Update rules api (#903)

SonarSource · Aug 18, 2023 · 45bdf29 · 45bdf29
1 parent c48f5b7
commit 45bdf29
Show file tree

Hide file tree

Showing 44 changed files with 674 additions and 1,110 deletions.
diff --git a/iac-extensions/arm/sonarpedia.json b/iac-extensions/arm/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "AZURE_RESOURCE_MANAGER"
   ],
-  "latest-update": "2023-08-10T15:03:29.634457300Z",
+  "latest-update": "2023-08-18T08:18:18.717455300Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": true

diff --git a/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S5332.html b/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S5332.html
@@ -70,8 +70,7 @@ <h2>Sensitive Code Example</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-web">Microsoft.Web/sites/config</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-web">Microsoft.Web/sites/config</a>:</p>
 <pre data-diff-id="2" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -94,8 +93,7 @@ <h2>Sensitive Code Example</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts">Microsoft.Storage/storageAccounts</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts">Microsoft.Storage/storageAccounts</a>:</p>
 <pre data-diff-id="3" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -118,8 +116,7 @@ <h2>Sensitive Code Example</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/apis">Microsoft.ApiManagement/service/apis</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/apis">Microsoft.ApiManagement/service/apis</a>:</p>
 <pre data-diff-id="4" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -142,8 +139,7 @@ <h2>Sensitive Code Example</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints">Microsoft.Cdn/profiles/endpoints</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints">Microsoft.Cdn/profiles/endpoints</a>:</p>
 <pre data-diff-id="5" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -167,8 +163,7 @@ <h2>Sensitive Code Example</h2>
 }
 </pre>
 <p>For <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases">Microsoft.Cache/redisEnterprise/databases</a>:
-</p>
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases">Microsoft.Cache/redisEnterprise/databases</a>:</p>
 <pre data-diff-id="6" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -191,12 +186,9 @@ <h2>Sensitive Code Example</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers">Microsoft.DBforMySQL/servers</a>,
-  <a
-    href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers">Microsoft.DBforMariaDB/servers</a>,
-  and <a
-    href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers">Microsoft.DBforPostgreSQL/servers</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers">Microsoft.DBforMySQL/servers</a>, <a
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers">Microsoft.DBforMariaDB/servers</a>, and <a
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers">Microsoft.DBforPostgreSQL/servers</a>:</p>
 <pre data-diff-id="7" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -243,8 +235,7 @@ <h2>Compliant Solution</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-web">Microsoft.Web/sites/config</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-web">Microsoft.Web/sites/config</a>:</p>
 <pre data-diff-id="2" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -267,8 +258,7 @@ <h2>Compliant Solution</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts">Microsoft.Storage/storageAccounts</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts">Microsoft.Storage/storageAccounts</a>:</p>
 <pre data-diff-id="3" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -291,8 +281,7 @@ <h2>Compliant Solution</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/apis">Microsoft.ApiManagement/service/apis</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/apis">Microsoft.ApiManagement/service/apis</a>:</p>
 <pre data-diff-id="4" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -315,8 +304,7 @@ <h2>Compliant Solution</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints">Microsoft.Cdn/profiles/endpoints</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints">Microsoft.Cdn/profiles/endpoints</a>:</p>
 <pre data-diff-id="5" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -340,8 +328,7 @@ <h2>Compliant Solution</h2>
 }
 </pre>
 <p>For <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases">Microsoft.Cache/redisEnterprise/databases</a>:
-</p>
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases">Microsoft.Cache/redisEnterprise/databases</a>:</p>
 <pre data-diff-id="6" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -364,12 +351,9 @@ <h2>Compliant Solution</h2>
   }
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers">Microsoft.DBforMySQL/servers</a>,
-  <a
-    href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers">Microsoft.DBforMariaDB/servers</a>,
-  and <a
-    href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers">Microsoft.DBforPostgreSQL/servers</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers">Microsoft.DBforMySQL/servers</a>, <a
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers">Microsoft.DBforMariaDB/servers</a>, and <a
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers">Microsoft.DBforPostgreSQL/servers</a>:</p>
 <pre data-diff-id="7" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -394,15 +378,9 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li><a href="https://cwe.mitre.org/data/definitions/200">MITRE, CWE-200</a> - Exposure of Sensitive Information to an
-    Unauthorized Actor
-  </li>
-  <li><a href="https://cwe.mitre.org/data/definitions/319">MITRE, CWE-319</a> - Cleartext Transmission of Sensitive
-    Information
-  </li>
-  <li><a href="https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html">Google, Moving towards more
-    secure web</a></li>
-  <li><a href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/">Mozilla, Deprecating non
-    secure http</a></li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/200">MITRE, CWE-200</a> - Exposure of Sensitive Information to an Unauthorized Actor </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/319">MITRE, CWE-319</a> - Cleartext Transmission of Sensitive Information </li>
+  <li> <a href="https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html">Google, Moving towards more secure web</a> </li>
+  <li> <a href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/">Mozilla, Deprecating non secure http</a> </li>
 </ul>
 
diff --git a/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S6321.html b/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S6321.html
@@ -79,14 +79,10 @@ <h4>Compliant solution</h4>
 <h2>Resources</h2>
 <h3>Documentation</h3>
 <ul>
-  <li><a href="https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html">AWS Documentation</a> -
-    Security groups for your VPC
-  </li>
-  <li><a href="https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview">Azure
-    Documentation</a> - Network security
-    groups
-  </li>
-  <li><a href="https://cloud.google.com/vpc/docs/using-firewalls">GCP Documentation</a> - Firewalls</li>
+  <li> <a href="https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html">AWS Documentation</a> - Security groups for your VPC </li>
+  <li> <a href="https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview">Azure Documentation</a> - Network security
+  groups </li>
+  <li> <a href="https://cloud.google.com/vpc/docs/using-firewalls">GCP Documentation</a> - Firewalls </li>
 </ul>
 <h3>Standards</h3>
 <ul>

diff --git a/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S6329.html b/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S6329.html
@@ -21,16 +21,12 @@ <h2>Ask Yourself Whether</h2>
 </ul>
 <p>There is a risk if you answered no to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
-<p>Avoid publishing cloud services on the Internet unless they are intended to be publicly accessible, such as customer
-  portals or e-commerce
-  sites.</p>
-<p>Use private networks (and associated private IP addresses) and VPC peering or other secure communication tunnels to
-  communicate with other cloud
-  components.</p>
-<p>The goal is to prevent the component from intercepting traffic coming in via the public IP address. If the cloud
-  resource does not support the
-  absence of a public IP address, assign a public IP address to it, but do not create listeners for the public IP
-  address.</p>
+<p>Avoid publishing cloud services on the Internet unless they are intended to be publicly accessible, such as customer portals or e-commerce
+sites.</p>
+<p>Use private networks (and associated private IP addresses) and VPC peering or other secure communication tunnels to communicate with other cloud
+components.</p>
+<p>The goal is to prevent the component from intercepting traffic coming in via the public IP address. If the cloud resource does not support the
+absence of a public IP address, assign a public IP address to it, but do not create listeners for the public IP address.</p>
 <h2>Sensitive Code Example</h2>
 <p>Using <code>publicNetworkAccess</code> to control access to resources:</p>
 <pre data-diff-id="1" data-diff-type="noncompliant">

diff --git a/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S6381.html b/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S6381.html
@@ -81,21 +81,13 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li><a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/">OWASP Top 10 2021 Category A1</a> - Broken
-    Access Control
-  </li>
-  <li><a href="https://owasp.org/Top10/A04_2021-Insecure_Design/">OWASP Top 10 2021 Category A4</a> - Insecure Design
-  </li>
-  <li><a href="https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html">OWASP Top 10 2017 Category
-    A5</a> - Broken Access
-    Control
-  </li>
-  <li><a href="https://cwe.mitre.org/data/definitions/79">MITRE, CWE-266</a> - Incorrect Privilege Assignment</li>
-  <li><a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles">Azure Documentation</a>
-    - Azure built-in roles
-  </li>
-  <li><a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/best-practices">Azure Documentation</a>
-    - Best practices for Azure
+  <li> <a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/">OWASP Top 10 2021 Category A1</a> - Broken Access Control </li>
+  <li> <a href="https://owasp.org/Top10/A04_2021-Insecure_Design/">OWASP Top 10 2021 Category A4</a> - Insecure Design </li>
+  <li> <a href="https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html">OWASP Top 10 2017 Category A5</a> - Broken Access
+  Control </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/79">MITRE, CWE-266</a> - Incorrect Privilege Assignment </li>
+  <li> <a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles">Azure Documentation</a> - Azure built-in roles </li>
+  <li> <a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/best-practices">Azure Documentation</a> - Best practices for Azure
   RBAC </li>
 </ul>