Run rules-api update (#779)

SonarSource · Jul 3, 2023 · d887f68 · d887f68
1 parent 0004ba8
commit d887f68
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 113 deletions.
diff --git a/iac-extensions/arm/sonarpedia.json b/iac-extensions/arm/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "AZURE_RESOURCE_MANAGER"
   ],
-  "latest-update": "2023-05-23T11:57:37.464993800Z",
+  "latest-update": "2023-07-03T13:06:33.631144Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": true

diff --git a/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S5332.html b/.../main/resources/org/sonar/l10n/azureresourcemanager/rules/azureresourcemanager/S5332.html
@@ -1,58 +1,51 @@
-<p>Clear-text protocols such as <code>ftp</code>, <code>telnet</code>, or <code>http</code> lack encryption of transported data, as well as
-  the
-  capability to build an authenticated connection. It means that an attacker able to sniff traffic from the network can read, modify, or
-  corrupt the
-  transported content. These protocols are not secure as they expose applications to an extensive range of risks:</p>
+<p>Clear-text protocols such as <code>ftp</code>, <code>telnet</code>, or <code>http</code> lack encryption of transported data, as well as the
+capability to build an authenticated connection. It means that an attacker able to sniff traffic from the network can read, modify, or corrupt the
+transported content. These protocols are not secure as they expose applications to an extensive range of risks:</p>
 <ul>
-  <li> sensitive data exposure</li>
-  <li> traffic redirected to a malicious endpoint</li>
-  <li> malware-infected software update or installer</li>
-  <li> execution of client-side code</li>
-  <li> corruption of critical information</li>
+  <li> sensitive data exposure </li>
+  <li> traffic redirected to a malicious endpoint </li>
+  <li> malware-infected software update or installer </li>
+  <li> execution of client-side code </li>
+  <li> corruption of critical information </li>
 </ul>
-<p>Even in the context of isolated networks like offline environments or segmented cloud environments, the insider threat exists. Thus,
-  attacks
-  involving communications being sniffed or tampered with can still happen.</p>
+<p>Even in the context of isolated networks like offline environments or segmented cloud environments, the insider threat exists. Thus, attacks
+involving communications being sniffed or tampered with can still happen.</p>
 <p>For example, attackers could successfully compromise prior security layers by:</p>
 <ul>
-  <li> bypassing isolation mechanisms</li>
-  <li> compromising a component of the network</li>
-  <li> getting the credentials of an internal IAM account (either from a service account or an actual person)</li>
+  <li> bypassing isolation mechanisms </li>
+  <li> compromising a component of the network </li>
+  <li> getting the credentials of an internal IAM account (either from a service account or an actual person) </li>
 </ul>
-<p>In such cases, encrypting communications would decrease the chances of attackers to successfully leak data or steal credentials from
-  other network
-  components. By layering various security practices (segmentation and encryption, for example), the application will follow the
-  <em>defense-in-depth</em> principle.</p>
+<p>In such cases, encrypting communications would decrease the chances of attackers to successfully leak data or steal credentials from other network
+components. By layering various security practices (segmentation and encryption, for example), the application will follow the
+<em>defense-in-depth</em> principle.</p>
 <p>Note that using the <code>http</code> protocol is being deprecated by <a
-  href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http">major web browsers</a>.</p>
+href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http">major web browsers</a>.</p>
 <p>In the past, it has led to the following vulnerabilities:</p>
 <ul>
-  <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-6169">CVE-2019-6169</a></li>
-  <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-12327">CVE-2019-12327</a></li>
-  <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11065">CVE-2019-11065</a></li>
+  <li> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-6169">CVE-2019-6169</a> </li>
+  <li> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-12327">CVE-2019-12327</a> </li>
+  <li> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11065">CVE-2019-11065</a> </li>
 </ul>
 <h2>Ask Yourself Whether</h2>
 <ul>
-  <li> Application data needs to be protected against tampering or leaks when transiting over the network.</li>
-  <li> Application data transits over an untrusted network.</li>
-  <li> Compliance rules require the service to encrypt data in transit.</li>
-  <li> OS-level protections against clear-text traffic are deactivated.</li>
+  <li> Application data needs to be protected against tampering or leaks when transiting over the network. </li>
+  <li> Application data transits over an untrusted network. </li>
+  <li> Compliance rules require the service to encrypt data in transit. </li>
+  <li> OS-level protections against clear-text traffic are deactivated. </li>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
-  <li> Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the
-    most
-    common clear-text protocols:
+  <li> Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most
+  common clear-text protocols:
     <ul>
-      <li> Use <code>sftp</code>, <code>scp</code>, or <code>ftps</code> instead of <code>ftp</code>.</li>
-      <li> Use <code>https</code> instead of <code>http</code>.</li>
-    </ul>
-  </li>
+      <li> Use <code>sftp</code>, <code>scp</code>, or <code>ftps</code> instead of <code>ftp</code>. </li>
+      <li> Use <code>https</code> instead of <code>http</code>. </li>
+    </ul>  </li>
 </ul>
-<p>It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise
-  an entire
-  application or system.</p>
+<p>It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire
+application or system.</p>
 <h2>Sensitive Code Example</h2>
 <p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites">Microsoft.Web/sites</a>:</p>
 <pre data-diff-id="1" data-diff-type="noncompliant">
@@ -86,8 +79,7 @@ <h2>Sensitive Code Example</h2>
   ]
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts">Microsoft.Storage/storageAccounts</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts">Microsoft.Storage/storageAccounts</a>:</p>
 <pre data-diff-id="3" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -103,9 +95,7 @@ <h2>Sensitive Code Example</h2>
   ]
 }
 </pre>
-<p>For <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/apis">Microsoft.ApiManagement/service/apis</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/apis">Microsoft.ApiManagement/service/apis</a>:</p>
 <pre data-diff-id="4" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -121,8 +111,7 @@ <h2>Sensitive Code Example</h2>
   ]
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints">Microsoft.Cdn/profiles/endpoints</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints">Microsoft.Cdn/profiles/endpoints</a>:</p>
 <pre data-diff-id="5" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -139,8 +128,7 @@ <h2>Sensitive Code Example</h2>
 }
 </pre>
 <p>For <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases">Microsoft.Cache/redisEnterprise/databases</a>:
-</p>
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases">Microsoft.Cache/redisEnterprise/databases</a>:</p>
 <pre data-diff-id="6" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -157,8 +145,8 @@ <h2>Sensitive Code Example</h2>
 }
 </pre>
 <p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers">Microsoft.DBforMySQL/servers</a>, <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers">Microsoft.DBforMariaDB/servers</a>, and <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers">Microsoft.DBforPostgreSQL/servers</a>:</p>
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers">Microsoft.DBforMariaDB/servers</a>, and <a
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers">Microsoft.DBforPostgreSQL/servers</a>:</p>
 <pre data-diff-id="7" data-diff-type="noncompliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -207,8 +195,7 @@ <h2>Compliant Solution</h2>
   ]
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts">Microsoft.Storage/storageAccounts</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts">Microsoft.Storage/storageAccounts</a>:</p>
 <pre data-diff-id="3" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -224,9 +211,7 @@ <h2>Compliant Solution</h2>
   ]
 }
 </pre>
-<p>For <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/apis">Microsoft.ApiManagement/service/apis</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/apis">Microsoft.ApiManagement/service/apis</a>:</p>
 <pre data-diff-id="4" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -242,8 +227,7 @@ <h2>Compliant Solution</h2>
   ]
 }
 </pre>
-<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints">Microsoft.Cdn/profiles/endpoints</a>:
-</p>
+<p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints">Microsoft.Cdn/profiles/endpoints</a>:</p>
 <pre data-diff-id="5" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -260,8 +244,7 @@ <h2>Compliant Solution</h2>
 }
 </pre>
 <p>For <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases">Microsoft.Cache/redisEnterprise/databases</a>:
-</p>
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases">Microsoft.Cache/redisEnterprise/databases</a>:</p>
 <pre data-diff-id="6" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -278,8 +261,8 @@ <h2>Compliant Solution</h2>
 }
 </pre>
 <p>For <a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers">Microsoft.DBforMySQL/servers</a>, <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers">Microsoft.DBforMariaDB/servers</a>, and <a
-  href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers">Microsoft.DBforPostgreSQL/servers</a>:</p>
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers">Microsoft.DBforMariaDB/servers</a>, and <a
+href="https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers">Microsoft.DBforPostgreSQL/servers</a>:</p>
 <pre data-diff-id="7" data-diff-type="compliant">
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -297,10 +280,9 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li><a href="https://cwe.mitre.org/data/definitions/200">MITRE, CWE-200</a> - Exposure of Sensitive Information to an Unauthorized Actor
-  </li>
-  <li><a href="https://cwe.mitre.org/data/definitions/319">MITRE, CWE-319</a> - Cleartext Transmission of Sensitive Information</li>
-  <li><a href="https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html">Google, Moving towards more secure web</a></li>
-  <li><a href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/">Mozilla, Deprecating non secure http</a></li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/200">MITRE, CWE-200</a> - Exposure of Sensitive Information to an Unauthorized Actor </li>
+  <li> <a href="https://cwe.mitre.org/data/definitions/319">MITRE, CWE-319</a> - Cleartext Transmission of Sensitive Information </li>
+  <li> <a href="https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html">Google, Moving towards more secure web</a> </li>
+  <li> <a href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/">Mozilla, Deprecating non secure http</a> </li>
 </ul>