Update rule metadata (#1132)

SonarSource · May 10, 2022 · d859e35 · d859e35
1 parent 287ac6b
commit d859e35
Show file tree

Hide file tree

Showing 12 changed files with 28 additions and 49 deletions.
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6245.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6245.html
@@ -29,7 +29,7 @@ <h2>Recommended Secure Coding Practices</h2>
 <h2>Sensitive Code Example</h2>
 <p>Server-side encryption is not used:</p>
 <pre>
-bucket = s3.Bucket(self,"MyUnencryptedBucket",
+bucket = s3.Bucket(self,"bucket",
     encryption=s3.BucketEncryption.UNENCRYPTED       # Sensitive
 )
 </pre>
@@ -38,14 +38,14 @@ <h2>Sensitive Code Example</h2>
 <h2>Compliant Solution</h2>
 <p>Server-side encryption with Amazon S3-Managed Keys is used:</p>
 <pre>
-bucket = s3.Bucket(self,"MyEncryptedBucket",
-    encryption=s3.BucketEncryption.S3_MANAGED       # Compliant
+bucket = s3.Bucket(self,"bucket",
+    encryption=s3.BucketEncryption.S3_MANAGED
 )
 
 # Alternatively with a KMS key managed by the user.
 
-bucket = s3.Bucket(self,"MyEncryptedBucket",
-    encryptionKey=access_key                        # Compliant
+bucket = s3.Bucket(self,"bucket",
+    encryptionKey=access_key
 )
 </pre>
 <h2>See</h2>
@@ -59,7 +59,6 @@ <h2>See</h2>
   Misconfiguration </li>
   <li> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html">AWS documentation</a> - Protecting data using
   server-side encryption </li>
-  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketEncryption.html">CDK documentation</a> - BucketEncryption class
-  </li>
+  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketEncryption.html">AWS CDK version 2</a> - BucketEncryption </li>
 </ul>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6252.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6252.html
@@ -10,15 +10,15 @@ <h2>Recommended Secure Coding Practices</h2>
 <p>It’s recommended to enable S3 versioning and thus to have the possibility to retrieve and restore different versions of an object.</p>
 <h2>Sensitive Code Example</h2>
 <pre>
-bucket = s3.Bucket(self, "MyUnversionedBucket",
+bucket = s3.Bucket(self, "bucket",
     versioned=False       # Sensitive
 )
 </pre>
 <p>The default value of <code>versioned</code> is <code>False</code> so the absence of this parameter is also sensitive.</p>
 <h2>Compliant Solution</h2>
 <pre>
-bucket = s3.Bucket(self, "MyVersionedBucket",
-    versioned=True       # Compliant
+bucket = s3.Bucket(self, "bucket",
+    versioned=True
 )
 </pre>
 <h2>See</h2>
@@ -27,7 +27,7 @@ <h2>See</h2>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration">OWASP Top 10 2017 Category A6</a> - Security
   Misconfiguration </li>
   <li> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html">AWS documentation</a> - Using versioning in S3 buckets </li>
-  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#versioned">CDK documentation</a> - Using versioning in S3
+  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#versioned">AWS CDK version 2</a> - Using versioning in S3
   buckets </li>
 </ul>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6265.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6265.html
@@ -19,15 +19,11 @@ <h2>Sensitive Code Example</h2>
 <p>All users (ie: anyone in the world authenticated or not) have read and write permissions with the <code>PUBLIC_READ_WRITE</code> access
 control:</p>
 <pre>
-bucket = s3.Bucket(self,
-    "bucket",
+bucket = s3.Bucket(self, "bucket",
     access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE     # Sensitive
 )
 
-# Another example
-s3deploy.BucketDeployment(self,
-    "DeployWebsite",
-    ...,
+s3deploy.BucketDeployment(self, "DeployWebsite",
     access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE     # Sensitive
 )
 </pre>

diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6281.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6281.html
@@ -31,7 +31,7 @@ <h2>Recommended Secure Coding Practices</h2>
 <h2>Sensitive Code Example</h2>
 <p>By default, when not set, the <code>block_public_access</code> is fully deactivated (nothing is blocked):</p>
 <pre>
-bucket = s3.bucket(self,
+bucket = s3.Bucket(self,
     "bucket"        # Sensitive
 )
 </pre>
@@ -40,7 +40,7 @@ <h2>Sensitive Code Example</h2>
 bucket = s3.Bucket(self,
     "bucket",
     block_public_access=s3.BlockPublicAccess(
-        block_public_acls=False,       # NonCompliant should be TRUE
+        block_public_acls=False,       # Sensitive
         ignore_public_acls=True,
         block_public_policy=True,
         restrict_public_buckets=True
@@ -49,38 +49,22 @@ <h2>Sensitive Code Example</h2>
 </pre>
 <p>The attribute <code>BLOCK_ACLS</code> only blocks and ignores public ACLs:</p>
 <pre>
-bucket = s3.bucket(self,
-    "bucket",
-    block_public_access=s3.BlockPublicAccess.BLOCK_ACLS     # NonCompliant
-)
-</pre>
-<p>The <code>public_read_access</code> boolean property can grant the public read access to all objects in the bucket (by default False) :</p>
-<pre>
-bucket = s3.bucket(self,
-    "bucket",
-    public_read_access=True     # NonCompliant
-)
-</pre>
-<p>The same setting can be achieved through the function <code>grant_public_access()</code>:</p>
-<pre>
-bucket = s3.bucket(self,
+bucket = s3.Bucket(self,
     "bucket",
-    ...
+    block_public_access=s3.BlockPublicAccess.BLOCK_ACLS     # Sensitive
 )
-
-bucket.grant_public_access() # NonCompliant
 </pre>
 <h2>Compliant Solution</h2>
 <p>This <code>block_public_access</code> blocks public ACLs and policies, ignores existing public ACLs and restricts existing public policies:</p>
 <pre>
-bucket = s3.bucket(self,
-    "blockedBucket",
+bucket = s3.Bucket(self,
+    "bucket",
     block_public_access=s3.BlockPublicAccess.BLOCK_ALL # Compliant
 )
 </pre>
 <p>A similar configuration to the one above can obtained by setting all parameters of the <code>block_public_access</code></p>
 <pre>
-bucket = s3.Bucket(self, "MyBlockedBucket",
+bucket = s3.Bucket(self, "bucket",
     block_public_access=s3.BlockPublicAccess(       # Compliant
         block_public_acls=True,
         ignore_public_acls=True,

diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6326.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6326.json
@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6326",
   "sqKey": "S6326",
   "scope": "Main",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6331.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6331.json
@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6331",
   "sqKey": "S6331",
   "scope": "Main",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6353.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6353.json
@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6353",
   "sqKey": "S6353",
   "scope": "Main",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.html
@@ -1,5 +1,5 @@
-<p>Sub-patterns can be wrapped by parentheses to build a group. This enables to restrict alternations, back reference the group or apply a quantifier
-to the sub-pattern.</p>
+<p>Sub-patterns can be wrapped by parentheses to build a group. This enables to restrict alternations, back reference the group or apply quantifier to
+the sub-pattern.</p>
 <p>If this group should not be part of the match result or if no reference to this group is required, a non-capturing group can be created by adding
 <code>:?</code> behind the opening parenthesis.</p>
 <p>However, if this non-capturing group does not have a quantifier, or does not wrap an alternation, then imaging this group is redundant.</p>

diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.json
@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6395",
   "sqKey": "S6395",
   "scope": "All",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6396.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6396.json
@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6396",
   "sqKey": "S6396",
   "scope": "All",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6397.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6397.json
@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6397",
   "sqKey": "S6397",
   "scope": "All",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }
diff --git a/sonarpedia.json b/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "PY"
   ],
-  "latest-update": "2022-04-19T15:17:48.434405Z",
+  "latest-update": "2022-05-10T09:11:31.684423Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": true