalyzer.CSharp/sonarpedia.json | 2 +-
.../Rules.Description/S1104.html | 2 +-
.../Rules.Description/S1121.html | 2 +-
.../Rules.Description/S112_cs.html | 2 +-
.../Rules.Description/S112_vb.html | 2 +-
.../Rules.Description/S1134_cs.html | 2 +-
.../Rules.Description/S1134_vb.html | 2 +-
.../Rules.Description/S1135_cs.html | 2 +-
.../Rules.Description/S1135_vb.html | 2 +-
.../Rules.Description/S1206.html | 3 +--
.../Rules.Description/S131_cs.html | 2 +-
.../Rules.Description/S131_vb.html | 2 +-
.../Rules.Description/S1696.html | 4 +--
.../Rules.Description/S1698.html | 4 +--
.../Rules.Description/S1854.html | 2 +-
.../Rules.Description/S1944.html | 4 +--
.../Rules.Description/S2053.html | 4 +--
.../Rules.Description/S2068_cs.html | 6 ++---
.../Rules.Description/S2068_vb.html | 6 ++---
.../Rules.Description/S2077_cs.html | 9 +++----
.../Rules.Description/S2077_vb.html | 9 +++----
.../Rules.Description/S2092.html | 7 +++--
.../Rules.Description/S2115.html | 2 +-
.../Rules.Description/S2184.html | 2 +-
.../Rules.Description/S2221.html | 2 +-
.../Rules.Description/S2222_cs.html | 2 +-
.../Rules.Description/S2222_vb.html | 2 +-
.../Rules.Description/S2225.html | 2 +-
.../Rules.Description/S2245.html | 10 +++----
.../Rules.Description/S2255_cs.html | 4 +--
.../Rules.Description/S2255_vb.html | 4 +--
.../Rules.Description/S2257_cs.html | 2 +-
.../Rules.Description/S2257_vb.html | 2 +-
.../Rules.Description/S2259.html | 2 +-
.../Rules.Description/S2386.html | 4 +--
.../Rules.Description/S2486.html | 2 +-
.../Rules.Description/S2583.html | 4 +--
.../Rules.Description/S2589.html | 4 +--
.../Rules.Description/S2612_cs.html | 4 +--
.../Rules.Description/S2612_vb.html | 4 +--
.../Rules.Description/S2681.html | 2 +-
.../Rules.Description/S2755.html | 4 +--
.../Rules.Description/S2930.html | 2 +-
.../Rules.Description/S2931.html | 2 +-
.../Rules.Description/S2952.html | 2 +-
.../Rules.Description/S3242.html | 2 +-
.../Rules.Description/S3329.html | 8 +++---
.../Rules.Description/S3330.html | 2 +-
.../Rules.Description/S3655.html | 2 +-
.../Rules.Description/S3884_cs.html | 2 +-
.../Rules.Description/S3884_vb.html | 2 +-
.../Rules.Description/S4036_cs.html | 4 +--
.../Rules.Description/S4036_vb.html | 4 +--
.../Rules.Description/S4423_cs.html | 4 +--
.../Rules.Description/S4423_vb.html | 4 +--
.../Rules.Description/S4426.html | 2 +-
.../Rules.Description/S4433.html | 2 +-
.../Rules.Description/S4487.html | 2 +-
.../Rules.Description/S4502.html | 2 +-
.../Rules.Description/S4507_cs.html | 4 +--
.../Rules.Description/S4507_vb.html | 4 +--
.../Rules.Description/S4564.html | 2 +-
.../Rules.Description/S4787_cs.html | 14 +++++-----
.../Rules.Description/S4787_vb.html | 14 +++++-----
.../Rules.Description/S4790_cs.html | 2 +-
.../Rules.Description/S4790_vb.html | 2 +-
.../Rules.Description/S4792_cs.html | 4 +--
.../Rules.Description/S4792_vb.html | 4 +--
.../Rules.Description/S4818_cs.html | 6 ++---
.../Rules.Description/S4818_vb.html | 6 ++---
.../Rules.Description/S4823_cs.html | 4 +--
.../Rules.Description/S4823_vb.html | 4 +--
.../Rules.Description/S4829_cs.html | 2 +-
.../Rules.Description/S4829_vb.html | 2 +-
.../Rules.Description/S4830_cs.html | 2 +-
.../Rules.Description/S4830_vb.html | 2 +-
.../Rules.Description/S4834_cs.html | 8 +++---
.../Rules.Description/S4834_vb.html | 8 +++---
.../Rules.Description/S5042_cs.html | 2 +-
.../Rules.Description/S5042_vb.html | 2 +-
.../Rules.Description/S5122.html | 26 ++++++++++++++-----
.../Rules.Description/S5332.html | 4 +--
.../Rules.Description/S5443_cs.html | 6 ++---
.../Rules.Description/S5443_vb.html | 6 ++---
.../Rules.Description/S5445_cs.html | 6 ++---
.../Rules.Description/S5445_vb.html | 6 ++---
.../Rules.Description/S5542_cs.html | 2 +-
.../Rules.Description/S5542_vb.html | 2 +-
.../Rules.Description/S5547_cs.html | 2 +-
.../Rules.Description/S5547_vb.html | 2 +-
.../Rules.Description/S5659_cs.html | 2 +-
.../Rules.Description/S5659_vb.html | 2 +-
.../Rules.Description/S5693_cs.html | 4 +--
.../Rules.Description/S5693_vb.html | 4 +--
.../Rules.Description/S5753_cs.html | 2 +-
.../Rules.Description/S5753_vb.html | 2 +-
.../Rules.Description/S5766.html | 2 +-
.../Rules.Description/S5773.html | 4 +--
.../SonarAnalyzer.VisualBasic/sonarpedia.json | 2 +-
197 files changed, 385 insertions(+), 365 deletions(-)
diff --git a/analyzers/rspec/cs/S1104_c#.html b/analyzers/rspec/cs/S1104_c#.html
index 10ebd95450c..e7a03756098 100644
--- a/analyzers/rspec/cs/S1104_c#.html
+++ b/analyzers/rspec/cs/S1104_c#.html
@@ -32,6 +32,6 @@ Exceptions
Fields inside classes or structs annotated with the StructLayoutAttribute are ignored by this rule.
See
diff --git a/analyzers/rspec/cs/S1121_c#.html b/analyzers/rspec/cs/S1121_c#.html
index 3b098ce7abd..a778ccf5ba8 100644
--- a/analyzers/rspec/cs/S1121_c#.html
+++ b/analyzers/rspec/cs/S1121_c#.html
@@ -39,6 +39,6 @@ Exceptions
See
diff --git a/analyzers/rspec/cs/S112_c#.html b/analyzers/rspec/cs/S112_c#.html
index 37c44167f3b..ed81a195b5f 100644
--- a/analyzers/rspec/cs/S112_c#.html
+++ b/analyzers/rspec/cs/S112_c#.html
@@ -26,6 +26,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S1134_c#.html b/analyzers/rspec/cs/S1134_c#.html
index 17df41a5b6e..f86c1f4b686 100644
--- a/analyzers/rspec/cs/S1134_c#.html
+++ b/analyzers/rspec/cs/S1134_c#.html
@@ -10,6 +10,6 @@ Noncompliant Code Example
See
diff --git a/analyzers/rspec/cs/S1135_c#.html b/analyzers/rspec/cs/S1135_c#.html
index c3d3910da66..c6a6b6aa554 100644
--- a/analyzers/rspec/cs/S1135_c#.html
+++ b/analyzers/rspec/cs/S1135_c#.html
@@ -10,6 +10,6 @@ Noncompliant Code Example
See
diff --git a/analyzers/rspec/cs/S1206_c#.html b/analyzers/rspec/cs/S1206_c#.html
index 48903456c45..6f7bd8d38b3 100644
--- a/analyzers/rspec/cs/S1206_c#.html
+++ b/analyzers/rspec/cs/S1206_c#.html
@@ -30,7 +30,6 @@ Compliant Solution
See
- - MITRE, CWE-581 - Object Model Violation: Just One of Equals and Hashcode Defined
-
+ - MITRE, CWE-581 - Object Model Violation: Just One of Equals and Hashcode Defined
diff --git a/analyzers/rspec/cs/S131_c#.html b/analyzers/rspec/cs/S131_c#.html
index 95c3467762b..7a53116e24b 100644
--- a/analyzers/rspec/cs/S131_c#.html
+++ b/analyzers/rspec/cs/S131_c#.html
@@ -31,6 +31,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S1696_c#.html b/analyzers/rspec/cs/S1696_c#.html
index dad7eb0d8e2..4feb71edcb5 100644
--- a/analyzers/rspec/cs/S1696_c#.html
+++ b/analyzers/rspec/cs/S1696_c#.html
@@ -36,7 +36,7 @@ Compliant Solution
See
- - MITRE, CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer
- Dereference
+ - MITRE, CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference
+
diff --git a/analyzers/rspec/cs/S1698_c#.html b/analyzers/rspec/cs/S1698_c#.html
index 195ca00dd72..7a3d57792e6 100644
--- a/analyzers/rspec/cs/S1698_c#.html
+++ b/analyzers/rspec/cs/S1698_c#.html
@@ -59,7 +59,7 @@ Exceptions
in this case we want to ensure reference equality even if some == overload is present).
See
diff --git a/analyzers/rspec/cs/S1854_c#.html b/analyzers/rspec/cs/S1854_c#.html
index 687ad44df0c..6c9813ce0da 100644
--- a/analyzers/rspec/cs/S1854_c#.html
+++ b/analyzers/rspec/cs/S1854_c#.html
@@ -22,6 +22,6 @@ Exceptions
See
- - MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
+ - MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
diff --git a/analyzers/rspec/cs/S1944_c#.html b/analyzers/rspec/cs/S1944_c#.html
index 818174f9e53..2c52af286e0 100644
--- a/analyzers/rspec/cs/S1944_c#.html
+++ b/analyzers/rspec/cs/S1944_c#.html
@@ -57,7 +57,7 @@ Exceptions
No issue is reported if the interface has no implementing class in the assembly.
See
diff --git a/analyzers/rspec/cs/S2053_c#.html b/analyzers/rspec/cs/S2053_c#.html
index 99ba07279e7..f6a86d1a7f5 100644
--- a/analyzers/rspec/cs/S2053_c#.html
+++ b/analyzers/rspec/cs/S2053_c#.html
@@ -36,8 +36,8 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-759 - Use of a One-Way Hash without a Salt
- MITRE, CWE-760 - Use of a One-Way Hash with a Predictable Salt
+ MITRE, CWE-759 - Use of a One-Way Hash without a Salt
+ MITRE, CWE-760 - Use of a One-Way Hash with a Predictable Salt
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/cs/S2068_c#.html b/analyzers/rspec/cs/S2068_c#.html
index 9deb810d296..dcc3b720a2d 100644
--- a/analyzers/rspec/cs/S2068_c#.html
+++ b/analyzers/rspec/cs/S2068_c#.html
@@ -11,7 +11,7 @@
It’s recommended to customize the configuration of this rule with additional credential words such as "oauthToken", "secret", …
Ask Yourself Whether
- - Credentials allows access to a sensitive component like a database, a file storage, an API or a service.
+ - Credentials allow access to a sensitive component like a database, a file storage, an API or a service.
- Credentials are used in production environments.
- Application re-distribution is required before updating the credentials.
@@ -50,8 +50,8 @@ See
OWASP Top 10 2021 Category A7 - Identification and
Authentication Failures
OWASP Top 10 2017 Category A2 - Broken Authentication
- MITRE, CWE-798 - Use of Hard-coded Credentials
- MITRE, CWE-259 - Use of Hard-coded Password
+ MITRE, CWE-798 - Use of Hard-coded Credentials
+ MITRE, CWE-259 - Use of Hard-coded Password
SANS Top 25 - Porous Defenses
Derived from FindSecBugs rule Hard Coded Password
diff --git a/analyzers/rspec/cs/S2077_c#.html b/analyzers/rspec/cs/S2077_c#.html
index bde90ef9171..41192508a08 100644
--- a/analyzers/rspec/cs/S2077_c#.html
+++ b/analyzers/rspec/cs/S2077_c#.html
@@ -50,12 +50,11 @@ See
- OWASP Top 10 2021 Category A3 - Injection
- OWASP Top 10 2017 Category A1 - Injection
- - MITRE, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
-
- - MITRE, CWE-564 - SQL Injection: Hibernate
- - MITRE, CWE-20 - Improper Input Validation
- - MITRE, CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
+
- MITRE, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
+ - MITRE, CWE-564 - SQL Injection: Hibernate
+ - MITRE, CWE-20 - Improper Input Validation
+ - MITRE, CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
- SANS Top 25 - Insecure Interaction Between Components
- Derived from FindSecBugs rules Potential SQL/JPQL Injection
(JPA), Potential SQL/JDOQL Injection (JDO), See
- OWASP Top 10 2021 Category A5 - Security Misconfiguration
- OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- - MITRE, CWE-311 - Missing Encryption of Sensitive Data
- - MITRE, CWE-315 - Cleartext Storage of Sensitive Information in a Cookie
- - MITRE, CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
-
+ - MITRE, CWE-311 - Missing Encryption of Sensitive Data
+ - MITRE, CWE-315 - Cleartext Storage of Sensitive Information in a Cookie
+ - MITRE, CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/cs/S2115_c#.html b/analyzers/rspec/cs/S2115_c#.html
index ebedbb36f30..abd3dce6060 100644
--- a/analyzers/rspec/cs/S2115_c#.html
+++ b/analyzers/rspec/cs/S2115_c#.html
@@ -40,6 +40,6 @@ See
Authentication
OWASP Top 10 2017 Category A3 - Sensitive Data
Exposure
- MITRE, CWE-521 - Weak Password Requirements
+ MITRE, CWE-521 - Weak Password Requirements
diff --git a/analyzers/rspec/cs/S2184_c#.html b/analyzers/rspec/cs/S2184_c#.html
index 8d5b77fbb75..3c7e4566482 100644
--- a/analyzers/rspec/cs/S2184_c#.html
+++ b/analyzers/rspec/cs/S2184_c#.html
@@ -24,7 +24,7 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S2221_c#.html b/analyzers/rspec/cs/S2221_c#.html
index a0be996c8e3..fc36ffaeb16 100644
--- a/analyzers/rspec/cs/S2221_c#.html
+++ b/analyzers/rspec/cs/S2221_c#.html
@@ -45,6 +45,6 @@ Exceptions
See
diff --git a/analyzers/rspec/cs/S2222_c#.html b/analyzers/rspec/cs/S2222_c#.html
index 571f37cf64f..fb90d1d7324 100644
--- a/analyzers/rspec/cs/S2222_c#.html
+++ b/analyzers/rspec/cs/S2222_c#.html
@@ -68,7 +68,7 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S2225_c#.html b/analyzers/rspec/cs/S2225_c#.html
index b53d2be5ce3..b721ba148b9 100644
--- a/analyzers/rspec/cs/S2225_c#.html
+++ b/analyzers/rspec/cs/S2225_c#.html
@@ -30,6 +30,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S2245_c#.html b/analyzers/rspec/cs/S2245_c#.html
index 1a4efe84983..f1cfe75ef14 100644
--- a/analyzers/rspec/cs/S2245_c#.html
+++ b/analyzers/rspec/cs/S2245_c#.html
@@ -51,11 +51,11 @@ See
Verification Standard - Cryptography Requirements
OWASP Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- MITRE, CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
- (PRNG)
- MITRE, CWE-330 - Use of Insufficiently Random Values
- MITRE, CWE-326 - Inadequate Encryption Strength
- MITRE, CWE-1241 - Use of Predictable Algorithm in Random Number Generator
+ MITRE, CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
+
+ MITRE, CWE-330 - Use of Insufficiently Random Values
+ MITRE, CWE-326 - Inadequate Encryption Strength
+ MITRE, CWE-1241 - Use of Predictable Algorithm in Random Number Generator
Derived from FindSecBugs rule Predictable Pseudo Random Number
Generator
diff --git a/analyzers/rspec/cs/S2255_c#.html b/analyzers/rspec/cs/S2255_c#.html
index bca31bf1a0f..dd60f9f6339 100644
--- a/analyzers/rspec/cs/S2255_c#.html
+++ b/analyzers/rspec/cs/S2255_c#.html
@@ -41,8 +41,8 @@ See
Deprecated
diff --git a/analyzers/rspec/cs/S2257_c#.html b/analyzers/rspec/cs/S2257_c#.html
index 9eb059424ad..17e43e90d37 100644
--- a/analyzers/rspec/cs/S2257_c#.html
+++ b/analyzers/rspec/cs/S2257_c#.html
@@ -38,7 +38,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
Derived from FindSecBugs rule MessageDigest is Custom
diff --git a/analyzers/rspec/cs/S2259_c#.html b/analyzers/rspec/cs/S2259_c#.html
index c685052d2e0..e3c68214e4d 100644
--- a/analyzers/rspec/cs/S2259_c#.html
+++ b/analyzers/rspec/cs/S2259_c#.html
@@ -47,6 +47,6 @@ Exceptions
See
diff --git a/analyzers/rspec/cs/S2386_c#.html b/analyzers/rspec/cs/S2386_c#.html
index 80fa1283f8e..c52d2af99b0 100644
--- a/analyzers/rspec/cs/S2386_c#.html
+++ b/analyzers/rspec/cs/S2386_c#.html
@@ -39,7 +39,7 @@ Exceptions
See
diff --git a/analyzers/rspec/cs/S2486_c#.html b/analyzers/rspec/cs/S2486_c#.html
index cf27f12c76e..b8e6bb3d6fe 100644
--- a/analyzers/rspec/cs/S2486_c#.html
+++ b/analyzers/rspec/cs/S2486_c#.html
@@ -31,6 +31,6 @@ See
Monitoring Failures
OWASP Top 10 2017 Category A10 -
Insufficient Logging & Monitoring
- MITRE, CWE-390 - Detection of Error Condition Without Action
+ MITRE, CWE-390 - Detection of Error Condition Without Action
diff --git a/analyzers/rspec/cs/S2583_c#.html b/analyzers/rspec/cs/S2583_c#.html
index 121f9e9cdec..422d681d64d 100644
--- a/analyzers/rspec/cs/S2583_c#.html
+++ b/analyzers/rspec/cs/S2583_c#.html
@@ -65,7 +65,7 @@ Exceptions
In these cases it is obvious the code is as intended.
See
diff --git a/analyzers/rspec/cs/S2589_c#.html b/analyzers/rspec/cs/S2589_c#.html
index 35a9e7b46be..8c0fbffbdb2 100644
--- a/analyzers/rspec/cs/S2589_c#.html
+++ b/analyzers/rspec/cs/S2589_c#.html
@@ -51,7 +51,7 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S2612_c#.html b/analyzers/rspec/cs/S2612_c#.html
index 8dc32e8a3d8..44bf8881f36 100644
--- a/analyzers/rspec/cs/S2612_c#.html
+++ b/analyzers/rspec/cs/S2612_c#.html
@@ -62,8 +62,8 @@ See
OWASP Top 10 2021 Category A4 - Insecure Design
OWASP Top 10 2017 Category A5 - Broken Access Control
OWASP File Permission
- MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
- MITRE, CWE-266 - Incorrect Privilege Assignment
+ MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
+ MITRE, CWE-266 - Incorrect Privilege Assignment
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/cs/S2681_c#.html b/analyzers/rspec/cs/S2681_c#.html
index 615968bbc2b..3cfc50349bf 100644
--- a/analyzers/rspec/cs/S2681_c#.html
+++ b/analyzers/rspec/cs/S2681_c#.html
@@ -39,6 +39,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S2755_c#.html b/analyzers/rspec/cs/S2755_c#.html
index 061f248161d..39250c54d3b 100644
--- a/analyzers/rspec/cs/S2755_c#.html
+++ b/analyzers/rspec/cs/S2755_c#.html
@@ -107,7 +107,7 @@ See
(XXE)
OWASP XXE Prevention Cheat
Sheet
- MITRE, CWE-611 - Information Exposure Through XML External Entity Reference
- MITRE, CWE-827 - Improper Control of Document Type Definition
+ MITRE, CWE-611 - Information Exposure Through XML External Entity Reference
+ MITRE, CWE-827 - Improper Control of Document Type Definition
diff --git a/analyzers/rspec/cs/S2930_c#.html b/analyzers/rspec/cs/S2930_c#.html
index 1a1bb7423a8..faab67d528c 100644
--- a/analyzers/rspec/cs/S2930_c#.html
+++ b/analyzers/rspec/cs/S2930_c#.html
@@ -104,6 +104,6 @@ Exceptions
See
diff --git a/analyzers/rspec/cs/S2931_c#.html b/analyzers/rspec/cs/S2931_c#.html
index df692d957b4..6ed6f3685cc 100644
--- a/analyzers/rspec/cs/S2931_c#.html
+++ b/analyzers/rspec/cs/S2931_c#.html
@@ -44,6 +44,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S2952_c#.html b/analyzers/rspec/cs/S2952_c#.html
index 44546f59794..e2719325171 100644
--- a/analyzers/rspec/cs/S2952_c#.html
+++ b/analyzers/rspec/cs/S2952_c#.html
@@ -49,6 +49,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S3242_c#.html b/analyzers/rspec/cs/S3242_c#.html
index be9313f37f4..2ca0a7266ef 100644
--- a/analyzers/rspec/cs/S3242_c#.html
+++ b/analyzers/rspec/cs/S3242_c#.html
@@ -1,5 +1,5 @@
When a derived type is used as a parameter instead of the base type, it limits the uses of the method. If the additional functionality that is
-provided in the derived type is not requires then that limitation isn’t required, and should be removed.
+provided in the derived type is not required then that limitation isn’t required, and should be removed.
This rule raises an issue when a method declaration includes a parameter that is a derived type and accesses only members of the base type.
Noncompliant Code Example
diff --git a/analyzers/rspec/cs/S3329_c#.html b/analyzers/rspec/cs/S3329_c#.html
index a609740d29b..932e369d7d0 100644
--- a/analyzers/rspec/cs/S3329_c#.html
+++ b/analyzers/rspec/cs/S3329_c#.html
@@ -37,10 +37,10 @@ See
Verification Standard - Cryptography Requirements
OWASP Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- MITRE, CWE-329 - Not Using an Unpredictable IV with CBC Mode
- MITRE, CWE-330 - Use of Insufficiently Random Values
- MITRE, CWE-340 - Generation of Predictable Numbers or Identifiers
- MITRE, CWE-1204 - Generation of Weak Initialization Vector (IV)
+ MITRE, CWE-329 - Not Using an Unpredictable IV with CBC Mode
+ MITRE, CWE-330 - Use of Insufficiently Random Values
+ MITRE, CWE-340 - Generation of Predictable Numbers or Identifiers
+ MITRE, CWE-1204 - Generation of Weak Initialization Vector (IV)
NIST, SP-800-38A - Recommendation for Block Cipher
Modes of Operation
diff --git a/analyzers/rspec/cs/S3330_c#.html b/analyzers/rspec/cs/S3330_c#.html
index 2a910d9775a..26dc70f3d9d 100644
--- a/analyzers/rspec/cs/S3330_c#.html
+++ b/analyzers/rspec/cs/S3330_c#.html
@@ -48,7 +48,7 @@ See
OWASP HttpOnly
OWASP Top 10 2017 Category A7 - Cross-Site Scripting
(XSS)
- MITRE, CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
+ MITRE, CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
SANS Top 25 - Insecure Interaction Between Components
Derived from FindSecBugs rule HTTPONLY_COOKIE
diff --git a/analyzers/rspec/cs/S3655_c#.html b/analyzers/rspec/cs/S3655_c#.html
index a58afc0a8d9..cfbe5b8488d 100644
--- a/analyzers/rspec/cs/S3655_c#.html
+++ b/analyzers/rspec/cs/S3655_c#.html
@@ -27,6 +27,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S3884_c#.html b/analyzers/rspec/cs/S3884_c#.html
index 6ce44e3b78a..0e483a4d99f 100644
--- a/analyzers/rspec/cs/S3884_c#.html
+++ b/analyzers/rspec/cs/S3884_c#.html
@@ -66,6 +66,6 @@ See
OWASP Top 10 2021 Category A1 - Broken Access Control
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-648 - Incorrect Use of Privileged APIs
+ MITRE, CWE-648 - Incorrect Use of Privileged APIs
diff --git a/analyzers/rspec/cs/S4036_c#.html b/analyzers/rspec/cs/S4036_c#.html
index dfcf38f1e60..4ec6d6cf370 100644
--- a/analyzers/rspec/cs/S4036_c#.html
+++ b/analyzers/rspec/cs/S4036_c#.html
@@ -23,7 +23,7 @@ See
OWASP Top 10 2021 Category A8 - Software and Data
Integrity Failures
OWASP Top 10 2017 Category A1 - Injection
- MITRE, CWE-426 - Untrusted Search Path
- MITRE, CWE-427 - Uncontrolled Search Path Element
+ MITRE, CWE-426 - Untrusted Search Path
+ MITRE, CWE-427 - Uncontrolled Search Path Element
diff --git a/analyzers/rspec/cs/S4423_c#.html b/analyzers/rspec/cs/S4423_c#.html
index 96a1d45f0bb..a26aea83c01 100644
--- a/analyzers/rspec/cs/S4423_c#.html
+++ b/analyzers/rspec/cs/S4423_c#.html
@@ -43,8 +43,8 @@ See
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-327 - Inadequate Encryption Strength
- MITRE, CWE-326 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Inadequate Encryption Strength
+ MITRE, CWE-326 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
SSL and TLS Deployment Best
Practices - Use secure protocols
diff --git a/analyzers/rspec/cs/S4426_c#.html b/analyzers/rspec/cs/S4426_c#.html
index 5511426b2f5..3c6feb0b843 100644
--- a/analyzers/rspec/cs/S4426_c#.html
+++ b/analyzers/rspec/cs/S4426_c#.html
@@ -87,6 +87,6 @@ See
Insufficient Cryptography
NIST 800-131A - Recommendation for Transitioning the
Use of Cryptographic Algorithms and Key Lengths
- MITRE, CWE-326 - Inadequate Encryption Strength
+ MITRE, CWE-326 - Inadequate Encryption Strength
diff --git a/analyzers/rspec/cs/S4433_c#.html b/analyzers/rspec/cs/S4433_c#.html
index aaff0c4bf19..3008a116afb 100644
--- a/analyzers/rspec/cs/S4433_c#.html
+++ b/analyzers/rspec/cs/S4433_c#.html
@@ -28,7 +28,7 @@ See
OWASP Top 10 2021 Category A7 - Identification and
Authentication Failures
OWASP Top 10 2017 Category A2 - Broken Authentication
- MITRE, CWE-521 - Weak Password Requirements
+ MITRE, CWE-521 - Weak Password Requirements
ldapwiki.com- Simple Authentication
diff --git a/analyzers/rspec/cs/S4487_c#.html b/analyzers/rspec/cs/S4487_c#.html
index be1d69f6846..aff4acab80a 100644
--- a/analyzers/rspec/cs/S4487_c#.html
+++ b/analyzers/rspec/cs/S4487_c#.html
@@ -46,6 +46,6 @@ Compliant Solution
See
- - MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
+ - MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
diff --git a/analyzers/rspec/cs/S4502_c#.html b/analyzers/rspec/cs/S4502_c#.html
index 3de3050bc6b..b88806fbbea 100644
--- a/analyzers/rspec/cs/S4502_c#.html
+++ b/analyzers/rspec/cs/S4502_c#.html
@@ -54,7 +54,7 @@ Compliant Solution
See
diff --git a/analyzers/rspec/cs/S4564_c#.html b/analyzers/rspec/cs/S4564_c#.html
index 26482cd61b6..80d16ab1d56 100644
--- a/analyzers/rspec/cs/S4564_c#.html
+++ b/analyzers/rspec/cs/S4564_c#.html
@@ -38,7 +38,7 @@ See
- OWASP Top 10 2017 Category A7 - Cross-Site Scripting
(XSS)
- - MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
+
- MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
- SANS Top 25 - Insecure Interaction Between Components
- OWASP ASP.NET Request Validation
diff --git a/analyzers/rspec/cs/S4787_c#.html b/analyzers/rspec/cs/S4787_c#.html
index 230221b4f98..50e83266ebc 100644
--- a/analyzers/rspec/cs/S4787_c#.html
+++ b/analyzers/rspec/cs/S4787_c#.html
@@ -107,13 +107,13 @@ See
- OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- - MITRE, CWE-321 - Use of Hard-coded Cryptographic Key
- - MITRE, CWE-322 - Key Exchange without Entity Authentication
- - MITRE, CWE-323 - Reusing a Nonce, Key Pair in Encryption
- - MITRE, CWE-324 - Use of a Key Past its Expiration Date
- - MITRE, CWE-325 - Missing Required Cryptographic Step
- - MITRE, CWE-326 - Inadequate Encryption Strength
- - MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ - MITRE, CWE-321 - Use of Hard-coded Cryptographic Key
+ - MITRE, CWE-322 - Key Exchange without Entity Authentication
+ - MITRE, CWE-323 - Reusing a Nonce, Key Pair in Encryption
+ - MITRE, CWE-324 - Use of a Key Past its Expiration Date
+ - MITRE, CWE-325 - Missing Required Cryptographic Step
+ - MITRE, CWE-326 - Inadequate Encryption Strength
+ - MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
- SANS Top 25 - Porous Defenses
Deprecated
diff --git a/analyzers/rspec/cs/S4790_c#.html b/analyzers/rspec/cs/S4790_c#.html
index f06f7eb7350..ea56ccdc39b 100644
--- a/analyzers/rspec/cs/S4790_c#.html
+++ b/analyzers/rspec/cs/S4790_c#.html
@@ -38,7 +38,7 @@ See
Verification Standard - Cryptography Requirements
OWASP Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- MITRE, CWE-1240 - Use of a Risky Cryptographic Primitive
+ MITRE, CWE-1240 - Use of a Risky Cryptographic Primitive
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/cs/S4792_c#.html b/analyzers/rspec/cs/S4792_c#.html
index 15becc95af4..e8bdcbd6a7c 100644
--- a/analyzers/rspec/cs/S4792_c#.html
+++ b/analyzers/rspec/cs/S4792_c#.html
@@ -203,8 +203,8 @@ See
OWASP Top 10 2017 Category A10 -
Insufficient Logging & Monitoring
- MITRE, CWE-117 - Improper Output Neutralization for Logs
- MITRE, CWE-532 - Information Exposure Through Log Files
+ MITRE, CWE-117 - Improper Output Neutralization for Logs
+ MITRE, CWE-532 - Information Exposure Through Log Files
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/cs/S4818_c#.html b/analyzers/rspec/cs/S4818_c#.html
index 4022c02720a..dcddc33db61 100644
--- a/analyzers/rspec/cs/S4818_c#.html
+++ b/analyzers/rspec/cs/S4818_c#.html
@@ -47,9 +47,9 @@ See
diff --git a/analyzers/rspec/cs/S4823_c#.html b/analyzers/rspec/cs/S4823_c#.html
index 6cb74ba074c..7f127393c5e 100644
--- a/analyzers/rspec/cs/S4823_c#.html
+++ b/analyzers/rspec/cs/S4823_c#.html
@@ -37,8 +37,8 @@ Sensitive Code Example
See
Deprecated
diff --git a/analyzers/rspec/cs/S4829_c#.html b/analyzers/rspec/cs/S4829_c#.html
index 0d192338bb0..df601505963 100644
--- a/analyzers/rspec/cs/S4829_c#.html
+++ b/analyzers/rspec/cs/S4829_c#.html
@@ -44,7 +44,7 @@ Exceptions
See
Deprecated
This rule is deprecated, and will eventually be removed.
diff --git a/analyzers/rspec/cs/S4830_c#.html b/analyzers/rspec/cs/S4830_c#.html
index 8a151557aff..1cbad790064 100644
--- a/analyzers/rspec/cs/S4830_c#.html
+++ b/analyzers/rspec/cs/S4830_c#.html
@@ -38,6 +38,6 @@ See
Standard - Network Communication Requirements
OWASP Mobile Top 10 2016 Category M3 - Insecure
Communication
- MITRE, CWE-295 - Improper Certificate Validation
+ MITRE, CWE-295 - Improper Certificate Validation
diff --git a/analyzers/rspec/cs/S4834_c#.html b/analyzers/rspec/cs/S4834_c#.html
index d079d1dbb16..4200d8388ff 100644
--- a/analyzers/rspec/cs/S4834_c#.html
+++ b/analyzers/rspec/cs/S4834_c#.html
@@ -75,10 +75,10 @@ See
Deprecated
This rule is deprecated, and will eventually be removed.
diff --git a/analyzers/rspec/cs/S5042_c#.html b/analyzers/rspec/cs/S5042_c#.html
index e5e8f44f329..f30f1edb802 100644
--- a/analyzers/rspec/cs/S5042_c#.html
+++ b/analyzers/rspec/cs/S5042_c#.html
@@ -79,7 +79,7 @@ See
OWASP Top 10 2021 Category A5 - Security Misconfiguration
OWASP Top 10 2017 Category A6 -
Security Misconfiguration
- MITRE, CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
+ MITRE, CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
bamsoftware.com - A better Zip Bomb
diff --git a/analyzers/rspec/cs/S5122_c#.html b/analyzers/rspec/cs/S5122_c#.html
index e1e75b5bd40..14eb84edd2e 100644
--- a/analyzers/rspec/cs/S5122_c#.html
+++ b/analyzers/rspec/cs/S5122_c#.html
@@ -23,7 +23,7 @@ Recommended Secure Coding Practices
allowing any domain (do not use * wildcard nor blindly return the Origin header content without any checks).
Sensitive Code Example
-ASP.NET Core MVC
+ASP.NET Core MVC:
[HttpGet]
public string Get()
@@ -56,7 +56,7 @@ ASP.NET Core MVC
services.AddControllers();
}
-ASP.NET MVC
+ASP.NET MVC:
public class HomeController : ApiController
{
@@ -77,8 +77,13 @@ ASP.NET MVC
Content = new StringContent("content")
};
+User-controlled origin:
+
+String origin = Request.Headers["Origin"];
+Response.Headers.Add("Access-Control-Allow-Origin", origin); // Sensitive
+
Compliant Solution
-ASP.NET Core MVC
+ASP.NET Core MVC:
[HttpGet]
public string Get()
@@ -106,7 +111,7 @@ ASP.NET Core MVC
services.AddControllers();
}
-ASP.Net MVC
+ASP.Net MVC:
public class HomeController : ApiController
{
@@ -127,6 +132,15 @@ ASP.Net MVC
Content = new StringContent("content")
};
+User-controlled origin validated with an allow-list:
+
+String origin = Request.Headers["Origin"];
+
+if (trustedOrigins.Contains(origin))
+{
+ Response.Headers.Add("Access-Control-Allow-Origin", origin);
+}
+
See
diff --git a/analyzers/rspec/cs/S5332_c#.html b/analyzers/rspec/cs/S5332_c#.html
index 9bf127c23b7..1f1a003bb7c 100644
--- a/analyzers/rspec/cs/S5332_c#.html
+++ b/analyzers/rspec/cs/S5332_c#.html
@@ -86,8 +86,8 @@ See
Standard - Network Communication Requirements
OWASP Mobile Top 10 2016 Category M3 - Insecure
Communication
- MITRE, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
- MITRE, CWE-319 - Cleartext Transmission of Sensitive Information
+ MITRE, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
+ MITRE, CWE-319 - Cleartext Transmission of Sensitive Information
Google, Moving towards more secure web
Mozilla, Deprecating non secure http
diff --git a/analyzers/rspec/cs/S5443_c#.html b/analyzers/rspec/cs/S5443_c#.html
index 4eea35d4488..308c866dfef 100644
--- a/analyzers/rspec/cs/S5443_c#.html
+++ b/analyzers/rspec/cs/S5443_c#.html
@@ -66,9 +66,9 @@ See
OWASP Top 10 2017 Category A5 - Broken Access Control
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-377 - Insecure Temporary File
- MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect
- Permissions
+ MITRE, CWE-377 - Insecure Temporary File
+ MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
+
OWASP, Insecure Temporary File
diff --git a/analyzers/rspec/cs/S5445_c#.html b/analyzers/rspec/cs/S5445_c#.html
index 435f2c89072..709afd588ed 100644
--- a/analyzers/rspec/cs/S5445_c#.html
+++ b/analyzers/rspec/cs/S5445_c#.html
@@ -45,9 +45,9 @@ See
OWASP Top 10 2021 Category A1 - Broken Access Control
OWASP Top 10 2017 Category A9 - Using
Components with Known Vulnerabilities
- MITRE, CWE-377 - Insecure Temporary File
- MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect
- Permissions
+ MITRE, CWE-377 - Insecure Temporary File
+ MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
+
OWASP, Insecure Temporary File
diff --git a/analyzers/rspec/cs/S5542_c#.html b/analyzers/rspec/cs/S5542_c#.html
index d2a3bb801f0..5dde383f4e0 100644
--- a/analyzers/rspec/cs/S5542_c#.html
+++ b/analyzers/rspec/cs/S5542_c#.html
@@ -55,7 +55,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/cs/S5547_c#.html b/analyzers/rspec/cs/S5547_c#.html
index 06a06135612..e756d1bf4ae 100644
--- a/analyzers/rspec/cs/S5547_c#.html
+++ b/analyzers/rspec/cs/S5547_c#.html
@@ -32,7 +32,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/cs/S5659_c#.html b/analyzers/rspec/cs/S5659_c#.html
index 2e9d2d5d0a1..889df7d88f5 100644
--- a/analyzers/rspec/cs/S5659_c#.html
+++ b/analyzers/rspec/cs/S5659_c#.html
@@ -28,6 +28,6 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-347 - Improper Verification of Cryptographic Signature
+ MITRE, CWE-347 - Improper Verification of Cryptographic Signature
diff --git a/analyzers/rspec/cs/S5693_c#.html b/analyzers/rspec/cs/S5693_c#.html
index b8317a92b08..5ffc9a78a39 100644
--- a/analyzers/rspec/cs/S5693_c#.html
+++ b/analyzers/rspec/cs/S5693_c#.html
@@ -100,8 +100,8 @@ See
Cheat Sheet
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-770 - Allocation of Resources Without Limits or Throttling
- MITRE, CWE-400 - Uncontrolled Resource Consumption
+ MITRE, CWE-770 - Allocation of Resources Without Limits or Throttling
+ MITRE, CWE-400 - Uncontrolled Resource Consumption
Web.config - XML-formatted config file for IIS
applications
diff --git a/analyzers/rspec/cs/S5753_c#.html b/analyzers/rspec/cs/S5753_c#.html
index c46b6d453dc..795bb24edaa 100644
--- a/analyzers/rspec/cs/S5753_c#.html
+++ b/analyzers/rspec/cs/S5753_c#.html
@@ -70,7 +70,7 @@ See
Prevention Cheat Sheet
OWASP Top 10 2017 Category A7 - Cross-Site Scripting
(XSS)
- MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
+ MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
diff --git a/analyzers/rspec/cs/S5766_c#.html b/analyzers/rspec/cs/S5766_c#.html
index 1a8981a094a..20ce459a6d6 100644
--- a/analyzers/rspec/cs/S5766_c#.html
+++ b/analyzers/rspec/cs/S5766_c#.html
@@ -181,6 +181,6 @@ See
docs.microsoft.com - security-and-serialization
- MITRE, CWE-502 - Deserialization of Untrusted Data
+ MITRE, CWE-502 - Deserialization of Untrusted Data
diff --git a/analyzers/rspec/cs/S5773_c#.html b/analyzers/rspec/cs/S5773_c#.html
index caa5844ddc1..ba3cfab5489 100644
--- a/analyzers/rspec/cs/S5773_c#.html
+++ b/analyzers/rspec/cs/S5773_c#.html
@@ -99,8 +99,8 @@ See
BinaryFormatter security guide
OWASP Top 10 2017 Category A8 - Insecure Deserialization
- MITRE, CWE-134 - Use of Externally-Controlled Format String
- MITRE, CWE-502 - Deserialization of Untrusted Data
+ MITRE, CWE-134 - Use of Externally-Controlled Format String
+ MITRE, CWE-502 - Deserialization of Untrusted Data
SANS Top 25 - Risky Resource Management
OWASP Deserialization Cheat
Sheet
diff --git a/analyzers/rspec/vbnet/S112_vb.net.html b/analyzers/rspec/vbnet/S112_vb.net.html
index cc181b80201..5d8fb376243 100644
--- a/analyzers/rspec/vbnet/S112_vb.net.html
+++ b/analyzers/rspec/vbnet/S112_vb.net.html
@@ -23,6 +23,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/vbnet/S1134_vb.net.html b/analyzers/rspec/vbnet/S1134_vb.net.html
index b74c89a4afb..df8287a7c37 100644
--- a/analyzers/rspec/vbnet/S1134_vb.net.html
+++ b/analyzers/rspec/vbnet/S1134_vb.net.html
@@ -9,6 +9,6 @@ Noncompliant Code Example
See
diff --git a/analyzers/rspec/vbnet/S1135_vb.net.html b/analyzers/rspec/vbnet/S1135_vb.net.html
index 18d14c75a10..76e7f748762 100644
--- a/analyzers/rspec/vbnet/S1135_vb.net.html
+++ b/analyzers/rspec/vbnet/S1135_vb.net.html
@@ -9,6 +9,6 @@ Noncompliant Code Example
See
diff --git a/analyzers/rspec/vbnet/S131_vb.net.html b/analyzers/rspec/vbnet/S131_vb.net.html
index 198289f6cc2..2965f026c45 100644
--- a/analyzers/rspec/vbnet/S131_vb.net.html
+++ b/analyzers/rspec/vbnet/S131_vb.net.html
@@ -22,6 +22,6 @@ Compliant Solution
See
diff --git a/analyzers/rspec/vbnet/S2068_vb.net.html b/analyzers/rspec/vbnet/S2068_vb.net.html
index 8e8d0216ac8..e631b0899a3 100644
--- a/analyzers/rspec/vbnet/S2068_vb.net.html
+++ b/analyzers/rspec/vbnet/S2068_vb.net.html
@@ -11,7 +11,7 @@
It’s recommended to customize the configuration of this rule with additional credential words such as "oauthToken", "secret", …
Ask Yourself Whether
- - Credentials allows access to a sensitive component like a database, a file storage, an API or a service.
+ - Credentials allow access to a sensitive component like a database, a file storage, an API or a service.
- Credentials are used in production environments.
- Application re-distribution is required before updating the credentials.
@@ -50,8 +50,8 @@ See
OWASP Top 10 2021 Category A7 - Identification and
Authentication Failures
OWASP Top 10 2017 Category A2 - Broken Authentication
- MITRE, CWE-798 - Use of Hard-coded Credentials
- MITRE, CWE-259 - Use of Hard-coded Password
+ MITRE, CWE-798 - Use of Hard-coded Credentials
+ MITRE, CWE-259 - Use of Hard-coded Password
SANS Top 25 - Porous Defenses
Derived from FindSecBugs rule Hard Coded Password
diff --git a/analyzers/rspec/vbnet/S2077_vb.net.html b/analyzers/rspec/vbnet/S2077_vb.net.html
index f3ad535603a..91fdabd7215 100644
--- a/analyzers/rspec/vbnet/S2077_vb.net.html
+++ b/analyzers/rspec/vbnet/S2077_vb.net.html
@@ -42,12 +42,11 @@ See
- OWASP Top 10 2021 Category A3 - Injection
- OWASP Top 10 2017 Category A1 - Injection
- - MITRE, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
-
- - MITRE, CWE-564 - SQL Injection: Hibernate
- - MITRE, CWE-20 - Improper Input Validation
- - MITRE, CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
+
- MITRE, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
+ - MITRE, CWE-564 - SQL Injection: Hibernate
+ - MITRE, CWE-20 - Improper Input Validation
+ - MITRE, CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
- SANS Top 25 - Insecure Interaction Between Components
- Derived from FindSecBugs rules Potential SQL/JPQL Injection
(JPA), Potential SQL/JDOQL Injection (JDO), Compliant Solution
See
diff --git a/analyzers/rspec/vbnet/S2255_vb.net.html b/analyzers/rspec/vbnet/S2255_vb.net.html
index c9268eb68ab..ac08891314f 100644
--- a/analyzers/rspec/vbnet/S2255_vb.net.html
+++ b/analyzers/rspec/vbnet/S2255_vb.net.html
@@ -41,8 +41,8 @@ See
Deprecated
diff --git a/analyzers/rspec/vbnet/S2257_vb.net.html b/analyzers/rspec/vbnet/S2257_vb.net.html
index 9e4fcd27336..f5874bb7379 100644
--- a/analyzers/rspec/vbnet/S2257_vb.net.html
+++ b/analyzers/rspec/vbnet/S2257_vb.net.html
@@ -46,7 +46,7 @@ See
- OWASP Top 10 2021 Category A2 - Cryptographic Failures
- OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- - MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ - MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
- SANS Top 25 - Porous Defenses
- Derived from FindSecBugs rule MessageDigest is Custom
diff --git a/analyzers/rspec/vbnet/S2612_vb.net.html b/analyzers/rspec/vbnet/S2612_vb.net.html
index b3b2fd5ab2b..19e4690d50e 100644
--- a/analyzers/rspec/vbnet/S2612_vb.net.html
+++ b/analyzers/rspec/vbnet/S2612_vb.net.html
@@ -62,8 +62,8 @@ See
- OWASP Top 10 2021 Category A4 - Insecure Design
- OWASP Top 10 2017 Category A5 - Broken Access Control
- OWASP File Permission
- - MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
- - MITRE, CWE-266 - Incorrect Privilege Assignment
+ - MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
+ - MITRE, CWE-266 - Incorrect Privilege Assignment
- SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/vbnet/S3884_vb.net.html b/analyzers/rspec/vbnet/S3884_vb.net.html
index abcbe6dcd90..a211d4dc874 100644
--- a/analyzers/rspec/vbnet/S3884_vb.net.html
+++ b/analyzers/rspec/vbnet/S3884_vb.net.html
@@ -63,6 +63,6 @@ See
OWASP Top 10 2021 Category A1 - Broken Access Control
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-648 - Incorrect Use of Privileged APIs
+ MITRE, CWE-648 - Incorrect Use of Privileged APIs
diff --git a/analyzers/rspec/vbnet/S4036_vb.net.html b/analyzers/rspec/vbnet/S4036_vb.net.html
index 1731035f512..5e3ea47f554 100644
--- a/analyzers/rspec/vbnet/S4036_vb.net.html
+++ b/analyzers/rspec/vbnet/S4036_vb.net.html
@@ -23,7 +23,7 @@ See
OWASP Top 10 2021 Category A8 - Software and Data
Integrity Failures
OWASP Top 10 2017 Category A1 - Injection
- MITRE, CWE-426 - Untrusted Search Path
- MITRE, CWE-427 - Uncontrolled Search Path Element
+ MITRE, CWE-426 - Untrusted Search Path
+ MITRE, CWE-427 - Uncontrolled Search Path Element
diff --git a/analyzers/rspec/vbnet/S4423_vb.net.html b/analyzers/rspec/vbnet/S4423_vb.net.html
index d933145f727..def7fc146df 100644
--- a/analyzers/rspec/vbnet/S4423_vb.net.html
+++ b/analyzers/rspec/vbnet/S4423_vb.net.html
@@ -33,8 +33,8 @@ See
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-327 - Inadequate Encryption Strength
- MITRE, CWE-326 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Inadequate Encryption Strength
+ MITRE, CWE-326 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
SSL and TLS Deployment Best
Practices - Use secure protocols
diff --git a/analyzers/rspec/vbnet/S4507_vb.net.html b/analyzers/rspec/vbnet/S4507_vb.net.html
index bcc4ef7fabf..f1d77731310 100644
--- a/analyzers/rspec/vbnet/S4507_vb.net.html
+++ b/analyzers/rspec/vbnet/S4507_vb.net.html
@@ -59,7 +59,7 @@ See
OWASP Top 10 2021 Category A5 - Security Misconfiguration
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-489 - Active Debug Code
- MITRE, CWE-215 - Information Exposure Through Debug Information
+ MITRE, CWE-489 - Active Debug Code
+ MITRE, CWE-215 - Information Exposure Through Debug Information
diff --git a/analyzers/rspec/vbnet/S4787_vb.net.html b/analyzers/rspec/vbnet/S4787_vb.net.html
index e1894aebe78..738d88e5561 100644
--- a/analyzers/rspec/vbnet/S4787_vb.net.html
+++ b/analyzers/rspec/vbnet/S4787_vb.net.html
@@ -110,13 +110,13 @@ See
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-321 - Use of Hard-coded Cryptographic Key
- MITRE, CWE-322 - Key Exchange without Entity Authentication
- MITRE, CWE-323 - Reusing a Nonce, Key Pair in Encryption
- MITRE, CWE-324 - Use of a Key Past its Expiration Date
- MITRE, CWE-325 - Missing Required Cryptographic Step
- MITRE, CWE-326 - Inadequate Encryption Strength
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-321 - Use of Hard-coded Cryptographic Key
+ MITRE, CWE-322 - Key Exchange without Entity Authentication
+ MITRE, CWE-323 - Reusing a Nonce, Key Pair in Encryption
+ MITRE, CWE-324 - Use of a Key Past its Expiration Date
+ MITRE, CWE-325 - Missing Required Cryptographic Step
+ MITRE, CWE-326 - Inadequate Encryption Strength
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
Deprecated
diff --git a/analyzers/rspec/vbnet/S4790_vb.net.html b/analyzers/rspec/vbnet/S4790_vb.net.html
index 87dd9eff034..df0620115b9 100644
--- a/analyzers/rspec/vbnet/S4790_vb.net.html
+++ b/analyzers/rspec/vbnet/S4790_vb.net.html
@@ -58,7 +58,7 @@ See
Verification Standard - Cryptography Requirements
OWASP Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- MITRE, CWE-1240 - Use of a Risky Cryptographic Primitive
+ MITRE, CWE-1240 - Use of a Risky Cryptographic Primitive
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/vbnet/S4792_vb.net.html b/analyzers/rspec/vbnet/S4792_vb.net.html
index 94723e31a70..5996d61fc06 100644
--- a/analyzers/rspec/vbnet/S4792_vb.net.html
+++ b/analyzers/rspec/vbnet/S4792_vb.net.html
@@ -200,8 +200,8 @@ See
OWASP Top 10 2017 Category A10 -
Insufficient Logging & Monitoring
- MITRE, CWE-117 - Improper Output Neutralization for Logs
- MITRE, CWE-532 - Information Exposure Through Log Files
+ MITRE, CWE-117 - Improper Output Neutralization for Logs
+ MITRE, CWE-532 - Information Exposure Through Log Files
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/vbnet/S4818_vb.net.html b/analyzers/rspec/vbnet/S4818_vb.net.html
index 57cb6a4f9ae..0224bc4c09f 100644
--- a/analyzers/rspec/vbnet/S4818_vb.net.html
+++ b/analyzers/rspec/vbnet/S4818_vb.net.html
@@ -47,9 +47,9 @@ See
diff --git a/analyzers/rspec/vbnet/S4823_vb.net.html b/analyzers/rspec/vbnet/S4823_vb.net.html
index 4d52f4a5694..f66c74173ee 100644
--- a/analyzers/rspec/vbnet/S4823_vb.net.html
+++ b/analyzers/rspec/vbnet/S4823_vb.net.html
@@ -31,8 +31,8 @@ Sensitive Code Example
See
Deprecated
diff --git a/analyzers/rspec/vbnet/S4829_vb.net.html b/analyzers/rspec/vbnet/S4829_vb.net.html
index 222c20f0af2..adb9ce30691 100644
--- a/analyzers/rspec/vbnet/S4829_vb.net.html
+++ b/analyzers/rspec/vbnet/S4829_vb.net.html
@@ -41,7 +41,7 @@ Exceptions
See
Deprecated
This rule is deprecated, and will eventually be removed.
diff --git a/analyzers/rspec/vbnet/S4830_vb.net.html b/analyzers/rspec/vbnet/S4830_vb.net.html
index 2fafe6d7490..4739e08e60d 100644
--- a/analyzers/rspec/vbnet/S4830_vb.net.html
+++ b/analyzers/rspec/vbnet/S4830_vb.net.html
@@ -34,6 +34,6 @@ See
Standard - Network Communication Requirements
OWASP Mobile Top 10 2016 Category M3 - Insecure
Communication
- MITRE, CWE-295 - Improper Certificate Validation
+ MITRE, CWE-295 - Improper Certificate Validation
diff --git a/analyzers/rspec/vbnet/S4834_vb.net.html b/analyzers/rspec/vbnet/S4834_vb.net.html
index 3c6df99a803..de519a0488a 100644
--- a/analyzers/rspec/vbnet/S4834_vb.net.html
+++ b/analyzers/rspec/vbnet/S4834_vb.net.html
@@ -71,10 +71,10 @@ See
Deprecated
This rule is deprecated, and will eventually be removed.
diff --git a/analyzers/rspec/vbnet/S5042_vb.net.html b/analyzers/rspec/vbnet/S5042_vb.net.html
index d090e7dee59..44d7236c6ac 100644
--- a/analyzers/rspec/vbnet/S5042_vb.net.html
+++ b/analyzers/rspec/vbnet/S5042_vb.net.html
@@ -59,7 +59,7 @@ See
OWASP Top 10 2021 Category A5 - Security Misconfiguration
OWASP Top 10 2017 Category A6 -
Security Misconfiguration
- MITRE, CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
+ MITRE, CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
bamsoftware.com - A better Zip Bomb
diff --git a/analyzers/rspec/vbnet/S5443_vb.net.html b/analyzers/rspec/vbnet/S5443_vb.net.html
index 2a7ea78f541..1cf62b9a66f 100644
--- a/analyzers/rspec/vbnet/S5443_vb.net.html
+++ b/analyzers/rspec/vbnet/S5443_vb.net.html
@@ -71,9 +71,9 @@ See
OWASP Top 10 2017 Category A5 - Broken Access Control
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-377 - Insecure Temporary File
- MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect
- Permissions
+ MITRE, CWE-377 - Insecure Temporary File
+ MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
+
OWASP, Insecure Temporary File
diff --git a/analyzers/rspec/vbnet/S5445_vb.net.html b/analyzers/rspec/vbnet/S5445_vb.net.html
index c64e0398f24..e7b63bea44b 100644
--- a/analyzers/rspec/vbnet/S5445_vb.net.html
+++ b/analyzers/rspec/vbnet/S5445_vb.net.html
@@ -43,9 +43,9 @@ See
OWASP Top 10 2021 Category A1 - Broken Access Control
OWASP Top 10 2017 Category A9 - Using
Components with Known Vulnerabilities
- MITRE, CWE-377 - Insecure Temporary File
- MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect
- Permissions
+ MITRE, CWE-377 - Insecure Temporary File
+ MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
+
OWASP, Insecure Temporary File
diff --git a/analyzers/rspec/vbnet/S5542_vb.net.html b/analyzers/rspec/vbnet/S5542_vb.net.html
index a1804e97745..ddd31edc10e 100644
--- a/analyzers/rspec/vbnet/S5542_vb.net.html
+++ b/analyzers/rspec/vbnet/S5542_vb.net.html
@@ -54,7 +54,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/vbnet/S5547_vb.net.html b/analyzers/rspec/vbnet/S5547_vb.net.html
index 61801a714e4..be4f405e502 100644
--- a/analyzers/rspec/vbnet/S5547_vb.net.html
+++ b/analyzers/rspec/vbnet/S5547_vb.net.html
@@ -32,7 +32,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
diff --git a/analyzers/rspec/vbnet/S5659_vb.net.html b/analyzers/rspec/vbnet/S5659_vb.net.html
index cd54f3258bc..87bbd78932a 100644
--- a/analyzers/rspec/vbnet/S5659_vb.net.html
+++ b/analyzers/rspec/vbnet/S5659_vb.net.html
@@ -28,6 +28,6 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-347 - Improper Verification of Cryptographic Signature
+ MITRE, CWE-347 - Improper Verification of Cryptographic Signature
diff --git a/analyzers/rspec/vbnet/S5693_vb.net.html b/analyzers/rspec/vbnet/S5693_vb.net.html
index 4c7c7cf519c..4a88afeb9d8 100644
--- a/analyzers/rspec/vbnet/S5693_vb.net.html
+++ b/analyzers/rspec/vbnet/S5693_vb.net.html
@@ -66,7 +66,7 @@ See
Cheat Sheet
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-770 - Allocation of Resources Without Limits or Throttling
- MITRE, CWE-400 - Uncontrolled Resource Consumption
+ MITRE, CWE-770 - Allocation of Resources Without Limits or Throttling
+ MITRE, CWE-400 - Uncontrolled Resource Consumption
diff --git a/analyzers/rspec/vbnet/S5753_vb.net.html b/analyzers/rspec/vbnet/S5753_vb.net.html
index 4ee23114cf1..65eaab4e032 100644
--- a/analyzers/rspec/vbnet/S5753_vb.net.html
+++ b/analyzers/rspec/vbnet/S5753_vb.net.html
@@ -67,7 +67,7 @@ See
Prevention Cheat Sheet
OWASP Top 10 2017 Category A7 - Cross-Site Scripting
(XSS)
- MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
+ MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
diff --git a/analyzers/src/SonarAnalyzer.CSharp/RspecStrings.resx b/analyzers/src/SonarAnalyzer.CSharp/RspecStrings.resx
index 13fa8e4447f..1f45f6219c3 100644
--- a/analyzers/src/SonarAnalyzer.CSharp/RspecStrings.resx
+++ b/analyzers/src/SonarAnalyzer.CSharp/RspecStrings.resx
@@ -6491,7 +6491,7 @@
Minor Code Smell
- When a derived type is used as a parameter instead of the base type, it limits the uses of the method. If the additional functionality that is provided in the derived type is not requires then that limitation isn’t required, and should be removed.
+ When a derived type is used as a parameter instead of the base type, it limits the uses of the method. If the additional functionality that is provided in the derived type is not required then that limitation isn’t required, and should be removed.
False
diff --git a/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json b/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json
index d1d3aad9b13..77a10536225 100644
--- a/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json
+++ b/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json
@@ -3,5 +3,5 @@
"languages": [
"CSH"
],
- "latest-update": "2022-03-24T07:43:45.993838Z"
+ "latest-update": "2022-04-22T07:27:18.625879900Z"
}
\ No newline at end of file
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1104.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1104.html
index 10ebd95450c..e7a03756098 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1104.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1104.html
@@ -32,6 +32,6 @@ Exceptions
Fields inside classes or structs annotated with the StructLayoutAttribute are ignored by this rule.
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1121.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1121.html
index 3b098ce7abd..a778ccf5ba8 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1121.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1121.html
@@ -39,6 +39,6 @@ Exceptions
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S112_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S112_cs.html
index 37c44167f3b..ed81a195b5f 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S112_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S112_cs.html
@@ -26,6 +26,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S112_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S112_vb.html
index cc181b80201..5d8fb376243 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S112_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S112_vb.html
@@ -23,6 +23,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1134_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1134_cs.html
index 17df41a5b6e..f86c1f4b686 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1134_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1134_cs.html
@@ -10,6 +10,6 @@ Noncompliant Code Example
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1134_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1134_vb.html
index b74c89a4afb..df8287a7c37 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1134_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1134_vb.html
@@ -9,6 +9,6 @@ Noncompliant Code Example
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1135_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1135_cs.html
index c3d3910da66..c6a6b6aa554 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1135_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1135_cs.html
@@ -10,6 +10,6 @@ Noncompliant Code Example
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1135_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1135_vb.html
index 18d14c75a10..76e7f748762 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1135_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1135_vb.html
@@ -9,6 +9,6 @@ Noncompliant Code Example
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1206.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1206.html
index 48903456c45..6f7bd8d38b3 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1206.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1206.html
@@ -30,7 +30,6 @@ Compliant Solution
See
- - MITRE, CWE-581 - Object Model Violation: Just One of Equals and Hashcode Defined
-
+ - MITRE, CWE-581 - Object Model Violation: Just One of Equals and Hashcode Defined
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S131_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S131_cs.html
index 95c3467762b..7a53116e24b 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S131_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S131_cs.html
@@ -31,6 +31,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S131_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S131_vb.html
index 198289f6cc2..2965f026c45 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S131_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S131_vb.html
@@ -22,6 +22,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1696.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1696.html
index dad7eb0d8e2..4feb71edcb5 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1696.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1696.html
@@ -36,7 +36,7 @@ Compliant Solution
See
- - MITRE, CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer
- Dereference
+ - MITRE, CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference
+
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1698.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1698.html
index 195ca00dd72..7a3d57792e6 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1698.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1698.html
@@ -59,7 +59,7 @@ Exceptions
in this case we want to ensure reference equality even if some == overload is present).
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1854.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1854.html
index 687ad44df0c..6c9813ce0da 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1854.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1854.html
@@ -22,6 +22,6 @@ Exceptions
See
- - MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
+ - MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1944.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1944.html
index 818174f9e53..2c52af286e0 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1944.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S1944.html
@@ -57,7 +57,7 @@ Exceptions
No issue is reported if the interface has no implementing class in the assembly.
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2053.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2053.html
index 99ba07279e7..f6a86d1a7f5 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2053.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2053.html
@@ -36,8 +36,8 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-759 - Use of a One-Way Hash without a Salt
- MITRE, CWE-760 - Use of a One-Way Hash with a Predictable Salt
+ MITRE, CWE-759 - Use of a One-Way Hash without a Salt
+ MITRE, CWE-760 - Use of a One-Way Hash with a Predictable Salt
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2068_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2068_cs.html
index 9deb810d296..dcc3b720a2d 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2068_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2068_cs.html
@@ -11,7 +11,7 @@
It’s recommended to customize the configuration of this rule with additional credential words such as "oauthToken", "secret", …
Ask Yourself Whether
- - Credentials allows access to a sensitive component like a database, a file storage, an API or a service.
+ - Credentials allow access to a sensitive component like a database, a file storage, an API or a service.
- Credentials are used in production environments.
- Application re-distribution is required before updating the credentials.
@@ -50,8 +50,8 @@ See
OWASP Top 10 2021 Category A7 - Identification and
Authentication Failures
OWASP Top 10 2017 Category A2 - Broken Authentication
- MITRE, CWE-798 - Use of Hard-coded Credentials
- MITRE, CWE-259 - Use of Hard-coded Password
+ MITRE, CWE-798 - Use of Hard-coded Credentials
+ MITRE, CWE-259 - Use of Hard-coded Password
SANS Top 25 - Porous Defenses
Derived from FindSecBugs rule Hard Coded Password
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2068_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2068_vb.html
index 8e8d0216ac8..e631b0899a3 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2068_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2068_vb.html
@@ -11,7 +11,7 @@
It’s recommended to customize the configuration of this rule with additional credential words such as "oauthToken", "secret", …
Ask Yourself Whether
- - Credentials allows access to a sensitive component like a database, a file storage, an API or a service.
+ - Credentials allow access to a sensitive component like a database, a file storage, an API or a service.
- Credentials are used in production environments.
- Application re-distribution is required before updating the credentials.
@@ -50,8 +50,8 @@ See
OWASP Top 10 2021 Category A7 - Identification and
Authentication Failures
OWASP Top 10 2017 Category A2 - Broken Authentication
- MITRE, CWE-798 - Use of Hard-coded Credentials
- MITRE, CWE-259 - Use of Hard-coded Password
+ MITRE, CWE-798 - Use of Hard-coded Credentials
+ MITRE, CWE-259 - Use of Hard-coded Password
SANS Top 25 - Porous Defenses
Derived from FindSecBugs rule Hard Coded Password
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2077_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2077_cs.html
index bde90ef9171..41192508a08 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2077_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2077_cs.html
@@ -50,12 +50,11 @@ See
- OWASP Top 10 2021 Category A3 - Injection
- OWASP Top 10 2017 Category A1 - Injection
- - MITRE, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
-
- - MITRE, CWE-564 - SQL Injection: Hibernate
- - MITRE, CWE-20 - Improper Input Validation
- - MITRE, CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
+
- MITRE, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
+ - MITRE, CWE-564 - SQL Injection: Hibernate
+ - MITRE, CWE-20 - Improper Input Validation
+ - MITRE, CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
- SANS Top 25 - Insecure Interaction Between Components
- Derived from FindSecBugs rules Potential SQL/JPQL Injection
(JPA), Potential SQL/JDOQL Injection (JDO), See
- OWASP Top 10 2021 Category A3 - Injection
- OWASP Top 10 2017 Category A1 - Injection
- - MITRE, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
-
- - MITRE, CWE-564 - SQL Injection: Hibernate
- - MITRE, CWE-20 - Improper Input Validation
- - MITRE, CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
+
- MITRE, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
+ - MITRE, CWE-564 - SQL Injection: Hibernate
+ - MITRE, CWE-20 - Improper Input Validation
+ - MITRE, CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
- SANS Top 25 - Insecure Interaction Between Components
- Derived from FindSecBugs rules Potential SQL/JPQL Injection
(JPA), Potential SQL/JDOQL Injection (JDO), See
- OWASP Top 10 2021 Category A5 - Security Misconfiguration
- OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- - MITRE, CWE-311 - Missing Encryption of Sensitive Data
- - MITRE, CWE-315 - Cleartext Storage of Sensitive Information in a Cookie
- - MITRE, CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
-
+ - MITRE, CWE-311 - Missing Encryption of Sensitive Data
+ - MITRE, CWE-315 - Cleartext Storage of Sensitive Information in a Cookie
+ - MITRE, CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2115.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2115.html
index ebedbb36f30..abd3dce6060 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2115.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2115.html
@@ -40,6 +40,6 @@ See
Authentication
- OWASP Top 10 2017 Category A3 - Sensitive Data
Exposure
- - MITRE, CWE-521 - Weak Password Requirements
+ - MITRE, CWE-521 - Weak Password Requirements
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2184.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2184.html
index 8d5b77fbb75..3c7e4566482 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2184.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2184.html
@@ -24,7 +24,7 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2221.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2221.html
index a0be996c8e3..fc36ffaeb16 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2221.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2221.html
@@ -45,6 +45,6 @@ Exceptions
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2222_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2222_cs.html
index 571f37cf64f..fb90d1d7324 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2222_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2222_cs.html
@@ -68,7 +68,7 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2222_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2222_vb.html
index 31a5fe05810..e5e882a59c5 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2222_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2222_vb.html
@@ -56,7 +56,7 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2225.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2225.html
index b53d2be5ce3..b721ba148b9 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2225.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2225.html
@@ -30,6 +30,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2245.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2245.html
index 1a4efe84983..f1cfe75ef14 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2245.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2245.html
@@ -51,11 +51,11 @@ See
Verification Standard - Cryptography Requirements
OWASP Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- MITRE, CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
- (PRNG)
- MITRE, CWE-330 - Use of Insufficiently Random Values
- MITRE, CWE-326 - Inadequate Encryption Strength
- MITRE, CWE-1241 - Use of Predictable Algorithm in Random Number Generator
+ MITRE, CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
+
+ MITRE, CWE-330 - Use of Insufficiently Random Values
+ MITRE, CWE-326 - Inadequate Encryption Strength
+ MITRE, CWE-1241 - Use of Predictable Algorithm in Random Number Generator
Derived from FindSecBugs rule Predictable Pseudo Random Number
Generator
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2255_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2255_cs.html
index bca31bf1a0f..dd60f9f6339 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2255_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2255_cs.html
@@ -41,8 +41,8 @@ See
Deprecated
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2255_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2255_vb.html
index c9268eb68ab..ac08891314f 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2255_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2255_vb.html
@@ -41,8 +41,8 @@ See
Deprecated
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2257_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2257_cs.html
index 9eb059424ad..17e43e90d37 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2257_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2257_cs.html
@@ -38,7 +38,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
Derived from FindSecBugs rule MessageDigest is Custom
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2257_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2257_vb.html
index 9e4fcd27336..f5874bb7379 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2257_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2257_vb.html
@@ -46,7 +46,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
Derived from FindSecBugs rule MessageDigest is Custom
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2259.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2259.html
index c685052d2e0..e3c68214e4d 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2259.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2259.html
@@ -47,6 +47,6 @@ Exceptions
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2386.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2386.html
index 80fa1283f8e..c52d2af99b0 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2386.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2386.html
@@ -39,7 +39,7 @@ Exceptions
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2486.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2486.html
index cf27f12c76e..b8e6bb3d6fe 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2486.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2486.html
@@ -31,6 +31,6 @@ See
Monitoring Failures
OWASP Top 10 2017 Category A10 -
Insufficient Logging & Monitoring
- MITRE, CWE-390 - Detection of Error Condition Without Action
+ MITRE, CWE-390 - Detection of Error Condition Without Action
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2583.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2583.html
index 121f9e9cdec..422d681d64d 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2583.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2583.html
@@ -65,7 +65,7 @@ Exceptions
In these cases it is obvious the code is as intended.
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2589.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2589.html
index 35a9e7b46be..8c0fbffbdb2 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2589.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2589.html
@@ -51,7 +51,7 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2612_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2612_cs.html
index 8dc32e8a3d8..44bf8881f36 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2612_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2612_cs.html
@@ -62,8 +62,8 @@ See
OWASP Top 10 2021 Category A4 - Insecure Design
OWASP Top 10 2017 Category A5 - Broken Access Control
OWASP File Permission
- MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
- MITRE, CWE-266 - Incorrect Privilege Assignment
+ MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
+ MITRE, CWE-266 - Incorrect Privilege Assignment
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2612_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2612_vb.html
index b3b2fd5ab2b..19e4690d50e 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2612_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2612_vb.html
@@ -62,8 +62,8 @@ See
OWASP Top 10 2021 Category A4 - Insecure Design
OWASP Top 10 2017 Category A5 - Broken Access Control
OWASP File Permission
- MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
- MITRE, CWE-266 - Incorrect Privilege Assignment
+ MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource
+ MITRE, CWE-266 - Incorrect Privilege Assignment
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2681.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2681.html
index 615968bbc2b..3cfc50349bf 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2681.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2681.html
@@ -39,6 +39,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2755.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2755.html
index 061f248161d..39250c54d3b 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2755.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2755.html
@@ -107,7 +107,7 @@ See
(XXE)
OWASP XXE Prevention Cheat
Sheet
- MITRE, CWE-611 - Information Exposure Through XML External Entity Reference
- MITRE, CWE-827 - Improper Control of Document Type Definition
+ MITRE, CWE-611 - Information Exposure Through XML External Entity Reference
+ MITRE, CWE-827 - Improper Control of Document Type Definition
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2930.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2930.html
index 1a1bb7423a8..faab67d528c 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2930.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2930.html
@@ -104,6 +104,6 @@ Exceptions
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2931.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2931.html
index df692d957b4..6ed6f3685cc 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2931.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2931.html
@@ -44,6 +44,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2952.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2952.html
index 44546f59794..e2719325171 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2952.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S2952.html
@@ -49,6 +49,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3242.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3242.html
index be9313f37f4..2ca0a7266ef 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3242.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3242.html
@@ -1,5 +1,5 @@
When a derived type is used as a parameter instead of the base type, it limits the uses of the method. If the additional functionality that is
-provided in the derived type is not requires then that limitation isn’t required, and should be removed.
+provided in the derived type is not required then that limitation isn’t required, and should be removed.
This rule raises an issue when a method declaration includes a parameter that is a derived type and accesses only members of the base type.
Noncompliant Code Example
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3329.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3329.html
index a609740d29b..932e369d7d0 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3329.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3329.html
@@ -37,10 +37,10 @@ See
Verification Standard - Cryptography Requirements
OWASP Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- MITRE, CWE-329 - Not Using an Unpredictable IV with CBC Mode
- MITRE, CWE-330 - Use of Insufficiently Random Values
- MITRE, CWE-340 - Generation of Predictable Numbers or Identifiers
- MITRE, CWE-1204 - Generation of Weak Initialization Vector (IV)
+ MITRE, CWE-329 - Not Using an Unpredictable IV with CBC Mode
+ MITRE, CWE-330 - Use of Insufficiently Random Values
+ MITRE, CWE-340 - Generation of Predictable Numbers or Identifiers
+ MITRE, CWE-1204 - Generation of Weak Initialization Vector (IV)
NIST, SP-800-38A - Recommendation for Block Cipher
Modes of Operation
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3330.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3330.html
index 2a910d9775a..26dc70f3d9d 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3330.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3330.html
@@ -48,7 +48,7 @@ See
OWASP HttpOnly
OWASP Top 10 2017 Category A7 - Cross-Site Scripting
(XSS)
- MITRE, CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
+ MITRE, CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
SANS Top 25 - Insecure Interaction Between Components
Derived from FindSecBugs rule HTTPONLY_COOKIE
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3655.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3655.html
index a58afc0a8d9..cfbe5b8488d 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3655.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3655.html
@@ -27,6 +27,6 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3884_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3884_cs.html
index 6ce44e3b78a..0e483a4d99f 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3884_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3884_cs.html
@@ -66,6 +66,6 @@ See
OWASP Top 10 2021 Category A1 - Broken Access Control
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-648 - Incorrect Use of Privileged APIs
+ MITRE, CWE-648 - Incorrect Use of Privileged APIs
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3884_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3884_vb.html
index abcbe6dcd90..a211d4dc874 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3884_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S3884_vb.html
@@ -63,6 +63,6 @@ See
OWASP Top 10 2021 Category A1 - Broken Access Control
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-648 - Incorrect Use of Privileged APIs
+ MITRE, CWE-648 - Incorrect Use of Privileged APIs
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4036_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4036_cs.html
index dfcf38f1e60..4ec6d6cf370 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4036_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4036_cs.html
@@ -23,7 +23,7 @@ See
OWASP Top 10 2021 Category A8 - Software and Data
Integrity Failures
OWASP Top 10 2017 Category A1 - Injection
- MITRE, CWE-426 - Untrusted Search Path
- MITRE, CWE-427 - Uncontrolled Search Path Element
+ MITRE, CWE-426 - Untrusted Search Path
+ MITRE, CWE-427 - Uncontrolled Search Path Element
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4036_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4036_vb.html
index 1731035f512..5e3ea47f554 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4036_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4036_vb.html
@@ -23,7 +23,7 @@ See
OWASP Top 10 2021 Category A8 - Software and Data
Integrity Failures
OWASP Top 10 2017 Category A1 - Injection
- MITRE, CWE-426 - Untrusted Search Path
- MITRE, CWE-427 - Uncontrolled Search Path Element
+ MITRE, CWE-426 - Untrusted Search Path
+ MITRE, CWE-427 - Uncontrolled Search Path Element
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4423_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4423_cs.html
index 96a1d45f0bb..a26aea83c01 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4423_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4423_cs.html
@@ -43,8 +43,8 @@ See
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-327 - Inadequate Encryption Strength
- MITRE, CWE-326 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Inadequate Encryption Strength
+ MITRE, CWE-326 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
SSL and TLS Deployment Best
Practices - Use secure protocols
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4423_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4423_vb.html
index d933145f727..def7fc146df 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4423_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4423_vb.html
@@ -33,8 +33,8 @@ See
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-327 - Inadequate Encryption Strength
- MITRE, CWE-326 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Inadequate Encryption Strength
+ MITRE, CWE-326 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
SSL and TLS Deployment Best
Practices - Use secure protocols
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4426.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4426.html
index 5511426b2f5..3c6feb0b843 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4426.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4426.html
@@ -87,6 +87,6 @@ See
Insufficient Cryptography
NIST 800-131A - Recommendation for Transitioning the
Use of Cryptographic Algorithms and Key Lengths
- MITRE, CWE-326 - Inadequate Encryption Strength
+ MITRE, CWE-326 - Inadequate Encryption Strength
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4433.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4433.html
index aaff0c4bf19..3008a116afb 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4433.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4433.html
@@ -28,7 +28,7 @@ See
OWASP Top 10 2021 Category A7 - Identification and
Authentication Failures
OWASP Top 10 2017 Category A2 - Broken Authentication
- MITRE, CWE-521 - Weak Password Requirements
+ MITRE, CWE-521 - Weak Password Requirements
ldapwiki.com- Simple Authentication
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4487.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4487.html
index be1d69f6846..aff4acab80a 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4487.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4487.html
@@ -46,6 +46,6 @@ Compliant Solution
See
- - MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
+ - MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4502.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4502.html
index 3de3050bc6b..b88806fbbea 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4502.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4502.html
@@ -54,7 +54,7 @@ Compliant Solution
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4507_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4507_vb.html
index bcc4ef7fabf..f1d77731310 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4507_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4507_vb.html
@@ -59,7 +59,7 @@ See
OWASP Top 10 2021 Category A5 - Security Misconfiguration
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-489 - Active Debug Code
- MITRE, CWE-215 - Information Exposure Through Debug Information
+ MITRE, CWE-489 - Active Debug Code
+ MITRE, CWE-215 - Information Exposure Through Debug Information
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4564.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4564.html
index 26482cd61b6..80d16ab1d56 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4564.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4564.html
@@ -38,7 +38,7 @@ See
- OWASP Top 10 2017 Category A7 - Cross-Site Scripting
(XSS)
- - MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
+
- MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
- SANS Top 25 - Insecure Interaction Between Components
- OWASP ASP.NET Request Validation
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4787_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4787_cs.html
index 230221b4f98..50e83266ebc 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4787_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4787_cs.html
@@ -107,13 +107,13 @@ See
- OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- - MITRE, CWE-321 - Use of Hard-coded Cryptographic Key
- - MITRE, CWE-322 - Key Exchange without Entity Authentication
- - MITRE, CWE-323 - Reusing a Nonce, Key Pair in Encryption
- - MITRE, CWE-324 - Use of a Key Past its Expiration Date
- - MITRE, CWE-325 - Missing Required Cryptographic Step
- - MITRE, CWE-326 - Inadequate Encryption Strength
- - MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ - MITRE, CWE-321 - Use of Hard-coded Cryptographic Key
+ - MITRE, CWE-322 - Key Exchange without Entity Authentication
+ - MITRE, CWE-323 - Reusing a Nonce, Key Pair in Encryption
+ - MITRE, CWE-324 - Use of a Key Past its Expiration Date
+ - MITRE, CWE-325 - Missing Required Cryptographic Step
+ - MITRE, CWE-326 - Inadequate Encryption Strength
+ - MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
- SANS Top 25 - Porous Defenses
Deprecated
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4787_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4787_vb.html
index e1894aebe78..738d88e5561 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4787_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4787_vb.html
@@ -110,13 +110,13 @@ See
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-321 - Use of Hard-coded Cryptographic Key
- MITRE, CWE-322 - Key Exchange without Entity Authentication
- MITRE, CWE-323 - Reusing a Nonce, Key Pair in Encryption
- MITRE, CWE-324 - Use of a Key Past its Expiration Date
- MITRE, CWE-325 - Missing Required Cryptographic Step
- MITRE, CWE-326 - Inadequate Encryption Strength
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-321 - Use of Hard-coded Cryptographic Key
+ MITRE, CWE-322 - Key Exchange without Entity Authentication
+ MITRE, CWE-323 - Reusing a Nonce, Key Pair in Encryption
+ MITRE, CWE-324 - Use of a Key Past its Expiration Date
+ MITRE, CWE-325 - Missing Required Cryptographic Step
+ MITRE, CWE-326 - Inadequate Encryption Strength
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
Deprecated
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4790_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4790_cs.html
index f06f7eb7350..ea56ccdc39b 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4790_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4790_cs.html
@@ -38,7 +38,7 @@ See
Verification Standard - Cryptography Requirements
OWASP Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- MITRE, CWE-1240 - Use of a Risky Cryptographic Primitive
+ MITRE, CWE-1240 - Use of a Risky Cryptographic Primitive
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4790_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4790_vb.html
index 87dd9eff034..df0620115b9 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4790_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4790_vb.html
@@ -58,7 +58,7 @@ See
Verification Standard - Cryptography Requirements
OWASP Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- MITRE, CWE-1240 - Use of a Risky Cryptographic Primitive
+ MITRE, CWE-1240 - Use of a Risky Cryptographic Primitive
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4792_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4792_cs.html
index 15becc95af4..e8bdcbd6a7c 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4792_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4792_cs.html
@@ -203,8 +203,8 @@ See
OWASP Top 10 2017 Category A10 -
Insufficient Logging & Monitoring
- MITRE, CWE-117 - Improper Output Neutralization for Logs
- MITRE, CWE-532 - Information Exposure Through Log Files
+ MITRE, CWE-117 - Improper Output Neutralization for Logs
+ MITRE, CWE-532 - Information Exposure Through Log Files
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4792_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4792_vb.html
index 94723e31a70..5996d61fc06 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4792_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4792_vb.html
@@ -200,8 +200,8 @@ See
OWASP Top 10 2017 Category A10 -
Insufficient Logging & Monitoring
- MITRE, CWE-117 - Improper Output Neutralization for Logs
- MITRE, CWE-532 - Information Exposure Through Log Files
+ MITRE, CWE-117 - Improper Output Neutralization for Logs
+ MITRE, CWE-532 - Information Exposure Through Log Files
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4818_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4818_cs.html
index 4022c02720a..dcddc33db61 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4818_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4818_cs.html
@@ -47,9 +47,9 @@ See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4818_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4818_vb.html
index 57cb6a4f9ae..0224bc4c09f 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4818_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4818_vb.html
@@ -47,9 +47,9 @@ See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4823_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4823_cs.html
index 6cb74ba074c..7f127393c5e 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4823_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4823_cs.html
@@ -37,8 +37,8 @@ Sensitive Code Example
See
Deprecated
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4823_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4823_vb.html
index 4d52f4a5694..f66c74173ee 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4823_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4823_vb.html
@@ -31,8 +31,8 @@ Sensitive Code Example
See
Deprecated
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4829_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4829_cs.html
index 0d192338bb0..df601505963 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4829_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4829_cs.html
@@ -44,7 +44,7 @@ Exceptions
See
Deprecated
This rule is deprecated, and will eventually be removed.
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4829_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4829_vb.html
index 222c20f0af2..adb9ce30691 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4829_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4829_vb.html
@@ -41,7 +41,7 @@ Exceptions
See
Deprecated
This rule is deprecated, and will eventually be removed.
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4830_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4830_cs.html
index 8a151557aff..1cbad790064 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4830_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4830_cs.html
@@ -38,6 +38,6 @@ See
Standard - Network Communication Requirements
OWASP Mobile Top 10 2016 Category M3 - Insecure
Communication
- MITRE, CWE-295 - Improper Certificate Validation
+ MITRE, CWE-295 - Improper Certificate Validation
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4830_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4830_vb.html
index 2fafe6d7490..4739e08e60d 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4830_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4830_vb.html
@@ -34,6 +34,6 @@ See
Standard - Network Communication Requirements
OWASP Mobile Top 10 2016 Category M3 - Insecure
Communication
- MITRE, CWE-295 - Improper Certificate Validation
+ MITRE, CWE-295 - Improper Certificate Validation
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4834_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4834_cs.html
index d079d1dbb16..4200d8388ff 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4834_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4834_cs.html
@@ -75,10 +75,10 @@ See
Deprecated
This rule is deprecated, and will eventually be removed.
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4834_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4834_vb.html
index 3c6df99a803..de519a0488a 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4834_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S4834_vb.html
@@ -71,10 +71,10 @@ See
Deprecated
This rule is deprecated, and will eventually be removed.
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5042_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5042_cs.html
index e5e8f44f329..f30f1edb802 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5042_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5042_cs.html
@@ -79,7 +79,7 @@ See
OWASP Top 10 2021 Category A5 - Security Misconfiguration
OWASP Top 10 2017 Category A6 -
Security Misconfiguration
- MITRE, CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
+ MITRE, CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
bamsoftware.com - A better Zip Bomb
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5042_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5042_vb.html
index d090e7dee59..44d7236c6ac 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5042_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5042_vb.html
@@ -59,7 +59,7 @@ See
OWASP Top 10 2021 Category A5 - Security Misconfiguration
OWASP Top 10 2017 Category A6 -
Security Misconfiguration
- MITRE, CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
+ MITRE, CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
bamsoftware.com - A better Zip Bomb
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5122.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5122.html
index e1e75b5bd40..14eb84edd2e 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5122.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5122.html
@@ -23,7 +23,7 @@ Recommended Secure Coding Practices
allowing any domain (do not use * wildcard nor blindly return the Origin header content without any checks).
Sensitive Code Example
-ASP.NET Core MVC
+ASP.NET Core MVC:
[HttpGet]
public string Get()
@@ -56,7 +56,7 @@ ASP.NET Core MVC
services.AddControllers();
}
-ASP.NET MVC
+ASP.NET MVC:
public class HomeController : ApiController
{
@@ -77,8 +77,13 @@ ASP.NET MVC
Content = new StringContent("content")
};
+User-controlled origin:
+
+String origin = Request.Headers["Origin"];
+Response.Headers.Add("Access-Control-Allow-Origin", origin); // Sensitive
+
Compliant Solution
-ASP.NET Core MVC
+ASP.NET Core MVC:
[HttpGet]
public string Get()
@@ -106,7 +111,7 @@ ASP.NET Core MVC
services.AddControllers();
}
-ASP.Net MVC
+ASP.Net MVC:
public class HomeController : ApiController
{
@@ -127,6 +132,15 @@ ASP.Net MVC
Content = new StringContent("content")
};
+User-controlled origin validated with an allow-list:
+
+String origin = Request.Headers["Origin"];
+
+if (trustedOrigins.Contains(origin))
+{
+ Response.Headers.Add("Access-Control-Allow-Origin", origin);
+}
+
See
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5332.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5332.html
index 9bf127c23b7..1f1a003bb7c 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5332.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5332.html
@@ -86,8 +86,8 @@ See
Standard - Network Communication Requirements
OWASP Mobile Top 10 2016 Category M3 - Insecure
Communication
- MITRE, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
- MITRE, CWE-319 - Cleartext Transmission of Sensitive Information
+ MITRE, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
+ MITRE, CWE-319 - Cleartext Transmission of Sensitive Information
Google, Moving towards more secure web
Mozilla, Deprecating non secure http
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5443_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5443_cs.html
index 4eea35d4488..308c866dfef 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5443_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5443_cs.html
@@ -66,9 +66,9 @@ See
OWASP Top 10 2017 Category A5 - Broken Access Control
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-377 - Insecure Temporary File
- MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect
- Permissions
+ MITRE, CWE-377 - Insecure Temporary File
+ MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
+
OWASP, Insecure Temporary File
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5443_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5443_vb.html
index 2a7ea78f541..1cf62b9a66f 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5443_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5443_vb.html
@@ -71,9 +71,9 @@ See
OWASP Top 10 2017 Category A5 - Broken Access Control
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-377 - Insecure Temporary File
- MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect
- Permissions
+ MITRE, CWE-377 - Insecure Temporary File
+ MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
+
OWASP, Insecure Temporary File
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5445_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5445_cs.html
index 435f2c89072..709afd588ed 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5445_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5445_cs.html
@@ -45,9 +45,9 @@ See
OWASP Top 10 2021 Category A1 - Broken Access Control
OWASP Top 10 2017 Category A9 - Using
Components with Known Vulnerabilities
- MITRE, CWE-377 - Insecure Temporary File
- MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect
- Permissions
+ MITRE, CWE-377 - Insecure Temporary File
+ MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
+
OWASP, Insecure Temporary File
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5445_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5445_vb.html
index c64e0398f24..e7b63bea44b 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5445_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5445_vb.html
@@ -43,9 +43,9 @@ See
OWASP Top 10 2021 Category A1 - Broken Access Control
OWASP Top 10 2017 Category A9 - Using
Components with Known Vulnerabilities
- MITRE, CWE-377 - Insecure Temporary File
- MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect
- Permissions
+ MITRE, CWE-377 - Insecure Temporary File
+ MITRE, CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
+
OWASP, Insecure Temporary File
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5542_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5542_cs.html
index d2a3bb801f0..5dde383f4e0 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5542_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5542_cs.html
@@ -55,7 +55,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5542_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5542_vb.html
index a1804e97745..ddd31edc10e 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5542_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5542_vb.html
@@ -54,7 +54,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5547_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5547_cs.html
index 06a06135612..e756d1bf4ae 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5547_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5547_cs.html
@@ -32,7 +32,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5547_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5547_vb.html
index 61801a714e4..be4f405e502 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5547_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5547_vb.html
@@ -32,7 +32,7 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
+ MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
SANS Top 25 - Porous Defenses
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5659_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5659_cs.html
index 2e9d2d5d0a1..889df7d88f5 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5659_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5659_cs.html
@@ -28,6 +28,6 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-347 - Improper Verification of Cryptographic Signature
+ MITRE, CWE-347 - Improper Verification of Cryptographic Signature
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5659_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5659_vb.html
index cd54f3258bc..87bbd78932a 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5659_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5659_vb.html
@@ -28,6 +28,6 @@ See
OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
- MITRE, CWE-347 - Improper Verification of Cryptographic Signature
+ MITRE, CWE-347 - Improper Verification of Cryptographic Signature
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5693_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5693_cs.html
index b8317a92b08..5ffc9a78a39 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5693_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5693_cs.html
@@ -100,8 +100,8 @@ See
Cheat Sheet
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-770 - Allocation of Resources Without Limits or Throttling
- MITRE, CWE-400 - Uncontrolled Resource Consumption
+ MITRE, CWE-770 - Allocation of Resources Without Limits or Throttling
+ MITRE, CWE-400 - Uncontrolled Resource Consumption
Web.config - XML-formatted config file for IIS
applications
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5693_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5693_vb.html
index 4c7c7cf519c..4a88afeb9d8 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5693_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5693_vb.html
@@ -66,7 +66,7 @@ See
Cheat Sheet
OWASP Top 10 2017 Category A6 - Security
Misconfiguration
- MITRE, CWE-770 - Allocation of Resources Without Limits or Throttling
- MITRE, CWE-400 - Uncontrolled Resource Consumption
+ MITRE, CWE-770 - Allocation of Resources Without Limits or Throttling
+ MITRE, CWE-400 - Uncontrolled Resource Consumption
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5753_cs.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5753_cs.html
index c46b6d453dc..795bb24edaa 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5753_cs.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5753_cs.html
@@ -70,7 +70,7 @@ See
Prevention Cheat Sheet
OWASP Top 10 2017 Category A7 - Cross-Site Scripting
(XSS)
- MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
+ MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5753_vb.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5753_vb.html
index 4ee23114cf1..65eaab4e032 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5753_vb.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5753_vb.html
@@ -67,7 +67,7 @@ See
Prevention Cheat Sheet
OWASP Top 10 2017 Category A7 - Cross-Site Scripting
(XSS)
- MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
+ MITRE, CWE-79 - Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5766.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5766.html
index 1a8981a094a..20ce459a6d6 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5766.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5766.html
@@ -181,6 +181,6 @@ See
docs.microsoft.com - security-and-serialization
- MITRE, CWE-502 - Deserialization of Untrusted Data
+ MITRE, CWE-502 - Deserialization of Untrusted Data
diff --git a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5773.html b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5773.html
index caa5844ddc1..ba3cfab5489 100644
--- a/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5773.html
+++ b/analyzers/src/SonarAnalyzer.Utilities/Rules.Description/S5773.html
@@ -99,8 +99,8 @@ See
BinaryFormatter security guide
OWASP Top 10 2017 Category A8 - Insecure Deserialization
- MITRE, CWE-134 - Use of Externally-Controlled Format String
- MITRE, CWE-502 - Deserialization of Untrusted Data
+ MITRE, CWE-134 - Use of Externally-Controlled Format String
+ MITRE, CWE-502 - Deserialization of Untrusted Data
SANS Top 25 - Risky Resource Management
OWASP Deserialization Cheat
Sheet
diff --git a/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json b/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json
index 46dd71758fa..0eebef04a01 100644
--- a/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json
+++ b/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json
@@ -3,5 +3,5 @@
"languages": [
"VBNET"
],
- "latest-update": "2022-03-24T07:44:11.397051700Z"
+ "latest-update": "2022-04-22T07:27:30.347426400Z"
}
\ No newline at end of file