Uploaded image for project: 'SonarPHP'
  1. SonarPHP
  2. SONARPHP-919

Remove Security Hotspot rules which are not targeting developers

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.1.1
    • Component/s: Rules
    • Labels:
      None

      Description

      Given the following from the EPIC linked to the MMF : 

      We believe that our taint analysis engine is able to detect many injection issues, which means that corresponding Security Hotspot rules become unnecessary duplicates. The first step is to remove rules which only highlight injection sources with no additional value.

       

      The following rules will be removed:

      • RSPEC-4797 Handling files is security-sensitive
      • RSPEC-4721 Executing OS commands is security-sensitive
      • RSPEC-4825 Sending HTTP requests is security-sensitive (will be replaced by RSPEC-5332 and the taint analysis rules using HTTP requests as sources and sinks)
      • RSPEC-4817 Executing XPath expressions is security-sensitive
      • RSPEC-4529 Exposing HTTP endpoints is security-sensitive

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                nicolas.peru Nicolas Peru
                Reporter:
                nicolas.harraudeau Nicolas Harraudeau
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: