Update rules metadata (#2934)

css-sonarpedia/sonarpedia.json

@@ -3,7 +3,7 @@
   "languages": [
     "CSS"
   ],
-  "latest-update": "2021-12-13T11:49:51.716012Z",
+  "latest-update": "2022-01-21T11:21:37.795369Z",
   "options": {
     "no-language-in-filenames": true
   }

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2819.html

@@ -1,30 +1,30 @@
 <p>Browsers <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage">allow message exchanges</a> between Window objects of
 different origins.</p>
-<p>Because any window can send / receive messages from other window it is important to verify the sender’s / receiver’s identity:</p>
+<p>Because any window can send or receive messages from another window, it is important to verify the sender’s/receiver’s identity:</p>
 <ul>
-  <li> When sending message with postMessage method, the identity’s receiver should be defined (the wildcard keyword (<code>*</code>) should not be
-  used). </li>
-  <li> When receiving message with message event, the sender’s identity should be verified using the origin and possibly source properties. </li>
+  <li> When sending a message with the postMessage method, the identity’s receiver should be defined (the wildcard keyword (<code>*</code>) should not
+  be used). </li>
+  <li> When receiving a message with a message event, the sender’s identity should be verified using the origin and possibly source properties. </li>
 </ul>
 <h2>Noncompliant Code Example</h2>
-<p>When sending message:</p>
+<p>When sending a message:</p>
 <pre>
 var iframe = document.getElementById("testiframe");
 iframe.contentWindow.postMessage("secret", "*"); // Noncompliant: * is used
 </pre>
-<p>When receiving message:</p>
+<p>When receiving a message:</p>
 <pre>
 window.addEventListener("message", function(event) { // Noncompliant: no checks are done on the origin property.
       console.log(event.data);
  });
 </pre>
 <h2>Compliant Solution</h2>
-<p>When sending message:</p>
+<p>When sending a message:</p>
 <pre>
 var iframe = document.getElementById("testsecureiframe");
 iframe.contentWindow.postMessage("hello", "https://secure.example.com"); // Compliant
 </pre>
-<p>When receiving message:</p>
+<p>When receiving a message:</p>
 <pre>
 window.addEventListener("message", function(event) {
 
@@ -41,4 +41,3 @@ <h2>See</h2>
   Broken Authentication and Session Management </li>
   <li> <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage">developer.mozilla.org</a> - postMessage API </li>
 </ul>
-

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4817.html

@@ -4,7 +4,7 @@
   <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9149">CVE-2016-9149</a> </li>
   <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4837">CVE-2012-4837</a> </li>
 </ul>
-<p>User provided data such as URL parameters should always be considered as untrusted and tainted. Constructing XPath expressions directly from
+<p>User-provided data such as URL parameters should always be considered as untrusted and tainted. Constructing XPath expressions directly from
 tainted data enables attackers to inject specially crafted values that changes the initial meaning of the expression itself. Successful XPath
 injections attacks can read sensitive information from the XML document.</p>
 <h2>Ask Yourself Whether</h2>
@@ -42,4 +42,3 @@ <h2>See</h2>
 </ul>
 <h2>Deprecated</h2>
 <p>This rule is deprecated, and will eventually be removed.</p>
-

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6268.html

@@ -5,15 +5,15 @@
 information or impersonating other users.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
-  <li> The value for which sanitization has been disabled is user controlled. </li>
+  <li> The value for which sanitization has been disabled is user-controlled. </li>
   <li> It’s difficult to understand how this value is constructed. </li>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Avoid including dynamic executable code and thus disabling Angular’s built-in sanitization unless it’s absolutely necessary. Try instead to
   rely as much as possible on static templates and Angular built-in sanitization to define web page content. </li>
-  <li> Make sure to understand how the value to consider as trusted is constructed and never concatenate it with user controlled data. </li>
+  <li> Make sure to understand how the value to consider as trusted is constructed and never concatenate it with user-controlled data. </li>
   <li> Make sure to choose the correct <a href="https://angular.io/api/platform-browser/DomSanitizer">DomSanitizer</a> "bypass" method based on the
   context. For instance, only use <code>bypassSecurityTrustUrl</code> to trust urls in an <code>href</code> attribute context. </li>
 </ul>
@@ -66,4 +66,3 @@ <h2>See</h2>
   ('Cross-site Scripting') </li>
   <li> <a href="https://angular.io/guide/security">Angular - Best Practices - Security</a> </li>
 </ul>
-

javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6299.html

@@ -6,7 +6,7 @@
 <h2>Ask Yourself Whether</h2>
 <p>The application needs to render HTML content which:</p>
 <ul>
-  <li> could be user controlled and not previously sanitized. </li>
+  <li> could be user-controlled and not previously sanitized. </li>
   <li> is difficult to understand how it was constructed. </li>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
@@ -76,4 +76,3 @@ <h2>See</h2>
   ('Cross-site Scripting') </li>
   <li> <a href="https://vuejs.org/v2/guide/security.html#Injecting-HTML">Vue.js - Security - Injecting HTML</a> </li>
 </ul>
-

sonarpedia.json

@@ -3,7 +3,7 @@
   "languages": [
     "JS"
   ],
-  "latest-update": "2021-12-13T11:48:36.474023Z",
+  "latest-update": "2022-01-21T11:22:21.652946Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": true