diff --git a/css-sonarpedia/sonarpedia.json b/css-sonarpedia/sonarpedia.json
index 39969479c21..f6a6d52d5b1 100644
--- a/css-sonarpedia/sonarpedia.json
+++ b/css-sonarpedia/sonarpedia.json
@@ -3,7 +3,7 @@
"languages": [
"CSS"
],
- "latest-update": "2024-09-25T13:47:31.326757900Z",
+ "latest-update": "2024-11-15T08:36:47.923296Z",
"options": {
"no-language-in-filenames": true
}
diff --git a/package.json b/package.json
index 21fa5e66018..9ee1f9f6564 100644
--- a/package.json
+++ b/package.json
@@ -30,7 +30,7 @@
"td": "npm --prefix typedoc/searchable-parameters-plugin run setup && npx typedoc --options typedoc/typedoc.js",
"prepare": "husky install",
"precommit": "pretty-quick --staged",
- "count-rules": "node tools/count-rules.js",
+ "count-rules": "node tools/count-rules.cjs",
"_:bridge:copy-protofiles": "cpy --flat packages/jsts/src/parsers/estree.proto sonar-plugin/bridge/src/main/protobuf && cpy --flat packages/jsts/src/parsers/estree.proto lib/jsts/src/parsers",
"_:bridge:clear": "rimraf --glob lib/*",
"_:plugin:prepare-bridge": "npm pack && node tools/check-distribution-filepath-length.cjs && npm run _:plugin:copy-bridge && npm run generate-rules-list",
@@ -44,7 +44,7 @@
"eslint-plugin:types": "tsc -p tsconfig-plugin.json --declaration true --emitDeclarationOnly --outDir lib/types",
"eslint-plugin:package-json": "node generate-eslint-package-json.mjs",
"eslint-plugin:copy-assets": "cpy LICENSE.txt lib/ --rename LICENSE && cpy packages/jsts/src/rules/README.md lib/ --flat",
- "eslint-docs": "npm run compile && eslint-doc-generator lib"
+ "eslint-docs": "npm run eslint-plugin:compile && eslint-doc-generator lib --init-rule-docs"
},
"repository": {
"type": "git",
diff --git a/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4650.json b/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4650.json
index 4adb2d5f23a..aa0d48ce3a4 100644
--- a/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4650.json
+++ b/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4650.json
@@ -3,7 +3,7 @@
"type": "BUG",
"code": {
"impacts": {
- "RELIABILITY": "HIGH"
+ "RELIABILITY": "BLOCKER"
},
"attribute": "LOGICAL"
},
diff --git a/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4653.json b/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4653.json
index 872ba12ccea..0696bc7d700 100644
--- a/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4653.json
+++ b/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4653.json
@@ -3,7 +3,7 @@
"type": "BUG",
"code": {
"impacts": {
- "RELIABILITY": "HIGH"
+ "RELIABILITY": "BLOCKER"
},
"attribute": "LOGICAL"
},
diff --git a/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4654.json b/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4654.json
index e47e21b396f..b629efca58e 100644
--- a/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4654.json
+++ b/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4654.json
@@ -3,7 +3,7 @@
"type": "BUG",
"code": {
"impacts": {
- "RELIABILITY": "HIGH"
+ "RELIABILITY": "BLOCKER"
},
"attribute": "LOGICAL"
},
diff --git a/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4668.json b/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4668.json
index cf26cb92d4d..156796d8665 100644
--- a/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4668.json
+++ b/sonar-plugin/css/src/main/resources/org/sonar/l10n/css/rules/css/S4668.json
@@ -3,7 +3,7 @@
"type": "BUG",
"code": {
"impacts": {
- "RELIABILITY": "HIGH"
+ "RELIABILITY": "BLOCKER"
},
"attribute": "LOGICAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1219.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1219.json
index 0e64d2986d1..203087debd3 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1219.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1219.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "CLEAR"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S128.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S128.json
index 5ed1edb707b..93a3d3856ed 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S128.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S128.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "CLEAR"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1314.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1314.json
index a9793bc31eb..a872f1fe49f 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1314.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1314.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "CLEAR"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1451.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1451.json
index 83d2264c70e..5f7419d49a8 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1451.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1451.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "LAWFUL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1526.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1526.json
index 827413edad2..8c25a3282de 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1526.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1526.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1527.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1527.json
index e4a6eaf6314..dccb77a7d24 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1527.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1527.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2068.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2068.json
index dbaa2ded61c..ab8c1d283eb 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2068.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2068.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "TRUSTWORTHY"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2187.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2187.json
index 534af358f86..218228c1078 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2187.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2187.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "TESTED"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2189.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2189.json
index 5c9a4932502..1b19d9f752f 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2189.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2189.json
@@ -3,7 +3,7 @@
"type": "BUG",
"code": {
"impacts": {
- "RELIABILITY": "HIGH"
+ "RELIABILITY": "BLOCKER"
},
"attribute": "LOGICAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2245.html b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2245.html
index 0e5246e1b99..ddfdb012b7c 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2245.html
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2245.html
@@ -1,11 +1,19 @@
-Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities:
+PRNGs are algorithms that produce sequences of numbers that only approximate true randomness. While they are suitable for applications like
+simulations or modeling, they are not appropriate for security-sensitive contexts because their outputs can be predictable if the internal state is
+known.
+In contrast, cryptographically secure pseudorandom number generators (CSPRNGs) are designed to be secure against prediction attacks. CSPRNGs use
+cryptographic algorithms to ensure that the generated sequences are not only random but also unpredictable, even if part of the sequence or the
+internal state becomes known. This unpredictability is crucial for security-related tasks such as generating encryption keys, tokens, or any other
+values that must remain confidential and resistant to guessing attacks.
+For example, the use of non-cryptographic PRNGs has led to vulnerabilities such as:
When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that
-will be generated, and use this guess to impersonate another user or access sensitive information.
+will be generated, and use this guess to impersonate another user or access sensitive information. Therefore, it is critical to use CSPRNGs in any
+security-sensitive application to ensure the robustness and security of the system.
As the Math.random() function relies on a weak pseudorandom number generator, this function should not be used for security-critical
applications or for protecting sensitive data. In such context, a cryptographically strong pseudorandom number generator (CSPRNG) should be used
instead.
@@ -13,14 +21,14 @@ Ask Yourself Whether
- the code using the generated value requires it to be unpredictable. It is the case for all encryption mechanisms or when a secret value, such
as a password, is hashed.
- - the function you use generates a value which can be predicted (pseudo-random).
+ - the function you use is a non-cryptographic PRNG.
- the generated value is used multiple times.
- an attacker can access the generated value.
There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
- - Use a cryptographically strong pseudorandom number generator (CSPRNG) like
crypto.getRandomValues().
+ - Use a cryptographically secure pseudorandom number generator (CSPRNG) like
crypto.getRandomValues().
- Use the generated random values only once.
- You should not expose the generated random value. If you have to store it, make sure that the database or file is secure.
@@ -34,18 +42,20 @@ Compliant Solution
// === Client side ===
const crypto = window.crypto || window.msCrypto;
var array = new Uint32Array(1);
-crypto.getRandomValues(array); // Compliant for security-sensitive use cases
+crypto.getRandomValues(array);
// === Server side ===
const crypto = require('crypto');
-const buf = crypto.randomBytes(1); // Compliant for security-sensitive use cases
+const buf = crypto.randomBytes(1);
See
+ - OWASP - Secure
+ Random Number Generation Cheat Sheet
- OWASP - Top 10 2021 Category A2 - Cryptographic Failures
- OWASP - Top 10 2017 Category A3 - Sensitive Data
Exposure
- - Mobile AppSec Verification Standard - Cryptography Requirements
+ - OWASP - Mobile AppSec Verification Standard - Cryptography Requirements
- OWASP - Mobile Top 10 2016 Category M5 -
Insufficient Cryptography
- CWE - CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2699.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2699.json
index 4d66e03eda9..9a5b9c690da 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2699.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2699.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "TESTED"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2703.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2703.json
index 957134a238a..053cc1b80dc 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2703.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2703.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "CLEAR"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2817.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2817.json
index 28f0cb103eb..6921ba29d65 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2817.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2817.json
@@ -3,7 +3,7 @@
"type": "VULNERABILITY",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2970.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2970.json
index 823f4dc55a8..849bf2b7ab5 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2970.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2970.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "TESTED"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3516.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3516.json
index aef681effe3..de9c3f89794 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3516.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3516.json
@@ -3,7 +3,7 @@
"type": "CODE_SMELL",
"code": {
"impacts": {
- "MAINTAINABILITY": "HIGH"
+ "MAINTAINABILITY": "BLOCKER"
},
"attribute": "LOGICAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3796.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3796.json
index 40cc96cf10c..1fff3f3c3d5 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3796.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3796.json
@@ -3,7 +3,7 @@
"type": "BUG",
"code": {
"impacts": {
- "RELIABILITY": "HIGH"
+ "RELIABILITY": "BLOCKER"
},
"attribute": "COMPLETE"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3827.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3827.json
index e8404d1221e..cbabe182e95 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3827.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3827.json
@@ -3,7 +3,7 @@
"type": "BUG",
"code": {
"impacts": {
- "RELIABILITY": "HIGH"
+ "RELIABILITY": "BLOCKER"
},
"attribute": "CLEAR"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6265.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6265.json
index cca7d9b8469..3b0b9de637d 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6265.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6265.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6268.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6268.json
index e4b1c9b73c9..0a38d3b3682 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6268.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6268.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6270.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6270.json
index 583ef3612a6..2f00b207312 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6270.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6270.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6299.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6299.json
index 4b83560dde2..0a0562743ea 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6299.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6299.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6302.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6302.json
index 7cbbd72f029..39a6673739f 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6302.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6302.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6304.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6304.json
index ea5761266c0..7c78e66439b 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6304.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6304.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "CONVENTIONAL"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6321.html b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6321.html
index 4aa5e523009..eb4f50bff7e 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6321.html
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6321.html
@@ -158,5 +158,8 @@
Documentation
Standards
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6321.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6321.json
index ccc0764e3ef..8974ff55977 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6321.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6321.json
@@ -24,6 +24,12 @@
"CWE": [
284
],
+ "OWASP": [
+ "A3"
+ ],
+ "OWASP Top 10 2021": [
+ "A1"
+ ],
"PCI DSS 3.2": [
"6.5.8"
],
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6329.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6329.json
index aabbc0ed264..66c80d53741 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6329.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6329.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "COMPLETE"
},
diff --git a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6333.json b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6333.json
index 1e5b526a48b..3a8d707478f 100644
--- a/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6333.json
+++ b/sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6333.json
@@ -3,7 +3,7 @@
"type": "SECURITY_HOTSPOT",
"code": {
"impacts": {
- "SECURITY": "HIGH"
+ "SECURITY": "BLOCKER"
},
"attribute": "COMPLETE"
},
diff --git a/sonarpedia.json b/sonarpedia.json
index 6ced385a3aa..92a65de1646 100644
--- a/sonarpedia.json
+++ b/sonarpedia.json
@@ -3,7 +3,7 @@
"languages": [
"JS"
],
- "latest-update": "2024-09-25T13:47:06.983012100Z",
+ "latest-update": "2024-11-15T08:36:20.934286Z",
"options": {
"no-language-in-filenames": true,
"preserve-filenames": true
diff --git a/tools/count-rules.js b/tools/count-rules.cjs
similarity index 100%
rename from tools/count-rules.js
rename to tools/count-rules.cjs
diff --git a/tools/generate-meta.ts b/tools/generate-meta.ts
index 5948649e24a..b86eda00909 100644
--- a/tools/generate-meta.ts
+++ b/tools/generate-meta.ts
@@ -42,9 +42,9 @@ type rspecMeta = {
quickfix: 'covered' | undefined;
tags: string[];
};
-const RULES_FOLDER = join(toUnixPath(__dirname), '../packages/jsts/src/rules/');
+const RULES_FOLDER = join(toUnixPath(import.meta.dirname), '../packages/jsts/src/rules/');
const METADATA_FOLDER = join(
- toUnixPath(__dirname),
+ toUnixPath(import.meta.dirname),
'../sonar-plugin/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/',
);
const sonarWayProfileFile = join(METADATA_FOLDER, `Sonar_way_profile.json`);