Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-13931

Improve Java analysis - 5 new rules to detect broken authentication and access control issues

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.6
    • Component/s: None
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      5 new rules detecting broken authentication (OWASP A2) and access control (OWASP A5) issues:

      • S5804: Allowing user enumeration is security-sensitive
      • S5876: A new session should be created during user authentication
      • S5808: “Authorizations should be based on strong decisions” should be used instead S4834 which is now deprecated.
      • S4790: “Using weak hashing algorithms is security-sensitive” should be used instead of S2070 which is now deprecated.
      • S3752: Allowing both safe and unsafe HTTP methods is security-sensitive. The rule was rewritten to be more generic and not focus only on Spring.

      See https://community.sonarsource.com/t/java-analysis-detects-broken-access-control-security-issues/32808

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jeremy.davis Jeremy Davis
              Reporter:
              sonarqube.tech SonarQube Technical user
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: