Update RSPEC (#6096)

SonarSource · Sep 15, 2022 · c834145 · c834145
1 parent 7ac10e5
commit c834145
Show file tree

Hide file tree

Showing 15 changed files with 36 additions and 86 deletions.
diff --git a/analyzers/rspec/cs/S2115_c#.json b/analyzers/rspec/cs/S2115_c#.json
@@ -33,16 +33,8 @@
       "6.2.4"
     ],
     "ASVS 4.0": [
-      "2.1.1",
-      "2.1.11",
-      "2.1.12",
-      "2.1.2",
-      "2.1.3",
-      "2.1.4",
-      "2.1.7",
-      "2.1.8",
-      "2.1.9",
-      "2.10.3"
+      "9.2.2",
+      "9.2.3"
     ]
   },
   "quickfix": "unknown"

diff --git a/analyzers/rspec/cs/S3353_c#.html b/analyzers/rspec/cs/S3353_c#.html
@@ -4,7 +4,7 @@ <h2>Noncompliant Code Example</h2>
 <pre>
 public bool Seek(int[] input)
 {
-  int target = 32;  // Noncompliant
+  var target = 32;  // Noncompliant
   foreach (int i in input)
   {
     if (i == target)
@@ -15,6 +15,16 @@ <h2>Noncompliant Code Example</h2>
   return false;
 }
 </pre>
+<p>or</p>
+<pre>
+public class Sample
+{
+  public void Method()
+  {
+    var context = $"{nameof(Sample)}.{nameof(Method)}";  // Noncompliant (C# 10 and above only)
+  }
+}
+</pre>
 <h2>Compliant Solution</h2>
 <pre>
 public bool Seek(int[] input)
@@ -30,4 +40,14 @@ <h2>Compliant Solution</h2>
   return false;
 }
 </pre>
+<p>or</p>
+<pre>
+public class Sample
+{
+  public void Method()
+  {
+    const string context = $"{nameof(Sample)}.{nameof(Method)}";
+  }
+}
+</pre>
 
diff --git a/analyzers/rspec/cs/S4423_c#.json b/analyzers/rspec/cs/S4423_c#.json
@@ -47,19 +47,9 @@
       "6.2.4"
     ],
     "ASVS 4.0": [
-      "1.9.2",
-      "2.8.3",
-      "2.9.3",
-      "6.2.2",
-      "6.2.3",
-      "6.2.4",
-      "6.2.5",
-      "6.2.6",
-      "6.2.7",
       "8.3.7",
       "9.1.2",
-      "9.1.3",
-      "9.2.1"
+      "9.1.3"
     ]
   },
   "quickfix": "unknown"

diff --git a/analyzers/rspec/cs/S4426_c#.json b/analyzers/rspec/cs/S4426_c#.json
@@ -35,14 +35,7 @@
       "A2"
     ],
     "ASVS 4.0": [
-      "2.8.3",
-      "6.2.3",
-      "6.2.4",
-      "6.2.5",
-      "6.2.6",
-      "6.2.7",
-      "9.1.2",
-      "9.1.3"
+      "6.2.3"
     ]
   },
   "quickfix": "unknown"

diff --git a/analyzers/rspec/cs/S4433_c#.json b/analyzers/rspec/cs/S4433_c#.json
@@ -31,16 +31,8 @@
       "6.2.4"
     ],
     "ASVS 4.0": [
-      "2.1.1",
-      "2.1.11",
-      "2.1.12",
-      "2.1.2",
-      "2.1.3",
-      "2.1.4",
-      "2.1.7",
-      "2.1.8",
-      "2.1.9",
-      "2.10.3"
+      "9.2.2",
+      "9.2.3"
     ]
   },
   "quickfix": "unknown"

diff --git a/analyzers/rspec/cs/S4792_c#.json b/analyzers/rspec/cs/S4792_c#.json
@@ -34,10 +34,7 @@
     ],
     "ASVS 4.0": [
       "7.1.1",
-      "7.1.2",
-      "7.3.1",
-      "7.3.2",
-      "8.3.5"
+      "7.1.2"
     ]
   }
 }
diff --git a/analyzers/rspec/cs/S5542_c#.html b/analyzers/rspec/cs/S5542_c#.html
@@ -3,7 +3,7 @@
   <li> For block cipher encryption algorithms (like AES):
     <ul>
       <li> The ECB (Electronic Codebook) cipher mode doesn’t provide serious message confidentiality: under a given key any given plaintext block
-      always gets encrypted to the same ciphertext block. This mode never be used. </li>
+      always gets encrypted to the same ciphertext block. This mode should never be used. </li>
       <li> The CBC (Cipher Block Chaining) mode by itself provides only data confidentiality. This cipher mode is also vulnerable to <a
       href="https://en.wikipedia.org/wiki/Padding_oracle_attack">padding oracle attacks</a> when used with padding. Using CBC along with Message
       Authentication Code can provide data integrity and should prevent such attacks. In practice the implementation has many pitfalls and it’s

diff --git a/analyzers/rspec/cs/S5547_c#.json b/analyzers/rspec/cs/S5547_c#.json
@@ -46,17 +46,10 @@
       "6.2.4"
     ],
     "ASVS 4.0": [
-      "2.8.3",
-      "2.9.3",
       "6.2.2",
       "6.2.3",
-      "6.2.4",
       "6.2.5",
-      "6.2.6",
-      "6.2.7",
-      "8.3.7",
-      "9.1.2",
-      "9.1.3"
+      "8.3.7"
     ]
   },
   "quickfix": "unknown"

diff --git a/analyzers/rspec/vbnet/S4423_vb.net.json b/analyzers/rspec/vbnet/S4423_vb.net.json
@@ -47,19 +47,9 @@
       "6.2.4"
     ],
     "ASVS 4.0": [
-      "1.9.2",
-      "2.8.3",
-      "2.9.3",
-      "6.2.2",
-      "6.2.3",
-      "6.2.4",
-      "6.2.5",
-      "6.2.6",
-      "6.2.7",
       "8.3.7",
       "9.1.2",
-      "9.1.3",
-      "9.2.1"
+      "9.1.3"
     ]
   },
   "quickfix": "unknown"

diff --git a/analyzers/rspec/vbnet/S4792_vb.net.json b/analyzers/rspec/vbnet/S4792_vb.net.json
@@ -34,10 +34,7 @@
     ],
     "ASVS 4.0": [
       "7.1.1",
-      "7.1.2",
-      "7.3.1",
-      "7.3.2",
-      "8.3.5"
+      "7.1.2"
     ]
   }
 }
diff --git a/analyzers/rspec/vbnet/S5542_vb.net.html b/analyzers/rspec/vbnet/S5542_vb.net.html
@@ -3,7 +3,7 @@
   <li> For block cipher encryption algorithms (like AES):
     <ul>
       <li> The ECB (Electronic Codebook) cipher mode doesn’t provide serious message confidentiality: under a given key any given plaintext block
-      always gets encrypted to the same ciphertext block. This mode never be used. </li>
+      always gets encrypted to the same ciphertext block. This mode should never be used. </li>
       <li> The CBC (Cipher Block Chaining) mode by itself provides only data confidentiality. This cipher mode is also vulnerable to <a
       href="https://en.wikipedia.org/wiki/Padding_oracle_attack">padding oracle attacks</a> when used with padding. Using CBC along with Message
       Authentication Code can provide data integrity and should prevent such attacks. In practice the implementation has many pitfalls and it’s

diff --git a/analyzers/rspec/vbnet/S5547_vb.net.json b/analyzers/rspec/vbnet/S5547_vb.net.json
@@ -46,17 +46,10 @@
       "6.2.4"
     ],
     "ASVS 4.0": [
-      "2.8.3",
-      "2.9.3",
       "6.2.2",
       "6.2.3",
-      "6.2.4",
       "6.2.5",
-      "6.2.6",
-      "6.2.7",
-      "8.3.7",
-      "9.1.2",
-      "9.1.3"
+      "8.3.7"
     ]
   },
   "quickfix": "unknown"

diff --git a/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json b/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json
@@ -3,5 +3,5 @@
   "languages": [
     "CSH"
   ],
-  "latest-update": "2022-08-18T08:35:17.004977500Z"
+  "latest-update": "2022-09-14T16:21:02.591923800Z"
 }
diff --git a/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json b/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json
@@ -3,5 +3,5 @@
   "languages": [
     "VBNET"
   ],
-  "latest-update": "2022-08-18T08:36:58.940958600Z"
+  "latest-update": "2022-09-14T16:20:27.237152200Z"
 }
diff --git a/...-csharp-plugin/src/test/java/org/sonar/plugins/csharp/CSharpSonarRulesDefinitionTest.java b/...-csharp-plugin/src/test/java/org/sonar/plugins/csharp/CSharpSonarRulesDefinitionTest.java
@@ -107,14 +107,7 @@ public void test_security_standards_with_vulnerability() {
     assertThat(rule.type()).isEqualTo(RuleType.VULNERABILITY);
     assertThat(rule.securityStandards()).containsExactlyInAnyOrder(
       "cwe:326",
-      "owaspAsvs-4.0:2.8.3",
       "owaspAsvs-4.0:6.2.3",
-      "owaspAsvs-4.0:6.2.4",
-      "owaspAsvs-4.0:6.2.5",
-      "owaspAsvs-4.0:6.2.6",
-      "owaspAsvs-4.0:6.2.7",
-      "owaspAsvs-4.0:9.1.2",
-      "owaspAsvs-4.0:9.1.3",
       "owaspTop10-2021:a2",
       "owaspTop10:a3",
       "owaspTop10:a6");