Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-12249

Update SonarSource Security categories with the latest definition

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.9
    • Component/s: Issues, Rules
    • Labels:
      None
    • Edition:
      Enterprise
    • Production Notes:
      None

      Description

      Some rules are not correctly mapped to categories.
      Ex: rule squid:S4784 is not mapped to "Denial of Service (DoS)" category, whereas it should be.

       

      • Update of mapping
      Generic Security Category Key Action
      Code Injection (RCE) rce add CWE-95
      Object Injection object-injection add CWE-134, 502
      Command Injection command-injection add CWE-88, CWE-214
      Denial of Service (DoS) dos add CWE-624
      Weak Cryptography weak-cryptography add CWE-321, CWE-322, CWE-323, CWE-324, CWE-325, CWE-330
      Insecure Configuration insecure-conf add CWE-311, CWE-315, CWE-614, CWE-215, CWE-346, CWE-942
      • Removal of category "Expression Language Injection"
      • Force re-indexing of "issues" and "rules" index

       

       

        Attachments

          Activity

            People

            Assignee:
            julien.lancelot Julien Lancelot
            Reporter:
            christophe.levis Christophe Levis
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: