Update rule metadata (#3786)

SonarSource · Mar 24, 2023 · e893b96 · e893b96
1 parent 2ff7e32
commit e893b96
Show file tree

Hide file tree

Showing 57 changed files with 88 additions and 117 deletions.
diff --git a/css-sonarpedia/sonarpedia.json b/css-sonarpedia/sonarpedia.json
@@ -3,8 +3,8 @@
   "languages": [
     "CSS"
   ],
-  "latest-update": "2023-02-10T10:02:22.710858Z",
+  "latest-update": "2023-03-24T07:45:00.585097Z",
   "options": {
     "no-language-in-filenames": true
   }
-}
+}
diff --git a/...javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S106.json b/...javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S106.json
@@ -8,8 +8,7 @@
   },
   "tags": [
     "bad-practice",
-    "user-experience",
-    "owasp-a3"
+    "user-experience"
   ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-106",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1313.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1313.json
@@ -6,9 +6,7 @@
     "func": "Constant\/Issue",
     "constantCost": "30min"
   },
-  "tags": [
-    "owasp-a3"
-  ],
+  "tags": [],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-1313",
   "sqKey": "S1313",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1472.html b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1472.html
@@ -7,28 +7,42 @@
 </ol>
 <p>The first option will be the one chosen by the JavaScript interpreter.</p>
 <p>By extension, and to improve readability, any kind of function call argument should not start on new line.</p>
+<p>Similarly, tagged templates allow for advanced forms of string interpolation by evaluating the tag as a function to call, passing the template
+literal elements as arguments. Therefore, the rule also verifies that template literals don’t start on a separate line.</p>
 <h2>Noncompliant Code Example</h2>
 <pre>
-var fn = function () {
+const fn = function () {
   //...
 }
 
 (function () { // Noncompliant
   //...
 })();
+
+const foo = function() {
+  return 'foo';
+}
+
+`bar`; // Noncompliant: foo is a string not a function
 </pre>
 <h2>Compliant Solution</h2>
 <p>Either</p>
 <pre>
 // define a function
-var fn = function () {
+const fn = function () {
   //...
 }; // &lt;-- semicolon added
 
 // then execute some code inside a closure
 (function () {
   //...
 })();
+
+function foo() {  // &lt;-- Use a function declaration
+  return 'foo';
+}
+
+`bar`;
 </pre>
 <p>Or</p>
 <pre>
@@ -37,17 +51,9 @@ <h2>Compliant Solution</h2>
 }(function () { // &lt;-- start function call arguments on same line
   //...
 })();
-</pre>
-<p>Similarly, tagged templates allow for advanced forms of string interpolation by evaluating the tag as a function to call, passing the template
-literal elements as arguments. Therefore the rule also verifies that template literals don’t start on a separate line.</p>
-<h2>Noncompliant Code Example</h2>
-<pre>
-const foo = function() { /* ... */ }
-`bar` // Noncompliant
-</pre>
-<h2>Compliant Solution</h2>
-<pre>
-function foo() { /* ... */ }
-const s = foo`bar`;
+
+const foo = function() {
+  return 'foo';
+}`bar`; // &lt;-- start template literal on same line
 </pre>
 
diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1523.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1523.json
@@ -7,8 +7,7 @@
     "constantCost": "30min"
   },
   "tags": [
-    "cwe",
-    "owasp-a1"
+    "cwe"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-1523",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1862.html b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S1862.html
@@ -1,5 +1,5 @@
-<p>A chain of <code>if</code>/<code>else if</code> statements is evaluated from top to bottom. At most, only one branch will be executed: the first
-one with a condition that evaluates to <code>true</code>.</p>
+<p>A chain of <code>if-else-if</code> or <code>switch-case</code> statements is evaluated from top to bottom. At most, only one branch will be
+executed: the first one with a condition that evaluates to <code>true</code> or that matches the discriminant of the <code>switch</code>.</p>
 <p>Therefore, duplicating a condition automatically leads to dead code. Usually, this is due to a copy/paste error. At best, it’s simply dead code and
 at worst, it’s a bug that is likely to induce further bugs as the code is maintained, and obviously it could lead to unexpected behavior.</p>
 <p>&nbsp;</p>
@@ -12,6 +12,18 @@ <h2>Noncompliant Code Example</h2>
   closeWindow();
 else if (param == 1)  // Noncompliant
   moveWindowToTheBackground();
+
+switch (param) {
+  case 1:
+    openWindow();
+    break;
+  case 2:
+    closeWindow();
+    break;
+  case 1: // Noncompliant
+    moveWindowToTheBackground();
+    break;
+}
 </pre>
 <h2>Compliant Solution</h2>
 <pre>
@@ -21,5 +33,17 @@ <h2>Compliant Solution</h2>
   closeWindow();
 else if (param == 3)
   moveWindowToTheBackground();
+
+switch (param) {
+  case 1:
+    openWindow();
+    break;
+  case 2:
+    closeWindow();
+    break;
+  case 3:
+    moveWindowToTheBackground();
+    break;
+}
 </pre>
 
diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2068.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2068.json
@@ -8,8 +8,7 @@
   },
   "tags": [
     "cwe",
-    "sans-top25-porous",
-    "owasp-a2"
+    "sans-top25-porous"
   ],
   "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-2068",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2077.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2077.json
@@ -8,7 +8,6 @@
   },
   "tags": [
     "cwe",
-    "owasp-a1",
     "sans-top25-insecure",
     "bad-practice",
     "sql"

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2092.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2092.json
@@ -10,8 +10,7 @@
     "cwe",
     "privacy",
     "sans-top25-porous",
-    "express.js",
-    "owasp-a3"
+    "express.js"
   ],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-2092",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2137.html b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2137.html
@@ -1,12 +1,12 @@
 <p>JavaScript has special identifiers that, while not reserved, still should not be used as identifiers. They form the JavaScript standard built-in
 objects and are available in all environments. They include identifiers like:</p>
 <ul>
-  <li> <code>eval</code> - evaluates a string as JavaScript code </li>
-  <li> <code>arguments</code> - used to access function arguments through indexed properties. It exists only inside function declarations and function
-  expressions </li>
-  <li> <code>undefined</code> - returned for values and properties that have not yet been assigned </li>
+  <li> <code>eval</code> - Evaluates a string as JavaScript code. </li>
+  <li> <code>arguments</code> - Used to access function arguments through indexed properties. It exists only inside function declarations and function
+  expressions. </li>
+  <li> <code>undefined</code> - Returned for values and properties that have not yet been assigned. </li>
   <li> <code>NaN</code> - Not a Number; returned when math functions fail. </li>
-  <li> <code>Infinity</code> - when a number exceeds the upper limit of the floating point numbers </li>
+  <li> <code>Infinity</code> - When a number exceeds the upper limit of the floating point numbers. </li>
 </ul>
 <p>These words should not be bound or assigned, because doing so would overwrite the original definitions of these identifiers. What’s more, assigning
 or binding some of these names will generate an error in JavaScript strict mode code.</p>

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2245.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2245.json
@@ -8,7 +8,6 @@
   },
   "tags": [
     "cwe",
-    "owasp-a3",
     "owasp-m5"
   ],
   "defaultSeverity": "Critical",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2598.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2598.json
@@ -9,7 +9,6 @@
   "tags": [
     "cwe",
     "sans-top25-insecure",
-    "owasp-a4",
     "express.js"
   ],
   "defaultSeverity": "Critical",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2612.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2612.json
@@ -8,8 +8,7 @@
   },
   "tags": [
     "cwe",
-    "sans-top25-porous",
-    "owasp-a5"
+    "sans-top25-porous"
   ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-2612",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2755.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2755.json
@@ -7,8 +7,7 @@
     "constantCost": "15min"
   },
   "tags": [
-    "cwe",
-    "owasp-a4"
+    "cwe"
   ],
   "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-2755",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2819.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S2819.json
@@ -8,8 +8,7 @@
   },
   "tags": [
     "cwe",
-    "html5",
-    "owasp-a3"
+    "html5"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-2819",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3330.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S3330.json
@@ -10,7 +10,6 @@
     "cwe",
     "sans-top25-insecure",
     "privacy",
-    "owasp-a7",
     "express.js"
   ],
   "defaultSeverity": "Minor",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4036.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4036.json
@@ -7,8 +7,7 @@
     "constantCost": "15min"
   },
   "tags": [
-    "cwe",
-    "owasp-a1"
+    "cwe"
   ],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-4036",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4423.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4423.json
@@ -9,9 +9,7 @@
   "tags": [
     "cwe",
     "privacy",
-    "owasp-a6",
     "sans-top25-porous",
-    "owasp-a3",
     "owasp-m3"
   ],
   "defaultSeverity": "Critical",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4426.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4426.json
@@ -9,8 +9,6 @@
   "tags": [
     "cwe",
     "privacy",
-    "owasp-a6",
-    "owasp-a3",
     "owasp-m5"
   ],
   "defaultSeverity": "Critical",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4502.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4502.json
@@ -9,7 +9,6 @@
   "tags": [
     "cwe",
     "sans-top25-insecure",
-    "owasp-a6",
     "express.js"
   ],
   "defaultSeverity": "Critical",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4507.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4507.json
@@ -11,8 +11,7 @@
     "error-handling",
     "debug",
     "user-experience",
-    "express.js",
-    "owasp-a3"
+    "express.js"
   ],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-4507",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4721.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4721.json
@@ -8,7 +8,6 @@
   },
   "tags": [
     "cwe",
-    "owasp-a1",
     "sans-top25-insecure"
   ],
   "defaultSeverity": "Major",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4790.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4790.json
@@ -5,9 +5,7 @@
   "tags": [
     "cwe",
     "spring",
-    "owasp-a6",
     "sans-top25-porous",
-    "owasp-a3",
     "owasp-m5"
   ],
   "defaultSeverity": "Critical",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4830.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S4830.json
@@ -9,9 +9,7 @@
   "tags": [
     "cwe",
     "privacy",
-    "owasp-a6",
     "ssl",
-    "owasp-a3",
     "owasp-m3"
   ],
   "defaultSeverity": "Critical",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5042.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5042.json
@@ -7,9 +7,7 @@
     "constantCost": "10min"
   },
   "tags": [
-    "cwe",
-    "owasp-a6",
-    "owasp-a5"
+    "cwe"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-5042",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5122.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5122.json
@@ -4,7 +4,6 @@
   "status": "ready",
   "tags": [
     "cwe",
-    "owasp-a6",
     "sans-top25-porous",
     "express.js"
   ],

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5148.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5148.json
@@ -8,8 +8,7 @@
   },
   "tags": [
     "cwe",
-    "phishing",
-    "owasp-a6"
+    "phishing"
   ],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-5148",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5247.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5247.json
@@ -7,8 +7,7 @@
     "constantCost": "5min"
   },
   "tags": [
-    "cwe",
-    "owasp-a7"
+    "cwe"
   ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-5247",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5332.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5332.json
@@ -4,7 +4,6 @@
   "status": "ready",
   "tags": [
     "cwe",
-    "owasp-a3",
     "owasp-m3"
   ],
   "defaultSeverity": "Critical",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5443.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5443.json
@@ -3,9 +3,7 @@
   "type": "SECURITY_HOTSPOT",
   "status": "ready",
   "tags": [
-    "cwe",
-    "owasp-a5",
-    "owasp-a3"
+    "cwe"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-5443",

diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5527.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5527.json
@@ -9,9 +9,7 @@
   "tags": [
     "cwe",
     "privacy",
-    "owasp-a6",
     "ssl",
-    "owasp-a3",
     "owasp-m3"
   ],
   "defaultSeverity": "Critical",