Merge branch 'master' into rule/add-RSPEC-S6865

docs/benchmarks.adoc

@@ -0,0 +1,45 @@
+= Benchmarks
+
+When writing a rule that has to do with performance, you might need to showcase some benchmarks as proof of potential improvements. This should be included in a separate section called `Benchmarks`, under `Resources`.
+
+The format of the benchmarks section is as follows:
+
+* Benchmark table
+* Benchmarking code
+* Hardware configuration
+
+== Benchmark table
+
+- Do not use abbreviations for statistical terms, not everyone is familiar with them.
+- Add links to Wikipedia to explain statistical terms at the header of each column.
+
+Ideally, the columns should look like the following example:
+
+|===
+| <What is being measured> | https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] | https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] | https://en.wikipedia.org/wiki/Memory_management[Allocated]
+| <This> | 5.042 ms | 0.1049 ms | 125 KB
+| <That> | 2.691 ms | 0.0334 ms | 85.94 KB
+|===
+
+== Benchmarking code
+
+The code that was used to generate the benchmarks should be included to provide transparency and allow others to reproduce and verify the results. Preferably, the code snippet should include the sample size, the number of iterations, and the framework/library used to run the benchmarks.
+
+If the code is not showcasing how the results were generated, consider prefixing it with an explanation that links to the framework/library used, for example:
+
+----
+The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet].
+----
+
+== Hardware configuration
+
+The hardware configuration used to run the benchmarks should be included, for example:
+
+[source]
+----
+BenchmarkDotNet=v0.13.5, OS=Windows 10 (10.0.19045.2846/22H2/2022Update)
+11th Gen Intel Core i7-11850H 2.50GHz, 1 CPU, 16 logical and 8 physical cores
+  [Host]               : .NET Framework 4.8 (4.8.4614.0), X64 RyuJIT VectorSize=256
+  .NET 7.0             : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2
+  .NET Framework 4.6.2 : .NET Framework 4.8 (4.8.4614.0), X64 RyuJIT VectorSize=256
+----

docs/header_names/allowed_framework_names.adoc

@@ -99,6 +99,7 @@
 * pyDes
 * PyJWT
 * python-jwt
+* FastAPI
 * python-jose
 * ssl
 // Docker

frontend/public/covered_rules.json

@@ -3071,11 +3071,11 @@
     "S6832": "sonar-java 7.28.0.33738",
     "S6833": "sonar-java 7.28.0.33738",
     "S6837": "sonar-java 7.28.0.33738",
-    "S6838": "sonar-java master",
-    "S6856": "sonar-java master",
-    "S6857": "sonar-java master",
-    "S6862": "sonar-java master",
-    "S6863": "sonar-java master",
+    "S6838": "sonar-java 7.30.0.34429",
+    "S6856": "sonar-java 7.30.0.34429",
+    "S6857": "sonar-java 7.30.0.34429",
+    "S6862": "sonar-java 7.30.0.34429",
+    "S6863": "sonar-java 7.30.0.34429",
     "S818": "sonar-java 4.15.0.12310",
     "S864": "sonar-java 4.15.0.12310",
     "S881": "sonar-java 4.15.0.12310",
@@ -4913,7 +4913,7 @@
     "S6776": "sonar-security master",
     "S6779": "sonar-python 4.11.0.13826",
     "S6781": "sonar-python 4.11.0.13826",
-    "S6785": "sonar-python master",
+    "S6785": "sonar-python 4.14.0.14263",
     "S6786": "sonar-python 4.11.0.13826",
     "S6792": "sonar-python 4.10.0.13725",
     "S6794": "sonar-python 4.10.0.13725",

rules/S1876/html/metadata.json

@@ -1,6 +1,6 @@
 {
-  "title": "Using HTML comments is security-sensitive",
-  "type": "SECURITY_HOTSPOT",
+  "title": "HTML comments should be removed",
+  "type": "CODE_SMELL",
   "status": "ready",
   "remediation": {
     "func": "Constant\/Issue",
@@ -32,5 +32,6 @@
   },
   "defaultQualityProfiles": [
 
-  ]
+  ],
+  "quickfix": "unknown"
 }

rules/S3630/cfamily/rule.adoc

@@ -1,9 +1,10 @@
 == Why is this an issue?
 
-Because ``++reinterpret_cast++`` does not perform any type safety validations, it is capable of performing dangerous conversions between unrelated types.
+Because ``++reinterpret_cast++`` does not perform any type safety validations, it is capable of performing dangerous conversions between unrelated types, often leading to undefined behavior.
 
+In some cases, `reinterpret_cast` can be simply replaced by a more focused cast, such as `static_cast`.
 
-Since {cpp}20, a ``++std::bit_cast++`` should be used instead of ``++reinterpret_cast++`` to reinterpret a value as being of a different type of the same length preserving its binary representation, as the behavior of  ``++reinterpret_cast++`` is undefined in such case.
+If the goal is to access the binary representation of an object, `reinterpret_cast` leads to undefined behavior. Before {cpp}20, the correct way is to use `memcpy` to copy the object's bits. Since {cpp}20, a better option is available: ``++std::bit_cast++`` allows to reinterpret a value as being of a different type of the same length preserving its binary representation (see also S6181).
 
 
 This rule raises an issue when ``++reinterpret_cast++`` is used.
@@ -17,10 +18,11 @@ This rule raises an issue when ``++reinterpret_cast++`` is used.
   class B : public A { public: void doSomething(){} };
 
   void func(A *a, float f) {
-    if (B* b = reinterpret_cast<B*>(a)) { // Noncompliant
-      b->doSomething();
-    }
-    int x = *reinterpret_cast<int*>(f); // Noncompliant
+    B* b = reinterpret_cast<B*>(a) // Noncompliant, another cast is more appropriate
+    b->doSomething();
+    
+    static_assert(sizeof(float) == sizeof(uint32_t));
+    uint32_t x = reinterpret_cast<uint32_t&>(f); // Noncompliant and undefined behavior
   }
 ----
 
@@ -36,7 +38,12 @@ This rule raises an issue when ``++reinterpret_cast++`` is used.
     if (B* b = dynamic_cast<B*>(a)) {
       b->doSomething();
     }
-    int x = std::bit_cast<int>(f);
+
+    static_assert(sizeof(float) == sizeof(uint32_t));
+    uint32_t x = std::bit_cast<uint32_t>(f);
+    // Or, before C++20
+    uint32_t y;
+    std::memcpy(&y, &f, sizeof(float));
   }
 ----
 

rules/S3928/csharp/rule.adoc

@@ -3,24 +3,28 @@
 Some constructors of the ``++ArgumentException++``, ``++ArgumentNullException++``, ``++ArgumentOutOfRangeException++`` and ``++DuplicateWaitObjectException++`` classes must be fed with a valid parameter name. This rule raises an issue in two cases:
 
 * When this parameter name doesn't match any existing ones.
-* When a call is made to the default (parameterless) constructor 
+* When a call is made to the default (parameterless) constructor
 
 
 === Noncompliant code example
 
 [source,csharp]
 ----
-public void Foo(Bar a, int[] b) 
+public void Foo(Bar a, int[] b)
 {
-  throw new ArgumentException(); // Noncompliant
-  throw new ArgumentException("My error message", "c"); // Noncompliant
-  throw new ArgumentException("My error message", "c", innerException); // Noncompliant 
-  throw new ArgumentNullException("c"); // Noncompliant
-  throw new ArgumentNullException("My error message", "c"); // Noncompliant
-  throw new ArgumentOutOfRangeException("c");
-  throw new ArgumentOutOfRangeException("c", "My error message"); // Noncompliant
-  throw new ArgumentOutOfRangeException("c", b, "My error message"); // Noncompliant
-  throw new DuplicateWaitObjectException("c", "My error message");  // Noncompliant
+  throw new ArgumentException();                                        // Noncompliant
+  throw new ArgumentException("My error message", "c");                 // Noncompliant
+  throw new ArgumentException("My error message", "c", innerException); // Noncompliant
+
+  throw new ArgumentNullException("c");                     // Noncompliant
+  throw new ArgumentNullException(nameof(c));               // Noncompliant
+  throw new ArgumentNullException("My error message", "a"); // Noncompliant
+
+  throw new ArgumentOutOfRangeException("c");                           // Noncompliant
+  throw new ArgumentOutOfRangeException("c", "My error message");       // Noncompliant
+  throw new ArgumentOutOfRangeException("c", b, "My error message");    // Noncompliant
+
+  throw new DuplicateWaitObjectException("c", "My error message");      // Noncompliant
 }
 ----
 
@@ -29,24 +33,27 @@ public void Foo(Bar a, int[] b)
 
 [source,csharp]
 ----
-public void Foo(Bar a, Bar b) 
+public void Foo(Bar a, int[] b)
 {
   throw new ArgumentException("My error message", "a");
-  throw new ArgumentException("My error message", "b", innerException); 
+  throw new ArgumentException("My error message", "b", innerException);
+
   throw new ArgumentNullException("a");
   throw new ArgumentNullException(nameof(a));
   throw new ArgumentNullException("a", "My error message");
+
   throw new ArgumentOutOfRangeException("b");
   throw new ArgumentOutOfRangeException("b", "My error message");
   throw new ArgumentOutOfRangeException("b", b, "My error message");
+
   throw new DuplicateWaitObjectException("b", "My error message");
 }
 ----
 
 
 === Exceptions
 
-The rule won't raise an issue if the parameter name is not a constant value (inline declaration, nameof() or const variable).
+The rule won't raise an issue if the parameter name is not a constant value.
 
 ifdef::env-github,rspecator-view[]
 

rules/S4792/metadata.json

@@ -7,17 +7,11 @@
     },
     "attribute": "CONVENTIONAL"
   },
-  "status": "ready",
-  "tags": [
-    "cwe"
-  ],
+  "status": "deprecated",
+  "tags": [],
   "extra": {
-    "replacementRules": [
-
-    ],
-    "legacyKeys": [
-
-    ]
+    "replacementRules": [],
+    "legacyKeys": []
   },
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-4792",
@@ -48,7 +42,5 @@
       "7.1.2"
     ]
   },
-  "defaultQualityProfiles": [
-    "Sonar way"
-  ]
-}
+  "defaultQualityProfiles": []
+}

rules/S5743/javascript/metadata.json

@@ -1,9 +1 @@
-{
-  "tags": [
-    "privacy",
-    "express.js"
-  ],
-  "defaultQualityProfiles": [
-    "Sonar way"
-  ]
-}
+{}

rules/S5743/metadata.json

@@ -1,27 +1,21 @@
 {
-  "title": "Allowing browsers to perform DNS prefetching  is security-sensitive",
+  "title": "Allowing browsers to perform DNS prefetching is security-sensitive",
   "type": "SECURITY_HOTSPOT",
   "code": {
     "impacts": {
       "SECURITY": "LOW"
     },
     "attribute": "COMPLETE"
   },
-  "status": "ready",
+  "status": "deprecated",
   "remediation": {
     "func": "Constant\/Issue",
     "constantCost": "10min"
   },
-  "tags": [
-    "privacy"
-  ],
+  "tags": [],
   "extra": {
-    "replacementRules": [
-
-    ],
-    "legacyKeys": [
-
-    ]
+    "replacementRules": [],
+    "legacyKeys": []
   },
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-5743",
@@ -41,7 +35,5 @@
       "2.2"
     ]
   },
-  "defaultQualityProfiles": [
-    "Sonar way"
-  ]
-}
+  "defaultQualityProfiles": []
+}

rules/S5750/javascript/metadata.json

@@ -1,10 +1 @@
-{
-  "tags": [
-    "cwe",
-    "privacy",
-    "express.js"
-  ],
-  "defaultQualityProfiles": [
-    "Sonar way"
-  ]
-}
+{}

rules/S5750/metadata.json

@@ -7,7 +7,7 @@
     },
     "attribute": "COMPLETE"
   },
-  "status": "ready",
+  "status": "closed",
   "remediation": {
     "func": "Constant\/Issue",
     "constantCost": "10min"
@@ -17,12 +17,8 @@
     "privacy"
   ],
   "extra": {
-    "replacementRules": [
-
-    ],
-    "legacyKeys": [
-
-    ]
+    "replacementRules": [],
+    "legacyKeys": []
   },
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-5750",
@@ -49,7 +45,5 @@
       "8.2.1"
     ]
   },
-  "defaultQualityProfiles": [
-    "Sonar way"
-  ]
-}
+  "defaultQualityProfiles": []
+}

rules/S6245/metadata.json

@@ -7,10 +7,8 @@
     },
     "attribute": "COMPLETE"
   },
-  "status": "ready",
+  "status": "deprecated",
   "tags": [
-    "aws",
-    "cwe"
   ],
   "extra": {
     "replacementRules": [
@@ -36,6 +34,5 @@
     ]
   },
   "defaultQualityProfiles": [
-    "Sonar way"
   ]
 }