diff --git a/.cirrus.star b/.cirrus.star index 28b17b70fc3..9f91e1542c6 100644 --- a/.cirrus.star +++ b/.cirrus.star @@ -1,4 +1,4 @@ -load("github.com/SonarSource/cirrus-modules@v2", "load_features") +load("github.com/SonarSource/cirrus-modules@v3", "load_features") def main(ctx): return load_features(ctx) diff --git a/.cirrus.yml b/.cirrus.yml index 6aa66a5ad48..ec2755408d7 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -2,7 +2,7 @@ env: GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-ro token] SONAR_HOST_URL: VAULT[development/kv/data/next data.url] SONAR_TOKEN: VAULT[development/kv/data/next data.token] - SONAR_SCANNER_VERSION: 4.6.1.2450 + SONAR_SCANNER_VERSION: 5.0.1.3006 SONAR_SCANNER_HOME: ${HOME}/.sonar/sonar-scanner-${SONAR_SCANNER_VERSION}-linux PATH: ${SONAR_SCANNER_HOME}/bin:$PATH # Need to clone full depth to track the changed files: for SQ analysis and for validation tasks @@ -25,7 +25,7 @@ container_definition: &CONTAINER_DEFINITION setup_sonar_scanner: &SETUP_SONAR_SCANNER setup_sonar_scanner_script: - - apt update -y && apt upgrade -y && apt update -y && apt install -y unzip + - apt update -y && apt upgrade -y && apt update -y && apt install -y unzip - curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip - unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ @@ -38,9 +38,7 @@ tooling_tests_task: env: PYTHONPATH: . install_dependencies_script: - - cd rspec-tools - - pipenv install --dev - - pipenv run pip install pytest pytest-cov + - ci/install_rspec_tools_dependencies.sh tests_script: - bash ci/fetch_branches.sh - cd rspec-tools @@ -56,7 +54,7 @@ frontend_tests_task: <<: *CONTAINER_DEFINITION dockerfile: ci/frontend-tests-dockerfile cpu: 1 - memory: 2G + memory: 3G node_modules_cache: folder: frontend/node_modules reupload_on_changes: false # since there is a fingerprint script @@ -77,15 +75,6 @@ frontend_tests_task: - cd frontend - sonar-scanner -validate_metadata_task: - eks_container: - <<: *CONTAINER_DEFINITION - dockerfile: ci/Dockerfile - cpu: 1 - memory: 2G - metadata_tests_script: - - ./ci/validate_metadata.sh - validate_ci_tests_task: skip: "!changesInclude('ci_tests/**', 'ci/**')" eks_container: @@ -96,17 +85,22 @@ validate_ci_tests_task: ci_tests_script: - ./ci_tests/asciidoc_validation/run_tests.sh -validate_asciidoc_task: +validate_rules_task: eks_container: <<: *CONTAINER_DEFINITION dockerfile: ci/Dockerfile cpu: 1 memory: 2G - asciidoc_tests_script: + metadata_validation_script: + - ./ci/validate_metadata.sh + file_extensions_validation_script: + - ./ci/validate_file_extensions.sh + asciidoc_validation_script: - ./ci/validate_asciidoc.sh validate_links_task: timeout_in: 120m + execution_lock: RSPEC_validate_links eks_container: <<: *CONTAINER_DEFINITION dockerfile: ci/Dockerfile @@ -117,31 +111,20 @@ validate_links_task: LINK_CACHE_PATH: /root/link-probing-history.cache cache_download_script: - bash ci/cirrus-cache.sh download ${LINK_CACHE_NAME} ${LINK_CACHE_PATH} - tests_script: - md5sum /root/link-probing-history.cache/link_probes.history || true + tests_script: - ./ci/validate_links.sh ${LINK_CACHE_PATH} - - md5sum /root/link-probing-history.cache/link_probes.history always: cache_upload_script: + - md5sum /root/link-probing-history.cache/link_probes.history || true - bash ci/cirrus-cache.sh upload ${LINK_CACHE_NAME} ${LINK_CACHE_PATH} -validate_file_extensions_task: - eks_container: - <<: *CONTAINER_DEFINITION - dockerfile: ci/Dockerfile - cpu: 1 - memory: 2G - file_extension_tests_script: - - bash ./ci/validate_file_extensions.sh - all_required_checks_task: depends_on: - tooling_tests - frontend_tests - - validate_metadata - - validate_asciidoc + - validate_rules - validate_ci_tests - - validate_file_extensions eks_container: <<: *CONTAINER_DEFINITION dockerfile: ci/Dockerfile diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000000..0711a73432e --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,16 @@ +{ + "build": { + "dockerfile": "../ci/Dockerfile" + }, + // https://code.visualstudio.com/docs/devcontainers/create-dev-container#_rebuild + "postCreateCommand": ".devcontainer/finalize-container.sh", + "waitFor": "postCreateCommand", + "customizations": { + "vscode": { + "extensions": [ + "ms-python.python", + "asciidoctor.asciidoctor-vscode" + ] + } + } +} diff --git a/.devcontainer/finalize-container.sh b/.devcontainer/finalize-container.sh new file mode 100755 index 00000000000..726a060bf9e --- /dev/null +++ b/.devcontainer/finalize-container.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -euo pipefail + +TOP_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)/.. + +$TOP_DIR/ci/install_rspec_tools_dependencies.sh diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index edd1766a803..b50139b0f80 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -.github/CODEOWNERS @SonarSource/languages-team-cfamily +.github/CODEOWNERS @sonarsource/quality-cfamily-squad diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index da7e0a2b598..2dc2d930541 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,3 +1,12 @@ + + ## Review A dedicated reviewer checked the rule description successfully for: diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml new file mode 100644 index 00000000000..b50896eba02 --- /dev/null +++ b/.github/workflows/PullRequestClosed.yml @@ -0,0 +1,29 @@ +name: Pull Request Closed + +on: + pull_request: + types: [closed] + +jobs: + PullRequestMerged_job: + name: Pull Request Merged + runs-on: ubuntu-latest + permissions: + id-token: write + pull-requests: read + # For external PR, ticket should be moved manually + if: | + github.event.pull_request.head.repo.full_name == github.repository + && github.event.pull_request.merged + steps: + - id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/kv/data/jira user | JIRA_USER; + development/kv/data/jira token | JIRA_TOKEN; + - uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@v2 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} + jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml new file mode 100644 index 00000000000..993fea0e55d --- /dev/null +++ b/.github/workflows/PullRequestCreated.yml @@ -0,0 +1,28 @@ +name: Pull Request Created + +on: + pull_request: + types: ["opened"] + +jobs: + PullRequestCreated_job: + name: Pull Request Created + runs-on: ubuntu-latest + permissions: + id-token: write + # For external PR, ticket should be created manually + if: | + github.event.pull_request.head.repo.full_name == github.repository + steps: + - id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; + development/kv/data/jira user | JIRA_USER; + development/kv/data/jira token | JIRA_TOKEN; + - uses: sonarsource/gh-action-lt-backlog/PullRequestCreated@v2 + with: + github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} + jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} + jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml new file mode 100644 index 00000000000..5eac0d555d6 --- /dev/null +++ b/.github/workflows/RequestReview.yml @@ -0,0 +1,28 @@ +name: Request review + +on: + pull_request: + types: ["review_requested"] + +jobs: + RequestReview_job: + name: Request review + runs-on: ubuntu-latest + permissions: + id-token: write + # For external PR, ticket should be moved manually + if: | + github.event.pull_request.head.repo.full_name == github.repository + steps: + - id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; + development/kv/data/jira user | JIRA_USER; + development/kv/data/jira token | JIRA_TOKEN; + - uses: sonarsource/gh-action-lt-backlog/RequestReview@v2 + with: + github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} + jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} + jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml new file mode 100644 index 00000000000..d5f22e6249e --- /dev/null +++ b/.github/workflows/SubmitReview.yml @@ -0,0 +1,30 @@ +name: Submit Review + +on: + pull_request_review: + types: [submitted] + +jobs: + SubmitReview_job: + name: Submit Review + runs-on: ubuntu-latest + permissions: + id-token: write + pull-requests: read + # For external PR, ticket should be moved manually + if: | + github.event.pull_request.head.repo.full_name == github.repository + && (github.event.review.state == 'changes_requested' + || github.event.review.state == 'approved') + steps: + - id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/kv/data/jira user | JIRA_USER; + development/kv/data/jira token | JIRA_TOKEN; + - uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} + jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} diff --git a/.github/workflows/add_language.yml b/.github/workflows/add_language.yml index 142cf761262..041f661e0f2 100644 --- a/.github/workflows/add_language.yml +++ b/.github/workflows/add_language.yml @@ -15,6 +15,9 @@ on: jobs: add_language_to_rule: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/create_new_rspec.yml b/.github/workflows/create_new_rspec.yml index 79dbaa2344f..a01e0e47fc9 100644 --- a/.github/workflows/create_new_rspec.yml +++ b/.github/workflows/create_new_rspec.yml @@ -12,6 +12,9 @@ on: jobs: create_new_rule: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ensure_label.yml b/.github/workflows/ensure_label.yml new file mode 100644 index 00000000000..efbb18fd0af --- /dev/null +++ b/.github/workflows/ensure_label.yml @@ -0,0 +1,20 @@ +name: PR should have a language label +on: + pull_request: + types: [opened, labeled, unlabeled, synchronize] + +jobs: + label: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: mheap/github-action-required-labels@v5 + with: + mode: minimum + count: 1 + add_comment: true + use_regex: true + labels: ".*" + message: "Please add a label with the relevant language(s) to be able to merge this PR" diff --git a/.github/workflows/update_coverage.yml b/.github/workflows/update_coverage.yml index d31b1627618..fa4baa79155 100644 --- a/.github/workflows/update_coverage.yml +++ b/.github/workflows/update_coverage.yml @@ -1,21 +1,35 @@ name: Update rule coverage on: schedule: - - cron: '17 0 * * *' + - cron: '17 2 * * *' + workflow_dispatch: # When manually triggered from a non-default branch, the results will not be pushed jobs: update_coverage: runs-on: ubuntu-latest + permissions: + id-token: write # required by SonarSource/vault-action-wrapper + contents: write + checks: read # required by fountainhead/action-wait-for-check + actions: write # required by andymckay/cancel-action env: TMP_BRANCH: temporary/coverage_update steps: + - name: 'get secrets' + id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/github/token/SonarSource-rspec-coverage token | coverage_github_token; + development/kv/data/slack token | slack_token; + - uses: actions/checkout@v4 with: persist-credentials: true - ref: master + fetch-depth: 0 path: 'rspec' - token: ${{ secrets.COVERAGE_GITHUB_TOKEN }} + token: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }} - uses: actions/setup-python@v4 with: @@ -31,7 +45,7 @@ jobs: - name: 'Regenerate coverage information' env: - GITHUB_TOKEN: ${{ secrets.COVERAGE_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }} id: gen-coverage working-directory: 'rspec/rspec-tools' run: | @@ -73,7 +87,8 @@ jobs: - name: 'Push the updated coverage to master' if: | steps.gen-coverage.outputs.new_coverage == 'true' && - steps.wait-for-build.outputs.conclusion == 'success' + steps.wait-for-build.outputs.conclusion == 'success' && + (github.event_name != 'workflow_dispatch' || github.ref == format('refs/heads/{0}', github.event.repository.default_branch)) working-directory: 'rspec' run: | git checkout master @@ -84,7 +99,7 @@ jobs: if: always() && steps.create-temp-branch.conclusion == 'success' uses: dawidd6/action-delete-branch@v3 with: - github_token: ${{ secrets.GITHUB_TOKEN}} + github_token: ${{ secrets.GITHUB_TOKEN }} branches: ${{ env.TMP_BRANCH}} - name: 'Fail if the change breaks CI' @@ -96,9 +111,9 @@ jobs: - name: 'Notify on slack about the failure' if: ${{ failure() }} env: - SLACK_API_TOKEN: ${{ secrets.SLACK_API_TOKEN }} + SLACK_API_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).slack_token }} working-directory: 'rspec/rspec-tools' run: | pipenv run rspec-tools notify-failure-on-slack \ --message "ERROR: failed to update rule coverage. See https://github.com/SonarSource/rspec/actions/runs/$GITHUB_RUN_ID" \ - --channel team-lang-rspec-v2 + --channel team-analysis-rspec diff --git a/.github/workflows/update_quickfix_status.yml b/.github/workflows/update_quickfix_status.yml index 11a42e825a6..2f9635588e7 100644 --- a/.github/workflows/update_quickfix_status.yml +++ b/.github/workflows/update_quickfix_status.yml @@ -26,6 +26,9 @@ jobs: update_quickfix_status: name: Update quick fix status runs-on: ubuntu-20.04 + permissions: + contents: write + pull-requests: write env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: diff --git a/.gitignore b/.gitignore index 7d6282cbc65..d330529ce0a 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ # generated files /rules/**/*.html /frontend/public/rules +rspec-tools/link_probes.history # compiled files *.out diff --git a/LICENSE b/LICENSE index 0a041280bd0..28723feb3de 100644 --- a/LICENSE +++ b/LICENSE @@ -1,165 +1,184 @@ - GNU LESSER GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - - This version of the GNU Lesser General Public License incorporates -the terms and conditions of version 3 of the GNU General Public -License, supplemented by the additional permissions listed below. - - 0. Additional Definitions. - - As used herein, "this License" refers to version 3 of the GNU Lesser -General Public License, and the "GNU GPL" refers to version 3 of the GNU -General Public License. - - "The Library" refers to a covered work governed by this License, -other than an Application or a Combined Work as defined below. - - An "Application" is any work that makes use of an interface provided -by the Library, but which is not otherwise based on the Library. -Defining a subclass of a class defined by the Library is deemed a mode -of using an interface provided by the Library. - - A "Combined Work" is a work produced by combining or linking an -Application with the Library. The particular version of the Library -with which the Combined Work was made is also called the "Linked -Version". - - The "Minimal Corresponding Source" for a Combined Work means the -Corresponding Source for the Combined Work, excluding any source code -for portions of the Combined Work that, considered in isolation, are -based on the Application, and not on the Linked Version. - - The "Corresponding Application Code" for a Combined Work means the -object code and/or source code for the Application, including any data -and utility programs needed for reproducing the Combined Work from the -Application, but excluding the System Libraries of the Combined Work. - - 1. Exception to Section 3 of the GNU GPL. - - You may convey a covered work under sections 3 and 4 of this License -without being bound by section 3 of the GNU GPL. - - 2. Conveying Modified Versions. - - If you modify a copy of the Library, and, in your modifications, a -facility refers to a function or data to be supplied by an Application -that uses the facility (other than as an argument passed when the -facility is invoked), then you may convey a copy of the modified -version: - - a) under this License, provided that you make a good faith effort to - ensure that, in the event an Application does not supply the - function or data, the facility still operates, and performs - whatever part of its purpose remains meaningful, or - - b) under the GNU GPL, with none of the additional permissions of - this License applicable to that copy. - - 3. Object Code Incorporating Material from Library Header Files. - - The object code form of an Application may incorporate material from -a header file that is part of the Library. You may convey such object -code under terms of your choice, provided that, if the incorporated -material is not limited to numerical parameters, data structure -layouts and accessors, or small macros, inline functions and templates -(ten or fewer lines in length), you do both of the following: - - a) Give prominent notice with each copy of the object code that the - Library is used in it and that the Library and its use are - covered by this License. - - b) Accompany the object code with a copy of the GNU GPL and this license - document. - - 4. Combined Works. - - You may convey a Combined Work under terms of your choice that, -taken together, effectively do not restrict modification of the -portions of the Library contained in the Combined Work and reverse -engineering for debugging such modifications, if you also do each of -the following: - - a) Give prominent notice with each copy of the Combined Work that - the Library is used in it and that the Library and its use are - covered by this License. - - b) Accompany the Combined Work with a copy of the GNU GPL and this license - document. - - c) For a Combined Work that displays copyright notices during - execution, include the copyright notice for the Library among - these notices, as well as a reference directing the user to the - copies of the GNU GPL and this license document. - - d) Do one of the following: - - 0) Convey the Minimal Corresponding Source under the terms of this - License, and the Corresponding Application Code in a form - suitable for, and under terms that permit, the user to - recombine or relink the Application with a modified version of - the Linked Version to produce a modified Combined Work, in the - manner specified by section 6 of the GNU GPL for conveying - Corresponding Source. - - 1) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (a) uses at run time - a copy of the Library already present on the user's computer - system, and (b) will operate properly with a modified version - of the Library that is interface-compatible with the Linked - Version. - - e) Provide Installation Information, but only if you would otherwise - be required to provide such information under section 6 of the - GNU GPL, and only to the extent that such information is - necessary to install and execute a modified version of the - Combined Work produced by recombining or relinking the - Application with a modified version of the Linked Version. (If - you use option 4d0, the Installation Information must accompany - the Minimal Corresponding Source and Corresponding Application - Code. If you use option 4d1, you must provide the Installation - Information in the manner specified by section 6 of the GNU GPL - for conveying Corresponding Source.) - - 5. Combined Libraries. - - You may place library facilities that are a work based on the -Library side by side in a single library together with other library -facilities that are not Applications and are not covered by this -License, and convey such a combined library under terms of your -choice, if you do both of the following: - - a) Accompany the combined library with a copy of the same work based - on the Library, uncombined with any other library facilities, - conveyed under the terms of this License. - - b) Give prominent notice with the combined library that part of it - is a work based on the Library, and explaining where to find the - accompanying uncombined form of the same work. - - 6. Revised Versions of the GNU Lesser General Public License. - - The Free Software Foundation may publish revised and/or new versions -of the GNU Lesser General Public License from time to time. Such new -versions will be similar in spirit to the present version, but may -differ in detail to address new problems or concerns. - - Each version is given a distinguishing version number. If the -Library as you received it specifies that a certain numbered version -of the GNU Lesser General Public License "or any later version" -applies to it, you have the option of following the terms and -conditions either of that published version or of any later version -published by the Free Software Foundation. If the Library as you -received it does not specify a version number of the GNU Lesser -General Public License, you may choose any version of the GNU Lesser -General Public License ever published by the Free Software Foundation. - - If the Library as you received it specifies that a proxy can decide -whether future versions of the GNU Lesser General Public License shall -apply, that proxy's public statement of acceptance of any version is -permanent authorization for you to choose that version for the -Library. +SONAR Source-Available License v1.0 +Last Updated November 13, 2024 + +1. DEFINITIONS + +"Agreement" means this Sonar Source-Available License v1.0 + +"Competing" means marketing a product or service as a substitute for the +functionality or value of SonarQube. A product or service may compete regardless +of how it is designed or deployed. For example, a product or service may compete +even if it provides its functionality via any kind of interface (including +services, libraries, or plug-ins), even if it is ported to a different platform +or programming language, and even if it is provided free of charge. + +"Contribution" means: + + a) in the case of the initial Contributor, the initial content Distributed under +this Agreement, and + + b) in the case of each subsequent Contributor: + i) changes to the Program, and + ii) additions to the Program; + +where such changes and/or additions to the Program originate from and are +Distributed by that particular Contributor. A Contribution "originates" from a +Contributor if it was added to the Program by such Contributor itself or anyone +acting on such Contributor's behalf. Contributions do not include changes or +additions to the Program that are not Modified Works. + +"Contributor" means any person or entity that Distributes the Program. + +"Derivative Works" shall mean any work, whether in Source Code or other form, +that is based on (or derived from) the Program and for which the editorial +revisions, annotations, elaborations, or other modifications represent, as a +whole, an original work of authorship. + +"Distribute" means the acts of a) distributing or b) making available in any +manner that enables the transfer of a copy. + +"Licensed Patents" mean patent claims licensable by a Contributor that are +necessarily infringed by the use or sale of its Contribution alone or when +combined with the Program. + +"Modified Works" shall mean any work in Source Code or other form that results +from an addition to, deletion from, or modification of the contents of the +Program, including, for purposes of clarity, any new file in Source Code form +that contains any contents of the Program. Modified Works shall not include +works that contain only declarations, interfaces, types, classes, structures, or +files of the Program solely in each case in order to link to, bind by name, or +subclass the Program or Modified Works thereof. + +"Non-competitive Purpose" means any purpose except for (a) providing to others +any product or service that includes or offers the same or substantially similar +functionality as SonarQube, (b) Competing with SonarQube, and/or (c) employing, +using, or engaging artificial intelligence technology that is not part of the +Program to ingest, interpret, analyze, train on, or interact with the data +provided by the Program, or to engage with the Program in any manner. + +"Notices" means any legal statements or attributions included with the Program, +including, without limitation, statements concerning copyright, patent, +trademark, disclaimers of warranty, or limitations of liability + +"Program" means the Contributions Distributed in accordance with this Agreement. + +"Recipient" means anyone who receives the Program under this Agreement, +including Contributors. + +"SonarQube" means an open-source or commercial edition of software offered by +SonarSource that is branded "SonarQube". + +"SonarSource" means SonarSource SA, a Swiss company registered in Switzerland +under UID No. CHE-114.587.664. + +"Source Code" means the form of a Program preferred for making modifications, +including but not limited to software source code, documentation source, and +configuration files. + +2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby grants +Recipient a non-exclusive, worldwide, royalty-free copyright license, for any +Non-competitive Purpose, to reproduce, prepare Derivative Works of, publicly +display, publicly perform, Distribute and sublicense the Contribution of such +Contributor, if any, and such Derivative Works. + + b) Subject to the terms of this Agreement, each Contributor hereby grants +Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed +Patents, for any Non-competitive Purpose, to make, use, sell, offer to sell, +import, and otherwise transfer the Contribution of such Contributor, if any, in +Source Code or other form. This patent license shall apply to the combination of +the Contribution and the Program if, at the time the Contribution is added by +the Contributor, such addition of the Contribution causes such combination to be +covered by the Licensed Patents. The patent license shall not apply to any other +combinations that include the Contribution. + + c) Recipient understands that although each Contributor grants the licenses to +its Contributions set forth herein, no assurances are provided by any +Contributor that the Program does not infringe the patent or other intellectual +property rights of any other entity. Each Contributor disclaims any liability to +Recipient for claims brought by any other entity based on infringement of +intellectual property rights or otherwise. As a condition to exercising the +rights and licenses granted hereunder, each Recipient hereby assumes sole +responsibility to secure any other intellectual property rights needed, if any. +For example, if a third-party patent license is required to allow Recipient to +Distribute the Program, it is Recipient's responsibility to acquire that license +before distributing the Program. + + d) Each Contributor represents that to its knowledge it has sufficient copyright +rights in its Contribution, if any, to grant the copyright license set forth in +this Agreement. + +3. REQUIREMENTS + +3.1 If a Contributor Distributes the Program in any form, then the Program must +also be made available as Source Code, in accordance with section 3.2, and the +Contributor must accompany the Program with a statement that the Source Code for +the Program is available under this Agreement, and inform Recipients how to +obtain it in a reasonable manner on or through a medium customarily used for +software exchange; and + +3.2 When the Program is Distributed as Source Code: + + a) it must be made available under this Agreement, and + + b) a copy of this Agreement must be included with each copy of the Program. + +3.3 Contributors may not remove or alter any Notices contained within the +Program from any copy of the Program which they Distribute, provided that +Contributors may add their own appropriate Notices. + +4. NO WARRANTY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT PERMITTED BY +APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES +OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT +LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, +MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely +responsible for determining the appropriateness of using and distributing the +Program and assumes all risks associated with its exercise of rights under this +Agreement, including but not limited to the risks and costs of program errors, +compliance with applicable laws, damage to or loss of data, programs or +equipment, and unavailability or interruption of operations. + +5. DISCLAIMER OF LIABILITY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT PERMITTED BY +APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF +THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF +THE POSSIBILITY OF SUCH DAMAGES. + +6. GENERAL + +If any provision of this Agreement is invalid or unenforceable under applicable +law, it shall not affect the validity or enforceability of the remainder of the +terms of this Agreement, and without further action by the parties hereto, such +provision shall be reformed to the minimum extent necessary to make such +provision valid and enforceable. + +If Recipient institutes patent litigation against any entity (including a +cross-claim or counterclaim in a lawsuit) alleging that the Program itself +(excluding combinations of the Program with other software or hardware) +infringes such Recipient’s patent(s), then such Recipient’s rights granted under +Section 2(b) shall terminate as of the date such litigation is filed. + +All Recipient’s rights under this Agreement shall terminate if it fails to +comply with any of the material terms or conditions of this Agreement and does +not cure such failure in a reasonable period of time after becoming aware of +such noncompliance. If all Recipient’s rights under this Agreement terminate, +Recipient agrees to cease use and distribution of the Program as soon as +reasonably practicable. However, Recipient’s obligations under this Agreement +and any licenses granted by Recipient relating to the Program shall continue and +survive. + +Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives +no rights or licenses to the intellectual property of any Contributor under this +Agreement, whether expressly, by implication, estoppel, or otherwise. All rights +in the Program not expressly granted under this Agreement are reserved. Nothing +in this Agreement is intended to be enforceable by any entity that is not a +Contributor or Recipient. No third-party beneficiary rights are created under +this Agreement. diff --git a/README.adoc b/README.adoc index 353e58b8348..140ee608c0b 100644 --- a/README.adoc +++ b/README.adoc @@ -8,6 +8,8 @@ This repository contains the specification of every static-analysis rule availab It also contains rules which have been dropped and rules which will one day be implemented. +The content of this repository is covered by the link:LICENSE[SONAR Source-Available License v1.0]. + == Rules directory structure * https://github.com/SonarSource/rspec/tree/master/rules[rules] directory: contains every specified rule. diff --git a/ci/Dockerfile b/ci/Dockerfile index e03143ee2ef..1502a35a23f 100644 --- a/ci/Dockerfile +++ b/ci/Dockerfile @@ -1,6 +1,17 @@ FROM public.ecr.aws/docker/library/python:3.9-slim-buster +# Also install NodeJS 16 to run Sonar analysis + RUN apt-get update && \ - apt-get install -y --no-install-recommends jq php-json-schema asciidoctor pipenv git curl + apt-get install -y --no-install-recommends jq php-json-schema asciidoctor pipenv git curl \ + ca-certificates gnupg && \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | \ + gpg --dearmor -o /etc/apt/nodesource-keyring.gpg && \ + echo "deb [signed-by=/etc/apt/nodesource-keyring.gpg] https://deb.nodesource.com/node_20.x nodistro main" \ + > /etc/apt/sources.list.d/nodesource.list && \ + apt-get update && \ + apt-get -y install nodejs && \ + rm -rf /var/lib/apt/lists/* + CMD ["bash"] diff --git a/ci/cirrus-cache.sh b/ci/cirrus-cache.sh index 2c48ff58cc7..361516f4a4a 100644 --- a/ci/cirrus-cache.sh +++ b/ci/cirrus-cache.sh @@ -6,38 +6,38 @@ ACTION=${1} CACHE_NAME=${2} PATH_TO_CACHE=${3} -CACHE_KEY=${CACHE_NAME} -DEFAULT_CACHE_KEY=${CACHE_NAME} +CACHE_URL="http://${CIRRUS_HTTP_CACHE_HOST}/${CACHE_NAME}" -CACHE_URL=http://${CIRRUS_HTTP_CACHE_HOST}/${CACHE_KEY} - -TMP_PATH=/tmp/tmp-cache.tgz +TMP_PATH="/tmp/tmp-cache.tgz" case "${ACTION}" in download) - echo "Download cache with key ${CACHE_KEY}" - - echo " -> try ${CACHE_URL}" - curl -sfSL -o ${TMP_PATH} ${CACHE_URL} || { - echo "Cache download failed"; - exit 0; + echo "Download cache with key ${CACHE_NAME} from ${CACHE_URL}" + curl --silent --show-error --fail --location --output "${TMP_PATH}" "${CACHE_URL}" || { + echo "Cache download failed" >&2 + exit 0 } - du -hs ${TMP_PATH} - tar -Pxzf ${TMP_PATH} - rm ${TMP_PATH} + du -hs "${TMP_PATH}" + tar -Pxzf "${TMP_PATH}" + rm "${TMP_PATH}" ;; upload) echo "Upload cache to ${CACHE_URL}" - tar -Pczf ${TMP_PATH} ${PATH_TO_CACHE} - du -hs ${TMP_PATH} - curl -s -X POST --data-binary @${TMP_PATH} ${CACHE_URL} + tar -Pczf "${TMP_PATH}" "${PATH_TO_CACHE}" + du -hs "${TMP_PATH}" + curl --silent --show-error -X POST --data-binary "@${TMP_PATH}" "${CACHE_URL}" || { + echo "Cache upload failed" >&2 + exit 0 + } ;; *) - echo "Unexpected cache ACTION: ${ACTION}" + echo "Unexpected cache ACTION: ${ACTION}" >&2 exit 1 ;; esac + +echo "Cache ${ACTION}ed succeeded." diff --git a/ci/frontend-tests-dockerfile b/ci/frontend-tests-dockerfile index 20c757b679e..b704242fa42 100644 --- a/ci/frontend-tests-dockerfile +++ b/ci/frontend-tests-dockerfile @@ -1,3 +1,3 @@ -FROM public.ecr.aws/docker/library/node:14.17.0 +FROM public.ecr.aws/docker/library/node:20.9.0 CMD ["bash"] diff --git a/ci/install_rspec_tools_dependencies.sh b/ci/install_rspec_tools_dependencies.sh new file mode 100755 index 00000000000..8d56709f116 --- /dev/null +++ b/ci/install_rspec_tools_dependencies.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -euo pipefail + +cd rspec-tools +pipenv install --dev +pipenv run pip install pytest pytest-cov diff --git a/ci/validate_file_extensions.sh b/ci/validate_file_extensions.sh old mode 100644 new mode 100755 diff --git a/ci/validate_metadata.sh b/ci/validate_metadata.sh index 7af350f676d..2bd81930249 100755 --- a/ci/validate_metadata.sh +++ b/ci/validate_metadata.sh @@ -13,17 +13,20 @@ else git diff --name-only "${base}" -- rules/ | # Get all the changes in rules sed -Ee 's#(rules/S[0-9]+)/.*#\1#' | # extract the rule directories sort -u | # deduplicate - while IFS= read -r rule; do [[ -d "$rule" ]] && echo "$rule" || true; done | # filter non-deleted rules + while IFS= read -r rule; do if [[ -d "$rule" ]]; then echo "$rule"; fi done | # filter out deleted rules sed 's#rules/##' | # get rule ids mapfile -t affected_rules # store them in the `affected_rules` array - echo "Validating ${affected_rules[@]}" + echo "Validating ${affected_rules[*]}" fi +printf '\n\n\n' + # Validate metadata if [[ "${#affected_rules[@]}" -gt 0 ]] then cd rspec-tools pipenv install + printf '\n\n\n' pipenv run rspec-tools validate-rules-metadata "${affected_rules[@]}" else echo "No rule changed or added" diff --git a/docs/benchmarks.adoc b/docs/benchmarks.adoc new file mode 100644 index 00000000000..13e30bf2993 --- /dev/null +++ b/docs/benchmarks.adoc @@ -0,0 +1,51 @@ += Benchmarks + +When writing a rule that has to do with performance, you might need to showcase some benchmarks as proof of potential improvements. This should be included in a separate section called `Benchmarks`, under `Resources`. + +The format of the benchmarks section is as follows: + +* Benchmark table +* Benchmarking code +* Hardware configuration + +== Benchmark table + +- Do not use abbreviations for statistical terms, not everyone is familiar with them. +- In the `Benchmarks` section, add a subsection called `Glossary` right after the benchmark table and add links to Wikipedia to explain statistical terms used in the header of each column: + +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + +Ideally, the columns should look like in the following example: + +|=== +| | Mean | Standard Deviation | Allocated +| | 5.042 ms | 0.1049 ms | 125 KB +| | 2.691 ms | 0.0334 ms | 85.94 KB +|=== + +== Benchmarking code + +The code that was used to generate the benchmarks should be included to provide transparency and allow others to reproduce and verify the results. Preferably, the code snippet should include the sample size, the number of iterations, and the framework/library used to run the benchmarks. + +If the code is not showcasing how the results were generated, consider prefixing it with an explanation that links to the framework/library used, for example: + +---- +The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]. +---- + +== Hardware configuration + +The hardware configuration used to run the benchmarks should be included, for example: + +[source] +---- +BenchmarkDotNet=v0.13.5, OS=Windows 10 (10.0.19045.2846/22H2/2022Update) +11th Gen Intel Core i7-11850H 2.50GHz, 1 CPU, 16 logical and 8 physical cores + [Host] : .NET Framework 4.8 (4.8.4614.0), X64 RyuJIT VectorSize=256 + .NET 7.0 : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2 + .NET Framework 4.6.2 : .NET Framework 4.8 (4.8.4614.0), X64 RyuJIT VectorSize=256 +---- \ No newline at end of file diff --git a/docs/deprecation.adoc b/docs/deprecation.adoc index 612a9176db8..b0993dfc9dd 100644 --- a/docs/deprecation.adoc +++ b/docs/deprecation.adoc @@ -2,7 +2,7 @@ == In the RSPEC -The rule status (`/status` in the metadata) should be set to `deprecated`. +The rule status (`/status` in the metadata) should be set to `deprecated`, and its tags should be removed. If the rule is in `SonarWay`, it should be removed from this profile. Optionally, `/extra/replacementRules` can list the rules that replace this rule. diff --git a/docs/description.adoc b/docs/description.adoc index 5ac20ab0e44..4e91c5ba934 100644 --- a/docs/description.adoc +++ b/docs/description.adoc @@ -43,25 +43,27 @@ This format is defined as follows: * Short description (no title) // This needs to be kept in sync with the [maps in the validation script](https://github.com/SonarSource/rspec/blob/master/rspec-tools/rspec_tools/validation/description.py#L32-L39). -* Why is this an issue? -** What is the potential impact? (optional) -** Exceptions (optional) -** (any other titles) (optional) -* How to fix it (optional) +* Why is this an issue? (mandatory) +** What is the potential impact? +** Exceptions +** (any other titles) +* How to fix it ** Code examples *** Noncompliant code example *** Compliant solution ** How does this work? ** Pitfalls ** Going the extra mile -* How to fix it in {Framework Display Name} (optional) +** (any other titles) +* How to fix it in {Framework Display Name} ** Code examples *** Noncompliant code example *** Compliant solution ** How does this work? ** Pitfalls ** Going the extra mile -* Resources (optional) +** (any other titles) +* Resources ** Documentation ** Articles & blog posts ** Conference presentations @@ -84,8 +86,8 @@ Goal: The title (or message) of a rule might not always be clear due to its shor Start at the basics and go into more depth to explain the concepts behind this type of issue. This is most likely the place where a lot of the content will be. + This is the place to tell the “story” of the rule, including the impact of leaving it unfixed. We should include code samples wherever needed to make it easier to understand what is going on. This can be in the form of noncompliant and compliant code in a single code box (noncompliant lines should always be highlighted with the corresponding comment -“// Noncompliant” optionally followed by some explanation) if that is clearer. This first tab could use a blog post style with a free format explaining what the rule is -detecting and why. Feel free to use “What is the potential impact?” title if it makes sense, or any other titles you find useful. + +“// Noncompliant” optionally followed by some explanation) if that is clearer. This first tab could use a freeform 'story-telling' style explaining what the rule is +detecting and why. Feel free to use the “What is the potential impact?” title if it makes sense, or any other titles you find useful. + Goal: Understand the concepts behind an issue and why it matters. + ** *What is the potential impact?* (level 3 title) [Optional] @@ -101,7 +103,8 @@ Goal: Our users should understand the impact of this issue on their project. * *How to fix it* or *How to fix it in `{Framework Display Name}`* (level 2 title) [Optional; the title depends on whether the description is generic or framework-specifc. See examples below.] + This section consists of one or multiple fixes for this type of issue (`Noncompliant code example` vs. `Compliant solution`). There can be multiple fixes for different libraries and/or frameworks. -If the fix for the rule is trivial (quickfix is available, it is easily inferred from the title and/or message), this section should be omitted and the fix could be mentioned in the previous section. + +If the fix for the rule is trivial (quickfix is available, it is easily inferred from the title and/or message), this section should be omitted and the fix could be mentioned in the previous section. +This tab could also use a freeform 'story-telling' style if that makes it clearer for the user. Feel free to use any of the titles below, or any other titles you find useful. + Goal: Get an idea of how this issue can be fixed for my project/framework, why this works, what to look out for, and also how to continue improving on this topic. + ** *How does this work?* (level 3 title) [Optional] @@ -268,6 +271,24 @@ tsql:: use `sql` In case no language is appropriate for a code block (for example shared examples between multiple languages), you can use `text` as the language. +=== Comments within code blocks + +Colon (`:`) should be used as separator between `Noncompliant`/`Compliant` comments and the text explanation that follows, if any. + +[source,cpp] +---- +int X = 2; // Noncompliant: variable should be in lowercase +---- + + +When referencing a name within a comment in a code example, use double quotes to make it clear it refers to an existing element in the code. + +[source,cpp] +---- +int i = 0; +cout << noexcept(++i); // Noncompliant: "i" is not incremented +---- + === Diff view Additionally, you can also use two attributes to let the products know your code examples should be highlighted with a diff view when possible diff --git a/docs/header_names/allowed_framework_names.adoc b/docs/header_names/allowed_framework_names.adoc index 308236c363e..ed38745f158 100644 --- a/docs/header_names/allowed_framework_names.adoc +++ b/docs/header_names/allowed_framework_names.adoc @@ -1,11 +1,15 @@ +// Ansible // C# * ASP.NET +* ASP.NET Core +* ASP.NET MVC 4.x * Razor * .NET * Entity Framework Core * Dapper * BouncyCastle * Jwt.Net +* Blazor // C-Family * Botan * CryptoPP @@ -22,36 +26,47 @@ * Xerces * libxml2 // Java +* Android * Apache Commons -* JSP -* Servlet -* Spring -* Thymeleaf -* Java SE -* Java EE -* Hibernate * Apache Commons +* Apache Commons Email +* Apache HttpClient +* Auth0 JWT * Commons Compiler -* Legacy Mongo Java API +* Dom4j * FasterXML +* Groovy * Gson -* Android -* Java Cryptographic Extension -* Dom4j +* Hibernate +* Java Cryptography Extension +* Java EE +* Java JWT +* Java SE * Jdom2 +* JSP +* Legacy Mongo Java API * OkHttp -* Java JWT -* Auth0 JWT -* Apache Commons Email -* SQLCipher * Realm * Java Cryptography Extension * Apache HttpClient +* Couchbase +* SAX +* Servlet +* Spring +* Spring Data MongoDB +* Spring Data Cassandra +* Spring Data Redis +* Spring Data Neo4j +* SQLCipher +* Thymeleaf // JS +* Jasmine +* Jest * Flow.js * Node.js * Express.js * SSH2 +* Mocha * MongoDB * Mongoose * Sequelize @@ -62,9 +77,11 @@ * Formidable * Multer * Passport +* Request * TypeScript * PropTypes * JSX +* Electron // PHP * Core PHP * Guzzle @@ -74,31 +91,40 @@ * WordPress * Mcrypt // Python +* aiohttp * Amazon DynamoDB +* Argon2-cffi +* Bcrypt +* Cryptodome * Django * Django Templates +* FastAPI * Flask -* aiohttp +* HTTPX * Jinja * lxml +* MySQL Connector/Python +* Numpy * Paramiko +* pyca +* PyCrypto +* pyDes +* PyJWT +* pyOpenSSL +* python-jose +* python-jwt * python-ldap * Python SQLite -* MySQL Connector/Python * Python Standard Library +* PyTorch * PyYAML * Requests +* Scrypt +* Scikit-Learn +* SignXML * SQLAlchemy -* Amazon DynamoDB -* python-ldap -* Request -* Cryptodome -* pyca -* PyCrypto -* pyDes -* PyJWT -* python-jwt -* python-jose +* ssl +* TensorFlow // Docker * Wget // Cloudformation @@ -113,7 +139,8 @@ // Terraform * AWS API Gateway * AWS OpenSearch -* Azure MSSQL +* Azure Databases +* Azure Storage Accounts * GCP Load Balancers * AWS Identity and Access Management // CDK @@ -123,9 +150,11 @@ * CryptoSwift * IDZSwiftCommonCrypto // Azure resource manager -* ARM templates +* JSON templates * Bicep // PL/SQL * DBMS_CRYPTO // Go * Go Standard Library +// Kubernetes +* Helm diff --git a/docs/link_formatting.adoc b/docs/link_formatting.adoc index 4005e70ab1b..faa220e6867 100644 --- a/docs/link_formatting.adoc +++ b/docs/link_formatting.adoc @@ -46,7 +46,7 @@ When web pages have massively long names like "Java™ Platform, Standard Editio * Azure Documentation - https://learn.microsoft.com/en-us/azure/?product=popular * CERT - https://wiki.sei.cmu.edu/confluence/display/seccode * {cpp} reference - https://en.cppreference.com/w/ -* C++ Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md * CVE - https://cve.mitre.org * CWE - https://cwe.mitre.org * Docker Documentation - https://docs.docker.com/ diff --git a/docs/metadata.adoc b/docs/metadata.adoc index a34fcd15c86..7d175bcb4a0 100644 --- a/docs/metadata.adoc +++ b/docs/metadata.adoc @@ -40,6 +40,6 @@ You can update the quickfix field using this GitHub Workflow: https://github.com The code field is an object that contains information related to the clean code taxonomy. It is an object with two required properties: -* `impacts`: A nested object that is treated as a mapping from a software quality to a level (`"LOW"`, `"MEDIUM"` or `"HIGH"`). Note that at least one software quality has to be specified. The current list of allowed software qualities is `"MAINTAINABILITY"`, `"RELIABILITY"` and `"SECURITY"`. +* `impacts`: A nested object that is treated as a mapping from a software quality to a level (`"INFO"`, `"LOW"`, `"MEDIUM"`, `"HIGH"` or `"BLOCKER"`). Note that at least one software quality has to be specified. The current list of allowed software qualities is `"MAINTAINABILITY"`, `"RELIABILITY"` and `"SECURITY"`. * `attribute`: A single clean code attribute that the rule aims to achieve. This has to be one of the following values: `"FORMATTED"`, `"CONVENTIONAL"`, `"IDENTIFIABLE"`, `"CLEAR"`, `"LOGICAL"`, `"COMPLETE"`, `"EFFICIENT"`, `"FOCUSED"`, `"DISTINCT"`, `"MODULAR"`, `"TESTED"`, `"LAWFUL"`, `"TRUSTWORTHY"`, `"RESPECTFUL"`. diff --git a/docs/styling_guide.adoc b/docs/styling_guide.adoc index 4b3dd42c2bc..6f8e6fd522f 100644 --- a/docs/styling_guide.adoc +++ b/docs/styling_guide.adoc @@ -109,3 +109,17 @@ Use it when referencing variable names, file names, tokens, and all kinds of spe Write:: Compiling source file `src/generic_file.py` breaks an `assert` call in pytest framework. Avoid:: Compiling source file "src/generic_file.py" breaks an `assert` call in `pytest` framework. +== Referencing elements from the code + +When referencing elements from the code within a normal sentence, use the `backticks` (```) to format it. This includes variable names, function names, class names, and so on. + +When referencing the same elements within a comment in a code block, surrpond it with double quotes. +[source,cpp] +---- +int i = 0; +// Write +cout << noexcept(++i); // Noncompliant, "i" is not incremented -> Double quotes +// Avoid +cout << noexcept(++i); // Noncompliant, i is not incremented -> No quotes +cout << noexcept(++i); // Noncompliant, `i` is not incremented -> Backticks +---- diff --git a/frontend/README.adoc b/frontend/README.adoc new file mode 100644 index 00000000000..ff93dd87ad3 --- /dev/null +++ b/frontend/README.adoc @@ -0,0 +1,50 @@ + += Search page for the rule repository + +This is a single-page React application that indexes the rule repository and +allows you to run flexible search through all of the rules and rule drafts, +and render the rule specifications in HTML. +The render is not guaranteed to match the rule rendering in the products, +but it is a good proxy. + +== Local deployment + +Make sure you have NodeJs and `npm` available. Tested with NPM v10.2.3 and NodeJS v18.19.0. + +Install dependencies + +[source,shell] +---- +npm install +---- + +If you have some non-js dependencies missing, this might fail. +Possibly missing non-js dependencies include OpenSSL, libuv, libssh2, KRB5. + +Once you succeed in installing the dependencies you are ready to predeploy. + +[source,shell] +---- +npm run predeploy +---- + +This command builds the database of the rule specifications. + +NOTE: If the script fails to clone or fetch due to an SSL certificate failure + and your network uses a custom CA certificate you might need to make sure it is installed + in the accessible place. + As a workaround you can https://github.com/nodegit/nodegit/issues/1742[disable the certificate check]. + +NOTE: In the predeploy step (specifically the `prepare-rules` part of it) the script fetches all the open PRs locally. + You might want to set `GITHUB_TOKEN` to your personal GitHub token + to avoid GitHub throttling your requests during the predeploy stage. + + +Now you can run it locally: + +[source,shell] +---- +npm start +---- + +This should open https://localhost:3000/rspec in your default browser with the rule search page. diff --git a/frontend/README.md b/frontend/README.md deleted file mode 100644 index 3bc37fe1624..00000000000 --- a/frontend/README.md +++ /dev/null @@ -1,52 +0,0 @@ -# Getting Started with Create React App - -This project was bootstrapped with [Create React App](https://github.com/facebook/create-react-app). - -## Available Scripts - -In the project directory, you can run: - -### `npm start` - -Runs the app in the development mode.\ -Open [http://localhost:3000](http://localhost:3000) to view it in the browser. - -The page will reload if you make edits.\ -You will also see any lint errors in the console. - -### `npm test` - -Launches the test runner in the interactive watch mode.\ -See the section about [running tests](https://facebook.github.io/create-react-app/docs/running-tests) for more information. - -### `npm run predeploy` - -Custom command to build the search index. - -### `npm run build` - -Builds the app for production to the `build` folder.\ -It correctly bundles React in production mode and optimizes the build for the best performance. - -The build is minified and the filenames include the hashes.\ -Your app is ready to be deployed! - -See the section about [deployment](https://facebook.github.io/create-react-app/docs/deployment) for more information. - -### `npm run eject` - -**Note: this is a one-way operation. Once you `eject`, you can’t go back!** - -If you aren’t satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project. - -Instead, it will copy all the configuration files and the transitive dependencies (webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own. - -You don’t have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it. - -## Learn More - -You can learn more in the [Create React App documentation](https://facebook.github.io/create-react-app/docs/getting-started). - -To learn React, check out the [React documentation](https://reactjs.org/). - -**Note:** To easily use the `npm` commands on Windows, you can use VSCode with a `npm` support extension. diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 8d2d2422b81..153ebcc9337 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -1,117 +1,204 @@ { "name": "rspec", "version": "0.1.0", - "lockfileVersion": 1, + "lockfileVersion": 3, "requires": true, - "dependencies": { - "@aashutoshrathi/word-wrap": { + "packages": { + "": { + "name": "rspec", + "version": "0.1.0", + "dependencies": { + "@material-ui/core": "^4.12.4", + "@material-ui/icons": "^4.11.3", + "@material-ui/lab": "^4.0.0-alpha.61", + "@octokit/rest": "^18.12.0", + "@testing-library/jest-dom": "^5.17.0", + "@testing-library/react": "^11.2.7", + "@testing-library/user-event": "^12.8.3", + "@types/jest": "^26.0.24", + "@types/node": "^12.20.55", + "@types/react": "^16.14.49", + "@types/react-dom": "^16.9.20", + "asciidoctor": "^2.2.6", + "html-react-parser": "^1.4.14", + "lunr": "^2.3.9", + "node-html-parser": "^5.4.2", + "nodegit": "^0.28.0-alpha.24", + "react": "^17.0.2", + "react-dom": "^17.0.2", + "react-highlight": "^0.14.0", + "react-router-dom": "^5.3.4", + "react-scripts": "^5.0.1", + "setimmediate": "^1.0.5", + "string-strip-html": "^8.5.0", + "ts-node": "^10.9.1", + "typescript": "^4.9.5", + "verror": "^1.10.1", + "web-vitals": "^0.2.4", + "winston": "^3.11.0", + "yargs": "^16.2.0" + }, + "devDependencies": { + "@testing-library/react-hooks": "^7.0.2", + "@types/lunr": "^2.3.5", + "@types/nodegit": "^0.27.10", + "@types/react-highlight": "^0.12.6", + "@types/react-router-dom": "^5.3.3", + "tmp-promise": "^3.0.3" + } + }, + "node_modules/@aashutoshrathi/word-wrap": { "version": "1.2.6", "resolved": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", - "integrity": "sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==" + "integrity": "sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==", + "engines": { + "node": ">=0.10.0" + } }, - "@adobe/css-tools": { + "node_modules/@adobe/css-tools": { "version": "4.3.1", "resolved": "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.3.1.tgz", "integrity": "sha512-/62yikz7NLScCGAAST5SHdnjaDJQBDq0M2muyRTpf2VQhw6StBg2ALiu73zSJQ4fMVLA+0uBhBHAle7Wg+2kSg==" }, - "@alloc/quick-lru": { + "node_modules/@alloc/quick-lru": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", - "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==" + "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "@ampproject/remapping": { + "node_modules/@ampproject/remapping": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.1.tgz", "integrity": "sha512-lFMjJTrFL3j7L9yBxwYfCq2k6qqwHyzuUl/XBnif78PWTJYyL/dfowQHWE3sp6U6ZzqWiiIZnpTMO96zhkjwtg==", - "requires": { + "dependencies": { "@jridgewell/gen-mapping": "^0.3.0", "@jridgewell/trace-mapping": "^0.3.9" + }, + "engines": { + "node": ">=6.0.0" } }, - "@apideck/better-ajv-errors": { + "node_modules/@apideck/better-ajv-errors": { "version": "0.3.6", "resolved": "https://registry.npmjs.org/@apideck/better-ajv-errors/-/better-ajv-errors-0.3.6.tgz", "integrity": "sha512-P+ZygBLZtkp0qqOAJJVX4oX/sFo5JR3eBWwwuqHHhK0GIgQOKWrAfiAaWX0aArHkRWHMuggFEgAZNxVPwPZYaA==", - "requires": { + "dependencies": { "json-schema": "^0.4.0", "jsonpointer": "^5.0.0", "leven": "^3.1.0" + }, + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "ajv": ">=8" } }, - "@asciidoctor/core": { + "node_modules/@asciidoctor/core": { "version": "2.2.6", "resolved": "https://registry.npmjs.org/@asciidoctor/core/-/core-2.2.6.tgz", "integrity": "sha512-TmB2K5UfpDpSbCNBBntXzKHcAk2EA3/P68jmWvmJvglVUdkO9V6kTAuXVe12+h6C4GK0ndwuCrHHtEVcL5t6pQ==", - "requires": { + "dependencies": { "asciidoctor-opal-runtime": "0.3.3", "unxhr": "1.0.1" + }, + "engines": { + "node": ">=8.11", + "npm": ">=5.0.0", + "yarn": ">=1.1.0" } }, - "@babel/code-frame": { + "node_modules/@axosoft/nan": { + "version": "2.18.0-gk.2", + "resolved": "https://registry.npmjs.org/@axosoft/nan/-/nan-2.18.0-gk.2.tgz", + "integrity": "sha512-R85blIk4tODD/tIQ1nezCs4O6RhWzPqB1Ls79fBEfUtZ9Zgq5s2c5mPGmWiS2+wAXaw2YgRhsBfqLFURH9mcPw==" + }, + "node_modules/@babel/code-frame": { "version": "7.22.13", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", - "requires": { + "dependencies": { "@babel/highlight": "^7.22.13", "chalk": "^2.4.2" }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/code-frame/node_modules/ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==" - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "requires": { - "has-flag": "^3.0.0" - } - } + "color-convert": "^1.9.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/code-frame/node_modules/chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dependencies": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/code-frame/node_modules/color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dependencies": { + "color-name": "1.1.3" + } + }, + "node_modules/@babel/code-frame/node_modules/color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" + }, + "node_modules/@babel/code-frame/node_modules/has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/code-frame/node_modules/supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dependencies": { + "has-flag": "^3.0.0" + }, + "engines": { + "node": ">=4" } }, - "@babel/compat-data": { + "node_modules/@babel/compat-data": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.23.2.tgz", - "integrity": "sha512-0S9TQMmDHlqAZ2ITT95irXKfxN9bncq8ZCoJhun3nHL/lLUxd2NKBJYoNGWH7S0hz6fRQwWlAWn/ILM0C70KZQ==" + "integrity": "sha512-0S9TQMmDHlqAZ2ITT95irXKfxN9bncq8ZCoJhun3nHL/lLUxd2NKBJYoNGWH7S0hz6fRQwWlAWn/ILM0C70KZQ==", + "engines": { + "node": ">=6.9.0" + } }, - "@babel/core": { + "node_modules/@babel/core": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.23.2.tgz", "integrity": "sha512-n7s51eWdaWZ3vGT2tD4T7J6eJs3QoBXydv7vkUM06Bf1cbVD2Kc2UrkzhiQwobfV7NwOnQXYL7UBJ5VPU+RGoQ==", - "requires": { + "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.22.13", "@babel/generator": "^7.23.0", @@ -128,87 +215,119 @@ "json5": "^2.2.3", "semver": "^6.3.1" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=6.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/babel" + } + }, + "node_modules/@babel/core/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "@babel/eslint-parser": { + "node_modules/@babel/eslint-parser": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.22.15.tgz", "integrity": "sha512-yc8OOBIQk1EcRrpizuARSQS0TWAcOMpEJ1aafhNznaeYkeL+OhqnDObGFylB8ka8VFF/sZc+S4RzHyO+3LjQxg==", - "requires": { + "dependencies": { "@nicolo-ribaudo/eslint-scope-5-internals": "5.1.1-v1", "eslint-visitor-keys": "^2.1.0", "semver": "^6.3.1" }, - "dependencies": { - "eslint-visitor-keys": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", - "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==" - }, - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": "^10.13.0 || ^12.13.0 || >=14.0.0" + }, + "peerDependencies": { + "@babel/core": "^7.11.0", + "eslint": "^7.5.0 || ^8.0.0" + } + }, + "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==", + "engines": { + "node": ">=10" + } + }, + "node_modules/@babel/eslint-parser/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "@babel/generator": { + "node_modules/@babel/generator": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", - "requires": { + "dependencies": { "@babel/types": "^7.23.0", "@jridgewell/gen-mapping": "^0.3.2", "@jridgewell/trace-mapping": "^0.3.17", "jsesc": "^2.5.1" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-annotate-as-pure": { + "node_modules/@babel/helper-annotate-as-pure": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.22.5.tgz", "integrity": "sha512-LvBTxu8bQSQkcyKOU+a1btnNFQ1dMAd0R6PyW3arXes06F6QLWLIrd681bxRPIXlrMGR3XYnW9JyML7dP3qgxg==", - "requires": { + "dependencies": { "@babel/types": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-builder-binary-assignment-operator-visitor": { + "node_modules/@babel/helper-builder-binary-assignment-operator-visitor": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.22.15.tgz", "integrity": "sha512-QkBXwGgaoC2GtGZRoma6kv7Szfv06khvhFav67ZExau2RaXzy8MpHSMO2PNoP2XtmQphJQRHFfg77Bq731Yizw==", - "requires": { + "dependencies": { "@babel/types": "^7.22.15" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-compilation-targets": { + "node_modules/@babel/helper-compilation-targets": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.22.15.tgz", "integrity": "sha512-y6EEzULok0Qvz8yyLkCvVX+02ic+By2UdOhylwUOvOn9dvYc9mKICJuuU1n1XBI02YWsNsnrY1kc6DVbjcXbtw==", - "requires": { + "dependencies": { "@babel/compat-data": "^7.22.9", "@babel/helper-validator-option": "^7.22.15", "browserslist": "^4.21.9", "lru-cache": "^5.1.1", "semver": "^6.3.1" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-create-class-features-plugin": { + "node_modules/@babel/helper-compilation-targets/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-create-class-features-plugin": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.22.15.tgz", "integrity": "sha512-jKkwA59IXcvSaiK2UN45kKwSC9o+KuoXsBDvHvU/7BecYIp8GQ2UwrVvFgJASUT+hBnwJx6MhvMCuMzwZZ7jlg==", - "requires": { + "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "@babel/helper-environment-visitor": "^7.22.5", "@babel/helper-function-name": "^7.22.5", @@ -219,581 +338,880 @@ "@babel/helper-split-export-declaration": "^7.22.6", "semver": "^6.3.1" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-create-class-features-plugin/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "@babel/helper-create-regexp-features-plugin": { + "node_modules/@babel/helper-create-regexp-features-plugin": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.22.15.tgz", "integrity": "sha512-29FkPLFjn4TPEa3RE7GpW+qbE8tlsu3jntNYNfcGsc49LphF1PQIiD+vMZ1z1xVOKt+93khA9tc2JBs3kBjA7w==", - "requires": { + "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "regexpu-core": "^5.3.1", "semver": "^6.3.1" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "@babel/helper-define-polyfill-provider": { + "node_modules/@babel/helper-create-regexp-features-plugin/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-define-polyfill-provider": { "version": "0.4.3", "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.4.3.tgz", "integrity": "sha512-WBrLmuPP47n7PNwsZ57pqam6G/RGo1vw/87b0Blc53tZNGZ4x7YvZ6HgQe2vo1W/FR20OgjeZuGXzudPiXHFug==", - "requires": { + "dependencies": { "@babel/helper-compilation-targets": "^7.22.6", "@babel/helper-plugin-utils": "^7.22.5", "debug": "^4.1.1", "lodash.debounce": "^4.0.8", "resolve": "^1.14.2" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" } }, - "@babel/helper-environment-visitor": { + "node_modules/@babel/helper-environment-visitor": { "version": "7.22.20", "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", - "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==" + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==", + "engines": { + "node": ">=6.9.0" + } }, - "@babel/helper-function-name": { + "node_modules/@babel/helper-function-name": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", - "requires": { + "dependencies": { "@babel/template": "^7.22.15", "@babel/types": "^7.23.0" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-hoist-variables": { + "node_modules/@babel/helper-hoist-variables": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", - "requires": { + "dependencies": { "@babel/types": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-member-expression-to-functions": { + "node_modules/@babel/helper-member-expression-to-functions": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.23.0.tgz", "integrity": "sha512-6gfrPwh7OuT6gZyJZvd6WbTfrqAo7vm4xCzAXOusKqq/vWdKXphTpj5klHKNmRUU6/QRGlBsyU9mAIPaWHlqJA==", - "requires": { + "dependencies": { "@babel/types": "^7.23.0" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-module-imports": { + "node_modules/@babel/helper-module-imports": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.22.15.tgz", "integrity": "sha512-0pYVBnDKZO2fnSPCrgM/6WMc7eS20Fbok+0r88fp+YtWVLZrp4CkafFGIp+W0VKw4a22sgebPT99y+FDNMdP4w==", - "requires": { + "dependencies": { "@babel/types": "^7.22.15" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-module-transforms": { + "node_modules/@babel/helper-module-transforms": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.0.tgz", "integrity": "sha512-WhDWw1tdrlT0gMgUJSlX0IQvoO1eN279zrAUbVB+KpV2c3Tylz8+GnKOLllCS6Z/iZQEyVYxhZVUdPTqs2YYPw==", - "requires": { + "dependencies": { "@babel/helper-environment-visitor": "^7.22.20", "@babel/helper-module-imports": "^7.22.15", "@babel/helper-simple-access": "^7.22.5", "@babel/helper-split-export-declaration": "^7.22.6", "@babel/helper-validator-identifier": "^7.22.20" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "@babel/helper-optimise-call-expression": { + "node_modules/@babel/helper-optimise-call-expression": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.22.5.tgz", "integrity": "sha512-HBwaojN0xFRx4yIvpwGqxiV2tUfl7401jlok564NgB9EHS1y6QT17FmKWm4ztqjeVdXLuC4fSvHc5ePpQjoTbw==", - "requires": { + "dependencies": { "@babel/types": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-plugin-utils": { + "node_modules/@babel/helper-plugin-utils": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.22.5.tgz", - "integrity": "sha512-uLls06UVKgFG9QD4OeFYLEGteMIAa5kpTPcFL28yuCIIzsf6ZyKZMllKVOCZFhiZ5ptnwX4mtKdWCBE/uT4amg==" + "integrity": "sha512-uLls06UVKgFG9QD4OeFYLEGteMIAa5kpTPcFL28yuCIIzsf6ZyKZMllKVOCZFhiZ5ptnwX4mtKdWCBE/uT4amg==", + "engines": { + "node": ">=6.9.0" + } }, - "@babel/helper-remap-async-to-generator": { + "node_modules/@babel/helper-remap-async-to-generator": { "version": "7.22.20", "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.22.20.tgz", "integrity": "sha512-pBGyV4uBqOns+0UvhsTO8qgl8hO89PmiDYv+/COyp1aeMcmfrfruz+/nCMFiYyFF/Knn0yfrC85ZzNFjembFTw==", - "requires": { + "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "@babel/helper-environment-visitor": "^7.22.20", "@babel/helper-wrap-function": "^7.22.20" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "@babel/helper-replace-supers": { + "node_modules/@babel/helper-replace-supers": { "version": "7.22.20", "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.22.20.tgz", "integrity": "sha512-qsW0In3dbwQUbK8kejJ4R7IHVGwHJlV6lpG6UA7a9hSa2YEiAib+N1T2kr6PEeUT+Fl7najmSOS6SmAwCHK6Tw==", - "requires": { + "dependencies": { "@babel/helper-environment-visitor": "^7.22.20", "@babel/helper-member-expression-to-functions": "^7.22.15", "@babel/helper-optimise-call-expression": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "@babel/helper-simple-access": { + "node_modules/@babel/helper-simple-access": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", "integrity": "sha512-n0H99E/K+Bika3++WNL17POvo4rKWZ7lZEp1Q+fStVbUi8nxPQEBOlTmCOxW/0JsS56SKKQ+ojAe2pHKJHN35w==", - "requires": { + "dependencies": { "@babel/types": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-skip-transparent-expression-wrappers": { + "node_modules/@babel/helper-skip-transparent-expression-wrappers": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.22.5.tgz", "integrity": "sha512-tK14r66JZKiC43p8Ki33yLBVJKlQDFoA8GYN67lWCDCqoL6EMMSuM9b+Iff2jHaM/RRFYl7K+iiru7hbRqNx8Q==", - "requires": { + "dependencies": { "@babel/types": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-split-export-declaration": { + "node_modules/@babel/helper-split-export-declaration": { "version": "7.22.6", "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", - "requires": { + "dependencies": { "@babel/types": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helper-string-parser": { + "node_modules/@babel/helper-string-parser": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", - "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==" + "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==", + "engines": { + "node": ">=6.9.0" + } }, - "@babel/helper-validator-identifier": { + "node_modules/@babel/helper-validator-identifier": { "version": "7.22.20", "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", - "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==" + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", + "engines": { + "node": ">=6.9.0" + } }, - "@babel/helper-validator-option": { + "node_modules/@babel/helper-validator-option": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.22.15.tgz", - "integrity": "sha512-bMn7RmyFjY/mdECUbgn9eoSY4vqvacUnS9i9vGAGttgFWesO6B4CYWA7XlpbWgBt71iv/hfbPlynohStqnu5hA==" + "integrity": "sha512-bMn7RmyFjY/mdECUbgn9eoSY4vqvacUnS9i9vGAGttgFWesO6B4CYWA7XlpbWgBt71iv/hfbPlynohStqnu5hA==", + "engines": { + "node": ">=6.9.0" + } }, - "@babel/helper-wrap-function": { + "node_modules/@babel/helper-wrap-function": { "version": "7.22.20", "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.22.20.tgz", "integrity": "sha512-pms/UwkOpnQe/PDAEdV/d7dVCoBbB+R4FvYoHGZz+4VPcg7RtYy2KP7S2lbuWM6FCSgob5wshfGESbC/hzNXZw==", - "requires": { + "dependencies": { "@babel/helper-function-name": "^7.22.5", "@babel/template": "^7.22.15", "@babel/types": "^7.22.19" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/helpers": { + "node_modules/@babel/helpers": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.23.2.tgz", "integrity": "sha512-lzchcp8SjTSVe/fPmLwtWVBFC7+Tbn8LGHDVfDp9JGxpAY5opSaEFgt8UQvrnECWOTdji2mOWMz1rOhkHscmGQ==", - "requires": { + "dependencies": { "@babel/template": "^7.22.15", "@babel/traverse": "^7.23.2", "@babel/types": "^7.23.0" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/highlight": { + "node_modules/@babel/highlight": { "version": "7.22.20", "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", - "requires": { + "dependencies": { "@babel/helper-validator-identifier": "^7.22.20", "chalk": "^2.4.2", "js-tokens": "^4.0.0" }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/highlight/node_modules/ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==" - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "requires": { - "has-flag": "^3.0.0" - } - } + "color-convert": "^1.9.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dependencies": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dependencies": { + "color-name": "1.1.3" + } + }, + "node_modules/@babel/highlight/node_modules/color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" + }, + "node_modules/@babel/highlight/node_modules/has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dependencies": { + "has-flag": "^3.0.0" + }, + "engines": { + "node": ">=4" } }, - "@babel/parser": { + "node_modules/@babel/parser": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", - "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==" + "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==", + "bin": { + "parser": "bin/babel-parser.js" + }, + "engines": { + "node": ">=6.0.0" + } }, - "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": { + "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.22.15.tgz", "integrity": "sha512-FB9iYlz7rURmRJyXRKEnalYPPdn87H5no108cyuQQyMwlpJ2SJtpIUBI27kdTin956pz+LPypkPVPUTlxOmrsg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": { + "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.22.15.tgz", "integrity": "sha512-Hyph9LseGvAeeXzikV88bczhsrLrIZqDPxO+sSmAunMPaGrBGhfMWzCPYTtiW9t+HzSE2wtV8e5cc5P6r1xMDQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5", "@babel/plugin-transform-optional-chaining": "^7.22.15" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.13.0" } }, - "@babel/plugin-proposal-class-properties": { + "node_modules/@babel/plugin-proposal-class-properties": { "version": "7.18.6", "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-class-properties/-/plugin-proposal-class-properties-7.18.6.tgz", "integrity": "sha512-cumfXOF0+nzZrrN8Rf0t7M+tF6sZc7vhQwYQck9q1/5w2OExlD+b4v4RpMJFaV1Z7WcDRgO6FqvxqxGlwo+RHQ==", - "requires": { + "deprecated": "This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.", + "dependencies": { "@babel/helper-create-class-features-plugin": "^7.18.6", "@babel/helper-plugin-utils": "^7.18.6" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-proposal-decorators": { + "node_modules/@babel/plugin-proposal-decorators": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.23.2.tgz", "integrity": "sha512-eR0gJQc830fJVGz37oKLvt9W9uUIQSAovUl0e9sJ3YeO09dlcoBVYD3CLrjCj4qHdXmfiyTyFt8yeQYSN5fxLg==", - "requires": { + "dependencies": { "@babel/helper-create-class-features-plugin": "^7.22.15", "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-replace-supers": "^7.22.20", "@babel/helper-split-export-declaration": "^7.22.6", "@babel/plugin-syntax-decorators": "^7.22.10" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-proposal-nullish-coalescing-operator": { + "node_modules/@babel/plugin-proposal-nullish-coalescing-operator": { "version": "7.18.6", "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-nullish-coalescing-operator/-/plugin-proposal-nullish-coalescing-operator-7.18.6.tgz", "integrity": "sha512-wQxQzxYeJqHcfppzBDnm1yAY0jSRkUXR2z8RePZYrKwMKgMlE8+Z6LUno+bd6LvbGh8Gltvy74+9pIYkr+XkKA==", - "requires": { + "deprecated": "This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.", + "dependencies": { "@babel/helper-plugin-utils": "^7.18.6", "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-proposal-numeric-separator": { + "node_modules/@babel/plugin-proposal-numeric-separator": { "version": "7.18.6", "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-numeric-separator/-/plugin-proposal-numeric-separator-7.18.6.tgz", "integrity": "sha512-ozlZFogPqoLm8WBr5Z8UckIoE4YQ5KESVcNudyXOR8uqIkliTEgJ3RoketfG6pmzLdeZF0H/wjE9/cCEitBl7Q==", - "requires": { + "deprecated": "This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.", + "dependencies": { "@babel/helper-plugin-utils": "^7.18.6", "@babel/plugin-syntax-numeric-separator": "^7.10.4" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-proposal-optional-chaining": { + "node_modules/@babel/plugin-proposal-optional-chaining": { "version": "7.21.0", "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-optional-chaining/-/plugin-proposal-optional-chaining-7.21.0.tgz", "integrity": "sha512-p4zeefM72gpmEe2fkUr/OnOXpWEf8nAgk7ZYVqqfFiyIG7oFfVZcCrU64hWn5xp4tQ9LkV4bTIa5rD0KANpKNA==", - "requires": { + "deprecated": "This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.", + "dependencies": { "@babel/helper-plugin-utils": "^7.20.2", "@babel/helper-skip-transparent-expression-wrappers": "^7.20.0", "@babel/plugin-syntax-optional-chaining": "^7.8.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-proposal-private-methods": { + "node_modules/@babel/plugin-proposal-private-methods": { "version": "7.18.6", "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-methods/-/plugin-proposal-private-methods-7.18.6.tgz", "integrity": "sha512-nutsvktDItsNn4rpGItSNV2sz1XwS+nfU0Rg8aCx3W3NOKVzdMjJRu0O5OkgDp3ZGICSTbgRpxZoWsxoKRvbeA==", - "requires": { + "deprecated": "This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.", + "dependencies": { "@babel/helper-create-class-features-plugin": "^7.18.6", "@babel/helper-plugin-utils": "^7.18.6" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-proposal-private-property-in-object": { + "node_modules/@babel/plugin-proposal-private-property-in-object": { "version": "7.21.0-placeholder-for-preset-env.2", "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz", - "integrity": "sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w==" + "integrity": "sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w==", + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } }, - "@babel/plugin-syntax-async-generators": { + "node_modules/@babel/plugin-syntax-async-generators": { "version": "7.8.4", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", "integrity": "sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-bigint": { + "node_modules/@babel/plugin-syntax-bigint": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", "integrity": "sha512-wnTnFlG+YxQm3vDxpGE57Pj0srRU4sHE/mDkt1qv2YJJSeUAec2ma4WLUnUPeKjyrfntVwe/N6dCXpU+zL3Npg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-class-properties": { + "node_modules/@babel/plugin-syntax-class-properties": { "version": "7.12.13", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", "integrity": "sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.12.13" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-class-static-block": { + "node_modules/@babel/plugin-syntax-class-static-block": { "version": "7.14.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-static-block/-/plugin-syntax-class-static-block-7.14.5.tgz", "integrity": "sha512-b+YyPmr6ldyNnM6sqYeMWE+bgJcJpO6yS4QD7ymxgH34GBPNDM/THBh8iunyvKIZztiwLH4CJZ0RxTk9emgpjw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-decorators": { + "node_modules/@babel/plugin-syntax-decorators": { "version": "7.22.10", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.22.10.tgz", "integrity": "sha512-z1KTVemBjnz+kSEilAsI4lbkPOl5TvJH7YDSY1CTIzvLWJ+KHXp+mRe8VPmfnyvqOPqar1V2gid2PleKzRUstQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-dynamic-import": { + "node_modules/@babel/plugin-syntax-dynamic-import": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz", "integrity": "sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-export-namespace-from": { + "node_modules/@babel/plugin-syntax-export-namespace-from": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-export-namespace-from/-/plugin-syntax-export-namespace-from-7.8.3.tgz", "integrity": "sha512-MXf5laXo6c1IbEbegDmzGPwGNTsHZmEy6QGznu5Sh2UCWvueywb2ee+CCE4zQiZstxU9BMoQO9i6zUFSY0Kj0Q==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.3" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-flow": { + "node_modules/@babel/plugin-syntax-flow": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-flow/-/plugin-syntax-flow-7.22.5.tgz", "integrity": "sha512-9RdCl0i+q0QExayk2nOS7853w08yLucnnPML6EN9S8fgMPVtdLDCdx/cOQ/i44Lb9UeQX9A35yaqBBOMMZxPxQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-import-assertions": { + "node_modules/@babel/plugin-syntax-import-assertions": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.22.5.tgz", "integrity": "sha512-rdV97N7KqsRzeNGoWUOK6yUsWarLjE5Su/Snk9IYPU9CwkWHs4t+rTGOvffTR8XGkJMTAdLfO0xVnXm8wugIJg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-import-attributes": { + "node_modules/@babel/plugin-syntax-import-attributes": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.22.5.tgz", "integrity": "sha512-KwvoWDeNKPETmozyFE0P2rOLqh39EoQHNjqizrI5B8Vt0ZNS7M56s7dAiAqbYfiAYOuIzIh96z3iR2ktgu3tEg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-import-meta": { + "node_modules/@babel/plugin-syntax-import-meta": { "version": "7.10.4", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", "integrity": "sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.10.4" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-json-strings": { + "node_modules/@babel/plugin-syntax-json-strings": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", "integrity": "sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-jsx": { + "node_modules/@babel/plugin-syntax-jsx": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.22.5.tgz", "integrity": "sha512-gvyP4hZrgrs/wWMaocvxZ44Hw0b3W8Pe+cMxc8V1ULQ07oh8VNbIRaoD1LRZVTvD+0nieDKjfgKg89sD7rrKrg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-logical-assignment-operators": { + "node_modules/@babel/plugin-syntax-logical-assignment-operators": { "version": "7.10.4", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", "integrity": "sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.10.4" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-nullish-coalescing-operator": { + "node_modules/@babel/plugin-syntax-nullish-coalescing-operator": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", "integrity": "sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-numeric-separator": { + "node_modules/@babel/plugin-syntax-numeric-separator": { "version": "7.10.4", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", "integrity": "sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.10.4" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-object-rest-spread": { + "node_modules/@babel/plugin-syntax-object-rest-spread": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", "integrity": "sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-optional-catch-binding": { + "node_modules/@babel/plugin-syntax-optional-catch-binding": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", "integrity": "sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-optional-chaining": { + "node_modules/@babel/plugin-syntax-optional-chaining": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", "integrity": "sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-private-property-in-object": { + "node_modules/@babel/plugin-syntax-private-property-in-object": { "version": "7.14.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-private-property-in-object/-/plugin-syntax-private-property-in-object-7.14.5.tgz", "integrity": "sha512-0wVnp9dxJ72ZUJDV27ZfbSj6iHLoytYZmh3rFcxNnvsJF3ktkzLDZPy/mA17HGsaQT3/DQsWYX1f1QGWkCoVUg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-top-level-await": { + "node_modules/@babel/plugin-syntax-top-level-await": { "version": "7.14.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", "integrity": "sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-typescript": { + "node_modules/@babel/plugin-syntax-typescript": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.22.5.tgz", "integrity": "sha512-1mS2o03i7t1c6VzH6fdQ3OA8tcEIxwG18zIPRp+UY1Ihv6W+XZzBCVxExF9upussPXJ0xE9XRHwMoNs1ep/nRQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-syntax-unicode-sets-regex": { + "node_modules/@babel/plugin-syntax-unicode-sets-regex": { "version": "7.18.6", "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz", "integrity": "sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg==", - "requires": { + "dependencies": { "@babel/helper-create-regexp-features-plugin": "^7.18.6", "@babel/helper-plugin-utils": "^7.18.6" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "@babel/plugin-transform-arrow-functions": { + "node_modules/@babel/plugin-transform-arrow-functions": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.22.5.tgz", "integrity": "sha512-26lTNXoVRdAnsaDXPpvCNUq+OVWEVC6bx7Vvz9rC53F2bagUWW4u4ii2+h8Fejfh7RYqPxn+libeFBBck9muEw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-async-generator-functions": { + "node_modules/@babel/plugin-transform-async-generator-functions": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.23.2.tgz", "integrity": "sha512-BBYVGxbDVHfoeXbOwcagAkOQAm9NxoTdMGfTqghu1GrvadSaw6iW3Je6IcL5PNOw8VwjxqBECXy50/iCQSY/lQ==", - "requires": { + "dependencies": { "@babel/helper-environment-visitor": "^7.22.20", "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-remap-async-to-generator": "^7.22.20", "@babel/plugin-syntax-async-generators": "^7.8.4" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-async-to-generator": { + "node_modules/@babel/plugin-transform-async-to-generator": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.22.5.tgz", "integrity": "sha512-b1A8D8ZzE/VhNDoV1MSJTnpKkCG5bJo+19R4o4oy03zM7ws8yEMK755j61Dc3EyvdysbqH5BOOTquJ7ZX9C6vQ==", - "requires": { + "dependencies": { "@babel/helper-module-imports": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-remap-async-to-generator": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-block-scoped-functions": { + "node_modules/@babel/plugin-transform-block-scoped-functions": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.22.5.tgz", "integrity": "sha512-tdXZ2UdknEKQWKJP1KMNmuF5Lx3MymtMN/pvA+p/VEkhK8jVcQ1fzSy8KM9qRYhAf2/lV33hoMPKI/xaI9sADA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-block-scoping": { + "node_modules/@babel/plugin-transform-block-scoping": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.23.0.tgz", "integrity": "sha512-cOsrbmIOXmf+5YbL99/S49Y3j46k/T16b9ml8bm9lP6N9US5iQ2yBK7gpui1pg0V/WMcXdkfKbTb7HXq9u+v4g==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-class-properties": { + "node_modules/@babel/plugin-transform-class-properties": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.22.5.tgz", "integrity": "sha512-nDkQ0NfkOhPTq8YCLiWNxp1+f9fCobEjCb0n8WdbNUBc4IB5V7P1QnX9IjpSoquKrXF5SKojHleVNs2vGeHCHQ==", - "requires": { + "dependencies": { "@babel/helper-create-class-features-plugin": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-class-static-block": { + "node_modules/@babel/plugin-transform-class-static-block": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.22.11.tgz", "integrity": "sha512-GMM8gGmqI7guS/llMFk1bJDkKfn3v3C4KHK9Yg1ey5qcHcOlKb0QvcMrgzvxo+T03/4szNh5lghY+fEC98Kq9g==", - "requires": { + "dependencies": { "@babel/helper-create-class-features-plugin": "^7.22.11", "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-class-static-block": "^7.14.5" - } + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.12.0" + } }, - "@babel/plugin-transform-classes": { + "node_modules/@babel/plugin-transform-classes": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.22.15.tgz", "integrity": "sha512-VbbC3PGjBdE0wAWDdHM9G8Gm977pnYI0XpqMd6LrKISj8/DJXEsWqgRuTYaNE9Bv0JGhTZUzHDlMk18IpOuoqw==", - "requires": { + "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "@babel/helper-compilation-targets": "^7.22.15", "@babel/helper-environment-visitor": "^7.22.5", @@ -803,347 +1221,575 @@ "@babel/helper-replace-supers": "^7.22.9", "@babel/helper-split-export-declaration": "^7.22.6", "globals": "^11.1.0" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-computed-properties": { + "node_modules/@babel/plugin-transform-computed-properties": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.22.5.tgz", "integrity": "sha512-4GHWBgRf0krxPX+AaPtgBAlTgTeZmqDynokHOX7aqqAB4tHs3U2Y02zH6ETFdLZGcg9UQSD1WCmkVrE9ErHeOg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/template": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-destructuring": { + "node_modules/@babel/plugin-transform-destructuring": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.23.0.tgz", "integrity": "sha512-vaMdgNXFkYrB+8lbgniSYWHsgqK5gjaMNcc84bMIOMRLH0L9AqYq3hwMdvnyqj1OPqea8UtjPEuS/DCenah1wg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-dotall-regex": { + "node_modules/@babel/plugin-transform-dotall-regex": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.22.5.tgz", "integrity": "sha512-5/Yk9QxCQCl+sOIB1WelKnVRxTJDSAIxtJLL2/pqL14ZVlbH0fUQUZa/T5/UnQtBNgghR7mfB8ERBKyKPCi7Vw==", - "requires": { + "dependencies": { "@babel/helper-create-regexp-features-plugin": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-duplicate-keys": { + "node_modules/@babel/plugin-transform-duplicate-keys": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.22.5.tgz", "integrity": "sha512-dEnYD+9BBgld5VBXHnF/DbYGp3fqGMsyxKbtD1mDyIA7AkTSpKXFhCVuj/oQVOoALfBs77DudA0BE4d5mcpmqw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-dynamic-import": { + "node_modules/@babel/plugin-transform-dynamic-import": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.22.11.tgz", "integrity": "sha512-g/21plo58sfteWjaO0ZNVb+uEOkJNjAaHhbejrnBmu011l/eNDScmkbjCC3l4FKb10ViaGU4aOkFznSu2zRHgA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-dynamic-import": "^7.8.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-exponentiation-operator": { + "node_modules/@babel/plugin-transform-exponentiation-operator": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.22.5.tgz", "integrity": "sha512-vIpJFNM/FjZ4rh1myqIya9jXwrwwgFRHPjT3DkUA9ZLHuzox8jiXkOLvwm1H+PQIP3CqfC++WPKeuDi0Sjdj1g==", - "requires": { + "dependencies": { "@babel/helper-builder-binary-assignment-operator-visitor": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-export-namespace-from": { + "node_modules/@babel/plugin-transform-export-namespace-from": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.22.11.tgz", "integrity": "sha512-xa7aad7q7OiT8oNZ1mU7NrISjlSkVdMbNxn9IuLZyL9AJEhs1Apba3I+u5riX1dIkdptP5EKDG5XDPByWxtehw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-export-namespace-from": "^7.8.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-flow-strip-types": { + "node_modules/@babel/plugin-transform-flow-strip-types": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-flow-strip-types/-/plugin-transform-flow-strip-types-7.22.5.tgz", "integrity": "sha512-tujNbZdxdG0/54g/oua8ISToaXTFBf8EnSb5PgQSciIXWOWKX3S4+JR7ZE9ol8FZwf9kxitzkGQ+QWeov/mCiA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-flow": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-for-of": { + "node_modules/@babel/plugin-transform-for-of": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.22.15.tgz", "integrity": "sha512-me6VGeHsx30+xh9fbDLLPi0J1HzmeIIyenoOQHuw2D4m2SAU3NrspX5XxJLBpqn5yrLzrlw2Iy3RA//Bx27iOA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-function-name": { + "node_modules/@babel/plugin-transform-function-name": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.22.5.tgz", "integrity": "sha512-UIzQNMS0p0HHiQm3oelztj+ECwFnj+ZRV4KnguvlsD2of1whUeM6o7wGNj6oLwcDoAXQ8gEqfgC24D+VdIcevg==", - "requires": { + "dependencies": { "@babel/helper-compilation-targets": "^7.22.5", "@babel/helper-function-name": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-json-strings": { + "node_modules/@babel/plugin-transform-json-strings": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.22.11.tgz", "integrity": "sha512-CxT5tCqpA9/jXFlme9xIBCc5RPtdDq3JpkkhgHQqtDdiTnTI0jtZ0QzXhr5DILeYifDPp2wvY2ad+7+hLMW5Pw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-json-strings": "^7.8.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-literals": { + "node_modules/@babel/plugin-transform-literals": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.22.5.tgz", "integrity": "sha512-fTLj4D79M+mepcw3dgFBTIDYpbcB9Sm0bpm4ppXPaO+U+PKFFyV9MGRvS0gvGw62sd10kT5lRMKXAADb9pWy8g==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-logical-assignment-operators": { + "node_modules/@babel/plugin-transform-logical-assignment-operators": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.22.11.tgz", "integrity": "sha512-qQwRTP4+6xFCDV5k7gZBF3C31K34ut0tbEcTKxlX/0KXxm9GLcO14p570aWxFvVzx6QAfPgq7gaeIHXJC8LswQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-member-expression-literals": { + "node_modules/@babel/plugin-transform-member-expression-literals": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.22.5.tgz", "integrity": "sha512-RZEdkNtzzYCFl9SE9ATaUMTj2hqMb4StarOJLrZRbqqU4HSBE7UlBw9WBWQiDzrJZJdUWiMTVDI6Gv/8DPvfew==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-modules-amd": { + "node_modules/@babel/plugin-transform-modules-amd": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.23.0.tgz", "integrity": "sha512-xWT5gefv2HGSm4QHtgc1sYPbseOyf+FFDo2JbpE25GWl5BqTGO9IMwTYJRoIdjsF85GE+VegHxSCUt5EvoYTAw==", - "requires": { + "dependencies": { "@babel/helper-module-transforms": "^7.23.0", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-modules-commonjs": { + "node_modules/@babel/plugin-transform-modules-commonjs": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.23.0.tgz", "integrity": "sha512-32Xzss14/UVc7k9g775yMIvkVK8xwKE0DPdP5JTapr3+Z9w4tzeOuLNY6BXDQR6BdnzIlXnCGAzsk/ICHBLVWQ==", - "requires": { + "dependencies": { "@babel/helper-module-transforms": "^7.23.0", "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-simple-access": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-modules-systemjs": { + "node_modules/@babel/plugin-transform-modules-systemjs": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.23.0.tgz", "integrity": "sha512-qBej6ctXZD2f+DhlOC9yO47yEYgUh5CZNz/aBoH4j/3NOlRfJXJbY7xDQCqQVf9KbrqGzIWER1f23doHGrIHFg==", - "requires": { + "dependencies": { "@babel/helper-hoist-variables": "^7.22.5", "@babel/helper-module-transforms": "^7.23.0", "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-validator-identifier": "^7.22.20" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-modules-umd": { + "node_modules/@babel/plugin-transform-modules-umd": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.22.5.tgz", "integrity": "sha512-+S6kzefN/E1vkSsKx8kmQuqeQsvCKCd1fraCM7zXm4SFoggI099Tr4G8U81+5gtMdUeMQ4ipdQffbKLX0/7dBQ==", - "requires": { + "dependencies": { "@babel/helper-module-transforms": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-named-capturing-groups-regex": { + "node_modules/@babel/plugin-transform-named-capturing-groups-regex": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.22.5.tgz", "integrity": "sha512-YgLLKmS3aUBhHaxp5hi1WJTgOUb/NCuDHzGT9z9WTt3YG+CPRhJs6nprbStx6DnWM4dh6gt7SU3sZodbZ08adQ==", - "requires": { + "dependencies": { "@babel/helper-create-regexp-features-plugin": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "@babel/plugin-transform-new-target": { + "node_modules/@babel/plugin-transform-new-target": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.22.5.tgz", "integrity": "sha512-AsF7K0Fx/cNKVyk3a+DW0JLo+Ua598/NxMRvxDnkpCIGFh43+h/v2xyhRUYf6oD8gE4QtL83C7zZVghMjHd+iw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-nullish-coalescing-operator": { + "node_modules/@babel/plugin-transform-nullish-coalescing-operator": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.22.11.tgz", "integrity": "sha512-YZWOw4HxXrotb5xsjMJUDlLgcDXSfO9eCmdl1bgW4+/lAGdkjaEvOnQ4p5WKKdUgSzO39dgPl0pTnfxm0OAXcg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-numeric-separator": { + "node_modules/@babel/plugin-transform-numeric-separator": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.22.11.tgz", "integrity": "sha512-3dzU4QGPsILdJbASKhF/V2TVP+gJya1PsueQCxIPCEcerqF21oEcrob4mzjsp2Py/1nLfF5m+xYNMDpmA8vffg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-numeric-separator": "^7.10.4" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-object-rest-spread": { + "node_modules/@babel/plugin-transform-object-rest-spread": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.22.15.tgz", "integrity": "sha512-fEB+I1+gAmfAyxZcX1+ZUwLeAuuf8VIg67CTznZE0MqVFumWkh8xWtn58I4dxdVf080wn7gzWoF8vndOViJe9Q==", - "requires": { + "dependencies": { "@babel/compat-data": "^7.22.9", "@babel/helper-compilation-targets": "^7.22.15", "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-object-rest-spread": "^7.8.3", "@babel/plugin-transform-parameters": "^7.22.15" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-object-super": { + "node_modules/@babel/plugin-transform-object-super": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.22.5.tgz", "integrity": "sha512-klXqyaT9trSjIUrcsYIfETAzmOEZL3cBYqOYLJxBHfMFFggmXOv+NYSX/Jbs9mzMVESw/WycLFPRx8ba/b2Ipw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-replace-supers": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-optional-catch-binding": { + "node_modules/@babel/plugin-transform-optional-catch-binding": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.22.11.tgz", "integrity": "sha512-rli0WxesXUeCJnMYhzAglEjLWVDF6ahb45HuprcmQuLidBJFWjNnOzssk2kuc6e33FlLaiZhG/kUIzUMWdBKaQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-optional-catch-binding": "^7.8.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-optional-chaining": { + "node_modules/@babel/plugin-transform-optional-chaining": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.23.0.tgz", "integrity": "sha512-sBBGXbLJjxTzLBF5rFWaikMnOGOk/BmK6vVByIdEggZ7Vn6CvWXZyRkkLFK6WE0IF8jSliyOkUN6SScFgzCM0g==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5", "@babel/plugin-syntax-optional-chaining": "^7.8.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-parameters": { + "node_modules/@babel/plugin-transform-parameters": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.22.15.tgz", "integrity": "sha512-hjk7qKIqhyzhhUvRT683TYQOFa/4cQKwQy7ALvTpODswN40MljzNDa0YldevS6tGbxwaEKVn502JmY0dP7qEtQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-private-methods": { + "node_modules/@babel/plugin-transform-private-methods": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.22.5.tgz", "integrity": "sha512-PPjh4gyrQnGe97JTalgRGMuU4icsZFnWkzicB/fUtzlKUqvsWBKEpPPfr5a2JiyirZkHxnAqkQMO5Z5B2kK3fA==", - "requires": { + "dependencies": { "@babel/helper-create-class-features-plugin": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-private-property-in-object": { + "node_modules/@babel/plugin-transform-private-property-in-object": { "version": "7.22.11", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.22.11.tgz", "integrity": "sha512-sSCbqZDBKHetvjSwpyWzhuHkmW5RummxJBVbYLkGkaiTOWGxml7SXt0iWa03bzxFIx7wOj3g/ILRd0RcJKBeSQ==", - "requires": { + "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "@babel/helper-create-class-features-plugin": "^7.22.11", "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-private-property-in-object": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-property-literals": { + "node_modules/@babel/plugin-transform-property-literals": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.22.5.tgz", "integrity": "sha512-TiOArgddK3mK/x1Qwf5hay2pxI6wCZnvQqrFSqbtg1GLl2JcNMitVH/YnqjP+M31pLUeTfzY1HAXFDnUBV30rQ==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-react-constant-elements": { + "node_modules/@babel/plugin-transform-react-constant-elements": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.22.5.tgz", "integrity": "sha512-BF5SXoO+nX3h5OhlN78XbbDrBOffv+AxPP2ENaJOVqjWCgBDeOY3WcaUcddutGSfoap+5NEQ/q/4I3WZIvgkXA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-react-display-name": { + "node_modules/@babel/plugin-transform-react-display-name": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.22.5.tgz", "integrity": "sha512-PVk3WPYudRF5z4GKMEYUrLjPl38fJSKNaEOkFuoprioowGuWN6w2RKznuFNSlJx7pzzXXStPUnNSOEO0jL5EVw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-react-jsx": { + "node_modules/@babel/plugin-transform-react-jsx": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.22.15.tgz", "integrity": "sha512-oKckg2eZFa8771O/5vi7XeTvmM6+O9cxZu+kanTU7tD4sin5nO/G8jGJhq8Hvt2Z0kUoEDRayuZLaUlYl8QuGA==", - "requires": { + "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "@babel/helper-module-imports": "^7.22.15", "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-jsx": "^7.22.5", "@babel/types": "^7.22.15" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-react-jsx-development": { + "node_modules/@babel/plugin-transform-react-jsx-development": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.22.5.tgz", "integrity": "sha512-bDhuzwWMuInwCYeDeMzyi7TaBgRQei6DqxhbyniL7/VG4RSS7HtSL2QbY4eESy1KJqlWt8g3xeEBGPuo+XqC8A==", - "requires": { + "dependencies": { "@babel/plugin-transform-react-jsx": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-react-pure-annotations": { + "node_modules/@babel/plugin-transform-react-pure-annotations": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.22.5.tgz", "integrity": "sha512-gP4k85wx09q+brArVinTXhWiyzLl9UpmGva0+mWyKxk6JZequ05x3eUcIUE+FyttPKJFRRVtAvQaJ6YF9h1ZpA==", - "requires": { + "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-regenerator": { + "node_modules/@babel/plugin-transform-regenerator": { "version": "7.22.10", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.22.10.tgz", "integrity": "sha512-F28b1mDt8KcT5bUyJc/U9nwzw6cV+UmTeRlXYIl2TNqMMJif0Jeey9/RQ3C4NOd2zp0/TRsDns9ttj2L523rsw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "regenerator-transform": "^0.15.2" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-reserved-words": { + "node_modules/@babel/plugin-transform-reserved-words": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.22.5.tgz", "integrity": "sha512-DTtGKFRQUDm8svigJzZHzb/2xatPc6TzNvAIJ5GqOKDsGFYgAskjRulbR/vGsPKq3OPqtexnz327qYpP57RFyA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-runtime": { + "node_modules/@babel/plugin-transform-runtime": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.23.2.tgz", "integrity": "sha512-XOntj6icgzMS58jPVtQpiuF6ZFWxQiJavISGx5KGjRj+3gqZr8+N6Kx+N9BApWzgS+DOjIZfXXj0ZesenOWDyA==", - "requires": { + "dependencies": { "@babel/helper-module-imports": "^7.22.15", "@babel/helper-plugin-utils": "^7.22.5", "babel-plugin-polyfill-corejs2": "^0.4.6", @@ -1151,106 +1797,173 @@ "babel-plugin-polyfill-regenerator": "^0.5.3", "semver": "^6.3.1" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-runtime/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "@babel/plugin-transform-shorthand-properties": { + "node_modules/@babel/plugin-transform-shorthand-properties": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.22.5.tgz", "integrity": "sha512-vM4fq9IXHscXVKzDv5itkO1X52SmdFBFcMIBZ2FRn2nqVYqw6dBexUgMvAjHW+KXpPPViD/Yo3GrDEBaRC0QYA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-spread": { + "node_modules/@babel/plugin-transform-spread": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.22.5.tgz", "integrity": "sha512-5ZzDQIGyvN4w8+dMmpohL6MBo+l2G7tfC/O2Dg7/hjpgeWvUx8FzfeOKxGog9IimPa4YekaQ9PlDqTLOljkcxg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-sticky-regex": { + "node_modules/@babel/plugin-transform-sticky-regex": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.22.5.tgz", "integrity": "sha512-zf7LuNpHG0iEeiyCNwX4j3gDg1jgt1k3ZdXBKbZSoA3BbGQGvMiSvfbZRR3Dr3aeJe3ooWFZxOOG3IRStYp2Bw==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-template-literals": { + "node_modules/@babel/plugin-transform-template-literals": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.22.5.tgz", "integrity": "sha512-5ciOehRNf+EyUeewo8NkbQiUs4d6ZxiHo6BcBcnFlgiJfu16q0bQUw9Jvo0b0gBKFG1SMhDSjeKXSYuJLeFSMA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-typeof-symbol": { + "node_modules/@babel/plugin-transform-typeof-symbol": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.22.5.tgz", "integrity": "sha512-bYkI5lMzL4kPii4HHEEChkD0rkc+nvnlR6+o/qdqR6zrm0Sv/nodmyLhlq2DO0YKLUNd2VePmPRjJXSBh9OIdA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-typescript": { + "node_modules/@babel/plugin-transform-typescript": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.22.15.tgz", "integrity": "sha512-1uirS0TnijxvQLnlv5wQBwOX3E1wCFX7ITv+9pBV2wKEk4K+M5tqDaoNXnTH8tjEIYHLO98MwiTWO04Ggz4XuA==", - "requires": { + "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "@babel/helper-create-class-features-plugin": "^7.22.15", "@babel/helper-plugin-utils": "^7.22.5", "@babel/plugin-syntax-typescript": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-unicode-escapes": { + "node_modules/@babel/plugin-transform-unicode-escapes": { "version": "7.22.10", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.22.10.tgz", "integrity": "sha512-lRfaRKGZCBqDlRU3UIFovdp9c9mEvlylmpod0/OatICsSfuQ9YFthRo1tpTkGsklEefZdqlEFdY4A2dwTb6ohg==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-unicode-property-regex": { + "node_modules/@babel/plugin-transform-unicode-property-regex": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.22.5.tgz", "integrity": "sha512-HCCIb+CbJIAE6sXn5CjFQXMwkCClcOfPCzTlilJ8cUatfzwHlWQkbtV0zD338u9dZskwvuOYTuuaMaA8J5EI5A==", - "requires": { + "dependencies": { "@babel/helper-create-regexp-features-plugin": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-unicode-regex": { + "node_modules/@babel/plugin-transform-unicode-regex": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.22.5.tgz", "integrity": "sha512-028laaOKptN5vHJf9/Arr/HiJekMd41hOEZYvNsrsXqJ7YPYuX2bQxh31fkZzGmq3YqHRJzYFFAVYvKfMPKqyg==", - "requires": { + "dependencies": { "@babel/helper-create-regexp-features-plugin": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/plugin-transform-unicode-sets-regex": { + "node_modules/@babel/plugin-transform-unicode-sets-regex": { "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.22.5.tgz", "integrity": "sha512-lhMfi4FC15j13eKrh3DnYHjpGj6UKQHtNKTbtc1igvAhRy4+kLhV07OpLcsN0VgDEw/MjAvJO4BdMJsHwMhzCg==", - "requires": { + "dependencies": { "@babel/helper-create-regexp-features-plugin": "^7.22.5", "@babel/helper-plugin-utils": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "@babel/preset-env": { + "node_modules/@babel/preset-env": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.23.2.tgz", "integrity": "sha512-BW3gsuDD+rvHL2VO2SjAUNTBe5YrjsTiDyqamPDWY723na3/yPQ65X5oQkFVJZ0o50/2d+svm1rkPoJeR1KxVQ==", - "requires": { + "dependencies": { "@babel/compat-data": "^7.23.2", "@babel/helper-compilation-targets": "^7.22.15", "@babel/helper-plugin-utils": "^7.22.5", @@ -1332,93 +2045,122 @@ "core-js-compat": "^3.31.0", "semver": "^6.3.1" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/preset-env/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "@babel/preset-modules": { + "node_modules/@babel/preset-modules": { "version": "0.1.6-no-external-plugins", "resolved": "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz", "integrity": "sha512-HrcgcIESLm9aIR842yhJ5RWan/gebQUJ6E/E5+rf0y9o6oj7w0Br+sWuL6kEQ/o/AdfvR1Je9jG18/gnpwjEyA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.0.0", "@babel/types": "^7.4.4", "esutils": "^2.0.2" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0 || ^8.0.0-0 <8.0.0" } }, - "@babel/preset-react": { + "node_modules/@babel/preset-react": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.22.15.tgz", "integrity": "sha512-Csy1IJ2uEh/PecCBXXoZGAZBeCATTuePzCSB7dLYWS0vOEj6CNpjxIhW4duWwZodBNueH7QO14WbGn8YyeuN9w==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-validator-option": "^7.22.15", "@babel/plugin-transform-react-display-name": "^7.22.5", "@babel/plugin-transform-react-jsx": "^7.22.15", "@babel/plugin-transform-react-jsx-development": "^7.22.5", "@babel/plugin-transform-react-pure-annotations": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/preset-typescript": { + "node_modules/@babel/preset-typescript": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.23.2.tgz", "integrity": "sha512-u4UJc1XsS1GhIGteM8rnGiIvf9rJpiVgMEeCnwlLA7WJPC+jcXWJAGxYmeqs5hOZD8BbAfnV5ezBOxQbb4OUxA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.22.5", "@babel/helper-validator-option": "^7.22.15", "@babel/plugin-syntax-jsx": "^7.22.5", "@babel/plugin-transform-modules-commonjs": "^7.23.0", "@babel/plugin-transform-typescript": "^7.22.15" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" } }, - "@babel/regjsgen": { + "node_modules/@babel/regjsgen": { "version": "0.8.0", "resolved": "https://registry.npmjs.org/@babel/regjsgen/-/regjsgen-0.8.0.tgz", "integrity": "sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA==" }, - "@babel/runtime": { + "node_modules/@babel/runtime": { "version": "7.16.7", "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.7.tgz", "integrity": "sha512-9E9FJowqAsytyOY6LG+1KuueckRL+aQW+mKvXRXnuFGyRAyepJPmEo9vgMfXUA6O9u3IeEdv9MAkppFcaQwogQ==", - "requires": { + "dependencies": { "regenerator-runtime": "^0.13.4" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/runtime-corejs3": { + "node_modules/@babel/runtime-corejs3": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.23.2.tgz", "integrity": "sha512-54cIh74Z1rp4oIjsHjqN+WM4fMyCBYe+LpZ9jWm51CZ1fbH3SkAzQD/3XLoNkjbJ7YEmjobLXyvQrFypRHOrXw==", - "requires": { + "dependencies": { "core-js-pure": "^3.30.2", "regenerator-runtime": "^0.14.0" }, - "dependencies": { - "regenerator-runtime": { - "version": "0.14.0", - "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.0.tgz", - "integrity": "sha512-srw17NI0TUWHuGa5CFGGmhfNIeja30WMBfbslPNhf6JrqQlLN5gcrvig1oqPxiVaXb0oW0XRKtH6Nngs5lKCIA==" - } + "engines": { + "node": ">=6.9.0" } }, - "@babel/template": { + "node_modules/@babel/runtime-corejs3/node_modules/regenerator-runtime": { + "version": "0.14.0", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.0.tgz", + "integrity": "sha512-srw17NI0TUWHuGa5CFGGmhfNIeja30WMBfbslPNhf6JrqQlLN5gcrvig1oqPxiVaXb0oW0XRKtH6Nngs5lKCIA==" + }, + "node_modules/@babel/template": { "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", - "requires": { + "dependencies": { "@babel/code-frame": "^7.22.13", "@babel/parser": "^7.22.15", "@babel/types": "^7.22.15" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/traverse": { + "node_modules/@babel/traverse": { "version": "7.23.2", "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", - "requires": { + "dependencies": { "@babel/code-frame": "^7.22.13", "@babel/generator": "^7.23.0", "@babel/helper-environment-visitor": "^7.22.20", @@ -1429,204 +2171,369 @@ "@babel/types": "^7.23.0", "debug": "^4.1.0", "globals": "^11.1.0" + }, + "engines": { + "node": ">=6.9.0" } }, - "@babel/types": { + "node_modules/@babel/types": { "version": "7.23.0", "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", - "requires": { + "dependencies": { "@babel/helper-string-parser": "^7.22.5", "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" + }, + "engines": { + "node": ">=6.9.0" } }, - "@bcoe/v8-coverage": { + "node_modules/@bcoe/v8-coverage": { "version": "0.2.3", "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==" }, - "@colors/colors": { + "node_modules/@colors/colors": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", - "integrity": "sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA==" + "integrity": "sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA==", + "engines": { + "node": ">=0.1.90" + } }, - "@cspotcode/source-map-support": { + "node_modules/@cspotcode/source-map-support": { "version": "0.8.1", "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==", - "requires": { + "dependencies": { "@jridgewell/trace-mapping": "0.3.9" }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping": { + "version": "0.3.9", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", "dependencies": { - "@jridgewell/trace-mapping": { - "version": "0.3.9", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", - "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", - "requires": { - "@jridgewell/resolve-uri": "^3.0.3", - "@jridgewell/sourcemap-codec": "^1.4.10" - } - } + "@jridgewell/resolve-uri": "^3.0.3", + "@jridgewell/sourcemap-codec": "^1.4.10" } }, - "@csstools/normalize.css": { + "node_modules/@csstools/normalize.css": { "version": "12.0.0", "resolved": "https://registry.npmjs.org/@csstools/normalize.css/-/normalize.css-12.0.0.tgz", "integrity": "sha512-M0qqxAcwCsIVfpFQSlGN5XjXWu8l5JDZN+fPt1LeW5SZexQTgnaEvgXAY+CeygRw0EeppWHi12JxESWiWrB0Sg==" }, - "@csstools/postcss-cascade-layers": { + "node_modules/@csstools/postcss-cascade-layers": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/@csstools/postcss-cascade-layers/-/postcss-cascade-layers-1.1.1.tgz", "integrity": "sha512-+KdYrpKC5TgomQr2DlZF4lDEpHcoxnj5IGddYYfBWJAKfj1JtuHUIqMa+E1pJJ+z3kvDViWMqyqPlG4Ja7amQA==", - "requires": { + "dependencies": { "@csstools/selector-specificity": "^2.0.2", "postcss-selector-parser": "^6.0.10" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-color-function": { + "node_modules/@csstools/postcss-color-function": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/@csstools/postcss-color-function/-/postcss-color-function-1.1.1.tgz", "integrity": "sha512-Bc0f62WmHdtRDjf5f3e2STwRAl89N2CLb+9iAwzrv4L2hncrbDwnQD9PCq0gtAt7pOI2leIV08HIBUd4jxD8cw==", - "requires": { + "dependencies": { "@csstools/postcss-progressive-custom-properties": "^1.1.0", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-font-format-keywords": { + "node_modules/@csstools/postcss-font-format-keywords": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@csstools/postcss-font-format-keywords/-/postcss-font-format-keywords-1.0.1.tgz", "integrity": "sha512-ZgrlzuUAjXIOc2JueK0X5sZDjCtgimVp/O5CEqTcs5ShWBa6smhWYbS0x5cVc/+rycTDbjjzoP0KTDnUneZGOg==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-hwb-function": { + "node_modules/@csstools/postcss-hwb-function": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@csstools/postcss-hwb-function/-/postcss-hwb-function-1.0.2.tgz", "integrity": "sha512-YHdEru4o3Rsbjmu6vHy4UKOXZD+Rn2zmkAmLRfPet6+Jz4Ojw8cbWxe1n42VaXQhD3CQUXXTooIy8OkVbUcL+w==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-ic-unit": { + "node_modules/@csstools/postcss-ic-unit": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@csstools/postcss-ic-unit/-/postcss-ic-unit-1.0.1.tgz", "integrity": "sha512-Ot1rcwRAaRHNKC9tAqoqNZhjdYBzKk1POgWfhN4uCOE47ebGcLRqXjKkApVDpjifL6u2/55ekkpnFcp+s/OZUw==", - "requires": { + "dependencies": { "@csstools/postcss-progressive-custom-properties": "^1.1.0", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-is-pseudo-class": { + "node_modules/@csstools/postcss-is-pseudo-class": { "version": "2.0.7", "resolved": "https://registry.npmjs.org/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-2.0.7.tgz", "integrity": "sha512-7JPeVVZHd+jxYdULl87lvjgvWldYu+Bc62s9vD/ED6/QTGjy0jy0US/f6BG53sVMTBJ1lzKZFpYmofBN9eaRiA==", - "requires": { + "dependencies": { "@csstools/selector-specificity": "^2.0.0", "postcss-selector-parser": "^6.0.10" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-nested-calc": { + "node_modules/@csstools/postcss-nested-calc": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/@csstools/postcss-nested-calc/-/postcss-nested-calc-1.0.0.tgz", "integrity": "sha512-JCsQsw1wjYwv1bJmgjKSoZNvf7R6+wuHDAbi5f/7MbFhl2d/+v+TvBTU4BJH3G1X1H87dHl0mh6TfYogbT/dJQ==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-normalize-display-values": { + "node_modules/@csstools/postcss-normalize-display-values": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@csstools/postcss-normalize-display-values/-/postcss-normalize-display-values-1.0.1.tgz", "integrity": "sha512-jcOanIbv55OFKQ3sYeFD/T0Ti7AMXc9nM1hZWu8m/2722gOTxFg7xYu4RDLJLeZmPUVQlGzo4jhzvTUq3x4ZUw==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-oklab-function": { + "node_modules/@csstools/postcss-oklab-function": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/@csstools/postcss-oklab-function/-/postcss-oklab-function-1.1.1.tgz", "integrity": "sha512-nJpJgsdA3dA9y5pgyb/UfEzE7W5Ka7u0CX0/HIMVBNWzWemdcTH3XwANECU6anWv/ao4vVNLTMxhiPNZsTK6iA==", - "requires": { + "dependencies": { "@csstools/postcss-progressive-custom-properties": "^1.1.0", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-progressive-custom-properties": { + "node_modules/@csstools/postcss-progressive-custom-properties": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/@csstools/postcss-progressive-custom-properties/-/postcss-progressive-custom-properties-1.3.0.tgz", "integrity": "sha512-ASA9W1aIy5ygskZYuWams4BzafD12ULvSypmaLJT2jvQ8G0M3I8PRQhC0h7mG0Z3LI05+agZjqSR9+K9yaQQjA==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.3" } }, - "@csstools/postcss-stepped-value-functions": { + "node_modules/@csstools/postcss-stepped-value-functions": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@csstools/postcss-stepped-value-functions/-/postcss-stepped-value-functions-1.0.1.tgz", "integrity": "sha512-dz0LNoo3ijpTOQqEJLY8nyaapl6umbmDcgj4AD0lgVQ572b2eqA1iGZYTTWhrcrHztWDDRAX2DGYyw2VBjvCvQ==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-text-decoration-shorthand": { + "node_modules/@csstools/postcss-text-decoration-shorthand": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/@csstools/postcss-text-decoration-shorthand/-/postcss-text-decoration-shorthand-1.0.0.tgz", "integrity": "sha512-c1XwKJ2eMIWrzQenN0XbcfzckOLLJiczqy+YvfGmzoVXd7pT9FfObiSEfzs84bpE/VqfpEuAZ9tCRbZkZxxbdw==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-trigonometric-functions": { + "node_modules/@csstools/postcss-trigonometric-functions": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@csstools/postcss-trigonometric-functions/-/postcss-trigonometric-functions-1.0.2.tgz", "integrity": "sha512-woKaLO///4bb+zZC2s80l+7cm07M7268MsyG3M0ActXXEFi6SuhvriQYcb58iiKGbjwwIU7n45iRLEHypB47Og==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "@csstools/postcss-unset-value": { + "node_modules/@csstools/postcss-unset-value": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@csstools/postcss-unset-value/-/postcss-unset-value-1.0.2.tgz", - "integrity": "sha512-c8J4roPBILnelAsdLr4XOAR/GsTm0GJi4XpcfvoWk3U6KiTCqiFYc63KhRMQQX35jYMp4Ao8Ij9+IZRgMfJp1g==" + "integrity": "sha512-c8J4roPBILnelAsdLr4XOAR/GsTm0GJi4XpcfvoWk3U6KiTCqiFYc63KhRMQQX35jYMp4Ao8Ij9+IZRgMfJp1g==", + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" + } }, - "@csstools/selector-specificity": { + "node_modules/@csstools/selector-specificity": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-2.2.0.tgz", - "integrity": "sha512-+OJ9konv95ClSTOJCmMZqpd5+YGsB2S+x6w3E1oaM8UuR5j8nTNHYSz8c9BEPGDOCMQYIEEGlVPj/VY64iTbGw==" + "integrity": "sha512-+OJ9konv95ClSTOJCmMZqpd5+YGsB2S+x6w3E1oaM8UuR5j8nTNHYSz8c9BEPGDOCMQYIEEGlVPj/VY64iTbGw==", + "engines": { + "node": "^14 || ^16 || >=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss-selector-parser": "^6.0.10" + } }, - "@dabh/diagnostics": { + "node_modules/@dabh/diagnostics": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", "integrity": "sha512-hrlQOIi7hAfzsMqlGSFyVucrx38O+j6wiGOf//H2ecvIEqYN4ADBSS2iLMh5UFyDunCNniUIPk/q3riFv45xRA==", - "requires": { + "dependencies": { "colorspace": "1.1.x", "enabled": "2.0.x", "kuler": "^2.0.0" } }, - "@emotion/hash": { + "node_modules/@emotion/hash": { "version": "0.8.0", "resolved": "https://registry.npmjs.org/@emotion/hash/-/hash-0.8.0.tgz", "integrity": "sha512-kBJtf7PH6aWwZ6fka3zQ0p6SBYzx4fl1LoZXE2RrnYST9Xljm7WfKJrU4g/Xr3Beg72MLrp1AWNUmuYJTL7Cow==" }, - "@eslint-community/eslint-utils": { + "node_modules/@eslint-community/eslint-utils": { "version": "4.4.0", "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", "integrity": "sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==", - "requires": { + "dependencies": { "eslint-visitor-keys": "^3.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, - "@eslint-community/regexpp": { + "node_modules/@eslint-community/regexpp": { "version": "4.9.1", "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.9.1.tgz", - "integrity": "sha512-Y27x+MBLjXa+0JWDhykM3+JE+il3kHKAEqabfEWq3SDhZjLYb6/BHL/JKFnH3fe207JaXkyDo685Oc2Glt6ifA==" + "integrity": "sha512-Y27x+MBLjXa+0JWDhykM3+JE+il3kHKAEqabfEWq3SDhZjLYb6/BHL/JKFnH3fe207JaXkyDo685Oc2Glt6ifA==", + "engines": { + "node": "^12.0.0 || ^14.0.0 || >=16.0.0" + } }, - "@eslint/eslintrc": { + "node_modules/@eslint/eslintrc": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz", "integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==", - "requires": { + "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^9.6.0", @@ -1637,127 +2544,246 @@ "minimatch": "^3.1.2", "strip-json-comments": "^3.1.1" }, - "dependencies": { - "argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" - }, - "globals": { - "version": "13.23.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.23.0.tgz", - "integrity": "sha512-XAmF0RjlrjY23MA51q3HltdlGxUpXPvg0GioKiD9X6HD28iMjo2dKC8Vqwm7lne4GNr78+RHTfliktR6ZH09wA==", - "requires": { - "type-fest": "^0.20.2" - } - }, - "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "requires": { - "argparse": "^2.0.1" - } - }, - "strip-json-comments": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", - "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==" - } + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" } }, - "@eslint/js": { + "node_modules/@eslint/eslintrc/node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/@eslint/eslintrc/node_modules/globals": { + "version": "13.23.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.23.0.tgz", + "integrity": "sha512-XAmF0RjlrjY23MA51q3HltdlGxUpXPvg0GioKiD9X6HD28iMjo2dKC8Vqwm7lne4GNr78+RHTfliktR6ZH09wA==", + "dependencies": { + "type-fest": "^0.20.2" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@eslint/eslintrc/node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/@eslint/eslintrc/node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@eslint/js": { "version": "8.51.0", "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.51.0.tgz", - "integrity": "sha512-HxjQ8Qn+4SI3/AFv6sOrDB+g6PpUTDwSJiQqOrnneEk8L71161srI9gjzzZvYVbzHiVg/BvcH95+cK/zfIt4pg==" + "integrity": "sha512-HxjQ8Qn+4SI3/AFv6sOrDB+g6PpUTDwSJiQqOrnneEk8L71161srI9gjzzZvYVbzHiVg/BvcH95+cK/zfIt4pg==", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } }, - "@humanwhocodes/config-array": { + "node_modules/@humanwhocodes/config-array": { "version": "0.11.11", "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.11.tgz", "integrity": "sha512-N2brEuAadi0CcdeMXUkhbZB84eskAc8MEX1By6qEchoVywSgXPIjou4rYsl0V3Hj0ZnuGycGCjdNgockbzeWNA==", - "requires": { + "dependencies": { "@humanwhocodes/object-schema": "^1.2.1", "debug": "^4.1.1", "minimatch": "^3.0.5" + }, + "engines": { + "node": ">=10.10.0" } }, - "@humanwhocodes/module-importer": { + "node_modules/@humanwhocodes/module-importer": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", - "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==" + "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==", + "engines": { + "node": ">=12.22" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } }, - "@humanwhocodes/object-schema": { + "node_modules/@humanwhocodes/object-schema": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==" }, - "@istanbuljs/load-nyc-config": { + "node_modules/@isaacs/cliui": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", + "dependencies": { + "string-width": "^5.1.2", + "string-width-cjs": "npm:string-width@^4.2.0", + "strip-ansi": "^7.0.1", + "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", + "wrap-ansi": "^8.1.0", + "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@isaacs/cliui/node_modules/ansi-regex": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/@isaacs/cliui/node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==" + }, + "node_modules/@isaacs/cliui/node_modules/string-width": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "dependencies": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@isaacs/cliui/node_modules/strip-ansi": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/@istanbuljs/load-nyc-config": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==", - "requires": { + "dependencies": { "camelcase": "^5.3.1", "find-up": "^4.1.0", "get-package-type": "^0.1.0", "js-yaml": "^3.13.1", "resolve-from": "^5.0.0" }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "engines": { + "node": ">=6" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", "dependencies": { - "camelcase": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", - "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==" - }, - "find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "requires": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - } - }, - "locate-path": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", - "requires": { - "p-locate": "^4.1.0" - } - }, - "p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "requires": { - "p-try": "^2.0.0" - } - }, - "p-locate": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", - "requires": { - "p-limit": "^2.2.0" - } - }, - "resolve-from": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", - "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==" - } + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" } }, - "@istanbuljs/schema": { + "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/schema": { "version": "0.1.3", "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", - "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==" + "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==", + "engines": { + "node": ">=8" + } }, - "@jest/console": { + "node_modules/@jest/console": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/console/-/console-27.5.1.tgz", "integrity": "sha512-kZ/tNpS3NXn0mlXXXPNuDZnb4c0oZ20r4K5eemM2k30ZC3G0T02nXUvyhf5YdbXWHPEJLc9qGLxEZ216MdL+Zg==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "@types/node": "*", "chalk": "^4.0.0", @@ -1765,43 +2791,53 @@ "jest-util": "^27.5.1", "slash": "^3.0.0" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/console/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/console/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" } }, - "@jest/core": { + "node_modules/@jest/console/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@jest/core": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/core/-/core-27.5.1.tgz", "integrity": "sha512-AK6/UTrvQD0Cd24NSqmIA6rKsu0tKIxfiCducZvqxYdmMisOYAsdItspT+fQDQYARPf8XgjAFZi0ogW2agH5nQ==", - "requires": { + "dependencies": { "@jest/console": "^27.5.1", "@jest/reporters": "^27.5.1", "@jest/test-result": "^27.5.1", @@ -1831,85 +2867,113 @@ "slash": "^3.0.0", "strip-ansi": "^6.0.0" }, - "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + }, + "peerDependencies": { + "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0" + }, + "peerDependenciesMeta": { + "node-notifier": { + "optional": true } } }, - "@jest/environment": { + "node_modules/@jest/core/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/core/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@jest/core/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@jest/environment": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-27.5.1.tgz", "integrity": "sha512-/WQjhPJe3/ghaol/4Bq480JKXV/Rfw8nQdN7f41fM8VDHLcxKXou6QyXAh3EFr9/bVG3x74z1NWDkP87EiY8gA==", - "requires": { + "dependencies": { "@jest/fake-timers": "^27.5.1", "@jest/types": "^27.5.1", "@types/node": "*", "jest-mock": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/environment/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "@jest/fake-timers": { + "node_modules/@jest/environment/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@jest/environment/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@jest/fake-timers": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-27.5.1.tgz", "integrity": "sha512-/aPowoolwa07k7/oM3aASneNeBGCmGQsc3ugN4u6s4C/+s5M64MFo/+djTdiwcbQlRfFElGuDXWzaWj6QgKObQ==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "@sinonjs/fake-timers": "^8.0.1", "@types/node": "*", @@ -1917,84 +2981,104 @@ "jest-mock": "^27.5.1", "jest-util": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/fake-timers/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/fake-timers/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/yargs-parser": "*" + } + }, + "node_modules/@jest/fake-timers/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "@jest/globals": { + "node_modules/@jest/globals": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/globals/-/globals-27.5.1.tgz", "integrity": "sha512-ZEJNB41OBQQgGzgyInAv0UUfDDj3upmHydjieSxFvTRuZElrx7tXg/uVQ5hYVEwiXs3+aMsAeEc9X7xiSKCm4Q==", - "requires": { + "dependencies": { "@jest/environment": "^27.5.1", "@jest/types": "^27.5.1", "expect": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/globals/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "@jest/reporters": { + "node_modules/@jest/globals/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@jest/globals/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@jest/reporters": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/reporters/-/reporters-27.5.1.tgz", "integrity": "sha512-cPXh9hWIlVJMQkVk84aIvXuBB4uQQmFqZiacloFuGiP3ah1sbCxCosidXFDfqG8+6fO1oR2dTJTlsOy4VFmUfw==", - "requires": { + "dependencies": { "@bcoe/v8-coverage": "^0.2.3", "@jest/console": "^27.5.1", "@jest/test-result": "^27.5.1", @@ -2021,126 +3105,167 @@ "terminal-link": "^2.0.0", "v8-to-istanbul": "^8.1.0" }, - "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + }, + "peerDependencies": { + "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0" + }, + "peerDependenciesMeta": { + "node-notifier": { + "optional": true } } }, - "@jest/schemas": { + "node_modules/@jest/reporters/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/reporters/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@jest/reporters/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@jest/reporters/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/@jest/schemas": { "version": "28.1.3", "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", "integrity": "sha512-/l/VWsdt/aBXgjshLWOFyFt3IVdYypu5y2Wn2rOO1un6nkqIn8SLXzgIMYXFyYsRWDyF5EthmKJMIdJvk08grg==", - "requires": { + "dependencies": { "@sinclair/typebox": "^0.24.1" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" } }, - "@jest/source-map": { + "node_modules/@jest/source-map": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/source-map/-/source-map-27.5.1.tgz", "integrity": "sha512-y9NIHUYF3PJRlHk98NdC/N1gl88BL08aQQgu4k4ZopQkCw9t9cV8mtl3TV8b/YCB8XaVTFrmUTAJvjsntDireg==", - "requires": { + "dependencies": { "callsites": "^3.0.0", "graceful-fs": "^4.2.9", "source-map": "^0.6.0" }, - "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - } + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/source-map/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" } }, - "@jest/test-result": { + "node_modules/@jest/test-result": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/test-result/-/test-result-27.5.1.tgz", "integrity": "sha512-EW35l2RYFUcUQxFJz5Cv5MTOxlJIQs4I7gxzi2zVU7PJhOwfYq1MdC5nhSmYjX1gmMmLPvB3sIaC+BkcHRBfag==", - "requires": { + "dependencies": { "@jest/console": "^27.5.1", "@jest/types": "^27.5.1", "@types/istanbul-lib-coverage": "^2.0.0", "collect-v8-coverage": "^1.0.0" }, - "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "@jest/test-sequencer": { + "node_modules/@jest/test-result/node_modules/@jest/types": { "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-27.5.1.tgz", - "integrity": "sha512-LCheJF7WB2+9JuCS7VB/EmGIdQuhtqjRNI9A43idHv3E4KltCTsPsLxvdaubFHSYwY/fNjMWjl6vNRhDiN7vpQ==", - "requires": { - "@jest/test-result": "^27.5.1", - "graceful-fs": "^4.2.9", - "jest-haste-map": "^27.5.1", - "jest-runtime": "^27.5.1" - } + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/test-result/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@jest/test-result/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@jest/test-sequencer": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-27.5.1.tgz", + "integrity": "sha512-LCheJF7WB2+9JuCS7VB/EmGIdQuhtqjRNI9A43idHv3E4KltCTsPsLxvdaubFHSYwY/fNjMWjl6vNRhDiN7vpQ==", + "dependencies": { + "@jest/test-result": "^27.5.1", + "graceful-fs": "^4.2.9", + "jest-haste-map": "^27.5.1", + "jest-runtime": "^27.5.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } }, - "@jest/transform": { + "node_modules/@jest/transform": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/@jest/transform/-/transform-27.5.1.tgz", "integrity": "sha512-ipON6WtYgl/1329g5AIJVbUuEh0wZVbdpGwC99Jw4LwuoBNS95MVphU6zOeD9pDkon+LLbFL7lOQRapbB8SCHw==", - "requires": { + "dependencies": { "@babel/core": "^7.1.0", "@jest/types": "^27.5.1", "babel-plugin-istanbul": "^6.1.1", @@ -2157,124 +3282,173 @@ "source-map": "^0.6.1", "write-file-atomic": "^3.0.0" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/transform/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/@jest/transform/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "convert-source-map": { - "version": "1.9.0", - "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", - "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==" - }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - } + "@types/yargs-parser": "*" } }, - "@jest/types": { + "node_modules/@jest/transform/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@jest/transform/node_modules/convert-source-map": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==" + }, + "node_modules/@jest/transform/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/@jest/types": { "version": "26.6.2", "resolved": "https://registry.npmjs.org/@jest/types/-/types-26.6.2.tgz", "integrity": "sha512-fC6QCp7Sc5sX6g8Tvbmj4XUTbyrik0akgRy03yjXbQaBWWNWGE7SGtJk98m0N8nzegD/7SggrUlivxo5ax4KWQ==", - "requires": { + "dependencies": { "@types/istanbul-lib-coverage": "^2.0.0", "@types/istanbul-reports": "^3.0.0", "@types/node": "*", "@types/yargs": "^15.0.0", "chalk": "^4.0.0" }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/@jest/types/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "dependencies": { - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "@jridgewell/gen-mapping": { + "node_modules/@jridgewell/gen-mapping": { "version": "0.3.3", "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz", "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==", - "requires": { + "dependencies": { "@jridgewell/set-array": "^1.0.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.9" + }, + "engines": { + "node": ">=6.0.0" } }, - "@jridgewell/resolve-uri": { + "node_modules/@jridgewell/resolve-uri": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz", - "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==" + "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==", + "engines": { + "node": ">=6.0.0" + } }, - "@jridgewell/set-array": { + "node_modules/@jridgewell/set-array": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz", - "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==" + "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==", + "engines": { + "node": ">=6.0.0" + } }, - "@jridgewell/source-map": { + "node_modules/@jridgewell/source-map": { "version": "0.3.5", "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.5.tgz", "integrity": "sha512-UTYAUj/wviwdsMfzoSJspJxbkH5o1snzwX0//0ENX1u/55kkZZkcTZP6u9bwKGkv+dkk9at4m1Cpt0uY80kcpQ==", - "requires": { + "dependencies": { "@jridgewell/gen-mapping": "^0.3.0", "@jridgewell/trace-mapping": "^0.3.9" } }, - "@jridgewell/sourcemap-codec": { + "node_modules/@jridgewell/sourcemap-codec": { "version": "1.4.15", "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" }, - "@jridgewell/trace-mapping": { + "node_modules/@jridgewell/trace-mapping": { "version": "0.3.19", "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz", "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==", - "requires": { + "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, - "@leichtgewicht/ip-codec": { + "node_modules/@leichtgewicht/ip-codec": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz", "integrity": "sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A==" }, - "@material-ui/core": { + "node_modules/@mapbox/node-pre-gyp": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@mapbox/node-pre-gyp/-/node-pre-gyp-1.0.11.tgz", + "integrity": "sha512-Yhlar6v9WQgUp/He7BdgzOz8lqMQ8sU+jkCq7Wx8Myc5YFJLbEe7lgui/V7G1qB1DJykHSGwreceSaD60Y0PUQ==", + "dependencies": { + "detect-libc": "^2.0.0", + "https-proxy-agent": "^5.0.0", + "make-dir": "^3.1.0", + "node-fetch": "^2.6.7", + "nopt": "^5.0.0", + "npmlog": "^5.0.1", + "rimraf": "^3.0.2", + "semver": "^7.3.5", + "tar": "^6.1.11" + }, + "bin": { + "node-pre-gyp": "bin/node-pre-gyp" + } + }, + "node_modules/@material-ui/core": { "version": "4.12.4", "resolved": "https://registry.npmjs.org/@material-ui/core/-/core-4.12.4.tgz", "integrity": "sha512-tr7xekNlM9LjA6pagJmL8QCgZXaubWUwkJnoYcMKd4gw/t4XiyvnTkjdGrUVicyB2BsdaAv1tvow45bPM4sSwQ==", - "requires": { + "deprecated": "Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.", + "dependencies": { "@babel/runtime": "^7.4.4", "@material-ui/styles": "^4.11.5", "@material-ui/system": "^4.12.2", @@ -2287,33 +3461,80 @@ "prop-types": "^15.7.2", "react-is": "^16.8.0 || ^17.0.0", "react-transition-group": "^4.4.0" + }, + "engines": { + "node": ">=8.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/material-ui" + }, + "peerDependencies": { + "@types/react": "^16.8.6 || ^17.0.0", + "react": "^16.8.0 || ^17.0.0", + "react-dom": "^16.8.0 || ^17.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } } }, - "@material-ui/icons": { + "node_modules/@material-ui/icons": { "version": "4.11.3", "resolved": "https://registry.npmjs.org/@material-ui/icons/-/icons-4.11.3.tgz", "integrity": "sha512-IKHlyx6LDh8n19vzwH5RtHIOHl9Tu90aAAxcbWME6kp4dmvODM3UvOHJeMIDzUbd4muuJKHmlNoBN+mDY4XkBA==", - "requires": { + "dependencies": { "@babel/runtime": "^7.4.4" + }, + "engines": { + "node": ">=8.0.0" + }, + "peerDependencies": { + "@material-ui/core": "^4.0.0", + "@types/react": "^16.8.6 || ^17.0.0", + "react": "^16.8.0 || ^17.0.0", + "react-dom": "^16.8.0 || ^17.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } } }, - "@material-ui/lab": { + "node_modules/@material-ui/lab": { "version": "4.0.0-alpha.61", "resolved": "https://registry.npmjs.org/@material-ui/lab/-/lab-4.0.0-alpha.61.tgz", "integrity": "sha512-rSzm+XKiNUjKegj8bzt5+pygZeckNLOr+IjykH8sYdVk7dE9y2ZuUSofiMV2bJk3qU+JHwexmw+q0RyNZB9ugg==", - "requires": { + "deprecated": "Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.", + "dependencies": { "@babel/runtime": "^7.4.4", "@material-ui/utils": "^4.11.3", "clsx": "^1.0.4", "prop-types": "^15.7.2", "react-is": "^16.8.0 || ^17.0.0" + }, + "engines": { + "node": ">=8.0.0" + }, + "peerDependencies": { + "@material-ui/core": "^4.12.1", + "@types/react": "^16.8.6 || ^17.0.0", + "react": "^16.8.0 || ^17.0.0", + "react-dom": "^16.8.0 || ^17.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } } }, - "@material-ui/styles": { + "node_modules/@material-ui/styles": { "version": "4.11.5", "resolved": "https://registry.npmjs.org/@material-ui/styles/-/styles-4.11.5.tgz", "integrity": "sha512-o/41ot5JJiUsIETME9wVLAJrmIWL3j0R0Bj2kCOLbSfqEkKf0fmaPt+5vtblUh5eXr2S+J/8J3DaCb10+CzPGA==", - "requires": { + "deprecated": "Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.", + "dependencies": { "@babel/runtime": "^7.4.4", "@emotion/hash": "^0.8.0", "@material-ui/types": "5.1.0", @@ -2330,89 +3551,217 @@ "jss-plugin-rule-value-function": "^10.5.1", "jss-plugin-vendor-prefixer": "^10.5.1", "prop-types": "^15.7.2" + }, + "engines": { + "node": ">=8.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/material-ui" + }, + "peerDependencies": { + "@types/react": "^16.8.6 || ^17.0.0", + "react": "^16.8.0 || ^17.0.0", + "react-dom": "^16.8.0 || ^17.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } } }, - "@material-ui/system": { + "node_modules/@material-ui/system": { "version": "4.12.2", "resolved": "https://registry.npmjs.org/@material-ui/system/-/system-4.12.2.tgz", "integrity": "sha512-6CSKu2MtmiJgcCGf6nBQpM8fLkuB9F55EKfbdTC80NND5wpTmKzwdhLYLH3zL4cLlK0gVaaltW7/wMuyTnN0Lw==", - "requires": { + "dependencies": { "@babel/runtime": "^7.4.4", "@material-ui/utils": "^4.11.3", "csstype": "^2.5.2", "prop-types": "^15.7.2" + }, + "engines": { + "node": ">=8.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/material-ui" + }, + "peerDependencies": { + "@types/react": "^16.8.6 || ^17.0.0", + "react": "^16.8.0 || ^17.0.0", + "react-dom": "^16.8.0 || ^17.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } } }, - "@material-ui/types": { + "node_modules/@material-ui/types": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/@material-ui/types/-/types-5.1.0.tgz", - "integrity": "sha512-7cqRjrY50b8QzRSYyhSpx4WRw2YuO0KKIGQEVk5J8uoz2BanawykgZGoWEqKm7pVIbzFDN0SpPcVV4IhOFkl8A==" + "integrity": "sha512-7cqRjrY50b8QzRSYyhSpx4WRw2YuO0KKIGQEVk5J8uoz2BanawykgZGoWEqKm7pVIbzFDN0SpPcVV4IhOFkl8A==", + "peerDependencies": { + "@types/react": "*" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } }, - "@material-ui/utils": { + "node_modules/@material-ui/utils": { "version": "4.11.3", "resolved": "https://registry.npmjs.org/@material-ui/utils/-/utils-4.11.3.tgz", "integrity": "sha512-ZuQPV4rBK/V1j2dIkSSEcH5uT6AaHuKWFfotADHsC0wVL1NLd2WkFCm4ZZbX33iO4ydl6V0GPngKm8HZQ2oujg==", - "requires": { + "dependencies": { "@babel/runtime": "^7.4.4", "prop-types": "^15.7.2", "react-is": "^16.8.0 || ^17.0.0" + }, + "engines": { + "node": ">=8.0.0" + }, + "peerDependencies": { + "react": "^16.8.0 || ^17.0.0", + "react-dom": "^16.8.0 || ^17.0.0" } }, - "@nicolo-ribaudo/eslint-scope-5-internals": { + "node_modules/@nicolo-ribaudo/eslint-scope-5-internals": { "version": "5.1.1-v1", "resolved": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", "integrity": "sha512-54/JRvkLIzzDWshCWfuhadfrfZVPiElY8Fcgmg1HroEly/EDSszzhBAsarCux+D/kOslTRquNzuyGSmUSTTHGg==", - "requires": { + "dependencies": { "eslint-scope": "5.1.1" - }, + } + }, + "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", "dependencies": { - "eslint-scope": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", - "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", - "requires": { - "esrecurse": "^4.3.0", - "estraverse": "^4.1.1" - } - } + "esrecurse": "^4.3.0", + "estraverse": "^4.1.1" + }, + "engines": { + "node": ">=8.0.0" } }, - "@nodelib/fs.scandir": { + "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", - "requires": { + "dependencies": { "@nodelib/fs.stat": "2.0.5", "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" } }, - "@nodelib/fs.stat": { + "node_modules/@nodelib/fs.stat": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", - "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==" + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "engines": { + "node": ">= 8" + } }, - "@nodelib/fs.walk": { + "node_modules/@nodelib/fs.walk": { "version": "1.2.8", "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", - "requires": { + "dependencies": { "@nodelib/fs.scandir": "2.1.5", "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@npmcli/agent": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@npmcli/agent/-/agent-2.2.1.tgz", + "integrity": "sha512-H4FrOVtNyWC8MUwL3UfjOsAihHvT1Pe8POj3JvjXhSTJipsZMtgUALCT4mGyYZNxymkUfOw3PUj6dE4QPp6osQ==", + "dependencies": { + "agent-base": "^7.1.0", + "http-proxy-agent": "^7.0.0", + "https-proxy-agent": "^7.0.1", + "lru-cache": "^10.0.1", + "socks-proxy-agent": "^8.0.1" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, + "node_modules/@npmcli/agent/node_modules/agent-base": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.0.tgz", + "integrity": "sha512-o/zjMZRhJxny7OyEF+Op8X+efiELC7k7yOjMzgfzVqOzXqkBkWI79YoTdOtsuWd5BWhAGAuOY/Xa6xpiaWXiNg==", + "dependencies": { + "debug": "^4.3.4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/@npmcli/agent/node_modules/http-proxy-agent": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", + "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", + "dependencies": { + "agent-base": "^7.1.0", + "debug": "^4.3.4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/@npmcli/agent/node_modules/https-proxy-agent": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.4.tgz", + "integrity": "sha512-wlwpilI7YdjSkWaQ/7omYBMTliDcmCN8OLihO6I9B86g06lMyAoqgoDpV0XqoaPOKj+0DIdAvnsWfyAAhmimcg==", + "dependencies": { + "agent-base": "^7.0.2", + "debug": "4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/@npmcli/agent/node_modules/lru-cache": { + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "integrity": "sha512-2bIM8x+VAf6JT4bKAljS1qUWgMsqZRPGJS6FSahIMPVvctcNhyVp7AJu7quxOW9jwkryBReKZY5tY5JYv2n/7Q==", + "engines": { + "node": "14 || >=16.14" + } + }, + "node_modules/@npmcli/fs": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-3.1.0.tgz", + "integrity": "sha512-7kZUAaLscfgbwBQRbvdMYaZOWyMEcPTH/tJjnyAWJ/dvvs9Ef+CERx/qJb9GExJpl1qipaDGn7KqHnFGGixd0w==", + "dependencies": { + "semver": "^7.3.5" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, - "@octokit/auth-token": { + "node_modules/@octokit/auth-token": { "version": "2.5.0", "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz", "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==", - "requires": { + "dependencies": { "@octokit/types": "^6.0.3" } }, - "@octokit/core": { + "node_modules/@octokit/core": { "version": "3.6.0", "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz", "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==", - "requires": { + "dependencies": { "@octokit/auth-token": "^2.4.4", "@octokit/graphql": "^4.5.8", "@octokit/request": "^5.6.3", @@ -2422,58 +3771,67 @@ "universal-user-agent": "^6.0.0" } }, - "@octokit/endpoint": { + "node_modules/@octokit/endpoint": { "version": "6.0.12", "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz", "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==", - "requires": { + "dependencies": { "@octokit/types": "^6.0.3", "is-plain-object": "^5.0.0", "universal-user-agent": "^6.0.0" } }, - "@octokit/graphql": { + "node_modules/@octokit/graphql": { "version": "4.8.0", "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz", "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==", - "requires": { + "dependencies": { "@octokit/request": "^5.6.0", "@octokit/types": "^6.0.3", "universal-user-agent": "^6.0.0" } }, - "@octokit/openapi-types": { + "node_modules/@octokit/openapi-types": { "version": "12.11.0", "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz", "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ==" }, - "@octokit/plugin-paginate-rest": { + "node_modules/@octokit/plugin-paginate-rest": { "version": "2.21.3", "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz", "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==", - "requires": { + "dependencies": { "@octokit/types": "^6.40.0" + }, + "peerDependencies": { + "@octokit/core": ">=2" } }, - "@octokit/plugin-request-log": { + "node_modules/@octokit/plugin-request-log": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/@octokit/plugin-request-log/-/plugin-request-log-1.0.4.tgz", - "integrity": "sha512-mLUsMkgP7K/cnFEw07kWqXGF5LKrOkD+lhCrKvPHXWDywAwuDUeDwWBpc69XK3pNX0uKiVt8g5z96PJ6z9xCFA==" + "integrity": "sha512-mLUsMkgP7K/cnFEw07kWqXGF5LKrOkD+lhCrKvPHXWDywAwuDUeDwWBpc69XK3pNX0uKiVt8g5z96PJ6z9xCFA==", + "peerDependencies": { + "@octokit/core": ">=3" + } }, - "@octokit/plugin-rest-endpoint-methods": { + "node_modules/@octokit/plugin-rest-endpoint-methods": { "version": "5.16.2", "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz", "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==", - "requires": { + "dependencies": { "@octokit/types": "^6.39.0", "deprecation": "^2.3.1" + }, + "peerDependencies": { + "@octokit/core": ">=3" } }, - "@octokit/request": { + "node_modules/@octokit/request": { "version": "5.6.3", "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz", "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==", - "requires": { + "dependencies": { "@octokit/endpoint": "^6.0.1", "@octokit/request-error": "^2.1.0", "@octokit/types": "^6.16.1", @@ -2482,40 +3840,49 @@ "universal-user-agent": "^6.0.0" } }, - "@octokit/request-error": { + "node_modules/@octokit/request-error": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz", "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==", - "requires": { + "dependencies": { "@octokit/types": "^6.0.3", "deprecation": "^2.0.0", "once": "^1.4.0" } }, - "@octokit/rest": { + "node_modules/@octokit/rest": { "version": "18.12.0", "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-18.12.0.tgz", "integrity": "sha512-gDPiOHlyGavxr72y0guQEhLsemgVjwRePayJ+FcKc2SJqKUbxbkvf5kAZEWA/MKvsfYlQAMVzNJE3ezQcxMJ2Q==", - "requires": { + "dependencies": { "@octokit/core": "^3.5.1", "@octokit/plugin-paginate-rest": "^2.16.8", "@octokit/plugin-request-log": "^1.0.4", "@octokit/plugin-rest-endpoint-methods": "^5.12.0" } }, - "@octokit/types": { + "node_modules/@octokit/types": { "version": "6.41.0", "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz", "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==", - "requires": { + "dependencies": { "@octokit/openapi-types": "^12.11.0" } }, - "@pmmmwh/react-refresh-webpack-plugin": { + "node_modules/@pkgjs/parseargs": { + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", + "optional": true, + "engines": { + "node": ">=14" + } + }, + "node_modules/@pmmmwh/react-refresh-webpack-plugin": { "version": "0.5.11", "resolved": "https://registry.npmjs.org/@pmmmwh/react-refresh-webpack-plugin/-/react-refresh-webpack-plugin-0.5.11.tgz", "integrity": "sha512-7j/6vdTym0+qZ6u4XbSAxrWBGYSdCfTzySkj7WAFgDLmSyWlOrWvpyzxlFh5jtw9dn0oL/jtW+06XfFiisN3JQ==", - "requires": { + "dependencies": { "ansi-html-community": "^0.0.8", "common-path-prefix": "^3.0.0", "core-js-pure": "^3.23.3", @@ -2525,143 +3892,264 @@ "loader-utils": "^2.0.4", "schema-utils": "^3.0.0", "source-map": "^0.7.3" + }, + "engines": { + "node": ">= 10.13" + }, + "peerDependencies": { + "@types/webpack": "4.x || 5.x", + "react-refresh": ">=0.10.0 <1.0.0", + "sockjs-client": "^1.4.0", + "type-fest": ">=0.17.0 <5.0.0", + "webpack": ">=4.43.0 <6.0.0", + "webpack-dev-server": "3.x || 4.x", + "webpack-hot-middleware": "2.x", + "webpack-plugin-serve": "0.x || 1.x" + }, + "peerDependenciesMeta": { + "@types/webpack": { + "optional": true + }, + "sockjs-client": { + "optional": true + }, + "type-fest": { + "optional": true + }, + "webpack-dev-server": { + "optional": true + }, + "webpack-hot-middleware": { + "optional": true + }, + "webpack-plugin-serve": { + "optional": true + } } }, - "@rollup/plugin-babel": { + "node_modules/@rollup/plugin-babel": { "version": "5.3.1", "resolved": "https://registry.npmjs.org/@rollup/plugin-babel/-/plugin-babel-5.3.1.tgz", "integrity": "sha512-WFfdLWU/xVWKeRQnKmIAQULUI7Il0gZnBIH/ZFO069wYIfPu+8zrfp/KMW0atmELoRDq8FbiP3VCss9MhCut7Q==", - "requires": { + "dependencies": { "@babel/helper-module-imports": "^7.10.4", "@rollup/pluginutils": "^3.1.0" + }, + "engines": { + "node": ">= 10.0.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0", + "@types/babel__core": "^7.1.9", + "rollup": "^1.20.0||^2.0.0" + }, + "peerDependenciesMeta": { + "@types/babel__core": { + "optional": true + } } }, - "@rollup/plugin-node-resolve": { + "node_modules/@rollup/plugin-node-resolve": { "version": "11.2.1", "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-11.2.1.tgz", "integrity": "sha512-yc2n43jcqVyGE2sqV5/YCmocy9ArjVAP/BeXyTtADTBBX6V0e5UMqwO8CdQ0kzjb6zu5P1qMzsScCMRvE9OlVg==", - "requires": { + "dependencies": { "@rollup/pluginutils": "^3.1.0", "@types/resolve": "1.17.1", "builtin-modules": "^3.1.0", "deepmerge": "^4.2.2", "is-module": "^1.0.0", "resolve": "^1.19.0" + }, + "engines": { + "node": ">= 10.0.0" + }, + "peerDependencies": { + "rollup": "^1.20.0||^2.0.0" } }, - "@rollup/plugin-replace": { + "node_modules/@rollup/plugin-replace": { "version": "2.4.2", "resolved": "https://registry.npmjs.org/@rollup/plugin-replace/-/plugin-replace-2.4.2.tgz", "integrity": "sha512-IGcu+cydlUMZ5En85jxHH4qj2hta/11BHq95iHEyb2sbgiN0eCdzvUcHw5gt9pBL5lTi4JDYJ1acCoMGpTvEZg==", - "requires": { + "dependencies": { "@rollup/pluginutils": "^3.1.0", "magic-string": "^0.25.7" + }, + "peerDependencies": { + "rollup": "^1.20.0 || ^2.0.0" } }, - "@rollup/pluginutils": { + "node_modules/@rollup/pluginutils": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz", "integrity": "sha512-GksZ6pr6TpIjHm8h9lSQ8pi8BE9VeubNT0OMJ3B5uZJ8pz73NPiqOtCog/x2/QzM1ENChPKxMDhiQuRHsqc+lg==", - "requires": { + "dependencies": { "@types/estree": "0.0.39", "estree-walker": "^1.0.1", "picomatch": "^2.2.2" }, - "dependencies": { - "@types/estree": { - "version": "0.0.39", - "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.39.tgz", - "integrity": "sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw==" - } + "engines": { + "node": ">= 8.0.0" + }, + "peerDependencies": { + "rollup": "^1.20.0||^2.0.0" } }, - "@rushstack/eslint-patch": { + "node_modules/@rollup/pluginutils/node_modules/@types/estree": { + "version": "0.0.39", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.39.tgz", + "integrity": "sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw==" + }, + "node_modules/@rushstack/eslint-patch": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.5.1.tgz", "integrity": "sha512-6i/8UoL0P5y4leBIGzvkZdS85RDMG9y1ihZzmTZQ5LdHUYmZ7pKFoj8X0236s3lusPs1Fa5HTQUpwI+UfTcmeA==" }, - "@sinclair/typebox": { + "node_modules/@sinclair/typebox": { "version": "0.24.51", "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", "integrity": "sha512-1P1OROm/rdubP5aFDSZQILU0vrLCJ4fvHt6EoqHEM+2D/G5MK3bIaymUKLit8Js9gbns5UyJnkP/TZROLw4tUA==" }, - "@sindresorhus/is": { - "version": "2.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/@sindresorhus/is/-/is-2.1.1.tgz", - "integrity": "sha1-zv9qKKW0hnwt1KG6UT3ieMy+i7E=" + "node_modules/@sindresorhus/is": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz", + "integrity": "sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/is?sponsor=1" + } }, - "@sinonjs/commons": { + "node_modules/@sinonjs/commons": { "version": "1.8.6", "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", "integrity": "sha512-Ky+XkAkqPZSm3NLBeUng77EBQl3cmeJhITaGHdYH8kjVB+aun3S4XBRti2zt17mtt0mIUDiNxYeoJm6drVvBJQ==", - "requires": { + "dependencies": { "type-detect": "4.0.8" } }, - "@sinonjs/fake-timers": { + "node_modules/@sinonjs/fake-timers": { "version": "8.1.0", "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-8.1.0.tgz", "integrity": "sha512-OAPJUAtgeINhh/TAlUID4QTs53Njm7xzddaVlEs/SXwgtiD1tW22zAB/W1wdqfrpmikgaWQ9Fw6Ws+hsiRm5Vg==", - "requires": { + "dependencies": { "@sinonjs/commons": "^1.7.0" } }, - "@surma/rollup-plugin-off-main-thread": { + "node_modules/@surma/rollup-plugin-off-main-thread": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/@surma/rollup-plugin-off-main-thread/-/rollup-plugin-off-main-thread-2.2.3.tgz", "integrity": "sha512-lR8q/9W7hZpMWweNiAKU7NQerBnzQQLvi8qnTDU/fxItPhtZVMbPV3lbCwjhIlNBe9Bbr5V+KHshvWmVSG9cxQ==", - "requires": { + "dependencies": { "ejs": "^3.1.6", "json5": "^2.2.0", "magic-string": "^0.25.0", "string.prototype.matchall": "^4.0.6" } }, - "@svgr/babel-plugin-add-jsx-attribute": { + "node_modules/@svgr/babel-plugin-add-jsx-attribute": { "version": "5.4.0", "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-5.4.0.tgz", - "integrity": "sha512-ZFf2gs/8/6B8PnSofI0inYXr2SDNTDScPXhN7k5EqD4aZ3gi6u+rbmZHVB8IM3wDyx8ntKACZbtXSm7oZGRqVg==" + "integrity": "sha512-ZFf2gs/8/6B8PnSofI0inYXr2SDNTDScPXhN7k5EqD4aZ3gi6u+rbmZHVB8IM3wDyx8ntKACZbtXSm7oZGRqVg==", + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } }, - "@svgr/babel-plugin-remove-jsx-attribute": { + "node_modules/@svgr/babel-plugin-remove-jsx-attribute": { "version": "5.4.0", "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-attribute/-/babel-plugin-remove-jsx-attribute-5.4.0.tgz", - "integrity": "sha512-yaS4o2PgUtwLFGTKbsiAy6D0o3ugcUhWK0Z45umJ66EPWunAz9fuFw2gJuje6wqQvQWOTJvIahUwndOXb7QCPg==" + "integrity": "sha512-yaS4o2PgUtwLFGTKbsiAy6D0o3ugcUhWK0Z45umJ66EPWunAz9fuFw2gJuje6wqQvQWOTJvIahUwndOXb7QCPg==", + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } }, - "@svgr/babel-plugin-remove-jsx-empty-expression": { + "node_modules/@svgr/babel-plugin-remove-jsx-empty-expression": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-empty-expression/-/babel-plugin-remove-jsx-empty-expression-5.0.1.tgz", - "integrity": "sha512-LA72+88A11ND/yFIMzyuLRSMJ+tRKeYKeQ+mR3DcAZ5I4h5CPWN9AHyUzJbWSYp/u2u0xhmgOe0+E41+GjEueA==" + "integrity": "sha512-LA72+88A11ND/yFIMzyuLRSMJ+tRKeYKeQ+mR3DcAZ5I4h5CPWN9AHyUzJbWSYp/u2u0xhmgOe0+E41+GjEueA==", + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } }, - "@svgr/babel-plugin-replace-jsx-attribute-value": { + "node_modules/@svgr/babel-plugin-replace-jsx-attribute-value": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-replace-jsx-attribute-value/-/babel-plugin-replace-jsx-attribute-value-5.0.1.tgz", - "integrity": "sha512-PoiE6ZD2Eiy5mK+fjHqwGOS+IXX0wq/YDtNyIgOrc6ejFnxN4b13pRpiIPbtPwHEc+NT2KCjteAcq33/F1Y9KQ==" + "integrity": "sha512-PoiE6ZD2Eiy5mK+fjHqwGOS+IXX0wq/YDtNyIgOrc6ejFnxN4b13pRpiIPbtPwHEc+NT2KCjteAcq33/F1Y9KQ==", + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } }, - "@svgr/babel-plugin-svg-dynamic-title": { + "node_modules/@svgr/babel-plugin-svg-dynamic-title": { "version": "5.4.0", "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-svg-dynamic-title/-/babel-plugin-svg-dynamic-title-5.4.0.tgz", - "integrity": "sha512-zSOZH8PdZOpuG1ZVx/cLVePB2ibo3WPpqo7gFIjLV9a0QsuQAzJiwwqmuEdTaW2pegyBE17Uu15mOgOcgabQZg==" + "integrity": "sha512-zSOZH8PdZOpuG1ZVx/cLVePB2ibo3WPpqo7gFIjLV9a0QsuQAzJiwwqmuEdTaW2pegyBE17Uu15mOgOcgabQZg==", + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } }, - "@svgr/babel-plugin-svg-em-dimensions": { + "node_modules/@svgr/babel-plugin-svg-em-dimensions": { "version": "5.4.0", "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-svg-em-dimensions/-/babel-plugin-svg-em-dimensions-5.4.0.tgz", - "integrity": "sha512-cPzDbDA5oT/sPXDCUYoVXEmm3VIoAWAPT6mSPTJNbQaBNUuEKVKyGH93oDY4e42PYHRW67N5alJx/eEol20abw==" + "integrity": "sha512-cPzDbDA5oT/sPXDCUYoVXEmm3VIoAWAPT6mSPTJNbQaBNUuEKVKyGH93oDY4e42PYHRW67N5alJx/eEol20abw==", + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } }, - "@svgr/babel-plugin-transform-react-native-svg": { + "node_modules/@svgr/babel-plugin-transform-react-native-svg": { "version": "5.4.0", "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-transform-react-native-svg/-/babel-plugin-transform-react-native-svg-5.4.0.tgz", - "integrity": "sha512-3eYP/SaopZ41GHwXma7Rmxcv9uRslRDTY1estspeB1w1ueZWd/tPlMfEOoccYpEMZU3jD4OU7YitnXcF5hLW2Q==" + "integrity": "sha512-3eYP/SaopZ41GHwXma7Rmxcv9uRslRDTY1estspeB1w1ueZWd/tPlMfEOoccYpEMZU3jD4OU7YitnXcF5hLW2Q==", + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } }, - "@svgr/babel-plugin-transform-svg-component": { + "node_modules/@svgr/babel-plugin-transform-svg-component": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-transform-svg-component/-/babel-plugin-transform-svg-component-5.5.0.tgz", - "integrity": "sha512-q4jSH1UUvbrsOtlo/tKcgSeiCHRSBdXoIoqX1pgcKK/aU3JD27wmMKwGtpB8qRYUYoyXvfGxUVKchLuR5pB3rQ==" + "integrity": "sha512-q4jSH1UUvbrsOtlo/tKcgSeiCHRSBdXoIoqX1pgcKK/aU3JD27wmMKwGtpB8qRYUYoyXvfGxUVKchLuR5pB3rQ==", + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } }, - "@svgr/babel-preset": { + "node_modules/@svgr/babel-preset": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/@svgr/babel-preset/-/babel-preset-5.5.0.tgz", "integrity": "sha512-4FiXBjvQ+z2j7yASeGPEi8VD/5rrGQk4Xrq3EdJmoZgz/tpqChpo5hgXDvmEauwtvOc52q8ghhZK4Oy7qph4ig==", - "requires": { + "dependencies": { "@svgr/babel-plugin-add-jsx-attribute": "^5.4.0", "@svgr/babel-plugin-remove-jsx-attribute": "^5.4.0", "@svgr/babel-plugin-remove-jsx-empty-expression": "^5.0.1", @@ -2670,52 +4158,87 @@ "@svgr/babel-plugin-svg-em-dimensions": "^5.4.0", "@svgr/babel-plugin-transform-react-native-svg": "^5.4.0", "@svgr/babel-plugin-transform-svg-component": "^5.5.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" } }, - "@svgr/core": { + "node_modules/@svgr/core": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/@svgr/core/-/core-5.5.0.tgz", "integrity": "sha512-q52VOcsJPvV3jO1wkPtzTuKlvX7Y3xIcWRpCMtBF3MrteZJtBfQw/+u0B1BHy5ColpQc1/YVTrPEtSYIMNZlrQ==", - "requires": { + "dependencies": { "@svgr/plugin-jsx": "^5.5.0", "camelcase": "^6.2.0", "cosmiconfig": "^7.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" } }, - "@svgr/hast-util-to-babel-ast": { + "node_modules/@svgr/hast-util-to-babel-ast": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/@svgr/hast-util-to-babel-ast/-/hast-util-to-babel-ast-5.5.0.tgz", "integrity": "sha512-cAaR/CAiZRB8GP32N+1jocovUtvlj0+e65TB50/6Lcime+EA49m/8l+P2ko+XPJ4dw3xaPS3jOL4F2X4KWxoeQ==", - "requires": { + "dependencies": { "@babel/types": "^7.12.6" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" } }, - "@svgr/plugin-jsx": { + "node_modules/@svgr/plugin-jsx": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/@svgr/plugin-jsx/-/plugin-jsx-5.5.0.tgz", "integrity": "sha512-V/wVh33j12hGh05IDg8GpIUXbjAPnTdPTKuP4VNLggnwaHMPNQNae2pRnyTAILWCQdz5GyMqtO488g7CKM8CBA==", - "requires": { + "dependencies": { "@babel/core": "^7.12.3", "@svgr/babel-preset": "^5.5.0", "@svgr/hast-util-to-babel-ast": "^5.5.0", "svg-parser": "^2.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" } }, - "@svgr/plugin-svgo": { + "node_modules/@svgr/plugin-svgo": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/@svgr/plugin-svgo/-/plugin-svgo-5.5.0.tgz", "integrity": "sha512-r5swKk46GuQl4RrVejVwpeeJaydoxkdwkM1mBKOgJLBUJPGaLci6ylg/IjhrRsREKDkr4kbMWdgOtbXEh0fyLQ==", - "requires": { + "dependencies": { "cosmiconfig": "^7.0.0", "deepmerge": "^4.2.2", "svgo": "^1.2.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" } }, - "@svgr/webpack": { + "node_modules/@svgr/webpack": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/@svgr/webpack/-/webpack-5.5.0.tgz", "integrity": "sha512-DOBOK255wfQxguUta2INKkzPj6AIS6iafZYiYmHn6W3pHlycSRRlvWKCfLDG10fXfLWqE3DJHgRUOyJYmARa7g==", - "requires": { + "dependencies": { "@babel/core": "^7.12.3", "@babel/plugin-transform-react-constant-elements": "^7.12.1", "@babel/preset-env": "^7.12.1", @@ -2724,21 +4247,31 @@ "@svgr/plugin-jsx": "^5.5.0", "@svgr/plugin-svgo": "^5.5.0", "loader-utils": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" } }, - "@szmarczak/http-timer": { - "version": "4.0.5", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/@szmarczak/http-timer/-/http-timer-4.0.5.tgz", - "integrity": "sha1-v71QIR6d+lG6B9pYoUzf0zMgUVI=", - "requires": { + "node_modules/@szmarczak/http-timer": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.6.tgz", + "integrity": "sha512-4BAffykYOgO+5nzBWYwE3W90sBgLJoUPRWWcL8wlyiM8IB8ipJz3UMJ9KXQd1RKQXpKp8Tutn80HZtWsu2u76w==", + "dependencies": { "defer-to-connect": "^2.0.0" + }, + "engines": { + "node": ">=10" } }, - "@testing-library/dom": { + "node_modules/@testing-library/dom": { "version": "7.31.2", "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-7.31.2.tgz", "integrity": "sha512-3UqjCpey6HiTZT92vODYLPxTBWlM8ZOOjr3LX5F37/VRipW2M1kX6I/Cm4VXzteZqfGfagg8yXywpcOgQBlNsQ==", - "requires": { + "dependencies": { "@babel/code-frame": "^7.10.4", "@babel/runtime": "^7.12.5", "@types/aria-query": "^4.2.0", @@ -2748,32 +4281,42 @@ "lz-string": "^1.4.4", "pretty-format": "^26.6.2" }, + "engines": { + "node": ">=10" + } + }, + "node_modules/@testing-library/dom/node_modules/aria-query": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-4.2.2.tgz", + "integrity": "sha512-o/HelwhuKpTj/frsOsbNLNgnNGVIFsVP/SW2BSF14gVl7kAfMOJ6/8wUAUvG1R1NHKrfG+2sHZTu0yauT1qBrA==", "dependencies": { - "aria-query": { - "version": "4.2.2", - "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-4.2.2.tgz", - "integrity": "sha512-o/HelwhuKpTj/frsOsbNLNgnNGVIFsVP/SW2BSF14gVl7kAfMOJ6/8wUAUvG1R1NHKrfG+2sHZTu0yauT1qBrA==", - "requires": { - "@babel/runtime": "^7.10.2", - "@babel/runtime-corejs3": "^7.10.2" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@babel/runtime": "^7.10.2", + "@babel/runtime-corejs3": "^7.10.2" + }, + "engines": { + "node": ">=6.0" } }, - "@testing-library/jest-dom": { + "node_modules/@testing-library/dom/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@testing-library/jest-dom": { "version": "5.17.0", "resolved": "https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-5.17.0.tgz", "integrity": "sha512-ynmNeT7asXyH3aSVv4vvX4Rb+0qjOhdNHnO/3vuZNqPmhDpV/+rCSGwQ7bLcmU2cJ4dvoheIO85LQj0IbJHEtg==", - "requires": { + "dependencies": { "@adobe/css-tools": "^4.0.1", "@babel/runtime": "^7.9.2", "@types/testing-library__jest-dom": "^5.9.1", @@ -2783,78 +4326,119 @@ "dom-accessibility-api": "^0.5.6", "lodash": "^4.17.15", "redent": "^3.0.0" + }, + "engines": { + "node": ">=8", + "npm": ">=6", + "yarn": ">=1" } }, - "@testing-library/react": { + "node_modules/@testing-library/react": { "version": "11.2.7", "resolved": "https://registry.npmjs.org/@testing-library/react/-/react-11.2.7.tgz", "integrity": "sha512-tzRNp7pzd5QmbtXNG/mhdcl7Awfu/Iz1RaVHY75zTdOkmHCuzMhRL83gWHSgOAcjS3CCbyfwUHMZgRJb4kAfpA==", - "requires": { + "dependencies": { "@babel/runtime": "^7.12.5", "@testing-library/dom": "^7.28.1" + }, + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "react": "*", + "react-dom": "*" } }, - "@testing-library/react-hooks": { + "node_modules/@testing-library/react-hooks": { "version": "7.0.2", "resolved": "https://registry.npmjs.org/@testing-library/react-hooks/-/react-hooks-7.0.2.tgz", "integrity": "sha512-dYxpz8u9m4q1TuzfcUApqi8iFfR6R0FaMbr2hjZJy1uC8z+bO/K4v8Gs9eogGKYQop7QsrBTFkv/BCF7MzD2Cg==", "dev": true, - "requires": { + "dependencies": { "@babel/runtime": "^7.12.5", "@types/react": ">=16.9.0", "@types/react-dom": ">=16.9.0", "@types/react-test-renderer": ">=16.9.0", "react-error-boundary": "^3.1.0" + }, + "engines": { + "node": ">=12" + }, + "peerDependencies": { + "react": ">=16.9.0", + "react-dom": ">=16.9.0", + "react-test-renderer": ">=16.9.0" + }, + "peerDependenciesMeta": { + "react-dom": { + "optional": true + }, + "react-test-renderer": { + "optional": true + } } }, - "@testing-library/user-event": { + "node_modules/@testing-library/user-event": { "version": "12.8.3", "resolved": "https://registry.npmjs.org/@testing-library/user-event/-/user-event-12.8.3.tgz", "integrity": "sha512-IR0iWbFkgd56Bu5ZI/ej8yQwrkCv8Qydx6RzwbKz9faXazR/+5tvYKsZQgyXJiwgpcva127YO6JcWy7YlCfofQ==", - "requires": { + "dependencies": { "@babel/runtime": "^7.12.5" + }, + "engines": { + "node": ">=10", + "npm": ">=6" + }, + "peerDependencies": { + "@testing-library/dom": ">=7.21.4" } }, - "@tootallnate/once": { + "node_modules/@tootallnate/once": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz", - "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==" + "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==", + "engines": { + "node": ">= 6" + } }, - "@trysound/sax": { + "node_modules/@trysound/sax": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz", - "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==" + "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==", + "engines": { + "node": ">=10.13.0" + } }, - "@tsconfig/node10": { + "node_modules/@tsconfig/node10": { "version": "1.0.9", "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.9.tgz", "integrity": "sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA==" }, - "@tsconfig/node12": { + "node_modules/@tsconfig/node12": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==" }, - "@tsconfig/node14": { + "node_modules/@tsconfig/node14": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==" }, - "@tsconfig/node16": { + "node_modules/@tsconfig/node16": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==" }, - "@types/aria-query": { + "node_modules/@types/aria-query": { "version": "4.2.2", "resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-4.2.2.tgz", "integrity": "sha512-HnYpAE1Y6kRyKM/XkEuiRQhTHvkzMBurTHnpFLYLBGPIylZNPs9jJcuOOYWxPLJCSEtmZT0Y8rHDokKN7rRTig==" }, - "@types/babel__core": { + "node_modules/@types/babel__core": { "version": "7.20.2", "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.2.tgz", "integrity": "sha512-pNpr1T1xLUc2l3xJKuPtsEky3ybxN3m4fJkknfIpTCTfIZCDW57oAg+EfCgIIp2rvCe0Wn++/FfodDS4YXxBwA==", - "requires": { + "dependencies": { "@babel/parser": "^7.20.7", "@babel/types": "^7.20.7", "@types/babel__generator": "*", @@ -2862,448 +4446,446 @@ "@types/babel__traverse": "*" } }, - "@types/babel__generator": { + "node_modules/@types/babel__generator": { "version": "7.6.5", "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.5.tgz", "integrity": "sha512-h9yIuWbJKdOPLJTbmSpPzkF67e659PbQDba7ifWm5BJ8xTv+sDmS7rFmywkWOvXedGTivCdeGSIIX8WLcRTz8w==", - "requires": { + "dependencies": { "@babel/types": "^7.0.0" } }, - "@types/babel__template": { + "node_modules/@types/babel__template": { "version": "7.4.2", "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.2.tgz", "integrity": "sha512-/AVzPICMhMOMYoSx9MoKpGDKdBRsIXMNByh1PXSZoa+v6ZoLa8xxtsT/uLQ/NJm0XVAWl/BvId4MlDeXJaeIZQ==", - "requires": { + "dependencies": { "@babel/parser": "^7.1.0", "@babel/types": "^7.0.0" } }, - "@types/babel__traverse": { + "node_modules/@types/babel__traverse": { "version": "7.20.2", "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.2.tgz", "integrity": "sha512-ojlGK1Hsfce93J0+kn3H5R73elidKUaZonirN33GSmgTUMpzI/MIFfSpF3haANe3G1bEBS9/9/QEqwTzwqFsKw==", - "requires": { + "dependencies": { "@babel/types": "^7.20.7" } }, - "@types/body-parser": { + "node_modules/@types/body-parser": { "version": "1.19.3", "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.3.tgz", "integrity": "sha512-oyl4jvAfTGX9Bt6Or4H9ni1Z447/tQuxnZsytsCaExKlmJiU8sFgnIBRzJUpKwB5eWn9HuBYlUlVA74q/yN0eQ==", - "requires": { + "dependencies": { "@types/connect": "*", "@types/node": "*" } }, - "@types/bonjour": { + "node_modules/@types/bonjour": { "version": "3.5.11", "resolved": "https://registry.npmjs.org/@types/bonjour/-/bonjour-3.5.11.tgz", "integrity": "sha512-isGhjmBtLIxdHBDl2xGwUzEM8AOyOvWsADWq7rqirdi/ZQoHnLWErHvsThcEzTX8juDRiZtzp2Qkv5bgNh6mAg==", - "requires": { + "dependencies": { "@types/node": "*" } }, - "@types/cacheable-request": { - "version": "6.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/@types/cacheable-request/-/cacheable-request-6.0.1.tgz", - "integrity": "sha1-XSLz3e0f06hMC761A5p0GcLJGXY=", - "requires": { + "node_modules/@types/cacheable-request": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.3.tgz", + "integrity": "sha512-IQ3EbTzGxIigb1I3qPZc1rWJnH0BmSKv5QYTalEwweFvyBDLSAe24zP0le/hyi7ecGfZVlIVAg4BZqb8WBwKqw==", + "dependencies": { "@types/http-cache-semantics": "*", - "@types/keyv": "*", + "@types/keyv": "^3.1.4", "@types/node": "*", - "@types/responselike": "*" + "@types/responselike": "^1.0.0" } }, - "@types/connect": { + "node_modules/@types/connect": { "version": "3.4.36", "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.36.tgz", "integrity": "sha512-P63Zd/JUGq+PdrM1lv0Wv5SBYeA2+CORvbrXbngriYY0jzLUWfQMQQxOhjONEz/wlHOAxOdY7CY65rgQdTjq2w==", - "requires": { + "dependencies": { "@types/node": "*" } }, - "@types/connect-history-api-fallback": { + "node_modules/@types/connect-history-api-fallback": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.1.tgz", "integrity": "sha512-iaQslNbARe8fctL5Lk+DsmgWOM83lM+7FzP0eQUJs1jd3kBE8NWqBTIT2S8SqQOJjxvt2eyIjpOuYeRXq2AdMw==", - "requires": { + "dependencies": { "@types/express-serve-static-core": "*", "@types/node": "*" } }, - "@types/eslint": { + "node_modules/@types/eslint": { "version": "8.44.4", "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.44.4.tgz", "integrity": "sha512-lOzjyfY/D9QR4hY9oblZ76B90MYTB3RrQ4z2vBIJKj9ROCRqdkYl2gSUx1x1a4IWPjKJZLL4Aw1Zfay7eMnmnA==", - "requires": { + "dependencies": { "@types/estree": "*", "@types/json-schema": "*" } }, - "@types/eslint-scope": { + "node_modules/@types/eslint-scope": { "version": "3.7.5", "resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.5.tgz", "integrity": "sha512-JNvhIEyxVW6EoMIFIvj93ZOywYFatlpu9deeH6eSx6PE3WHYvHaQtmHmQeNw7aA81bYGBPPQqdtBm6b1SsQMmA==", - "requires": { + "dependencies": { "@types/eslint": "*", "@types/estree": "*" } }, - "@types/estree": { + "node_modules/@types/estree": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.2.tgz", "integrity": "sha512-VeiPZ9MMwXjO32/Xu7+OwflfmeoRwkE/qzndw42gGtgJwZopBnzy2gD//NN1+go1mADzkDcqf/KnFRSjTJ8xJA==" }, - "@types/express": { + "node_modules/@types/express": { "version": "4.17.19", "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.19.tgz", "integrity": "sha512-UtOfBtzN9OvpZPPbnnYunfjM7XCI4jyk1NvnFhTVz5krYAnW4o5DCoIekvms+8ApqhB4+9wSge1kBijdfTSmfg==", - "requires": { + "dependencies": { "@types/body-parser": "*", "@types/express-serve-static-core": "^4.17.33", "@types/qs": "*", "@types/serve-static": "*" } }, - "@types/express-serve-static-core": { + "node_modules/@types/express-serve-static-core": { "version": "4.17.37", "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.37.tgz", "integrity": "sha512-ZohaCYTgGFcOP7u6aJOhY9uIZQgZ2vxC2yWoArY+FeDXlqeH66ZVBjgvg+RLVAS/DWNq4Ap9ZXu1+SUQiiWYMg==", - "requires": { + "dependencies": { "@types/node": "*", "@types/qs": "*", "@types/range-parser": "*", "@types/send": "*" } }, - "@types/graceful-fs": { + "node_modules/@types/graceful-fs": { "version": "4.1.7", "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.7.tgz", "integrity": "sha512-MhzcwU8aUygZroVwL2jeYk6JisJrPl/oov/gsgGCue9mkgl9wjGbzReYQClxiUgFDnib9FuHqTndccKeZKxTRw==", - "requires": { + "dependencies": { "@types/node": "*" } }, - "@types/history": { + "node_modules/@types/history": { "version": "4.7.11", "resolved": "https://registry.npmjs.org/@types/history/-/history-4.7.11.tgz", "integrity": "sha512-qjDJRrmvBMiTx+jyLxvLfJU7UznFuokDv4f3WRuriHKERccVpFU+8XMQUAbDzoiJCsmexxRExQeMwwCdamSKDA==", "dev": true }, - "@types/html-minifier-terser": { + "node_modules/@types/html-minifier-terser": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/@types/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz", "integrity": "sha512-oh/6byDPnL1zeNXFrDXFLyZjkr1MsBG667IM792caf1L2UPOOMf65NFzjUH/ltyfwjAGfs1rsX1eftK0jC/KIg==" }, - "@types/http-cache-semantics": { - "version": "4.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/@types/http-cache-semantics/-/http-cache-semantics-4.0.0.tgz", - "integrity": "sha1-kUB3lzaqJlVjXudW4kZ9eHz+iio=" + "node_modules/@types/http-cache-semantics": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "integrity": "sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA==" }, - "@types/http-errors": { + "node_modules/@types/http-errors": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.2.tgz", "integrity": "sha512-lPG6KlZs88gef6aD85z3HNkztpj7w2R7HmR3gygjfXCQmsLloWNARFkMuzKiiY8FGdh1XDpgBdrSf4aKDiA7Kg==" }, - "@types/http-proxy": { + "node_modules/@types/http-proxy": { "version": "1.17.12", "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.12.tgz", "integrity": "sha512-kQtujO08dVtQ2wXAuSFfk9ASy3sug4+ogFR8Kd8UgP8PEuc1/G/8yjYRmp//PcDNJEUKOza/MrQu15bouEUCiw==", - "requires": { + "dependencies": { "@types/node": "*" } }, - "@types/istanbul-lib-coverage": { + "node_modules/@types/istanbul-lib-coverage": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz", "integrity": "sha512-z/QT1XN4K4KYuslS23k62yDIDLwLFkzxOuMplDtObz0+y7VqJCaO2o+SPwHCvLFZh7xazvvoor2tA/hPz9ee7g==" }, - "@types/istanbul-lib-report": { + "node_modules/@types/istanbul-lib-report": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", "integrity": "sha512-gPQuzaPR5h/djlAv2apEG1HVOyj1IUs7GpfMZixU0/0KXT3pm64ylHuMUI1/Akh+sq/iikxg6Z2j+fcMDXaaTQ==", - "requires": { + "dependencies": { "@types/istanbul-lib-coverage": "*" } }, - "@types/istanbul-reports": { + "node_modules/@types/istanbul-reports": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.2.tgz", "integrity": "sha512-kv43F9eb3Lhj+lr/Hn6OcLCs/sSM8bt+fIaP11rCYngfV6NVjzWXJ17owQtDQTL9tQ8WSLUrGsSJ6rJz0F1w1A==", - "requires": { + "dependencies": { "@types/istanbul-lib-report": "*" } }, - "@types/jest": { + "node_modules/@types/jest": { "version": "26.0.24", "resolved": "https://registry.npmjs.org/@types/jest/-/jest-26.0.24.tgz", "integrity": "sha512-E/X5Vib8BWqZNRlDxj9vYXhsDwPYbPINqKF9BsnSoon4RQ0D9moEuLD8txgyypFLH7J4+Lho9Nr/c8H0Fi+17w==", - "requires": { + "dependencies": { "jest-diff": "^26.0.0", "pretty-format": "^26.0.0" } }, - "@types/json-schema": { + "node_modules/@types/json-schema": { "version": "7.0.13", "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.13.tgz", "integrity": "sha512-RbSSoHliUbnXj3ny0CNFOoxrIDV6SUGyStHsvDqosw6CkdPV8TtWGlfecuK4ToyMEAql6pzNxgCFKanovUzlgQ==" }, - "@types/json5": { + "node_modules/@types/json5": { "version": "0.0.29", "resolved": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", "integrity": "sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ==" }, - "@types/keyv": { - "version": "3.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/@types/keyv/-/keyv-3.1.1.tgz", - "integrity": "sha1-5FpFMk/KnatxarEjDuJJyftSz6c=", - "requires": { + "node_modules/@types/keyv": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.4.tgz", + "integrity": "sha512-BQ5aZNSCpj7D6K2ksrRCTmKRLEpnPvWDiLPfoGyhZ++8YtiK9d/3DBKPJgry359X/P1PfruyYwvnvwFjuEiEIg==", + "dependencies": { "@types/node": "*" } }, - "@types/lunr": { + "node_modules/@types/lunr": { "version": "2.3.5", "resolved": "https://registry.npmjs.org/@types/lunr/-/lunr-2.3.5.tgz", "integrity": "sha512-C4xYh7A4FRKg70AWJCe27oJYVPhUlEY5MQ4dKbRR7G6Xsb2HiqO672yWHRvWxl8/h7IuISvwDjv88ECHUEsV2A==", "dev": true }, - "@types/mime": { + "node_modules/@types/mime": { "version": "1.3.3", "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.3.tgz", "integrity": "sha512-Ys+/St+2VF4+xuY6+kDIXGxbNRO0mesVg0bbxEfB97Od1Vjpjx9KD1qxs64Gcb3CWPirk9Xe+PT4YiiHQ9T+eg==" }, - "@types/node": { + "node_modules/@types/node": { "version": "12.20.55", "resolved": "https://registry.npmjs.org/@types/node/-/node-12.20.55.tgz", "integrity": "sha512-J8xLz7q2OFulZ2cyGTLE1TbbZcjpno7FaN6zdJNrgAdrJ+DZzh/uFR6YrTb4C+nXakvud8Q4+rbhoIWlYQbUFQ==" }, - "@types/nodegit": { + "node_modules/@types/nodegit": { "version": "0.27.10", "resolved": "https://registry.npmjs.org/@types/nodegit/-/nodegit-0.27.10.tgz", "integrity": "sha512-BCqbmp9iwOcCKRQui7GYMAHsD3DlPdAmzyNvX6hsoBSGMqgkOmrak2sF7gWrOoisH460MPFHaLEgQwuAYQqe2g==", "dev": true, - "requires": { + "dependencies": { "@types/node": "*" } }, - "@types/parse-json": { + "node_modules/@types/parse-json": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.0.tgz", "integrity": "sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA==" }, - "@types/prettier": { + "node_modules/@types/prettier": { "version": "2.7.3", "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", "integrity": "sha512-+68kP9yzs4LMp7VNh8gdzMSPZFL44MLGqiHWvttYJe+6qnuVr4Ek9wSBQoveqY/r+LwjCcU29kNVkidwim+kYA==" }, - "@types/prop-types": { + "node_modules/@types/prop-types": { "version": "15.7.8", "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.8.tgz", "integrity": "sha512-kMpQpfZKSCBqltAJwskgePRaYRFukDkm1oItcAbC3gNELR20XIBcN9VRgg4+m8DKsTfkWeA4m4Imp4DDuWy7FQ==" }, - "@types/q": { + "node_modules/@types/q": { "version": "1.5.6", "resolved": "https://registry.npmjs.org/@types/q/-/q-1.5.6.tgz", "integrity": "sha512-IKjZ8RjTSwD4/YG+2gtj7BPFRB/lNbWKTiSj3M7U/TD2B7HfYCxvp2Zz6xA2WIY7pAuL1QOUPw8gQRbUrrq4fQ==" }, - "@types/qs": { + "node_modules/@types/qs": { "version": "6.9.8", "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.8.tgz", "integrity": "sha512-u95svzDlTysU5xecFNTgfFG5RUWu1A9P0VzgpcIiGZA9iraHOdSzcxMxQ55DyeRaGCSxQi7LxXDI4rzq/MYfdg==" }, - "@types/range-parser": { + "node_modules/@types/range-parser": { "version": "1.2.5", "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.5.tgz", "integrity": "sha512-xrO9OoVPqFuYyR/loIHjnbvvyRZREYKLjxV4+dY6v3FQR3stQ9ZxIGkaclF7YhI9hfjpuTbu14hZEy94qKLtOA==" }, - "@types/react": { + "node_modules/@types/react": { "version": "16.14.49", "resolved": "https://registry.npmjs.org/@types/react/-/react-16.14.49.tgz", "integrity": "sha512-WHKMS4fIlDpeLVKCGDs5k1MTCyqh1tyFhGqouSFgpPsCsWNDTtiMpTYUcJnHg66kp03ubqb4BFjd5+7gS3MyHw==", - "requires": { + "dependencies": { "@types/prop-types": "*", "@types/scheduler": "*", "csstype": "^3.0.2" - }, - "dependencies": { - "csstype": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", - "integrity": "sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==" - } } }, - "@types/react-dom": { + "node_modules/@types/react-dom": { "version": "16.9.20", "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-16.9.20.tgz", "integrity": "sha512-sYJBek61QO1qeZOnGy79jOaQnQK/sT5CHK0gmwEhMzbhrgpRWoxdEXRaaR96vGfRttWliKG82SVrWbc6WRNwng==", - "requires": { + "dependencies": { "@types/react": "^16" } }, - "@types/react-highlight": { + "node_modules/@types/react-highlight": { "version": "0.12.6", "resolved": "https://registry.npmjs.org/@types/react-highlight/-/react-highlight-0.12.6.tgz", "integrity": "sha512-mT09xsLcKhsytXkx7jOIYPl/tJjbajupnG1/ElBMnudDMMUGhqqCt2RIHnK5ycuqGYoOgIIoMVnLInlUk/WQDA==", "dev": true, - "requires": { + "dependencies": { "@types/react": "*" } }, - "@types/react-router": { + "node_modules/@types/react-router": { "version": "5.1.20", "resolved": "https://registry.npmjs.org/@types/react-router/-/react-router-5.1.20.tgz", "integrity": "sha512-jGjmu/ZqS7FjSH6owMcD5qpq19+1RS9DeVRqfl1FeBMxTDQAGwlMWOcs52NDoXaNKyG3d1cYQFMs9rCrb88o9Q==", "dev": true, - "requires": { + "dependencies": { "@types/history": "^4.7.11", "@types/react": "*" } }, - "@types/react-router-dom": { + "node_modules/@types/react-router-dom": { "version": "5.3.3", "resolved": "https://registry.npmjs.org/@types/react-router-dom/-/react-router-dom-5.3.3.tgz", "integrity": "sha512-kpqnYK4wcdm5UaWI3fLcELopqLrHgLqNsdpHauzlQktfkHL3npOSwtj1Uz9oKBAzs7lFtVkV8j83voAz2D8fhw==", "dev": true, - "requires": { + "dependencies": { "@types/history": "^4.7.11", "@types/react": "*", "@types/react-router": "*" } }, - "@types/react-test-renderer": { + "node_modules/@types/react-test-renderer": { "version": "17.0.1", "resolved": "https://registry.npmjs.org/@types/react-test-renderer/-/react-test-renderer-17.0.1.tgz", "integrity": "sha512-3Fi2O6Zzq/f3QR9dRnlnHso9bMl7weKCviFmfF6B4LS1Uat6Hkm15k0ZAQuDz+UBq6B3+g+NM6IT2nr5QgPzCw==", "dev": true, - "requires": { + "dependencies": { "@types/react": "*" } }, - "@types/react-transition-group": { + "node_modules/@types/react-transition-group": { "version": "4.4.7", "resolved": "https://registry.npmjs.org/@types/react-transition-group/-/react-transition-group-4.4.7.tgz", "integrity": "sha512-ICCyBl5mvyqYp8Qeq9B5G/fyBSRC0zx3XM3sCC6KkcMsNeAHqXBKkmat4GqdJET5jtYUpZXrxI5flve5qhi2Eg==", - "requires": { + "dependencies": { "@types/react": "*" } }, - "@types/resolve": { + "node_modules/@types/react/node_modules/csstype": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", + "integrity": "sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==" + }, + "node_modules/@types/resolve": { "version": "1.17.1", "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.17.1.tgz", "integrity": "sha512-yy7HuzQhj0dhGpD8RLXSZWEkLsV9ibvxvi6EiJ3bkqLAO1RGo0WbkWQiwpRlSFymTJRz0d3k5LM3kkx8ArDbLw==", - "requires": { + "dependencies": { "@types/node": "*" } }, - "@types/responselike": { - "version": "1.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/@types/responselike/-/responselike-1.0.0.tgz", - "integrity": "sha1-JR9P59FU0rrRJavhtCmyOv0mLik=", - "requires": { + "node_modules/@types/responselike": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.3.tgz", + "integrity": "sha512-H/+L+UkTV33uf49PH5pCAUBVPNj2nDBXTN+qS1dOwyyg24l3CcicicCA7ca+HMvJBZcFgl5r8e+RR6elsb4Lyw==", + "dependencies": { "@types/node": "*" } }, - "@types/retry": { + "node_modules/@types/retry": { "version": "0.12.0", "resolved": "https://registry.npmjs.org/@types/retry/-/retry-0.12.0.tgz", "integrity": "sha512-wWKOClTTiizcZhXnPY4wikVAwmdYHp8q6DmC+EJUzAMsycb7HB32Kh9RN4+0gExjmPmZSAQjgURXIGATPegAvA==" }, - "@types/scheduler": { + "node_modules/@types/scheduler": { "version": "0.16.4", "resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.4.tgz", "integrity": "sha512-2L9ifAGl7wmXwP4v3pN4p2FLhD0O1qsJpvKmNin5VA8+UvNVb447UDaAEV6UdrkA+m/Xs58U1RFps44x6TFsVQ==" }, - "@types/semver": { + "node_modules/@types/semver": { "version": "7.5.3", "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.3.tgz", "integrity": "sha512-OxepLK9EuNEIPxWNME+C6WwbRAOOI2o2BaQEGzz5Lu2e4Z5eDnEo+/aVEDMIXywoJitJ7xWd641wrGLZdtwRyw==" }, - "@types/send": { + "node_modules/@types/send": { "version": "0.17.2", "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.2.tgz", "integrity": "sha512-aAG6yRf6r0wQ29bkS+x97BIs64ZLxeE/ARwyS6wrldMm3C1MdKwCcnnEwMC1slI8wuxJOpiUH9MioC0A0i+GJw==", - "requires": { + "dependencies": { "@types/mime": "^1", "@types/node": "*" } }, - "@types/serve-index": { + "node_modules/@types/serve-index": { "version": "1.9.2", "resolved": "https://registry.npmjs.org/@types/serve-index/-/serve-index-1.9.2.tgz", "integrity": "sha512-asaEIoc6J+DbBKXtO7p2shWUpKacZOoMBEGBgPG91P8xhO53ohzHWGCs4ScZo5pQMf5ukQzVT9fhX1WzpHihig==", - "requires": { + "dependencies": { "@types/express": "*" } }, - "@types/serve-static": { + "node_modules/@types/serve-static": { "version": "1.15.3", "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.3.tgz", "integrity": "sha512-yVRvFsEMrv7s0lGhzrggJjNOSmZCdgCjw9xWrPr/kNNLp6FaDfMC1KaYl3TSJ0c58bECwNBMoQrZJ8hA8E1eFg==", - "requires": { + "dependencies": { "@types/http-errors": "*", "@types/mime": "*", "@types/node": "*" } }, - "@types/sockjs": { + "node_modules/@types/sockjs": { "version": "0.3.34", "resolved": "https://registry.npmjs.org/@types/sockjs/-/sockjs-0.3.34.tgz", "integrity": "sha512-R+n7qBFnm/6jinlteC9DBL5dGiDGjWAvjo4viUanpnc/dG1y7uDoacXPIQ/PQEg1fI912SMHIa014ZjRpvDw4g==", - "requires": { + "dependencies": { "@types/node": "*" } }, - "@types/stack-utils": { + "node_modules/@types/stack-utils": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.1.tgz", "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==" }, - "@types/testing-library__jest-dom": { + "node_modules/@types/testing-library__jest-dom": { "version": "5.14.9", "resolved": "https://registry.npmjs.org/@types/testing-library__jest-dom/-/testing-library__jest-dom-5.14.9.tgz", "integrity": "sha512-FSYhIjFlfOpGSRyVoMBMuS3ws5ehFQODymf3vlI7U1K8c7PHwWwFY7VREfmsuzHSOnoKs/9/Y983ayOs7eRzqw==", - "requires": { + "dependencies": { "@types/jest": "*" } }, - "@types/triple-beam": { + "node_modules/@types/triple-beam": { "version": "1.3.3", "resolved": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.3.tgz", "integrity": "sha512-6tOUG+nVHn0cJbVp25JFayS5UE6+xlbcNF9Lo9mU7U0zk3zeUShZied4YEQZjy1JBF043FSkdXw8YkUJuVtB5g==" }, - "@types/trusted-types": { + "node_modules/@types/trusted-types": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.4.tgz", "integrity": "sha512-IDaobHimLQhjwsQ/NMwRVfa/yL7L/wriQPMhw1ZJall0KX6E1oxk29XMDeilW5qTIg5aoiqf5Udy8U/51aNoQQ==" }, - "@types/ws": { + "node_modules/@types/ws": { "version": "8.5.7", "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.7.tgz", "integrity": "sha512-6UrLjiDUvn40CMrAubXuIVtj2PEfKDffJS7ychvnPU44j+KVeXmdHHTgqcM/dxLUTHxlXHiFM8Skmb8ozGdTnQ==", - "requires": { + "dependencies": { "@types/node": "*" } }, - "@types/yargs": { + "node_modules/@types/yargs": { "version": "15.0.16", "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-15.0.16.tgz", "integrity": "sha512-2FeD5qezW3FvLpZ0JpfuaEWepgNLl9b2gQYiz/ce0NhoB1W/D+VZu98phITXkADYerfr/jb7JcDcVhITsc9bwg==", - "requires": { + "dependencies": { "@types/yargs-parser": "*" } }, - "@types/yargs-parser": { + "node_modules/@types/yargs-parser": { "version": "21.0.1", "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.1.tgz", "integrity": "sha512-axdPBuLuEJt0c4yI5OZssC19K2Mq1uKdrfZBzuxLvaztgqUtFYZUNw7lETExPYJR9jdEoIg4mb7RQKRQzOkeGQ==" }, - "@typescript-eslint/eslint-plugin": { + "node_modules/@typescript-eslint/eslint-plugin": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.62.0.tgz", "integrity": "sha512-TiZzBSJja/LbhNPvk6yc0JrX9XqhQ0hdh6M2svYfsHGejaKFIAGd9MQ+ERIMzLGlN/kZoYIgdxFV0PuljTKXag==", - "requires": { + "dependencies": { "@eslint-community/regexpp": "^4.4.0", "@typescript-eslint/scope-manager": "5.62.0", "@typescript-eslint/type-utils": "5.62.0", @@ -3314,57 +4896,127 @@ "natural-compare-lite": "^1.4.0", "semver": "^7.3.7", "tsutils": "^3.21.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "@typescript-eslint/parser": "^5.0.0", + "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } } }, - "@typescript-eslint/experimental-utils": { + "node_modules/@typescript-eslint/experimental-utils": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-5.62.0.tgz", "integrity": "sha512-RTXpeB3eMkpoclG3ZHft6vG/Z30azNHuqY6wKPBHlVMZFuEvrtlEDe8gMqDb+SO+9hjC/pLekeSCryf9vMZlCw==", - "requires": { + "dependencies": { "@typescript-eslint/utils": "5.62.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, - "@typescript-eslint/parser": { + "node_modules/@typescript-eslint/parser": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.62.0.tgz", "integrity": "sha512-VlJEV0fOQ7BExOsHYAGrgbEiZoi8D+Bl2+f6V2RrXerRSylnp+ZBHmPvaIa8cz0Ajx7WO7Z5RqfgYg7ED1nRhA==", - "requires": { + "dependencies": { "@typescript-eslint/scope-manager": "5.62.0", "@typescript-eslint/types": "5.62.0", "@typescript-eslint/typescript-estree": "5.62.0", "debug": "^4.3.4" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } } }, - "@typescript-eslint/scope-manager": { + "node_modules/@typescript-eslint/scope-manager": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.62.0.tgz", "integrity": "sha512-VXuvVvZeQCQb5Zgf4HAxc04q5j+WrNAtNh9OwCsCgpKqESMTu3tF/jhZ3xG6T4NZwWl65Bg8KuS2uEvhSfLl0w==", - "requires": { + "dependencies": { "@typescript-eslint/types": "5.62.0", "@typescript-eslint/visitor-keys": "5.62.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" } }, - "@typescript-eslint/type-utils": { + "node_modules/@typescript-eslint/type-utils": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.62.0.tgz", "integrity": "sha512-xsSQreu+VnfbqQpW5vnCJdq1Z3Q0U31qiWmRhr98ONQmcp/yhiPJFPq8MXiJVLiksmOKSjIldZzkebzHuCGzew==", - "requires": { + "dependencies": { "@typescript-eslint/typescript-estree": "5.62.0", "@typescript-eslint/utils": "5.62.0", "debug": "^4.3.4", "tsutils": "^3.21.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "*" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } } }, - "@typescript-eslint/types": { + "node_modules/@typescript-eslint/types": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.62.0.tgz", - "integrity": "sha512-87NVngcbVXUahrRTqIK27gD2t5Cu1yuCXxbLcFtCzZGlfyVWWh8mLHkoxzjsB6DDNnvdL+fW8MiwPEJyGJQDgQ==" + "integrity": "sha512-87NVngcbVXUahrRTqIK27gD2t5Cu1yuCXxbLcFtCzZGlfyVWWh8mLHkoxzjsB6DDNnvdL+fW8MiwPEJyGJQDgQ==", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } }, - "@typescript-eslint/typescript-estree": { + "node_modules/@typescript-eslint/typescript-estree": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.62.0.tgz", "integrity": "sha512-CmcQ6uY7b9y694lKdRB8FEel7JbU/40iSAPomu++SjLMntB+2Leay2LO6i8VnJk58MtE9/nQSFIH6jpyRWyYzA==", - "requires": { + "dependencies": { "@typescript-eslint/types": "5.62.0", "@typescript-eslint/visitor-keys": "5.62.0", "debug": "^4.3.4", @@ -3372,13 +5024,25 @@ "is-glob": "^4.0.3", "semver": "^7.3.7", "tsutils": "^3.21.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } } }, - "@typescript-eslint/utils": { + "node_modules/@typescript-eslint/utils": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.62.0.tgz", "integrity": "sha512-n8oxjeb5aIbPFEtmQxQYOLI0i9n5ySBEY/ZEHHZqKQSFnxio1rv6dthascc9dLuwrL0RC5mPCxB7vnAVGAYWAQ==", - "requires": { + "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@types/json-schema": "^7.0.9", "@types/semver": "^7.3.12", @@ -3388,103 +5052,121 @@ "eslint-scope": "^5.1.1", "semver": "^7.3.7" }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/eslint-scope": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", "dependencies": { - "eslint-scope": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", - "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", - "requires": { - "esrecurse": "^4.3.0", - "estraverse": "^4.1.1" - } - } + "esrecurse": "^4.3.0", + "estraverse": "^4.1.1" + }, + "engines": { + "node": ">=8.0.0" } }, - "@typescript-eslint/visitor-keys": { + "node_modules/@typescript-eslint/visitor-keys": { "version": "5.62.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.62.0.tgz", "integrity": "sha512-07ny+LHRzQXepkGg6w0mFY41fVUNBrL2Roj/++7V1txKugfjm/Ci/qSND03r2RhlJhJYMcTn9AhhSSqQp0Ysyw==", - "requires": { + "dependencies": { "@typescript-eslint/types": "5.62.0", "eslint-visitor-keys": "^3.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" } }, - "@webassemblyjs/ast": { + "node_modules/@webassemblyjs/ast": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.6.tgz", "integrity": "sha512-IN1xI7PwOvLPgjcf180gC1bqn3q/QaOCwYUahIOhbYUu8KA/3tw2RT/T0Gidi1l7Hhj5D/INhJxiICObqpMu4Q==", - "requires": { + "dependencies": { "@webassemblyjs/helper-numbers": "1.11.6", "@webassemblyjs/helper-wasm-bytecode": "1.11.6" } }, - "@webassemblyjs/floating-point-hex-parser": { + "node_modules/@webassemblyjs/floating-point-hex-parser": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz", "integrity": "sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw==" }, - "@webassemblyjs/helper-api-error": { + "node_modules/@webassemblyjs/helper-api-error": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz", "integrity": "sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q==" }, - "@webassemblyjs/helper-buffer": { + "node_modules/@webassemblyjs/helper-buffer": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.6.tgz", "integrity": "sha512-z3nFzdcp1mb8nEOFFk8DrYLpHvhKC3grJD2ardfKOzmbmJvEf/tPIqCY+sNcwZIY8ZD7IkB2l7/pqhUhqm7hLA==" }, - "@webassemblyjs/helper-numbers": { + "node_modules/@webassemblyjs/helper-numbers": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz", "integrity": "sha512-vUIhZ8LZoIWHBohiEObxVm6hwP034jwmc9kuq5GdHZH0wiLVLIPcMCdpJzG4C11cHoQ25TFIQj9kaVADVX7N3g==", - "requires": { + "dependencies": { "@webassemblyjs/floating-point-hex-parser": "1.11.6", "@webassemblyjs/helper-api-error": "1.11.6", "@xtuc/long": "4.2.2" } }, - "@webassemblyjs/helper-wasm-bytecode": { + "node_modules/@webassemblyjs/helper-wasm-bytecode": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz", "integrity": "sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA==" }, - "@webassemblyjs/helper-wasm-section": { + "node_modules/@webassemblyjs/helper-wasm-section": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.6.tgz", "integrity": "sha512-LPpZbSOwTpEC2cgn4hTydySy1Ke+XEu+ETXuoyvuyezHO3Kjdu90KK95Sh9xTbmjrCsUwvWwCOQQNta37VrS9g==", - "requires": { + "dependencies": { "@webassemblyjs/ast": "1.11.6", "@webassemblyjs/helper-buffer": "1.11.6", "@webassemblyjs/helper-wasm-bytecode": "1.11.6", "@webassemblyjs/wasm-gen": "1.11.6" } }, - "@webassemblyjs/ieee754": { + "node_modules/@webassemblyjs/ieee754": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz", "integrity": "sha512-LM4p2csPNvbij6U1f19v6WR56QZ8JcHg3QIJTlSwzFcmx6WSORicYj6I63f9yU1kEUtrpG+kjkiIAkevHpDXrg==", - "requires": { + "dependencies": { "@xtuc/ieee754": "^1.2.0" } }, - "@webassemblyjs/leb128": { + "node_modules/@webassemblyjs/leb128": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.6.tgz", "integrity": "sha512-m7a0FhE67DQXgouf1tbN5XQcdWoNgaAuoULHIfGFIEVKA6tu/edls6XnIlkmS6FrXAquJRPni3ZZKjw6FSPjPQ==", - "requires": { + "dependencies": { "@xtuc/long": "4.2.2" } }, - "@webassemblyjs/utf8": { + "node_modules/@webassemblyjs/utf8": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.6.tgz", "integrity": "sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA==" }, - "@webassemblyjs/wasm-edit": { + "node_modules/@webassemblyjs/wasm-edit": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.6.tgz", "integrity": "sha512-Ybn2I6fnfIGuCR+Faaz7YcvtBKxvoLV3Lebn1tM4o/IAJzmi9AWYIPWpyBfU8cC+JxAO57bk4+zdsTjJR+VTOw==", - "requires": { + "dependencies": { "@webassemblyjs/ast": "1.11.6", "@webassemblyjs/helper-buffer": "1.11.6", "@webassemblyjs/helper-wasm-bytecode": "1.11.6", @@ -3495,11 +5177,11 @@ "@webassemblyjs/wast-printer": "1.11.6" } }, - "@webassemblyjs/wasm-gen": { + "node_modules/@webassemblyjs/wasm-gen": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.6.tgz", "integrity": "sha512-3XOqkZP/y6B4F0PBAXvI1/bky7GryoogUtfwExeP/v7Nzwo1QLcq5oQmpKlftZLbT+ERUOAZVQjuNVak6UXjPA==", - "requires": { + "dependencies": { "@webassemblyjs/ast": "1.11.6", "@webassemblyjs/helper-wasm-bytecode": "1.11.6", "@webassemblyjs/ieee754": "1.11.6", @@ -3507,22 +5189,22 @@ "@webassemblyjs/utf8": "1.11.6" } }, - "@webassemblyjs/wasm-opt": { + "node_modules/@webassemblyjs/wasm-opt": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.6.tgz", "integrity": "sha512-cOrKuLRE7PCe6AsOVl7WasYf3wbSo4CeOk6PkrjS7g57MFfVUF9u6ysQBBODX0LdgSvQqRiGz3CXvIDKcPNy4g==", - "requires": { + "dependencies": { "@webassemblyjs/ast": "1.11.6", "@webassemblyjs/helper-buffer": "1.11.6", "@webassemblyjs/wasm-gen": "1.11.6", "@webassemblyjs/wasm-parser": "1.11.6" } }, - "@webassemblyjs/wasm-parser": { + "node_modules/@webassemblyjs/wasm-parser": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.6.tgz", "integrity": "sha512-6ZwPeGzMJM3Dqp3hCsLgESxBGtT/OeCvCZ4TA1JUPYgmhAx38tTPR9JaKy0S5H3evQpO/h2uWs2j6Yc/fjkpTQ==", - "requires": { + "dependencies": { "@webassemblyjs/ast": "1.11.6", "@webassemblyjs/helper-api-error": "1.11.6", "@webassemblyjs/helper-wasm-bytecode": "1.11.6", @@ -3531,332 +5213,436 @@ "@webassemblyjs/utf8": "1.11.6" } }, - "@webassemblyjs/wast-printer": { + "node_modules/@webassemblyjs/wast-printer": { "version": "1.11.6", "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.6.tgz", "integrity": "sha512-JM7AhRcE+yW2GWYaKeHL5vt4xqee5N2WcezptmgyhNS+ScggqcT1OtXykhAb13Sn5Yas0j2uv9tHgrjwvzAP4A==", - "requires": { + "dependencies": { "@webassemblyjs/ast": "1.11.6", "@xtuc/long": "4.2.2" } }, - "@xtuc/ieee754": { + "node_modules/@xtuc/ieee754": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz", "integrity": "sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA==" }, - "@xtuc/long": { + "node_modules/@xtuc/long": { "version": "4.2.2", "resolved": "https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz", "integrity": "sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==" }, - "abab": { + "node_modules/abab": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz", - "integrity": "sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA==" + "integrity": "sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA==", + "deprecated": "Use your platform's native atob() and btoa() methods instead" }, - "abbrev": { + "node_modules/abbrev": { "version": "1.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/abbrev/-/abbrev-1.1.1.tgz", - "integrity": "sha1-+PLIh60Qv2f2NPAFtph/7TF5qsg=" + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", + "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==" }, - "accepts": { + "node_modules/accepts": { "version": "1.3.8", "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", - "requires": { + "dependencies": { "mime-types": "~2.1.34", "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" } }, - "acorn": { + "node_modules/acorn": { "version": "8.10.0", "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.10.0.tgz", - "integrity": "sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw==" + "integrity": "sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw==", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } }, - "acorn-globals": { + "node_modules/acorn-globals": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-6.0.0.tgz", "integrity": "sha512-ZQl7LOWaF5ePqqcX4hLuv/bLXYQNfNWw2c0/yX/TsPRKamzHcTGQnlCjHT3TsmkOUVEPS3crCxiPfdzE/Trlhg==", - "requires": { + "dependencies": { "acorn": "^7.1.1", "acorn-walk": "^7.1.1" + } + }, + "node_modules/acorn-globals/node_modules/acorn": { + "version": "7.4.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==", + "bin": { + "acorn": "bin/acorn" }, - "dependencies": { - "acorn": { - "version": "7.4.1", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", - "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==" - } + "engines": { + "node": ">=0.4.0" } }, - "acorn-import-assertions": { + "node_modules/acorn-import-assertions": { "version": "1.9.0", "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.9.0.tgz", - "integrity": "sha512-cmMwop9x+8KFhxvKrKfPYmN6/pKTYYHBqLa0DfvVZcKMJWNyWLnaqND7dx/qn66R7ewM1UX5XMaDVP5wlVTaVA==" + "integrity": "sha512-cmMwop9x+8KFhxvKrKfPYmN6/pKTYYHBqLa0DfvVZcKMJWNyWLnaqND7dx/qn66R7ewM1UX5XMaDVP5wlVTaVA==", + "peerDependencies": { + "acorn": "^8" + } }, - "acorn-jsx": { + "node_modules/acorn-jsx": { "version": "5.3.2", "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", - "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==" + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } }, - "acorn-walk": { + "node_modules/acorn-walk": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-7.2.0.tgz", - "integrity": "sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==" + "integrity": "sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==", + "engines": { + "node": ">=0.4.0" + } }, - "address": { + "node_modules/address": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/address/-/address-1.2.2.tgz", - "integrity": "sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA==" + "integrity": "sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA==", + "engines": { + "node": ">= 10.0.0" + } }, - "adjust-sourcemap-loader": { + "node_modules/adjust-sourcemap-loader": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/adjust-sourcemap-loader/-/adjust-sourcemap-loader-4.0.0.tgz", "integrity": "sha512-OXwN5b9pCUXNQHJpwwD2qP40byEmSgzj8B4ydSN0uMNYWiFmJ6x6KwUllMmfk8Rwu/HJDFR7U8ubsWBoN0Xp0A==", - "requires": { + "dependencies": { "loader-utils": "^2.0.0", "regex-parser": "^2.2.11" + }, + "engines": { + "node": ">=8.9" } }, - "agent-base": { + "node_modules/agent-base": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", - "requires": { + "dependencies": { "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, + "node_modules/aggregate-error": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", + "dependencies": { + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" + }, + "engines": { + "node": ">=8" } }, - "ajv": { + "node_modules/ajv": { "version": "6.12.6", "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", - "requires": { + "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" } }, - "ajv-formats": { + "node_modules/ajv-formats": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz", "integrity": "sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==", - "requires": { + "dependencies": { "ajv": "^8.0.0" }, - "dependencies": { + "peerDependencies": { + "ajv": "^8.0.0" + }, + "peerDependenciesMeta": { "ajv": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", - "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", - "requires": { - "fast-deep-equal": "^3.1.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" - } - }, - "json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + "optional": true } } }, - "ajv-keywords": { + "node_modules/ajv-formats/node_modules/ajv": { + "version": "8.12.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", + "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ajv-formats/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, + "node_modules/ajv-keywords": { "version": "3.5.2", "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", - "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==" + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "peerDependencies": { + "ajv": "^6.9.1" + } }, - "ansi-escapes": { + "node_modules/ansi-escapes": { "version": "4.3.2", "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==", - "requires": { + "dependencies": { "type-fest": "^0.21.3" }, - "dependencies": { - "type-fest": { - "version": "0.21.3", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", - "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==" - } + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "ansi-html-community": { + "node_modules/ansi-escapes/node_modules/type-fest": { + "version": "0.21.3", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-html-community": { "version": "0.0.8", "resolved": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz", - "integrity": "sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw==" + "integrity": "sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw==", + "engines": [ + "node >= 0.8.0" + ], + "bin": { + "ansi-html": "bin/ansi-html" + } }, - "ansi-regex": { + "node_modules/ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==" + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "engines": { + "node": ">=8" + } }, - "ansi-styles": { + "node_modules/ansi-styles": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "requires": { + "dependencies": { "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, - "any-promise": { + "node_modules/any-promise": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==" }, - "anymatch": { + "node_modules/anymatch": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", - "requires": { + "dependencies": { "normalize-path": "^3.0.0", "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" } }, - "aproba": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/aproba/-/aproba-1.2.0.tgz", - "integrity": "sha512-Y9J6ZjXtoYh8RnXVCMOU/ttDmk1aBjunq9vO0ta5x85WDQiQfUF9sIPBITdbiiIVcBo03Hi3jMxigBtsddlXRw==" + "node_modules/aproba": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/aproba/-/aproba-2.0.0.tgz", + "integrity": "sha512-lYe4Gx7QT+MKGbDsA+Z+he/Wtef0BiwDOlK/XkBrdfsh9J/jPPXbX0tE9x9cl27Tmu5gg3QUbUrQYa/y+KOHPQ==" }, - "are-we-there-yet": { - "version": "1.1.5", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/are-we-there-yet/-/are-we-there-yet-1.1.5.tgz", - "integrity": "sha1-SzXClE8GKov82mZBB2A1D+nd/CE=", - "requires": { + "node_modules/are-we-there-yet": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-2.0.0.tgz", + "integrity": "sha512-Ci/qENmwHnsYo9xKIcUJN5LeDKdJ6R1Z1j9V/J5wyq8nh/mYPEpIKJbBZXtZjG04HiK7zV/p6Vs9952MrMeUIw==", + "dependencies": { "delegates": "^1.0.0", - "readable-stream": "^2.0.6" - }, - "dependencies": { - "readable-stream": { - "version": "2.3.7", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha1-Hsoc9xGu+BTAT2IlKjamL2yyO1c=", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha1-nPFhG6YmhdcDCunkujQUnDrwP8g=", - "requires": { - "safe-buffer": "~5.1.0" - } - } + "readable-stream": "^3.6.0" + }, + "engines": { + "node": ">=10" } }, - "arg": { + "node_modules/arg": { "version": "4.1.3", "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==" }, - "argparse": { + "node_modules/argparse": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", - "requires": { + "dependencies": { "sprintf-js": "~1.0.2" } }, - "aria-query": { + "node_modules/aria-query": { "version": "5.3.0", "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.0.tgz", "integrity": "sha512-b0P0sZPKtyu8HkeRAfCq0IfURZK+SuwMjY1UXGBU27wpAiTwQAIlq56IbIO+ytk/JjS1fMR14ee5WBBfKi5J6A==", - "requires": { + "dependencies": { "dequal": "^2.0.3" } }, - "array-buffer-byte-length": { + "node_modules/array-buffer-byte-length": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz", "integrity": "sha512-LPuwb2P+NrQw3XhxGc36+XSvuBPopovXYTR9Ew++Du9Yb/bx5AzBfrIsBoj0EZUifjQU+sHL21sseZ3jerWO/A==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "is-array-buffer": "^3.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "array-flatten": { + "node_modules/array-flatten": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-2.1.2.tgz", "integrity": "sha512-hNfzcOV8W4NdualtqBFPyVO+54DSJuZGY9qT4pRroB6S9e3iiido2ISIC5h9R2sPJ8H3FHCIiEnsv1lPXO3KtQ==" }, - "array-includes": { + "node_modules/array-includes": { "version": "3.1.7", "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.7.tgz", "integrity": "sha512-dlcsNBIiWhPkHdOEEKnehA+RNUWDc4UqFtnIXU4uuYDPtA4LDkr7qip2p0VvFAEXNDr0yWZ9PJyIRiGjRLQzwQ==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "get-intrinsic": "^1.2.1", "is-string": "^1.0.7" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "array-union": { + "node_modules/array-union": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", - "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==" + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "engines": { + "node": ">=8" + } }, - "array.prototype.findlastindex": { + "node_modules/array.prototype.findlastindex": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/array.prototype.findlastindex/-/array.prototype.findlastindex-1.2.3.tgz", "integrity": "sha512-LzLoiOMAxvy+Gd3BAq3B7VeIgPdo+Q8hthvKtXybMvRV0jrXfJM/t8mw7nNlpEcVlVUnCnM2KSX4XU5HmpodOA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "es-shim-unscopables": "^1.0.0", "get-intrinsic": "^1.2.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "array.prototype.flat": { + "node_modules/array.prototype.flat": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.2.tgz", "integrity": "sha512-djYB+Zx2vLewY8RWlNCUdHjDXs2XOgm602S9E7P/UpHgfeHL00cRiIF+IN/G/aUJ7kGPb6yO/ErDI5V2s8iycA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "es-shim-unscopables": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "array.prototype.flatmap": { + "node_modules/array.prototype.flatmap": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/array.prototype.flatmap/-/array.prototype.flatmap-1.3.2.tgz", "integrity": "sha512-Ewyx0c9PmpcsByhSW4r+9zDU7sGjFc86qf/kKtuSCRdhfbk0SNLLkaT5qvcHnRGgc5NP/ly/y+qkXkqONX54CQ==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "es-shim-unscopables": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "array.prototype.reduce": { + "node_modules/array.prototype.reduce": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/array.prototype.reduce/-/array.prototype.reduce-1.0.6.tgz", "integrity": "sha512-UW+Mz8LG/sPSU8jRDCjVr6J/ZKAGpHfwrZ6kWTG5qCxIEiXdVshqGnu5vEZA8S1y6X4aCSbQZ0/EEsfvEvBiSg==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "es-array-method-boxes-properly": "^1.0.0", "is-string": "^1.0.7" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "array.prototype.tosorted": { + "node_modules/array.prototype.tosorted": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/array.prototype.tosorted/-/array.prototype.tosorted-1.1.2.tgz", "integrity": "sha512-HuQCHOlk1Weat5jzStICBCd83NxiIMwqDg/dHEsoefabn/hJRj5pVdWcPUSpRrwhwxZOsQassMpgN/xRYFBMIg==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", @@ -3864,11 +5650,11 @@ "get-intrinsic": "^1.2.1" } }, - "arraybuffer.prototype.slice": { + "node_modules/arraybuffer.prototype.slice": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.2.tgz", "integrity": "sha512-yMBKppFur/fbHu9/6USUe03bZ4knMYiwFBcyiaXB8Go0qNehwX6inYPzK9U0NeQvGxKthcmHcaR8P5MStSRBAw==", - "requires": { + "dependencies": { "array-buffer-byte-length": "^1.0.0", "call-bind": "^1.0.2", "define-properties": "^1.2.0", @@ -3876,143 +5662,191 @@ "get-intrinsic": "^1.2.1", "is-array-buffer": "^3.0.2", "is-shared-array-buffer": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "asap": { + "node_modules/asap": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz", "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==" }, - "asciidoctor": { + "node_modules/asciidoctor": { "version": "2.2.6", "resolved": "https://registry.npmjs.org/asciidoctor/-/asciidoctor-2.2.6.tgz", "integrity": "sha512-EXG3+F2pO21B+COfQmV/WgEgGiy7nG/mJiS/o5DXpaT2q82FRZWPVkbMZrpDvpu4pjXe5c754RbZR9Vz0L0Vtw==", - "requires": { + "dependencies": { "@asciidoctor/cli": "3.5.0", "@asciidoctor/core": "2.2.6" }, - "dependencies": { - "@asciidoctor/cli": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/@asciidoctor/cli/-/cli-3.5.0.tgz", - "integrity": "sha512-/VMHXcZBnZ9vgWfmqk9Hu0x0gMjPLup0YGq/xA8qCQuk11kUIZNMVQwgSsIUzOEwJqIUD7CgncJdtfwv1Ndxuw==", - "requires": { - "yargs": "16.2.0" - } - } + "bin": { + "asciidoctor": "bin/asciidoctor", + "asciidoctorjs": "bin/asciidoctor" + }, + "engines": { + "node": ">=8.11", + "npm": ">=5.0.0", + "yarn": ">=1.1.0" } }, - "asciidoctor-opal-runtime": { + "node_modules/asciidoctor-opal-runtime": { "version": "0.3.3", "resolved": "https://registry.npmjs.org/asciidoctor-opal-runtime/-/asciidoctor-opal-runtime-0.3.3.tgz", "integrity": "sha512-/CEVNiOia8E5BMO9FLooo+Kv18K4+4JBFRJp8vUy/N5dMRAg+fRNV4HA+o6aoSC79jVU/aT5XvUpxSxSsTS8FQ==", - "requires": { + "dependencies": { "glob": "7.1.3", "unxhr": "1.0.1" }, + "engines": { + "node": ">=8.11" + } + }, + "node_modules/asciidoctor-opal-runtime/node_modules/glob": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.3.tgz", + "integrity": "sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ==", "dependencies": { - "glob": { - "version": "7.1.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.3.tgz", - "integrity": "sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ==", - "requires": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.0.4", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - } - } + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" } }, - "asn1": { - "version": "0.2.4", - "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz", - "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==", - "requires": { - "safer-buffer": "~2.1.0" + "node_modules/asciidoctor/node_modules/@asciidoctor/cli": { + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/@asciidoctor/cli/-/cli-3.5.0.tgz", + "integrity": "sha512-/VMHXcZBnZ9vgWfmqk9Hu0x0gMjPLup0YGq/xA8qCQuk11kUIZNMVQwgSsIUzOEwJqIUD7CgncJdtfwv1Ndxuw==", + "dependencies": { + "yargs": "16.2.0" + }, + "bin": { + "asciidoctor": "bin/asciidoctor", + "asciidoctorjs": "bin/asciidoctor" + }, + "engines": { + "node": ">=8.11", + "npm": ">=5.0.0" + }, + "peerDependencies": { + "@asciidoctor/core": "^2.0.0-rc.1" } }, - "assert-plus": { + "node_modules/assert-plus": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz", - "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=" + "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=", + "engines": { + "node": ">=0.8" + } }, - "ast-types-flow": { + "node_modules/ast-types-flow": { "version": "0.0.7", "resolved": "https://registry.npmjs.org/ast-types-flow/-/ast-types-flow-0.0.7.tgz", "integrity": "sha512-eBvWn1lvIApYMhzQMsu9ciLfkBY499mFZlNqG+/9WR7PVlroQw0vG30cOQQbaKz3sCEc44TAOu2ykzqXSNnwag==" }, - "async": { + "node_modules/async": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==" }, - "asynciterator.prototype": { + "node_modules/asynciterator.prototype": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/asynciterator.prototype/-/asynciterator.prototype-1.0.0.tgz", "integrity": "sha512-wwHYEIS0Q80f5mosx3L/dfG5t5rjEa9Ft51GTaNt862EnpyGHpgz2RkZvLPp1oF5TnAiTohkEKVEu8pQPJI7Vg==", - "requires": { + "dependencies": { "has-symbols": "^1.0.3" } }, - "asynckit": { + "node_modules/asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" }, - "at-least-node": { + "node_modules/at-least-node": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz", - "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==" + "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==", + "engines": { + "node": ">= 4.0.0" + } }, - "autoprefixer": { + "node_modules/autoprefixer": { "version": "10.4.16", "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.16.tgz", "integrity": "sha512-7vd3UC6xKp0HLfua5IjZlcXvGAGy7cBAXTg2lyQ/8WpNhd6SiZ8Be+xm3FyBSYJx5GKcpRCzBh7RH4/0dnY+uQ==", - "requires": { + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/autoprefixer" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { "browserslist": "^4.21.10", "caniuse-lite": "^1.0.30001538", "fraction.js": "^4.3.6", "normalize-range": "^0.1.2", "picocolors": "^1.0.0", "postcss-value-parser": "^4.2.0" + }, + "bin": { + "autoprefixer": "bin/autoprefixer" + }, + "engines": { + "node": "^10 || ^12 || >=14" + }, + "peerDependencies": { + "postcss": "^8.1.0" } }, - "available-typed-arrays": { + "node_modules/available-typed-arrays": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz", - "integrity": "sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==" - }, - "aws-sign2": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz", - "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=" - }, - "aws4": { - "version": "1.11.0", - "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.11.0.tgz", - "integrity": "sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==" + "integrity": "sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "axe-core": { + "node_modules/axe-core": { "version": "4.8.2", "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.8.2.tgz", - "integrity": "sha512-/dlp0fxyM3R8YW7MFzaHWXrf4zzbr0vaYb23VBFCl83R7nWNPg/yaQw2Dc8jzCMmDVLhSdzH8MjrsuIUuvX+6g==" + "integrity": "sha512-/dlp0fxyM3R8YW7MFzaHWXrf4zzbr0vaYb23VBFCl83R7nWNPg/yaQw2Dc8jzCMmDVLhSdzH8MjrsuIUuvX+6g==", + "engines": { + "node": ">=4" + } }, - "axobject-query": { + "node_modules/axobject-query": { "version": "3.2.1", "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-3.2.1.tgz", "integrity": "sha512-jsyHu61e6N4Vbz/v18DHwWYKK0bSWLqn47eeDSKPB7m8tqMHF9YJ+mhIk2lVteyZrY8tnSj/jHOv4YiTCuCJgg==", - "requires": { + "dependencies": { "dequal": "^2.0.3" } }, - "babel-jest": { + "node_modules/babel-jest": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-27.5.1.tgz", "integrity": "sha512-cdQ5dXjGRd0IBRATiQ4mZGlGlRE8kJpjPOixdNRdT+m3UcNqmYWN6rK6nvtXYfY3D76cb8s/O1Ss8ea24PIwcg==", - "requires": { + "dependencies": { "@jest/transform": "^27.5.1", "@jest/types": "^27.5.1", "@types/babel__core": "^7.1.14", @@ -4022,143 +5856,191 @@ "graceful-fs": "^4.2.9", "slash": "^3.0.0" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + }, + "peerDependencies": { + "@babel/core": "^7.8.0" + } + }, + "node_modules/babel-jest/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/babel-jest/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/yargs-parser": "*" + } + }, + "node_modules/babel-jest/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "babel-loader": { + "node_modules/babel-loader": { "version": "8.3.0", "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-8.3.0.tgz", "integrity": "sha512-H8SvsMF+m9t15HNLMipppzkC+Y2Yq+v3SonZyU70RBL/h1gxPkH08Ot8pEE9Z4Kd+czyWJClmFS8qzIP9OZ04Q==", - "requires": { + "dependencies": { "find-cache-dir": "^3.3.1", "loader-utils": "^2.0.0", "make-dir": "^3.1.0", "schema-utils": "^2.6.5" }, + "engines": { + "node": ">= 8.9" + }, + "peerDependencies": { + "@babel/core": "^7.0.0", + "webpack": ">=2" + } + }, + "node_modules/babel-loader/node_modules/schema-utils": { + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.1.tgz", + "integrity": "sha512-SHiNtMOUGWBQJwzISiVYKu82GiV4QYGePp3odlY1tuKO7gPtphAT5R/py0fA6xtbgLL/RvtJZnU9b8s0F1q0Xg==", "dependencies": { - "schema-utils": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.1.tgz", - "integrity": "sha512-SHiNtMOUGWBQJwzISiVYKu82GiV4QYGePp3odlY1tuKO7gPtphAT5R/py0fA6xtbgLL/RvtJZnU9b8s0F1q0Xg==", - "requires": { - "@types/json-schema": "^7.0.5", - "ajv": "^6.12.4", - "ajv-keywords": "^3.5.2" - } - } + "@types/json-schema": "^7.0.5", + "ajv": "^6.12.4", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 8.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" } }, - "babel-plugin-istanbul": { + "node_modules/babel-plugin-istanbul": { "version": "6.1.1", "resolved": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", "integrity": "sha512-Y1IQok9821cC9onCx5otgFfRm7Lm+I+wwxOx738M/WLPZ9Q42m4IG5W0FNX8WLL2gYMZo3JkuXIH2DOpWM+qwA==", - "requires": { + "dependencies": { "@babel/helper-plugin-utils": "^7.0.0", "@istanbuljs/load-nyc-config": "^1.0.0", "@istanbuljs/schema": "^0.1.2", "istanbul-lib-instrument": "^5.0.4", "test-exclude": "^6.0.0" + }, + "engines": { + "node": ">=8" } }, - "babel-plugin-jest-hoist": { + "node_modules/babel-plugin-jest-hoist": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-27.5.1.tgz", "integrity": "sha512-50wCwD5EMNW4aRpOwtqzyZHIewTYNxLA4nhB+09d8BIssfNfzBRhkBIHiaPv1Si226TQSvp8gxAJm2iY2qs2hQ==", - "requires": { + "dependencies": { "@babel/template": "^7.3.3", "@babel/types": "^7.3.3", "@types/babel__core": "^7.0.0", "@types/babel__traverse": "^7.0.6" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "babel-plugin-macros": { + "node_modules/babel-plugin-macros": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/babel-plugin-macros/-/babel-plugin-macros-3.1.0.tgz", "integrity": "sha512-Cg7TFGpIr01vOQNODXOOaGz2NpCU5gl8x1qJFbb6hbZxR7XrcE2vtbAsTAbJ7/xwJtUuJEw8K8Zr/AE0LHlesg==", - "requires": { + "dependencies": { "@babel/runtime": "^7.12.5", "cosmiconfig": "^7.0.0", "resolve": "^1.19.0" + }, + "engines": { + "node": ">=10", + "npm": ">=6" } }, - "babel-plugin-named-asset-import": { + "node_modules/babel-plugin-named-asset-import": { "version": "0.3.8", "resolved": "https://registry.npmjs.org/babel-plugin-named-asset-import/-/babel-plugin-named-asset-import-0.3.8.tgz", - "integrity": "sha512-WXiAc++qo7XcJ1ZnTYGtLxmBCVbddAml3CEXgWaBzNzLNoxtQ8AiGEFDMOhot9XjTCQbvP5E77Fj9Gk924f00Q==" + "integrity": "sha512-WXiAc++qo7XcJ1ZnTYGtLxmBCVbddAml3CEXgWaBzNzLNoxtQ8AiGEFDMOhot9XjTCQbvP5E77Fj9Gk924f00Q==", + "peerDependencies": { + "@babel/core": "^7.1.0" + } }, - "babel-plugin-polyfill-corejs2": { + "node_modules/babel-plugin-polyfill-corejs2": { "version": "0.4.6", "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.6.tgz", "integrity": "sha512-jhHiWVZIlnPbEUKSSNb9YoWcQGdlTLq7z1GHL4AjFxaoOUMuuEVJ+Y4pAaQUGOGk93YsVCKPbqbfw3m0SM6H8Q==", - "requires": { + "dependencies": { "@babel/compat-data": "^7.22.6", "@babel/helper-define-polyfill-provider": "^0.4.3", "semver": "^6.3.1" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/babel-plugin-polyfill-corejs2/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "babel-plugin-polyfill-corejs3": { + "node_modules/babel-plugin-polyfill-corejs3": { "version": "0.8.5", "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.8.5.tgz", "integrity": "sha512-Q6CdATeAvbScWPNLB8lzSO7fgUVBkQt6zLgNlfyeCr/EQaEQR+bWiBYYPYAFyE528BMjRhL+1QBMOI4jc/c5TA==", - "requires": { + "dependencies": { "@babel/helper-define-polyfill-provider": "^0.4.3", "core-js-compat": "^3.32.2" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" } }, - "babel-plugin-polyfill-regenerator": { + "node_modules/babel-plugin-polyfill-regenerator": { "version": "0.5.3", "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.3.tgz", "integrity": "sha512-8sHeDOmXC8csczMrYEOf0UTNa4yE2SxV5JGeT/LP1n0OYVDUUFPxG9vdk2AlDlIit4t+Kf0xCtpgXPBwnn/9pw==", - "requires": { + "dependencies": { "@babel/helper-define-polyfill-provider": "^0.4.3" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" } }, - "babel-plugin-transform-react-remove-prop-types": { + "node_modules/babel-plugin-transform-react-remove-prop-types": { "version": "0.4.24", "resolved": "https://registry.npmjs.org/babel-plugin-transform-react-remove-prop-types/-/babel-plugin-transform-react-remove-prop-types-0.4.24.tgz", "integrity": "sha512-eqj0hVcJUR57/Ug2zE1Yswsw4LhuqqHhD+8v120T1cl3kjg76QwtyBrdIk4WVwK+lAhBJVYCd/v+4nc4y+8JsA==" }, - "babel-preset-current-node-syntax": { + "node_modules/babel-preset-current-node-syntax": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", "integrity": "sha512-M7LQ0bxarkxQoN+vz5aJPsLBn77n8QgTFmo8WK0/44auK2xlCXrYcUxHFxgU7qW5Yzw/CjmLRK2uJzaCd7LvqQ==", - "requires": { + "dependencies": { "@babel/plugin-syntax-async-generators": "^7.8.4", "@babel/plugin-syntax-bigint": "^7.8.3", "@babel/plugin-syntax-class-properties": "^7.8.3", @@ -4171,22 +6053,31 @@ "@babel/plugin-syntax-optional-catch-binding": "^7.8.3", "@babel/plugin-syntax-optional-chaining": "^7.8.3", "@babel/plugin-syntax-top-level-await": "^7.8.3" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "babel-preset-jest": { + "node_modules/babel-preset-jest": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-27.5.1.tgz", "integrity": "sha512-Nptf2FzlPCWYuJg41HBqXVT8ym6bXOevuCTbhxlUpjwtysGaIWFvDEjp4y+G7fl13FgOdjs7P/DmErqH7da0Ag==", - "requires": { + "dependencies": { "babel-plugin-jest-hoist": "^27.5.1", "babel-preset-current-node-syntax": "^1.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" } }, - "babel-preset-react-app": { + "node_modules/babel-preset-react-app": { "version": "10.0.1", "resolved": "https://registry.npmjs.org/babel-preset-react-app/-/babel-preset-react-app-10.0.1.tgz", "integrity": "sha512-b0D9IZ1WhhCWkrTXyFuIIgqGzSkRIH5D5AmB0bXbzYAB1OBAwHcUeyWW2LorutLWF5btNo/N7r/cIdmvvKJlYg==", - "requires": { + "dependencies": { "@babel/core": "^7.16.0", "@babel/plugin-proposal-class-properties": "^7.16.0", "@babel/plugin-proposal-decorators": "^7.16.4", @@ -4205,94 +6096,91 @@ "babel-plugin-transform-react-remove-prop-types": "^0.4.24" } }, - "balanced-match": { + "node_modules/balanced-match": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=" }, - "batch": { + "node_modules/base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/batch": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz", "integrity": "sha512-x+VAiMRL6UPkx+kudNvxTl6hB2XNNCG2r+7wixVfIYwu/2HKRXimwQyaumLjMveWvT2Hkd/cAJw+QBMfJ/EKVw==" }, - "bcrypt-pbkdf": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz", - "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=", - "requires": { - "tweetnacl": "^0.14.3" - } - }, - "before-after-hook": { + "node_modules/before-after-hook": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==" }, - "bfj": { + "node_modules/bfj": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/bfj/-/bfj-7.1.0.tgz", "integrity": "sha512-I6MMLkn+anzNdCUp9hMRyui1HaNEUCco50lxbvNS4+EyXg8lN3nJ48PjPWtbH8UVS9CuMoaKE9U2V3l29DaRQw==", - "requires": { + "dependencies": { "bluebird": "^3.7.2", "check-types": "^11.2.3", "hoopy": "^0.1.4", "jsonpath": "^1.1.1", "tryer": "^1.0.1" + }, + "engines": { + "node": ">= 8.0.0" } }, - "big.js": { + "node_modules/big.js": { "version": "5.2.2", "resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz", - "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==" + "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==", + "engines": { + "node": "*" + } }, - "binary-extensions": { + "node_modules/binary-extensions": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", - "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==" + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "engines": { + "node": ">=8" + } }, - "bl": { - "version": "1.2.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/bl/-/bl-1.2.3.tgz", - "integrity": "sha1-Ho3YAULqyA1xWMnczAR/tiDgNec=", - "requires": { - "readable-stream": "^2.3.5", - "safe-buffer": "^5.1.1" - }, - "dependencies": { - "readable-stream": { - "version": "2.3.7", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha1-Hsoc9xGu+BTAT2IlKjamL2yyO1c=", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha1-nPFhG6YmhdcDCunkujQUnDrwP8g=", - "requires": { - "safe-buffer": "~5.1.0" - } - } + "node_modules/bl": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz", + "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==", + "dependencies": { + "buffer": "^5.5.0", + "inherits": "^2.0.4", + "readable-stream": "^3.4.0" } }, - "bluebird": { + "node_modules/bluebird": { "version": "3.7.2", "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz", "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==" }, - "body-parser": { + "node_modules/body-parser": { "version": "1.20.1", "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", - "requires": { + "dependencies": { "bytes": "3.1.2", "content-type": "~1.0.4", "debug": "2.6.9", @@ -4306,501 +6194,729 @@ "type-is": "~1.6.18", "unpipe": "1.0.0" }, + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/body-parser/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/body-parser/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dependencies": { - "bytes": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", - "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==" - }, - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - }, - "qs": { - "version": "6.11.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", - "requires": { - "side-channel": "^1.0.4" - } - } + "ms": "2.0.0" } }, - "bonjour-service": { + "node_modules/body-parser/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "node_modules/body-parser/node_modules/qs": { + "version": "6.11.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", + "dependencies": { + "side-channel": "^1.0.4" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/bonjour-service": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.1.1.tgz", "integrity": "sha512-Z/5lQRMOG9k7W+FkeGTNjh7htqn/2LMnfOvBZ8pynNZCM9MwkQkI3zeI4oz09uWdcgmgHugVvBqxGg4VQJ5PCg==", - "requires": { + "dependencies": { "array-flatten": "^2.1.2", "dns-equal": "^1.0.0", "fast-deep-equal": "^3.1.3", "multicast-dns": "^7.2.5" } }, - "boolbase": { + "node_modules/boolbase": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==" }, - "brace-expansion": { + "node_modules/brace-expansion": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "requires": { + "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" } }, - "braces": { + "node_modules/braces": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", - "requires": { + "dependencies": { "fill-range": "^7.0.1" + }, + "engines": { + "node": ">=8" } }, - "browser-process-hrtime": { + "node_modules/browser-process-hrtime": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz", "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow==" }, - "browserslist": { + "node_modules/browserslist": { "version": "4.22.1", "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.22.1.tgz", "integrity": "sha512-FEVc202+2iuClEhZhrWy6ZiAcRLvNMyYcxZ8raemul1DYVOVdFsbqckWLdsixQZCpJlwe77Z3UTalE7jsjnKfQ==", - "requires": { + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { "caniuse-lite": "^1.0.30001541", "electron-to-chromium": "^1.4.535", "node-releases": "^2.0.13", "update-browserslist-db": "^1.0.13" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" } }, - "bser": { + "node_modules/bser": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", "integrity": "sha512-gQxTNE/GAfIIrmHLUE3oJyp5FO6HRBfhjnw4/wMmA63ZGDJnWBmgY/lyQBpnDUkGmAhbSe39tx2d/iTOAfglwQ==", - "requires": { + "dependencies": { "node-int64": "^0.4.0" } }, - "buffer-alloc": { - "version": "1.2.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/buffer-alloc/-/buffer-alloc-1.2.0.tgz", - "integrity": "sha1-iQ3ZDZI6hz4I4Q5f1RpX5bfM4Ow=", - "requires": { - "buffer-alloc-unsafe": "^1.1.0", - "buffer-fill": "^1.0.0" + "node_modules/buffer": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", + "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "base64-js": "^1.3.1", + "ieee754": "^1.1.13" } }, - "buffer-alloc-unsafe": { - "version": "1.1.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/buffer-alloc-unsafe/-/buffer-alloc-unsafe-1.1.0.tgz", - "integrity": "sha1-vX3CauKXLQ7aJTvgYdupkjScGfA=" - }, - "buffer-fill": { - "version": "1.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/buffer-fill/-/buffer-fill-1.0.0.tgz", - "integrity": "sha1-+PeLdniYiO858gXNY39o5wISKyw=" - }, - "buffer-from": { + "node_modules/buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==" }, - "builtin-modules": { + "node_modules/builtin-modules": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", - "integrity": "sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==" + "integrity": "sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==", + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "bytes": { + "node_modules/bytes": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz", - "integrity": "sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw==" + "integrity": "sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw==", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/cacache": { + "version": "18.0.2", + "resolved": "https://registry.npmjs.org/cacache/-/cacache-18.0.2.tgz", + "integrity": "sha512-r3NU8h/P+4lVUHfeRw1dtgQYar3DZMm4/cm2bZgOvrFC/su7budSOeqh52VJIC4U4iG1WWwV6vRW0znqBvxNuw==", + "dependencies": { + "@npmcli/fs": "^3.1.0", + "fs-minipass": "^3.0.0", + "glob": "^10.2.2", + "lru-cache": "^10.0.1", + "minipass": "^7.0.3", + "minipass-collect": "^2.0.1", + "minipass-flush": "^1.0.5", + "minipass-pipeline": "^1.2.4", + "p-map": "^4.0.0", + "ssri": "^10.0.0", + "tar": "^6.1.11", + "unique-filename": "^3.0.0" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } }, - "cacheable-lookup": { + "node_modules/cacache/node_modules/brace-expansion": { "version": "2.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/cacheable-lookup/-/cacheable-lookup-2.0.1.tgz", - "integrity": "sha1-h75koYuSUjSHXhCpux68pK3Oazg=", - "requires": { - "@types/keyv": "^3.1.1", - "keyv": "^4.0.0" + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dependencies": { + "balanced-match": "^1.0.0" } }, - "cacheable-request": { - "version": "7.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/cacheable-request/-/cacheable-request-7.0.1.tgz", - "integrity": "sha1-BiAxwoViMngu1pSiV/o12pOUKlg=", - "requires": { + "node_modules/cacache/node_modules/glob": { + "version": "10.3.10", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", + "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", + "dependencies": { + "foreground-child": "^3.1.0", + "jackspeak": "^2.3.5", + "minimatch": "^9.0.1", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", + "path-scurry": "^1.10.1" + }, + "bin": { + "glob": "dist/esm/bin.mjs" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/cacache/node_modules/lru-cache": { + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "integrity": "sha512-2bIM8x+VAf6JT4bKAljS1qUWgMsqZRPGJS6FSahIMPVvctcNhyVp7AJu7quxOW9jwkryBReKZY5tY5JYv2n/7Q==", + "engines": { + "node": "14 || >=16.14" + } + }, + "node_modules/cacache/node_modules/minimatch": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", + "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/cacheable-lookup": { + "version": "5.0.4", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.4.tgz", + "integrity": "sha512-2/kNscPhpcxrOigMZzbiWF7dz8ilhb/nIHU3EyZiXWXpeq/au8qJ8VhdftMkty3n7Gj6HIGalQG8oiBNB3AJgA==", + "engines": { + "node": ">=10.6.0" + } + }, + "node_modules/cacheable-request": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.4.tgz", + "integrity": "sha512-v+p6ongsrp0yTGbJXjgxPow2+DL93DASP4kXCDKb8/bwRtt9OEF3whggkkDkGNzgcWy2XaF4a8nZglC7uElscg==", + "dependencies": { "clone-response": "^1.0.2", "get-stream": "^5.1.0", "http-cache-semantics": "^4.0.0", "keyv": "^4.0.0", "lowercase-keys": "^2.0.0", - "normalize-url": "^4.1.0", + "normalize-url": "^6.0.1", "responselike": "^2.0.0" }, + "engines": { + "node": ">=8" + } + }, + "node_modules/cacheable-request/node_modules/get-stream": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", + "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", "dependencies": { - "get-stream": { - "version": "5.2.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/get-stream/-/get-stream-5.2.0.tgz", - "integrity": "sha1-SWaheV7lrOZecGxLe+txJX1uItM=", - "requires": { - "pump": "^3.0.0" - } - } + "pump": "^3.0.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "call-bind": { + "node_modules/call-bind": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", - "requires": { + "dependencies": { "function-bind": "^1.1.1", "get-intrinsic": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "callsites": { + "node_modules/callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", - "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==" + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "engines": { + "node": ">=6" + } }, - "camel-case": { + "node_modules/camel-case": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", "integrity": "sha512-gxGWBrTT1JuMx6R+o5PTXMmUnhnVzLQ9SNutD4YqKtI6ap897t3tKECYla6gCWEkplXnlNybEkZg9GEGxKFCgw==", - "requires": { + "dependencies": { "pascal-case": "^3.1.2", "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" - } } }, - "camelcase": { + "node_modules/camel-case/node_modules/tslib": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + }, + "node_modules/camelcase": { "version": "6.3.0", "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", - "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==" + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "camelcase-css": { + "node_modules/camelcase-css": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", - "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==" + "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==", + "engines": { + "node": ">= 6" + } }, - "caniuse-api": { + "node_modules/caniuse-api": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/caniuse-api/-/caniuse-api-3.0.0.tgz", "integrity": "sha512-bsTwuIg/BZZK/vreVTYYbSWoe2F+71P7K5QGEX+pT250DZbfU1MQ5prOKpPR+LL6uWKK3KMwMCAS74QB3Um1uw==", - "requires": { + "dependencies": { "browserslist": "^4.0.0", "caniuse-lite": "^1.0.0", "lodash.memoize": "^4.1.2", "lodash.uniq": "^4.5.0" } }, - "caniuse-lite": { + "node_modules/caniuse-lite": { "version": "1.0.30001549", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001549.tgz", - "integrity": "sha512-qRp48dPYSCYaP+KurZLhDYdVE+yEyht/3NlmcJgVQ2VMGt6JL36ndQ/7rgspdZsJuxDPFIo/OzBT2+GmIJ53BA==" + "integrity": "sha512-qRp48dPYSCYaP+KurZLhDYdVE+yEyht/3NlmcJgVQ2VMGt6JL36ndQ/7rgspdZsJuxDPFIo/OzBT2+GmIJ53BA==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ] }, - "case-sensitive-paths-webpack-plugin": { + "node_modules/case-sensitive-paths-webpack-plugin": { "version": "2.4.0", "resolved": "https://registry.npmjs.org/case-sensitive-paths-webpack-plugin/-/case-sensitive-paths-webpack-plugin-2.4.0.tgz", - "integrity": "sha512-roIFONhcxog0JSSWbvVAh3OocukmSgpqOH6YpMkCvav/ySIV3JKg4Dc8vYtQjYi/UxpNE36r/9v+VqTQqgkYmw==" - }, - "caseless": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz", - "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=" + "integrity": "sha512-roIFONhcxog0JSSWbvVAh3OocukmSgpqOH6YpMkCvav/ySIV3JKg4Dc8vYtQjYi/UxpNE36r/9v+VqTQqgkYmw==", + "engines": { + "node": ">=4" + } }, - "chalk": { + "node_modules/chalk": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz", "integrity": "sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==", - "requires": { + "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=8" } }, - "char-regex": { + "node_modules/char-regex": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", - "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==" + "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==", + "engines": { + "node": ">=10" + } }, - "check-types": { + "node_modules/check-types": { "version": "11.2.3", "resolved": "https://registry.npmjs.org/check-types/-/check-types-11.2.3.tgz", "integrity": "sha512-+67P1GkJRaxQD6PKK0Et9DhwQB+vGg3PM5+aavopCpZT1lj9jeqfvpgTLAWErNj8qApkkmXlu/Ug74kmhagkXg==" }, - "chokidar": { + "node_modules/chokidar": { "version": "3.5.3", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", - "requires": { + "funding": [ + { + "type": "individual", + "url": "https://paulmillr.com/funding/" + } + ], + "dependencies": { "anymatch": "~3.1.2", "braces": "~3.0.2", - "fsevents": "~2.3.2", "glob-parent": "~5.1.2", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", "normalize-path": "~3.0.0", "readdirp": "~3.6.0" }, + "engines": { + "node": ">= 8.10.0" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/chokidar/node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", "dependencies": { - "glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "requires": { - "is-glob": "^4.0.1" - } - } + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" } }, - "chownr": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz", - "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==" + "node_modules/chownr": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", + "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==", + "engines": { + "node": ">=10" + } }, - "chrome-trace-event": { + "node_modules/chrome-trace-event": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz", - "integrity": "sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==" + "integrity": "sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==", + "engines": { + "node": ">=6.0" + } }, - "ci-info": { + "node_modules/ci-info": { "version": "3.9.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", - "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==" + "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/sibiraj-s" + } + ], + "engines": { + "node": ">=8" + } }, - "cjs-module-lexer": { + "node_modules/cjs-module-lexer": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", "integrity": "sha512-0TNiGstbQmCFwt4akjjBg5pLRTSyj/PkWQ1ZoO2zntmg9yLqSRxwEa4iCfQLGjqhiqBfOJa7W/E8wfGrTDmlZQ==" }, - "clean-css": { + "node_modules/clean-css": { "version": "5.3.2", "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-5.3.2.tgz", "integrity": "sha512-JVJbM+f3d3Q704rF4bqQ5UUyTtuJ0JRKNbTKVEeujCCBoMdkEi+V+e8oktO9qGQNSvHrFTM6JZRXrUvGR1czww==", - "requires": { + "dependencies": { "source-map": "~0.6.0" }, - "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - } + "engines": { + "node": ">= 10.0" } }, - "clone-response": { - "version": "1.0.2", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/clone-response/-/clone-response-1.0.2.tgz", - "integrity": "sha1-0dyXOSAxTfZ/vrlCI7TuNQI56Ws=", - "requires": { + "node_modules/clean-css/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/clean-stack": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", + "engines": { + "node": ">=6" + } + }, + "node_modules/clone-response": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/clone-response/-/clone-response-1.0.3.tgz", + "integrity": "sha512-ROoL94jJH2dUVML2Y/5PEDNaSHgeOdSDicUyS7izcF63G6sTc/FTjLub4b8Il9S8S0beOfYt0TaA5qvFK+w0wA==", + "dependencies": { "mimic-response": "^1.0.0" }, - "dependencies": { - "mimic-response": { - "version": "1.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/mimic-response/-/mimic-response-1.0.1.tgz", - "integrity": "sha1-SSNTiHju9CBjy4o+OweYeBSHqxs=" - } + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "clsx": { + "node_modules/clsx": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/clsx/-/clsx-1.2.1.tgz", - "integrity": "sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg==" + "integrity": "sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg==", + "engines": { + "node": ">=6" + } }, - "co": { + "node_modules/co": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", - "integrity": "sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ==" + "integrity": "sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ==", + "engines": { + "iojs": ">= 1.0.0", + "node": ">= 0.12.0" + } }, - "coa": { + "node_modules/coa": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/coa/-/coa-2.0.2.tgz", "integrity": "sha512-q5/jG+YQnSy4nRTV4F7lPepBJZ8qBNJJDBuJdoejDyLXgmL7IEo+Le2JDZudFTFt7mrCqIRaSjws4ygRCTCAXA==", - "requires": { + "dependencies": { "@types/q": "^1.5.1", "chalk": "^2.4.1", "q": "^1.1.2" }, + "engines": { + "node": ">= 4.0" + } + }, + "node_modules/coa/node_modules/ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==" - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "requires": { - "has-flag": "^3.0.0" - } - } + "color-convert": "^1.9.0" + }, + "engines": { + "node": ">=4" } }, - "code-point-at": { - "version": "1.1.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/code-point-at/-/code-point-at-1.1.0.tgz", - "integrity": "sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c=" + "node_modules/coa/node_modules/chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dependencies": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/coa/node_modules/color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dependencies": { + "color-name": "1.1.3" + } + }, + "node_modules/coa/node_modules/color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" + }, + "node_modules/coa/node_modules/has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", + "engines": { + "node": ">=4" + } + }, + "node_modules/coa/node_modules/supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dependencies": { + "has-flag": "^3.0.0" + }, + "engines": { + "node": ">=4" + } }, - "collect-v8-coverage": { + "node_modules/collect-v8-coverage": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", "integrity": "sha512-lHl4d5/ONEbLlJvaJNtsF/Lz+WvB07u2ycqTYbdrq7UypDXailES4valYb2eWiJFxZlVmpGekfqoxQhzyFdT4Q==" }, - "color": { + "node_modules/color": { "version": "3.2.1", "resolved": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", "integrity": "sha512-aBl7dZI9ENN6fUGC7mWpMTPNHmWUSNan9tuWN6ahh5ZLNk9baLJOnSMlrQkHcrfFgz2/RigjUVAjdx36VcemKA==", - "requires": { + "dependencies": { "color-convert": "^1.9.3", "color-string": "^1.6.0" - }, - "dependencies": { - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" - } } }, - "color-convert": { + "node_modules/color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "requires": { + "dependencies": { "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" } }, - "color-name": { + "node_modules/color-name": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, - "color-string": { + "node_modules/color-string": { "version": "1.9.1", "resolved": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", "integrity": "sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==", - "requires": { + "dependencies": { "color-name": "^1.0.0", "simple-swizzle": "^0.2.2" } }, - "colord": { + "node_modules/color-support": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-support/-/color-support-1.1.3.tgz", + "integrity": "sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==", + "bin": { + "color-support": "bin.js" + } + }, + "node_modules/color/node_modules/color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dependencies": { + "color-name": "1.1.3" + } + }, + "node_modules/color/node_modules/color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" + }, + "node_modules/colord": { "version": "2.9.3", "resolved": "https://registry.npmjs.org/colord/-/colord-2.9.3.tgz", "integrity": "sha512-jeC1axXpnb0/2nn/Y1LPuLdgXBLH7aDcHu4KEKfqw3CUhX7ZpfBSlPKyqXE6btIgEzfWtrX3/tyBCaCvXvMkOw==" }, - "colorette": { + "node_modules/colorette": { "version": "2.0.20", "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==" }, - "colorspace": { + "node_modules/colorspace": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", "integrity": "sha512-BgvKJiuVu1igBUF2kEjRCZXol6wiiGbY5ipL/oVPwm0BL9sIpMIzM8IK7vwuxIIzOXMV3Ey5w+vxhm0rR/TN8w==", - "requires": { + "dependencies": { "color": "^3.1.3", "text-hex": "1.0.x" } }, - "combined-stream": { + "node_modules/combined-stream": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { + "dependencies": { "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" } }, - "commander": { + "node_modules/commander": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", - "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==" + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "engines": { + "node": ">= 10" + } }, - "common-path-prefix": { + "node_modules/common-path-prefix": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/common-path-prefix/-/common-path-prefix-3.0.0.tgz", "integrity": "sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w==" }, - "common-tags": { + "node_modules/common-tags": { "version": "1.8.2", "resolved": "https://registry.npmjs.org/common-tags/-/common-tags-1.8.2.tgz", - "integrity": "sha512-gk/Z852D2Wtb//0I+kRFNKKE9dIIVirjoqPoA1wJU+XePVXZfGeBpk45+A1rKO4Q43prqWBNY/MiIeRLbPWUaA==" + "integrity": "sha512-gk/Z852D2Wtb//0I+kRFNKKE9dIIVirjoqPoA1wJU+XePVXZfGeBpk45+A1rKO4Q43prqWBNY/MiIeRLbPWUaA==", + "engines": { + "node": ">=4.0.0" + } }, - "commondir": { + "node_modules/commondir": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", "integrity": "sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==" }, - "compressible": { + "node_modules/compressible": { "version": "2.0.18", "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz", "integrity": "sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==", - "requires": { + "dependencies": { "mime-db": ">= 1.43.0 < 2" + }, + "engines": { + "node": ">= 0.6" } }, - "compression": { + "node_modules/compression": { "version": "1.7.4", "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.4.tgz", "integrity": "sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==", - "requires": { + "dependencies": { "accepts": "~1.3.5", "bytes": "3.0.0", "compressible": "~2.0.16", @@ -4809,168 +6925,244 @@ "safe-buffer": "5.1.2", "vary": "~1.1.2" }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/compression/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - } + "ms": "2.0.0" } }, - "concat-map": { + "node_modules/compression/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=" }, - "confusing-browser-globals": { + "node_modules/confusing-browser-globals": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.11.tgz", "integrity": "sha512-JsPKdmh8ZkmnHxDk55FZ1TqVLvEQTvoByJZRN9jzI0UjxK/QgAmsphz7PGtqgPieQZ/CQcHWXCR7ATDNhGe+YA==" }, - "connect-history-api-fallback": { + "node_modules/connect-history-api-fallback": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/connect-history-api-fallback/-/connect-history-api-fallback-2.0.0.tgz", - "integrity": "sha512-U73+6lQFmfiNPrYbXqr6kZ1i1wiRqXnp2nhMsINseWXO8lDau0LGEffJ8kQi4EjLZympVgRdvqjAgiZ1tgzDDA==" + "integrity": "sha512-U73+6lQFmfiNPrYbXqr6kZ1i1wiRqXnp2nhMsINseWXO8lDau0LGEffJ8kQi4EjLZympVgRdvqjAgiZ1tgzDDA==", + "engines": { + "node": ">=0.8" + } }, - "console-control-strings": { + "node_modules/console-control-strings": { "version": "1.1.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/console-control-strings/-/console-control-strings-1.1.0.tgz", - "integrity": "sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=" + "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz", + "integrity": "sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ==" }, - "content-disposition": { + "node_modules/content-disposition": { "version": "0.5.4", "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", - "requires": { + "dependencies": { "safe-buffer": "5.2.1" }, - "dependencies": { - "safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" - } + "engines": { + "node": ">= 0.6" } }, - "content-type": { + "node_modules/content-disposition/node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/content-type": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", - "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==" + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "engines": { + "node": ">= 0.6" + } }, - "convert-source-map": { + "node_modules/convert-source-map": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==" }, - "cookie": { + "node_modules/cookie": { "version": "0.5.0", "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==" + "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "engines": { + "node": ">= 0.6" + } }, - "cookie-signature": { + "node_modules/cookie-signature": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==" }, - "core-js": { + "node_modules/core-js": { "version": "3.33.0", "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.33.0.tgz", - "integrity": "sha512-HoZr92+ZjFEKar5HS6MC776gYslNOKHt75mEBKWKnPeFDpZ6nH5OeF3S6HFT1mUAUZKrzkez05VboaX8myjSuw==" + "integrity": "sha512-HoZr92+ZjFEKar5HS6MC776gYslNOKHt75mEBKWKnPeFDpZ6nH5OeF3S6HFT1mUAUZKrzkez05VboaX8myjSuw==", + "hasInstallScript": true, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } }, - "core-js-compat": { + "node_modules/core-js-compat": { "version": "3.33.0", "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.33.0.tgz", "integrity": "sha512-0w4LcLXsVEuNkIqwjjf9rjCoPhK8uqA4tMRh4Ge26vfLtUutshn+aRJU21I9LCJlh2QQHfisNToLjw1XEJLTWw==", - "requires": { + "dependencies": { "browserslist": "^4.22.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" } }, - "core-js-pure": { + "node_modules/core-js-pure": { "version": "3.33.0", "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.33.0.tgz", - "integrity": "sha512-FKSIDtJnds/YFIEaZ4HszRX7hkxGpNKM7FC9aJ9WLJbSd3lD4vOltFuVIBLR8asSx9frkTSqL0dw90SKQxgKrg==" + "integrity": "sha512-FKSIDtJnds/YFIEaZ4HszRX7hkxGpNKM7FC9aJ9WLJbSd3lD4vOltFuVIBLR8asSx9frkTSqL0dw90SKQxgKrg==", + "hasInstallScript": true, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } }, - "core-util-is": { + "node_modules/core-util-is": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=" }, - "cosmiconfig": { + "node_modules/cosmiconfig": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.1.0.tgz", "integrity": "sha512-AdmX6xUzdNASswsFtmwSt7Vj8po9IuqXm0UXz7QKPuEUmPB4XyjGfaAr2PSuELMwkRMVH1EpIkX5bTZGRB3eCA==", - "requires": { + "dependencies": { "@types/parse-json": "^4.0.0", "import-fresh": "^3.2.1", "parse-json": "^5.0.0", "path-type": "^4.0.0", "yaml": "^1.10.0" + }, + "engines": { + "node": ">=10" } }, - "create-require": { + "node_modules/create-require": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==" }, - "cross-spawn": { + "node_modules/cross-spawn": { "version": "7.0.3", "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", - "requires": { + "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", "which": "^2.0.1" }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/cross-spawn/node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", "dependencies": { - "which": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", - "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", - "requires": { - "isexe": "^2.0.0" - } - } + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" } }, - "crypto-random-string": { + "node_modules/crypto-random-string": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz", - "integrity": "sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==" + "integrity": "sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==", + "engines": { + "node": ">=8" + } }, - "css-blank-pseudo": { + "node_modules/css-blank-pseudo": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/css-blank-pseudo/-/css-blank-pseudo-3.0.3.tgz", "integrity": "sha512-VS90XWtsHGqoM0t4KpH053c4ehxZ2E6HtGI7x68YFV0pTo/QmkV/YFA+NnlvK8guxZVNWGQhVNJGC39Q8XF4OQ==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.9" + }, + "bin": { + "css-blank-pseudo": "dist/cli.cjs" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.4" } }, - "css-declaration-sorter": { + "node_modules/css-declaration-sorter": { "version": "6.4.1", "resolved": "https://registry.npmjs.org/css-declaration-sorter/-/css-declaration-sorter-6.4.1.tgz", - "integrity": "sha512-rtdthzxKuyq6IzqX6jEcIzQF/YqccluefyCYheovBOLhFT/drQA9zj/UbRAa9J7C0o6EG6u3E6g+vKkay7/k3g==" + "integrity": "sha512-rtdthzxKuyq6IzqX6jEcIzQF/YqccluefyCYheovBOLhFT/drQA9zj/UbRAa9J7C0o6EG6u3E6g+vKkay7/k3g==", + "engines": { + "node": "^10 || ^12 || >=14" + }, + "peerDependencies": { + "postcss": "^8.0.9" + } }, - "css-has-pseudo": { + "node_modules/css-has-pseudo": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/css-has-pseudo/-/css-has-pseudo-3.0.4.tgz", "integrity": "sha512-Vse0xpR1K9MNlp2j5w1pgWIJtm1a8qS0JwS9goFYcImjlHEmywP9VUF05aGBXzGpDJF86QXk4L0ypBmwPhGArw==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.9" + }, + "bin": { + "css-has-pseudo": "dist/cli.cjs" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.4" } }, - "css-loader": { + "node_modules/css-loader": { "version": "6.8.1", "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.8.1.tgz", "integrity": "sha512-xDAXtEVGlD0gJ07iclwWVkLoZOpEvAWaSyf6W18S2pOC//K8+qUDIx8IIT3D+HjnmkJPQeesOPv5aiUaJsCM2g==", - "requires": { + "dependencies": { "icss-utils": "^5.1.0", "postcss": "^8.4.21", "postcss-modules-extract-imports": "^3.0.0", @@ -4979,13 +7171,23 @@ "postcss-modules-values": "^4.0.0", "postcss-value-parser": "^4.2.0", "semver": "^7.3.8" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" } }, - "css-minimizer-webpack-plugin": { + "node_modules/css-minimizer-webpack-plugin": { "version": "3.4.1", "resolved": "https://registry.npmjs.org/css-minimizer-webpack-plugin/-/css-minimizer-webpack-plugin-3.4.1.tgz", "integrity": "sha512-1u6D71zeIfgngN2XNRJefc/hY7Ybsxd74Jm4qngIXyUEk7fss3VUzuHxLAq/R8NAba4QU9OUSaMZlbpRc7bM4Q==", - "requires": { + "dependencies": { "cssnano": "^5.0.6", "jest-worker": "^27.0.2", "postcss": "^8.3.5", @@ -4993,131 +7195,218 @@ "serialize-javascript": "^6.0.0", "source-map": "^0.6.1" }, - "dependencies": { - "ajv": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", - "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", - "requires": { - "fast-deep-equal": "^3.1.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" - } - }, - "ajv-keywords": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", - "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", - "requires": { - "fast-deep-equal": "^3.1.3" - } + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "@parcel/css": { + "optional": true }, - "json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + "clean-css": { + "optional": true }, - "schema-utils": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", - "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", - "requires": { - "@types/json-schema": "^7.0.9", - "ajv": "^8.9.0", - "ajv-formats": "^2.1.1", - "ajv-keywords": "^5.1.0" - } + "csso": { + "optional": true }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" + "esbuild": { + "optional": true } } }, - "css-prefers-color-scheme": { + "node_modules/css-minimizer-webpack-plugin/node_modules/ajv": { + "version": "8.12.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", + "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/css-minimizer-webpack-plugin/node_modules/ajv-keywords": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", + "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", + "dependencies": { + "fast-deep-equal": "^3.1.3" + }, + "peerDependencies": { + "ajv": "^8.8.2" + } + }, + "node_modules/css-minimizer-webpack-plugin/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, + "node_modules/css-minimizer-webpack-plugin/node_modules/schema-utils": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", + "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", + "dependencies": { + "@types/json-schema": "^7.0.9", + "ajv": "^8.9.0", + "ajv-formats": "^2.1.1", + "ajv-keywords": "^5.1.0" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/css-minimizer-webpack-plugin/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/css-prefers-color-scheme": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/css-prefers-color-scheme/-/css-prefers-color-scheme-6.0.3.tgz", - "integrity": "sha512-4BqMbZksRkJQx2zAjrokiGMd07RqOa2IxIrrN10lyBe9xhn9DEvjUK79J6jkeiv9D9hQFXKb6g1jwU62jziJZA==" + "integrity": "sha512-4BqMbZksRkJQx2zAjrokiGMd07RqOa2IxIrrN10lyBe9xhn9DEvjUK79J6jkeiv9D9hQFXKb6g1jwU62jziJZA==", + "bin": { + "css-prefers-color-scheme": "dist/cli.cjs" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.4" + } }, - "css-select": { + "node_modules/css-select": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/css-select/-/css-select-4.3.0.tgz", "integrity": "sha512-wPpOYtnsVontu2mODhA19JrqWxNsfdatRKd64kmpRbQgh1KtItko5sTnEpPdpSaJszTOhEMlF/RPz28qj4HqhQ==", - "requires": { + "dependencies": { "boolbase": "^1.0.0", "css-what": "^6.0.1", "domhandler": "^4.3.1", "domutils": "^2.8.0", "nth-check": "^2.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" } }, - "css-select-base-adapter": { + "node_modules/css-select-base-adapter": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/css-select-base-adapter/-/css-select-base-adapter-0.1.1.tgz", "integrity": "sha512-jQVeeRG70QI08vSTwf1jHxp74JoZsr2XSgETae8/xC8ovSnL2WF87GTLO86Sbwdt2lK4Umg4HnnwMO4YF3Ce7w==" }, - "css-tree": { + "node_modules/css-tree": { "version": "1.0.0-alpha.37", "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.0.0-alpha.37.tgz", "integrity": "sha512-DMxWJg0rnz7UgxKT0Q1HU/L9BeJI0M6ksor0OgqOnF+aRCDWg/N2641HmVyU9KVIu0OVVWOb2IpC9A+BJRnejg==", - "requires": { + "dependencies": { "mdn-data": "2.0.4", "source-map": "^0.6.1" }, - "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - } + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/css-tree/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" } }, - "css-vendor": { + "node_modules/css-vendor": { "version": "2.0.8", "resolved": "https://registry.npmjs.org/css-vendor/-/css-vendor-2.0.8.tgz", "integrity": "sha512-x9Aq0XTInxrkuFeHKbYC7zWY8ai7qJ04Kxd9MnvbC1uO5DagxoHQjm4JvG+vCdXOoFtCjbL2XSZfxmoYa9uQVQ==", - "requires": { + "dependencies": { "@babel/runtime": "^7.8.3", "is-in-browser": "^1.0.2" } }, - "css-what": { + "node_modules/css-what": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.1.0.tgz", - "integrity": "sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==" + "integrity": "sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==", + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } }, - "css.escape": { + "node_modules/css.escape": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/css.escape/-/css.escape-1.5.1.tgz", "integrity": "sha512-YUifsXXuknHlUsmlgyY0PKzgPOr7/FjCePfHNt0jxm83wHZi44VDMQ7/fGNkjY3/jV1MC+1CmZbaHzugyeRtpg==" }, - "cssdb": { + "node_modules/cssdb": { "version": "7.8.0", "resolved": "https://registry.npmjs.org/cssdb/-/cssdb-7.8.0.tgz", - "integrity": "sha512-SkeezZOQr5AHt9MgJgSFNyiuJwg1p8AwoVln6JwaQJsyxduRW9QJ+HP/gAQzbsz8SIqINtYvpJKjxTRI67zxLg==" + "integrity": "sha512-SkeezZOQr5AHt9MgJgSFNyiuJwg1p8AwoVln6JwaQJsyxduRW9QJ+HP/gAQzbsz8SIqINtYvpJKjxTRI67zxLg==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + } + ] }, - "cssesc": { + "node_modules/cssesc": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", - "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==" + "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==", + "bin": { + "cssesc": "bin/cssesc" + }, + "engines": { + "node": ">=4" + } }, - "cssnano": { + "node_modules/cssnano": { "version": "5.1.15", "resolved": "https://registry.npmjs.org/cssnano/-/cssnano-5.1.15.tgz", "integrity": "sha512-j+BKgDcLDQA+eDifLx0EO4XSA56b7uut3BQFH+wbSaSTuGLuiyTa/wbRYthUXX8LC9mLg+WWKe8h+qJuwTAbHw==", - "requires": { + "dependencies": { "cssnano-preset-default": "^5.2.14", "lilconfig": "^2.0.3", "yaml": "^1.10.2" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/cssnano" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "cssnano-preset-default": { + "node_modules/cssnano-preset-default": { "version": "5.2.14", "resolved": "https://registry.npmjs.org/cssnano-preset-default/-/cssnano-preset-default-5.2.14.tgz", "integrity": "sha512-t0SFesj/ZV2OTylqQVOrFgEh5uanxbO6ZAdeCrNsUQ6fVuXwYTxJPNAGvGTxHbD68ldIJNec7PyYZDBrfDQ+6A==", - "requires": { + "dependencies": { "css-declaration-sorter": "^6.3.1", "cssnano-utils": "^3.1.0", "postcss-calc": "^8.2.3", @@ -5147,527 +7436,704 @@ "postcss-reduce-transforms": "^5.1.0", "postcss-svgo": "^5.1.0", "postcss-unique-selectors": "^5.1.1" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "cssnano-utils": { + "node_modules/cssnano-utils": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/cssnano-utils/-/cssnano-utils-3.1.0.tgz", - "integrity": "sha512-JQNR19/YZhz4psLX/rQ9M83e3z2Wf/HdJbryzte4a3NSuafyp9w/I4U+hx5C2S9g41qlstH7DEWnZaaj83OuEA==" + "integrity": "sha512-JQNR19/YZhz4psLX/rQ9M83e3z2Wf/HdJbryzte4a3NSuafyp9w/I4U+hx5C2S9g41qlstH7DEWnZaaj83OuEA==", + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" + } }, - "csso": { + "node_modules/csso": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/csso/-/csso-4.2.0.tgz", "integrity": "sha512-wvlcdIbf6pwKEk7vHj8/Bkc0B4ylXZruLvOgs9doS5eOsOpuodOV2zJChSpkp+pRpYQLQMeF04nr3Z68Sta9jA==", - "requires": { + "dependencies": { "css-tree": "^1.1.2" }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/csso/node_modules/css-tree": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.3.tgz", + "integrity": "sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==", "dependencies": { - "css-tree": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.3.tgz", - "integrity": "sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==", - "requires": { - "mdn-data": "2.0.14", - "source-map": "^0.6.1" - } - }, - "mdn-data": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz", - "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==" - }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - } + "mdn-data": "2.0.14", + "source-map": "^0.6.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/csso/node_modules/mdn-data": { + "version": "2.0.14", + "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz", + "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==" + }, + "node_modules/csso/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" } }, - "cssom": { + "node_modules/cssom": { "version": "0.4.4", "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.4.4.tgz", "integrity": "sha512-p3pvU7r1MyyqbTk+WbNJIgJjG2VmTIaB10rI93LzVPrmDJKkzKYMtxxyAvQXR/NS6otuzveI7+7BBq3SjBS2mw==" }, - "cssstyle": { + "node_modules/cssstyle": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-2.3.0.tgz", "integrity": "sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==", - "requires": { + "dependencies": { "cssom": "~0.3.6" }, - "dependencies": { - "cssom": { - "version": "0.3.8", - "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz", - "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==" - } + "engines": { + "node": ">=8" } }, - "csstype": { + "node_modules/cssstyle/node_modules/cssom": { + "version": "0.3.8", + "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz", + "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==" + }, + "node_modules/csstype": { "version": "2.6.21", "resolved": "https://registry.npmjs.org/csstype/-/csstype-2.6.21.tgz", "integrity": "sha512-Z1PhmomIfypOpoMjRQB70jfvy/wxT50qW08YXO5lMIJkrdq4yOTR+AW7FqutScmB9NkLwxo+jU+kZLbofZZq/w==" }, - "damerau-levenshtein": { + "node_modules/damerau-levenshtein": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/damerau-levenshtein/-/damerau-levenshtein-1.0.8.tgz", "integrity": "sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA==" }, - "dashdash": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz", - "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=", - "requires": { - "assert-plus": "^1.0.0" - } - }, - "data-urls": { + "node_modules/data-urls": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-2.0.0.tgz", "integrity": "sha512-X5eWTSXO/BJmpdIKCRuKUgSCgAN0OwliVK3yPKbwIWU1Tdw5BRajxlzMidvh+gwko9AfQ9zIj52pzF91Q3YAvQ==", - "requires": { + "dependencies": { "abab": "^2.0.3", "whatwg-mimetype": "^2.3.0", "whatwg-url": "^8.0.0" }, + "engines": { + "node": ">=10" + } + }, + "node_modules/data-urls/node_modules/tr46": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz", + "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==", "dependencies": { - "tr46": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz", - "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==", - "requires": { - "punycode": "^2.1.1" - } - }, - "webidl-conversions": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz", - "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==" - }, - "whatwg-url": { - "version": "8.7.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz", - "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==", - "requires": { - "lodash": "^4.7.0", - "tr46": "^2.1.0", - "webidl-conversions": "^6.1.0" - } - } + "punycode": "^2.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/data-urls/node_modules/webidl-conversions": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz", + "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==", + "engines": { + "node": ">=10.4" + } + }, + "node_modules/data-urls/node_modules/whatwg-url": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz", + "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==", + "dependencies": { + "lodash": "^4.7.0", + "tr46": "^2.1.0", + "webidl-conversions": "^6.1.0" + }, + "engines": { + "node": ">=10" } }, - "debug": { + "node_modules/debug": { "version": "4.3.4", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", - "requires": { + "dependencies": { "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } } }, - "decimal.js": { + "node_modules/decimal.js": { "version": "10.4.3", "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.4.3.tgz", "integrity": "sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA==" }, - "decompress-response": { - "version": "5.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/decompress-response/-/decompress-response-5.0.0.tgz", - "integrity": "sha1-eEk5boDj0euoyy9170kw92Rhyw8=", - "requires": { - "mimic-response": "^2.0.0" + "node_modules/decompress-response": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", + "dependencies": { + "mimic-response": "^3.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "dedent": { + "node_modules/decompress-response/node_modules/mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/dedent": { "version": "0.7.0", "resolved": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", "integrity": "sha512-Q6fKUPqnAHAyhiUgFU7BUzLiv0kd8saH9al7tnu5Q/okj6dnupxyTgFIBjVzJATdfIAm9NAsvXNzjaKa+bxVyA==" }, - "deep-extend": { - "version": "0.6.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/deep-extend/-/deep-extend-0.6.0.tgz", - "integrity": "sha1-xPp8lUBKF6nD6Mp+FTcxK3NjMKw=" - }, - "deep-is": { + "node_modules/deep-is": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==" }, - "deepmerge": { + "node_modules/deepmerge": { "version": "4.3.1", "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", - "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==" + "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==", + "engines": { + "node": ">=0.10.0" + } }, - "default-gateway": { + "node_modules/default-gateway": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/default-gateway/-/default-gateway-6.0.3.tgz", "integrity": "sha512-fwSOJsbbNzZ/CUFpqFBqYfYNLj1NbMPm8MMCIzHjC83iSJRBEGmDUxU+WP661BaBQImeC2yHwXtz+P/O9o+XEg==", - "requires": { + "dependencies": { "execa": "^5.0.0" + }, + "engines": { + "node": ">= 10" } }, - "defer-to-connect": { + "node_modules/defer-to-connect": { "version": "2.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/defer-to-connect/-/defer-to-connect-2.0.1.tgz", - "integrity": "sha1-gBa9tBQ+RjK3ejRJxiNid95SBYc=" + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "integrity": "sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg==", + "engines": { + "node": ">=10" + } }, - "define-data-property": { + "node_modules/define-data-property": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", - "requires": { + "dependencies": { "get-intrinsic": "^1.2.1", "gopd": "^1.0.1", "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" } }, - "define-lazy-prop": { + "node_modules/define-lazy-prop": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz", - "integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==" + "integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==", + "engines": { + "node": ">=8" + } }, - "define-properties": { + "node_modules/define-properties": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", - "requires": { + "dependencies": { "define-data-property": "^1.0.1", "has-property-descriptors": "^1.0.0", "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "delayed-stream": { + "node_modules/delayed-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" + "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", + "engines": { + "node": ">=0.4.0" + } }, - "delegates": { + "node_modules/delegates": { "version": "1.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/delegates/-/delegates-1.0.0.tgz", - "integrity": "sha1-hMbhWbgZBP3KWaDvRM2HDTElD5o=" + "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz", + "integrity": "sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==" }, - "depd": { + "node_modules/depd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==" + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "engines": { + "node": ">= 0.8" + } }, - "deprecation": { + "node_modules/deprecation": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" }, - "dequal": { + "node_modules/dequal": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", - "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==" + "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==", + "engines": { + "node": ">=6" + } }, - "destroy": { + "node_modules/destroy": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", - "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==" + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } }, - "detect-libc": { - "version": "1.0.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/detect-libc/-/detect-libc-1.0.3.tgz", - "integrity": "sha1-+hN8S9aY7fVc1c0CrFWfkaTEups=" + "node_modules/detect-libc": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.3.tgz", + "integrity": "sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw==", + "engines": { + "node": ">=8" + } }, - "detect-newline": { + "node_modules/detect-newline": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", - "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==" + "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==", + "engines": { + "node": ">=8" + } }, - "detect-node": { + "node_modules/detect-node": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/detect-node/-/detect-node-2.1.0.tgz", "integrity": "sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g==" }, - "detect-port-alt": { + "node_modules/detect-port-alt": { "version": "1.1.6", "resolved": "https://registry.npmjs.org/detect-port-alt/-/detect-port-alt-1.1.6.tgz", "integrity": "sha512-5tQykt+LqfJFBEYaDITx7S7cR7mJ/zQmLXZ2qt5w04ainYZw6tBf9dBunMjVeVOdYVRUzUOE4HkY5J7+uttb5Q==", - "requires": { + "dependencies": { "address": "^1.0.1", "debug": "^2.6.0" }, + "bin": { + "detect": "bin/detect-port", + "detect-port": "bin/detect-port" + }, + "engines": { + "node": ">= 4.2.1" + } + }, + "node_modules/detect-port-alt/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - } + "ms": "2.0.0" } }, - "didyoumean": { + "node_modules/detect-port-alt/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "node_modules/didyoumean": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==" }, - "diff": { + "node_modules/diff": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", - "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==" + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "engines": { + "node": ">=0.3.1" + } }, - "diff-sequences": { + "node_modules/diff-sequences": { "version": "26.6.2", "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-26.6.2.tgz", - "integrity": "sha512-Mv/TDa3nZ9sbc5soK+OoA74BsS3mL37yixCvUAQkiuA4Wz6YtwP/K47n2rv2ovzHZvoiQeA5FTQOschKkEwB0Q==" + "integrity": "sha512-Mv/TDa3nZ9sbc5soK+OoA74BsS3mL37yixCvUAQkiuA4Wz6YtwP/K47n2rv2ovzHZvoiQeA5FTQOschKkEwB0Q==", + "engines": { + "node": ">= 10.14.2" + } }, - "dir-glob": { + "node_modules/dir-glob": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", - "requires": { + "dependencies": { "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" } }, - "dlv": { + "node_modules/dlv": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==" }, - "dns-equal": { + "node_modules/dns-equal": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/dns-equal/-/dns-equal-1.0.0.tgz", "integrity": "sha512-z+paD6YUQsk+AbGCEM4PrOXSss5gd66QfcVBFTKR/HpFL9jCqikS94HYwKww6fQyO7IxrIIyUu+g0Ka9tUS2Cg==" }, - "dns-packet": { + "node_modules/dns-packet": { "version": "5.6.1", "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.1.tgz", "integrity": "sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw==", - "requires": { + "dependencies": { "@leichtgewicht/ip-codec": "^2.0.1" + }, + "engines": { + "node": ">=6" } }, - "doctrine": { + "node_modules/doctrine": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==", - "requires": { + "dependencies": { "esutils": "^2.0.2" + }, + "engines": { + "node": ">=6.0.0" } }, - "dom-accessibility-api": { + "node_modules/dom-accessibility-api": { "version": "0.5.16", "resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.5.16.tgz", "integrity": "sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg==" }, - "dom-converter": { + "node_modules/dom-converter": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/dom-converter/-/dom-converter-0.2.0.tgz", "integrity": "sha512-gd3ypIPfOMr9h5jIKq8E3sHOTCjeirnl0WK5ZdS1AW0Odt0b1PaWaHdJ4Qk4klv+YB9aJBS7mESXjFoDQPu6DA==", - "requires": { + "dependencies": { "utila": "~0.4" } }, - "dom-helpers": { + "node_modules/dom-helpers": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz", "integrity": "sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==", - "requires": { + "dependencies": { "@babel/runtime": "^7.8.7", "csstype": "^3.0.2" - }, - "dependencies": { - "csstype": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", - "integrity": "sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==" - } } }, - "dom-serializer": { + "node_modules/dom-helpers/node_modules/csstype": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", + "integrity": "sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==" + }, + "node_modules/dom-serializer": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", "integrity": "sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==", - "requires": { + "dependencies": { "domelementtype": "^2.0.1", "domhandler": "^4.2.0", "entities": "^2.0.0" }, - "dependencies": { - "entities": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", - "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==" - } + "funding": { + "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" + } + }, + "node_modules/dom-serializer/node_modules/entities": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==", + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" } }, - "domelementtype": { + "node_modules/domelementtype": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", - "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==" + "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ] }, - "domexception": { + "node_modules/domexception": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/domexception/-/domexception-2.0.1.tgz", "integrity": "sha512-yxJ2mFy/sibVQlu5qHjOkf9J3K6zgmCxgJ94u2EdvDOV09H+32LtRswEcUsmUWN72pVLOEnTSRaIVVzVQgS0dg==", - "requires": { + "deprecated": "Use your platform's native DOMException instead", + "dependencies": { "webidl-conversions": "^5.0.0" }, - "dependencies": { - "webidl-conversions": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-5.0.0.tgz", - "integrity": "sha512-VlZwKPCkYKxQgeSbH5EyngOmRp7Ww7I9rQLERETtf5ofd9pGeswWiOtogpEO850jziPRarreGxn5QIiTqpb2wA==" - } + "engines": { + "node": ">=8" + } + }, + "node_modules/domexception/node_modules/webidl-conversions": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-5.0.0.tgz", + "integrity": "sha512-VlZwKPCkYKxQgeSbH5EyngOmRp7Ww7I9rQLERETtf5ofd9pGeswWiOtogpEO850jziPRarreGxn5QIiTqpb2wA==", + "engines": { + "node": ">=8" } }, - "domhandler": { + "node_modules/domhandler": { "version": "4.3.1", "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", "integrity": "sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==", - "requires": { + "dependencies": { "domelementtype": "^2.2.0" + }, + "engines": { + "node": ">= 4" + }, + "funding": { + "url": "https://github.com/fb55/domhandler?sponsor=1" } }, - "domutils": { + "node_modules/domutils": { "version": "2.8.0", "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", "integrity": "sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==", - "requires": { + "dependencies": { "dom-serializer": "^1.0.1", "domelementtype": "^2.2.0", "domhandler": "^4.2.0" + }, + "funding": { + "url": "https://github.com/fb55/domutils?sponsor=1" } }, - "dot-case": { + "node_modules/dot-case": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", "integrity": "sha512-Kv5nKlh6yRrdrGvxeJ2e5y2eRUpkUosIW4A2AS38zwSz27zu7ufDwQPi5Jhs3XAlGNetl3bmnGhQsMtkKJnj3w==", - "requires": { + "dependencies": { "no-case": "^3.0.4", "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" - } } }, - "dotenv": { + "node_modules/dot-case/node_modules/tslib": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + }, + "node_modules/dotenv": { "version": "10.0.0", "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz", - "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==" + "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==", + "engines": { + "node": ">=10" + } }, - "dotenv-expand": { + "node_modules/dotenv-expand": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/dotenv-expand/-/dotenv-expand-5.1.0.tgz", "integrity": "sha512-YXQl1DSa4/PQyRfgrv6aoNjhasp/p4qs9FjJ4q4cQk+8m4r6k4ZSiEyytKG8f8W9gi8WsQtIObNmKd+tMzNTmA==" }, - "duplexer": { + "node_modules/duplexer": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz", "integrity": "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==" }, - "duplexer3": { - "version": "0.1.4", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/duplexer3/-/duplexer3-0.1.4.tgz", - "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=" - }, - "ecc-jsbn": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", - "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=", - "requires": { - "jsbn": "~0.1.0", - "safer-buffer": "^2.1.0" - } + "node_modules/eastasianwidth": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==" }, - "ee-first": { + "node_modules/ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" }, - "ejs": { + "node_modules/ejs": { "version": "3.1.9", "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz", "integrity": "sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==", - "requires": { + "dependencies": { "jake": "^10.8.5" + }, + "bin": { + "ejs": "bin/cli.js" + }, + "engines": { + "node": ">=0.10.0" } }, - "electron-to-chromium": { + "node_modules/electron-to-chromium": { "version": "1.4.554", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.554.tgz", "integrity": "sha512-Q0umzPJjfBrrj8unkONTgbKQXzXRrH7sVV7D9ea2yBV3Oaogz991yhbpfvo2LMNkJItmruXTEzVpP9cp7vaIiQ==" }, - "emittery": { + "node_modules/emittery": { "version": "0.8.1", "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.8.1.tgz", - "integrity": "sha512-uDfvUjVrfGJJhymx/kz6prltenw1u7WrCg1oa94zYY8xxVpLLUu045LAT0dhDZdXG58/EpPL/5kA180fQ/qudg==" + "integrity": "sha512-uDfvUjVrfGJJhymx/kz6prltenw1u7WrCg1oa94zYY8xxVpLLUu045LAT0dhDZdXG58/EpPL/5kA180fQ/qudg==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/emittery?sponsor=1" + } }, - "emoji-regex": { + "node_modules/emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" }, - "emojis-list": { + "node_modules/emojis-list": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-3.0.0.tgz", - "integrity": "sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==" + "integrity": "sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==", + "engines": { + "node": ">= 4" + } }, - "enabled": { + "node_modules/enabled": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", "integrity": "sha512-AKrN98kuwOzMIdAizXGI86UFBoo26CL21UM763y1h/GMSJ4/OHU9k2YlsmBpyScFo/wbLzWQJBMCW4+IO3/+OQ==" }, - "encodeurl": { + "node_modules/encodeurl": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==" + "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/encoding": { + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz", + "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==", + "optional": true, + "dependencies": { + "iconv-lite": "^0.6.2" + } + }, + "node_modules/encoding/node_modules/iconv-lite": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "optional": true, + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + } }, - "end-of-stream": { + "node_modules/end-of-stream": { "version": "1.4.4", "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", - "requires": { + "dependencies": { "once": "^1.4.0" } }, - "enhanced-resolve": { + "node_modules/enhanced-resolve": { "version": "5.15.0", "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.15.0.tgz", "integrity": "sha512-LXYT42KJ7lpIKECr2mAXIaMldcNCh/7E0KBKOu4KSfkHmP+mZmSs+8V5gBAqisWBy0OO4W5Oyys0GO1Y8KtdKg==", - "requires": { + "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.2.0" + }, + "engines": { + "node": ">=10.13.0" } }, - "entities": { + "node_modules/entities": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", - "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==" + "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==", + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/env-paths": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "integrity": "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==", + "engines": { + "node": ">=6" + } + }, + "node_modules/err-code": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/err-code/-/err-code-2.0.3.tgz", + "integrity": "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==" }, - "error-ex": { + "node_modules/error-ex": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==", - "requires": { + "dependencies": { "is-arrayish": "^0.2.1" } }, - "error-stack-parser": { + "node_modules/error-stack-parser": { "version": "2.1.4", "resolved": "https://registry.npmjs.org/error-stack-parser/-/error-stack-parser-2.1.4.tgz", "integrity": "sha512-Sk5V6wVazPhq5MhpO+AUxJn5x7XSXGl1R93Vn7i+zS15KDVxQijejNCrz8340/2bgLBjR9GtEG8ZVKONDjcqGQ==", - "requires": { + "dependencies": { "stackframe": "^1.3.4" } }, - "es-abstract": { + "node_modules/es-abstract": { "version": "1.22.2", "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.22.2.tgz", "integrity": "sha512-YoxfFcDmhjOgWPWsV13+2RNjq1F6UQnfs+8TftwNqtzlmFzEXvlUwdrNrYeaizfjQzRMxkZ6ElWMOJIFKdVqwA==", - "requires": { + "dependencies": { "array-buffer-byte-length": "^1.0.0", "arraybuffer.prototype.slice": "^1.0.2", "available-typed-arrays": "^1.0.5", @@ -5707,18 +8173,24 @@ "typed-array-length": "^1.0.4", "unbox-primitive": "^1.0.2", "which-typed-array": "^1.1.11" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "es-array-method-boxes-properly": { + "node_modules/es-array-method-boxes-properly": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/es-array-method-boxes-properly/-/es-array-method-boxes-properly-1.0.0.tgz", "integrity": "sha512-wd6JXUmyHmt8T5a2xreUwKcGPq6f1f+WwIJkijUqiGcJz1qqnZgP6XIK+QyIWU5lT7imeNxUll48bziG+TSYcA==" }, - "es-iterator-helpers": { + "node_modules/es-iterator-helpers": { "version": "1.0.15", "resolved": "https://registry.npmjs.org/es-iterator-helpers/-/es-iterator-helpers-1.0.15.tgz", "integrity": "sha512-GhoY8uYqd6iwUl2kgjTm4CZAf6oo5mHK7BPqx3rKgx893YSsy0LGHV6gfqqQvZt/8xM8xeOnfXBCfqclMKkJ5g==", - "requires": { + "dependencies": { "asynciterator.prototype": "^1.0.0", "call-bind": "^1.0.2", "define-properties": "^1.2.1", @@ -5735,79 +8207,104 @@ "safe-array-concat": "^1.0.1" } }, - "es-module-lexer": { + "node_modules/es-module-lexer": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.3.1.tgz", "integrity": "sha512-JUFAyicQV9mXc3YRxPnDlrfBKpqt6hUYzz9/boprUJHs4e4KVr3XwOF70doO6gwXUor6EWZJAyWAfKki84t20Q==" }, - "es-set-tostringtag": { + "node_modules/es-set-tostringtag": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.1.tgz", "integrity": "sha512-g3OMbtlwY3QewlqAiMLI47KywjWZoEytKr8pf6iTC8uJq5bIAH52Z9pnQ8pVL6whrCto53JZDuUIsifGeLorTg==", - "requires": { + "dependencies": { "get-intrinsic": "^1.1.3", "has": "^1.0.3", "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" } }, - "es-shim-unscopables": { + "node_modules/es-shim-unscopables": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.0.0.tgz", "integrity": "sha512-Jm6GPcCdC30eMLbZ2x8z2WuRwAws3zTBBKuusffYVUrNj/GVSUAZ+xKMaUpfNDR5IbyNA5LJbaecoUVbmUcB1w==", - "requires": { + "dependencies": { "has": "^1.0.3" } }, - "es-to-primitive": { + "node_modules/es-to-primitive": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", - "requires": { + "dependencies": { "is-callable": "^1.1.4", "is-date-object": "^1.0.1", "is-symbol": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "escalade": { + "node_modules/escalade": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", - "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==" + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "engines": { + "node": ">=6" + } }, - "escape-html": { + "node_modules/escape-html": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" }, - "escape-string-regexp": { + "node_modules/escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==" + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "engines": { + "node": ">=0.8.0" + } }, - "escodegen": { + "node_modules/escodegen": { "version": "1.14.3", "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.3.tgz", "integrity": "sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw==", - "requires": { + "dependencies": { "esprima": "^4.0.1", "estraverse": "^4.2.0", "esutils": "^2.0.2", - "optionator": "^0.8.1", - "source-map": "~0.6.1" + "optionator": "^0.8.1" }, - "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "optional": true - } + "bin": { + "escodegen": "bin/escodegen.js", + "esgenerate": "bin/esgenerate.js" + }, + "engines": { + "node": ">=4.0" + }, + "optionalDependencies": { + "source-map": "~0.6.1" + } + }, + "node_modules/escodegen/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "optional": true, + "engines": { + "node": ">=0.10.0" } }, - "eslint": { + "node_modules/eslint": { "version": "8.51.0", "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.51.0.tgz", "integrity": "sha512-2WuxRZBrlwnXi+/vFSJyjMqrNjtJqiasMzehF0shoLaW7DzS3/9Yvrmq5JiT66+pNjiX4UBnLDiKHcWAr/OInA==", - "requires": { + "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", "@eslint/eslintrc": "^2.1.2", @@ -5846,92 +8343,21 @@ "strip-ansi": "^6.0.1", "text-table": "^0.2.0" }, - "dependencies": { - "argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "escape-string-regexp": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", - "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==" - }, - "globals": { - "version": "13.23.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.23.0.tgz", - "integrity": "sha512-XAmF0RjlrjY23MA51q3HltdlGxUpXPvg0GioKiD9X6HD28iMjo2dKC8Vqwm7lne4GNr78+RHTfliktR6ZH09wA==", - "requires": { - "type-fest": "^0.20.2" - } - }, - "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "requires": { - "argparse": "^2.0.1" - } - }, - "levn": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", - "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", - "requires": { - "prelude-ls": "^1.2.1", - "type-check": "~0.4.0" - } - }, - "optionator": { - "version": "0.9.3", - "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", - "integrity": "sha512-JjCoypp+jKn1ttEFExxhetCKeJt9zhAgAve5FXHixTvFDW/5aEktX9bufBKLRRMdU7bNtpLfcGu94B3cdEJgjg==", - "requires": { - "@aashutoshrathi/word-wrap": "^1.2.3", - "deep-is": "^0.1.3", - "fast-levenshtein": "^2.0.6", - "levn": "^0.4.1", - "prelude-ls": "^1.2.1", - "type-check": "^0.4.0" - } - }, - "prelude-ls": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", - "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==" - }, - "strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "requires": { - "ansi-regex": "^5.0.1" - } - }, - "type-check": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", - "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", - "requires": { - "prelude-ls": "^1.2.1" - } - } + "bin": { + "eslint": "bin/eslint.js" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" } }, - "eslint-config-react-app": { + "node_modules/eslint-config-react-app": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/eslint-config-react-app/-/eslint-config-react-app-7.0.1.tgz", "integrity": "sha512-K6rNzvkIeHaTd8m/QEh1Zko0KI7BACWkkneSs6s9cKZC/J27X3eZR6Upt1jkmZ/4FK+XUOPPxMEN7+lbUXfSlA==", - "requires": { + "dependencies": { "@babel/core": "^7.16.0", "@babel/eslint-parser": "^7.16.3", "@rushstack/eslint-patch": "^1.1.0", @@ -5946,60 +8372,78 @@ "eslint-plugin-react": "^7.27.1", "eslint-plugin-react-hooks": "^4.3.0", "eslint-plugin-testing-library": "^5.0.1" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "eslint": "^8.0.0" } }, - "eslint-import-resolver-node": { + "node_modules/eslint-import-resolver-node": { "version": "0.3.9", "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.9.tgz", "integrity": "sha512-WFj2isz22JahUv+B788TlO3N6zL3nNJGU8CcZbPZvVEkBPaJdCV4vy5wyghty5ROFbCRnm132v8BScu5/1BQ8g==", - "requires": { + "dependencies": { "debug": "^3.2.7", "is-core-module": "^2.13.0", "resolve": "^1.22.4" - }, + } + }, + "node_modules/eslint-import-resolver-node/node_modules/debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", "dependencies": { - "debug": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", - "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", - "requires": { - "ms": "^2.1.1" - } - } + "ms": "^2.1.1" } }, - "eslint-module-utils": { + "node_modules/eslint-module-utils": { "version": "2.8.0", "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.8.0.tgz", "integrity": "sha512-aWajIYfsqCKRDgUfjEXNN/JlrzauMuSEy5sbd7WXbtW3EH6A6MpwEh42c7qD+MqQo9QMJ6fWLAeIJynx0g6OAw==", - "requires": { + "dependencies": { "debug": "^3.2.7" }, - "dependencies": { - "debug": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", - "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", - "requires": { - "ms": "^2.1.1" - } + "engines": { + "node": ">=4" + }, + "peerDependenciesMeta": { + "eslint": { + "optional": true } } }, - "eslint-plugin-flowtype": { + "node_modules/eslint-module-utils/node_modules/debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "dependencies": { + "ms": "^2.1.1" + } + }, + "node_modules/eslint-plugin-flowtype": { "version": "8.0.3", "resolved": "https://registry.npmjs.org/eslint-plugin-flowtype/-/eslint-plugin-flowtype-8.0.3.tgz", "integrity": "sha512-dX8l6qUL6O+fYPtpNRideCFSpmWOUVx5QcaGLVqe/vlDiBSe4vYljDWDETwnyFzpl7By/WVIu6rcrniCgH9BqQ==", - "requires": { + "dependencies": { "lodash": "^4.17.21", "string-natural-compare": "^3.0.1" + }, + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "@babel/plugin-syntax-flow": "^7.14.5", + "@babel/plugin-transform-react-jsx": "^7.14.9", + "eslint": "^8.1.0" } }, - "eslint-plugin-import": { + "node_modules/eslint-plugin-import": { "version": "2.28.1", "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.28.1.tgz", "integrity": "sha512-9I9hFlITvOV55alzoKBI+K9q74kv0iKMeY6av5+umsNwayt59fz692daGyjR+oStBQgx6nwR9rXldDev3Clw+A==", - "requires": { + "dependencies": { "array-includes": "^3.1.6", "array.prototype.findlastindex": "^1.2.2", "array.prototype.flat": "^1.3.1", @@ -6018,43 +8462,68 @@ "semver": "^6.3.1", "tsconfig-paths": "^3.14.2" }, + "engines": { + "node": ">=4" + }, + "peerDependencies": { + "eslint": "^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8" + } + }, + "node_modules/eslint-plugin-import/node_modules/debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", "dependencies": { - "debug": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", - "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", - "requires": { - "ms": "^2.1.1" - } - }, - "doctrine": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", - "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==", - "requires": { - "esutils": "^2.0.2" - } - }, - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "ms": "^2.1.1" + } + }, + "node_modules/eslint-plugin-import/node_modules/doctrine": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", + "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==", + "dependencies": { + "esutils": "^2.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/eslint-plugin-import/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "eslint-plugin-jest": { + "node_modules/eslint-plugin-jest": { "version": "25.7.0", "resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-25.7.0.tgz", "integrity": "sha512-PWLUEXeeF7C9QGKqvdSbzLOiLTx+bno7/HC9eefePfEb257QFHg7ye3dh80AZVkaa/RQsBB1Q/ORQvg2X7F0NQ==", - "requires": { + "dependencies": { "@typescript-eslint/experimental-utils": "^5.0.0" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + }, + "peerDependencies": { + "@typescript-eslint/eslint-plugin": "^4.0.0 || ^5.0.0", + "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" + }, + "peerDependenciesMeta": { + "@typescript-eslint/eslint-plugin": { + "optional": true + }, + "jest": { + "optional": true + } } }, - "eslint-plugin-jsx-a11y": { + "node_modules/eslint-plugin-jsx-a11y": { "version": "6.7.1", "resolved": "https://registry.npmjs.org/eslint-plugin-jsx-a11y/-/eslint-plugin-jsx-a11y-6.7.1.tgz", "integrity": "sha512-63Bog4iIethyo8smBklORknVjB0T2dwB8Mr/hIC+fBS0uyHdYYpzM/Ed+YC8VxTjlXHEWFOdmgwcDn1U2L9VCA==", - "requires": { + "dependencies": { "@babel/runtime": "^7.20.7", "aria-query": "^5.1.3", "array-includes": "^3.1.6", @@ -6072,37 +8541,47 @@ "object.fromentries": "^2.0.6", "semver": "^6.3.0" }, + "engines": { + "node": ">=4.0" + }, + "peerDependencies": { + "eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8" + } + }, + "node_modules/eslint-plugin-jsx-a11y/node_modules/@babel/runtime": { + "version": "7.23.2", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.23.2.tgz", + "integrity": "sha512-mM8eg4yl5D6i3lu2QKPuPH4FArvJ8KhTofbE7jwMUv9KX5mBvwPAqnV3MlyBNqdp9RyRKP6Yck8TrfYrPvX3bg==", "dependencies": { - "@babel/runtime": { - "version": "7.23.2", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.23.2.tgz", - "integrity": "sha512-mM8eg4yl5D6i3lu2QKPuPH4FArvJ8KhTofbE7jwMUv9KX5mBvwPAqnV3MlyBNqdp9RyRKP6Yck8TrfYrPvX3bg==", - "requires": { - "regenerator-runtime": "^0.14.0" - } - }, - "emoji-regex": { - "version": "9.2.2", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", - "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==" - }, - "regenerator-runtime": { - "version": "0.14.0", - "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.0.tgz", - "integrity": "sha512-srw17NI0TUWHuGa5CFGGmhfNIeja30WMBfbslPNhf6JrqQlLN5gcrvig1oqPxiVaXb0oW0XRKtH6Nngs5lKCIA==" - }, - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "regenerator-runtime": "^0.14.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/eslint-plugin-jsx-a11y/node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==" + }, + "node_modules/eslint-plugin-jsx-a11y/node_modules/regenerator-runtime": { + "version": "0.14.0", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.0.tgz", + "integrity": "sha512-srw17NI0TUWHuGa5CFGGmhfNIeja30WMBfbslPNhf6JrqQlLN5gcrvig1oqPxiVaXb0oW0XRKtH6Nngs5lKCIA==" + }, + "node_modules/eslint-plugin-jsx-a11y/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "eslint-plugin-react": { + "node_modules/eslint-plugin-react": { "version": "7.33.2", "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.33.2.tgz", "integrity": "sha512-73QQMKALArI8/7xGLNI/3LylrEYrlKZSb5C9+q3OtOewTnMQi5cT+aE9E41sLCmli3I9PGGmD1yiZydyo4FEPw==", - "requires": { + "dependencies": { "array-includes": "^3.1.6", "array.prototype.flatmap": "^1.3.1", "array.prototype.tosorted": "^1.1.1", @@ -6120,218 +8599,431 @@ "semver": "^6.3.1", "string.prototype.matchall": "^4.0.8" }, - "dependencies": { - "doctrine": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", - "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==", - "requires": { - "esutils": "^2.0.2" - } - }, - "estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==" - }, - "resolve": { - "version": "2.0.0-next.5", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.5.tgz", - "integrity": "sha512-U7WjGVG9sH8tvjW5SmGbQuui75FiyjAX72HX15DwBBwF9dNiQZRQAg9nnPhYy+TUnE0+VcrttuvNI8oSxZcocA==", - "requires": { - "is-core-module": "^2.13.0", - "path-parse": "^1.0.7", - "supports-preserve-symlinks-flag": "^1.0.0" - } - }, - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=4" + }, + "peerDependencies": { + "eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8" } }, - "eslint-plugin-react-hooks": { + "node_modules/eslint-plugin-react-hooks": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-4.6.0.tgz", - "integrity": "sha512-oFc7Itz9Qxh2x4gNHStv3BqJq54ExXmfC+a1NjAta66IAN87Wu0R/QArgIS9qKzX3dXKPI9H5crl9QchNMY9+g==" + "integrity": "sha512-oFc7Itz9Qxh2x4gNHStv3BqJq54ExXmfC+a1NjAta66IAN87Wu0R/QArgIS9qKzX3dXKPI9H5crl9QchNMY9+g==", + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0" + } + }, + "node_modules/eslint-plugin-react/node_modules/doctrine": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", + "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==", + "dependencies": { + "esutils": "^2.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/eslint-plugin-react/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/eslint-plugin-react/node_modules/resolve": { + "version": "2.0.0-next.5", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.5.tgz", + "integrity": "sha512-U7WjGVG9sH8tvjW5SmGbQuui75FiyjAX72HX15DwBBwF9dNiQZRQAg9nnPhYy+TUnE0+VcrttuvNI8oSxZcocA==", + "dependencies": { + "is-core-module": "^2.13.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/eslint-plugin-react/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" + } }, - "eslint-plugin-testing-library": { + "node_modules/eslint-plugin-testing-library": { "version": "5.11.1", "resolved": "https://registry.npmjs.org/eslint-plugin-testing-library/-/eslint-plugin-testing-library-5.11.1.tgz", "integrity": "sha512-5eX9e1Kc2PqVRed3taaLnAAqPZGEX75C+M/rXzUAI3wIg/ZxzUm1OVAwfe/O+vE+6YXOLetSe9g5GKD2ecXipw==", - "requires": { + "dependencies": { "@typescript-eslint/utils": "^5.58.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0", + "npm": ">=6" + }, + "peerDependencies": { + "eslint": "^7.5.0 || ^8.0.0" } }, - "eslint-scope": { + "node_modules/eslint-scope": { "version": "7.2.2", "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", "integrity": "sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==", - "requires": { + "dependencies": { "esrecurse": "^4.3.0", "estraverse": "^5.2.0" }, - "dependencies": { - "estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==" - } + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-scope/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "engines": { + "node": ">=4.0" } }, - "eslint-visitor-keys": { + "node_modules/eslint-visitor-keys": { "version": "3.4.3", "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", - "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==" + "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } }, - "eslint-webpack-plugin": { + "node_modules/eslint-webpack-plugin": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/eslint-webpack-plugin/-/eslint-webpack-plugin-3.2.0.tgz", "integrity": "sha512-avrKcGncpPbPSUHX6B3stNGzkKFto3eL+DKM4+VyMrVnhPc3vRczVlCq3uhuFOdRvDHTVXuzwk1ZKUrqDQHQ9w==", - "requires": { + "dependencies": { "@types/eslint": "^7.29.0 || ^8.4.1", "jest-worker": "^28.0.2", "micromatch": "^4.0.5", "normalize-path": "^3.0.0", "schema-utils": "^4.0.0" }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "eslint": "^7.0.0 || ^8.0.0", + "webpack": "^5.0.0" + } + }, + "node_modules/eslint-webpack-plugin/node_modules/ajv": { + "version": "8.12.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", + "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", "dependencies": { - "ajv": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", - "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", - "requires": { - "fast-deep-equal": "^3.1.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" - } - }, - "ajv-keywords": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", - "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", - "requires": { - "fast-deep-equal": "^3.1.3" - } - }, - "jest-worker": { - "version": "28.1.3", - "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", - "integrity": "sha512-CqRA220YV/6jCo8VWvAt1KKx6eek1VIHMPeLEbpcfSfkEeWyBNppynM/o6q+Wmw+sOhos2ml34wZbSX3G13//g==", - "requires": { - "@types/node": "*", - "merge-stream": "^2.0.0", - "supports-color": "^8.0.0" - } - }, - "json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" - }, - "schema-utils": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", - "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", - "requires": { - "@types/json-schema": "^7.0.9", - "ajv": "^8.9.0", - "ajv-formats": "^2.1.1", - "ajv-keywords": "^5.1.0" - } - }, - "supports-color": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", - "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", - "requires": { - "has-flag": "^4.0.0" - } - } + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/eslint-webpack-plugin/node_modules/ajv-keywords": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", + "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", + "dependencies": { + "fast-deep-equal": "^3.1.3" + }, + "peerDependencies": { + "ajv": "^8.8.2" + } + }, + "node_modules/eslint-webpack-plugin/node_modules/jest-worker": { + "version": "28.1.3", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "integrity": "sha512-CqRA220YV/6jCo8VWvAt1KKx6eek1VIHMPeLEbpcfSfkEeWyBNppynM/o6q+Wmw+sOhos2ml34wZbSX3G13//g==", + "dependencies": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^8.0.0" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/eslint-webpack-plugin/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, + "node_modules/eslint-webpack-plugin/node_modules/schema-utils": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", + "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", + "dependencies": { + "@types/json-schema": "^7.0.9", + "ajv": "^8.9.0", + "ajv-formats": "^2.1.1", + "ajv-keywords": "^5.1.0" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/eslint-webpack-plugin/node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" } }, - "espree": { + "node_modules/eslint/node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/eslint/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/eslint/node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint/node_modules/globals": { + "version": "13.23.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.23.0.tgz", + "integrity": "sha512-XAmF0RjlrjY23MA51q3HltdlGxUpXPvg0GioKiD9X6HD28iMjo2dKC8Vqwm7lne4GNr78+RHTfliktR6ZH09wA==", + "dependencies": { + "type-fest": "^0.20.2" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint/node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/eslint/node_modules/levn": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", + "dependencies": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/eslint/node_modules/optionator": { + "version": "0.9.3", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "integrity": "sha512-JjCoypp+jKn1ttEFExxhetCKeJt9zhAgAve5FXHixTvFDW/5aEktX9bufBKLRRMdU7bNtpLfcGu94B3cdEJgjg==", + "dependencies": { + "@aashutoshrathi/word-wrap": "^1.2.3", + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/eslint/node_modules/prelude-ls": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/eslint/node_modules/type-check": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", + "dependencies": { + "prelude-ls": "^1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/espree": { "version": "9.6.1", "resolved": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", "integrity": "sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==", - "requires": { + "dependencies": { "acorn": "^8.9.0", "acorn-jsx": "^5.3.2", "eslint-visitor-keys": "^3.4.1" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" } }, - "esprima": { + "node_modules/esprima": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", - "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==" + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } }, - "esquery": { + "node_modules/esquery": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", "integrity": "sha512-YQLXUplAwJgCydQ78IMJywZCceoqk1oH01OERdSAJc/7U2AylwjhSCLDEtqwg811idIS/9fIU5GjG73IgjKMVg==", - "requires": { + "dependencies": { "estraverse": "^5.1.0" }, - "dependencies": { - "estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==" - } + "engines": { + "node": ">=0.10" + } + }, + "node_modules/esquery/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "engines": { + "node": ">=4.0" } }, - "esrecurse": { + "node_modules/esrecurse": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", - "requires": { + "dependencies": { "estraverse": "^5.2.0" }, - "dependencies": { - "estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==" - } + "engines": { + "node": ">=4.0" } }, - "estraverse": { + "node_modules/esrecurse/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", - "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==" + "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", + "engines": { + "node": ">=4.0" + } }, - "estree-walker": { + "node_modules/estree-walker": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-1.0.1.tgz", "integrity": "sha512-1fMXF3YP4pZZVozF8j/ZLfvnR8NSIljt56UhbZ5PeeDmmGHpgpdwQt7ITlGvYaQukCvuBRMLEiKiYC+oeIg4cg==" }, - "esutils": { + "node_modules/esutils": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", - "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==" + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "engines": { + "node": ">=0.10.0" + } }, - "etag": { + "node_modules/etag": { "version": "1.8.1", "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", - "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==" + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "engines": { + "node": ">= 0.6" + } }, - "eventemitter3": { + "node_modules/eventemitter3": { "version": "4.0.7", "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz", "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==" }, - "events": { + "node_modules/events": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz", - "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==" + "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==", + "engines": { + "node": ">=0.8.x" + } }, - "execa": { + "node_modules/execa": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", - "requires": { + "dependencies": { "cross-spawn": "^7.0.3", "get-stream": "^6.0.0", "human-signals": "^2.1.0", @@ -6341,65 +9033,92 @@ "onetime": "^5.1.2", "signal-exit": "^3.0.3", "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" } }, - "exit": { + "node_modules/exit": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", - "integrity": "sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==" + "integrity": "sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==", + "engines": { + "node": ">= 0.8.0" + } }, - "expect": { + "node_modules/expect": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/expect/-/expect-27.5.1.tgz", "integrity": "sha512-E1q5hSUG2AmYQwQJ041nvgpkODHQvB+RKlB4IYdru6uJsyFTRyZAP463M+1lINorwbqAmUggi6+WwkD8lCS/Dw==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "jest-get-type": "^27.5.1", "jest-matcher-utils": "^27.5.1", "jest-message-util": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/expect/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "jest-get-type": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", - "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==" - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "express": { + "node_modules/expect/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/expect/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/expect/node_modules/jest-get-type": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", + "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/exponential-backoff": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/exponential-backoff/-/exponential-backoff-3.1.1.tgz", + "integrity": "sha512-dX7e/LHVJ6W3DE1MHWi9S1EYzDESENfLrYohG2G++ovZrYOkm4Knwa0mc1cn84xJOR4KEU0WSchhLbd0UklbHw==" + }, + "node_modules/express": { "version": "4.18.2", "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==", - "requires": { + "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", "body-parser": "1.20.1", @@ -6432,182 +9151,228 @@ "utils-merge": "1.0.1", "vary": "~1.1.2" }, + "engines": { + "node": ">= 0.10.0" + } + }, + "node_modules/express/node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" + }, + "node_modules/express/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dependencies": { - "array-flatten": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" - }, - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - }, - "path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" - }, - "qs": { - "version": "6.11.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", - "requires": { - "side-channel": "^1.0.4" - } - }, - "safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" - } + "ms": "2.0.0" } }, - "extend": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", - "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" + "node_modules/express/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "node_modules/express/node_modules/path-to-regexp": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" + }, + "node_modules/express/node_modules/qs": { + "version": "6.11.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", + "dependencies": { + "side-channel": "^1.0.4" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/express/node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] }, - "extsprintf": { + "node_modules/extsprintf": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz", - "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=" + "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=", + "engines": [ + "node >=0.6.0" + ] }, - "fast-deep-equal": { + "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" }, - "fast-glob": { + "node_modules/fast-glob": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.1.tgz", "integrity": "sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg==", - "requires": { + "dependencies": { "@nodelib/fs.stat": "^2.0.2", "@nodelib/fs.walk": "^1.2.3", "glob-parent": "^5.1.2", "merge2": "^1.3.0", "micromatch": "^4.0.4" }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-glob/node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", "dependencies": { - "glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "requires": { - "is-glob": "^4.0.1" - } - } + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" } }, - "fast-json-stable-stringify": { + "node_modules/fast-json-stable-stringify": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==" }, - "fast-levenshtein": { + "node_modules/fast-levenshtein": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==" }, - "fastq": { + "node_modules/fastq": { "version": "1.15.0", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.15.0.tgz", "integrity": "sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw==", - "requires": { + "dependencies": { "reusify": "^1.0.4" } }, - "faye-websocket": { + "node_modules/faye-websocket": { "version": "0.11.4", "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz", "integrity": "sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==", - "requires": { + "dependencies": { "websocket-driver": ">=0.5.1" + }, + "engines": { + "node": ">=0.8.0" } }, - "fb-watchman": { + "node_modules/fb-watchman": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", "integrity": "sha512-p5161BqbuCaSnB8jIbzQHOlpgsPmK5rJVDfDKO91Axs5NC1uu3HRQm6wt9cd9/+GtQQIO53JdGXXoyDpTAsgYA==", - "requires": { + "dependencies": { "bser": "2.1.1" } }, - "fecha": { + "node_modules/fecha": { "version": "4.2.3", "resolved": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", "integrity": "sha512-OP2IUU6HeYKJi3i0z4A19kHMQoLVs4Hc+DPqqxI2h/DPZHTm/vjsfC6P0b4jCMy14XizLBqvndQ+UilD7707Jw==" }, - "file-entry-cache": { + "node_modules/file-entry-cache": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", "integrity": "sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==", - "requires": { + "dependencies": { "flat-cache": "^3.0.4" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" } }, - "file-loader": { + "node_modules/file-loader": { "version": "6.2.0", "resolved": "https://registry.npmjs.org/file-loader/-/file-loader-6.2.0.tgz", "integrity": "sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw==", - "requires": { + "dependencies": { "loader-utils": "^2.0.0", "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" } }, - "filelist": { + "node_modules/filelist": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==", - "requires": { + "dependencies": { "minimatch": "^5.0.1" - }, + } + }, + "node_modules/filelist/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dependencies": { - "brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "requires": { - "balanced-match": "^1.0.0" - } - }, - "minimatch": { - "version": "5.1.6", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", - "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", - "requires": { - "brace-expansion": "^2.0.1" - } - } + "balanced-match": "^1.0.0" + } + }, + "node_modules/filelist/node_modules/minimatch": { + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=10" } }, - "filesize": { + "node_modules/filesize": { "version": "8.0.7", "resolved": "https://registry.npmjs.org/filesize/-/filesize-8.0.7.tgz", - "integrity": "sha512-pjmC+bkIF8XI7fWaH8KxHcZL3DPybs1roSKP4rKDvy20tAWwIObE4+JIseG2byfGKhud5ZnM4YSGKBz7Sh0ndQ==" + "integrity": "sha512-pjmC+bkIF8XI7fWaH8KxHcZL3DPybs1roSKP4rKDvy20tAWwIObE4+JIseG2byfGKhud5ZnM4YSGKBz7Sh0ndQ==", + "engines": { + "node": ">= 0.4.0" + } }, - "fill-range": { + "node_modules/fill-range": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", - "requires": { + "dependencies": { "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" } }, - "finalhandler": { + "node_modules/finalhandler": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==", - "requires": { + "dependencies": { "debug": "2.6.9", "encodeurl": "~1.0.2", "escape-html": "~1.0.3", @@ -6616,94 +9381,135 @@ "statuses": "2.0.1", "unpipe": "~1.0.0" }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/finalhandler/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - } + "ms": "2.0.0" } }, - "find-cache-dir": { + "node_modules/finalhandler/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "node_modules/find-cache-dir": { "version": "3.3.2", "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.2.tgz", "integrity": "sha512-wXZV5emFEjrridIgED11OoUKLxiYjAcqot/NJdAkOhlJ+vGzwhOAfcG5OX1jP+S0PcjEn8bdMJv+g2jwQ3Onig==", - "requires": { + "dependencies": { "commondir": "^1.0.1", "make-dir": "^3.0.2", "pkg-dir": "^4.1.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/avajs/find-cache-dir?sponsor=1" } }, - "find-up": { + "node_modules/find-up": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", - "requires": { + "dependencies": { "locate-path": "^6.0.0", "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "flat-cache": { + "node_modules/flat-cache": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.1.1.tgz", "integrity": "sha512-/qM2b3LUIaIgviBQovTLvijfyOQXPtSRnRK26ksj2J7rzPIecePUIpJsZ4T02Qg+xiAEKIs5K8dsHEd+VaKa/Q==", - "requires": { + "dependencies": { "flatted": "^3.2.9", "keyv": "^4.5.3", "rimraf": "^3.0.2" }, - "dependencies": { - "keyv": { - "version": "4.5.4", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", - "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", - "requires": { - "json-buffer": "3.0.1" - } - } + "engines": { + "node": ">=12.0.0" } }, - "flatted": { + "node_modules/flatted": { "version": "3.2.9", "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.9.tgz", "integrity": "sha512-36yxDn5H7OFZQla0/jFJmbIKTdZAQHngCedGxiMmpNfEZM0sdEeT+WczLQrjK6D7o2aiyLYDnkw0R3JK0Qv1RQ==" }, - "fn.name": { + "node_modules/fn.name": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==" }, - "follow-redirects": { + "node_modules/follow-redirects": { "version": "1.15.3", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", - "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==" + "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } }, - "for-each": { + "node_modules/for-each": { "version": "0.3.3", "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz", "integrity": "sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==", - "requires": { + "dependencies": { "is-callable": "^1.1.3" } }, - "forever-agent": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz", - "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=" + "node_modules/foreground-child": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==", + "dependencies": { + "cross-spawn": "^7.0.0", + "signal-exit": "^4.0.1" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/foreground-child/node_modules/signal-exit": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } }, - "fork-ts-checker-webpack-plugin": { + "node_modules/fork-ts-checker-webpack-plugin": { "version": "6.5.3", "resolved": "https://registry.npmjs.org/fork-ts-checker-webpack-plugin/-/fork-ts-checker-webpack-plugin-6.5.3.tgz", "integrity": "sha512-SbH/l9ikmMWycd5puHJKTkZJKddF4iRLyW3DeZ08HTI7NGyLS38MXd/KGgeWumQO7YNQbW2u/NtPT2YowbPaGQ==", - "requires": { + "dependencies": { "@babel/code-frame": "^7.8.3", "@types/json-schema": "^7.0.5", "chalk": "^4.1.0", @@ -6718,466 +9524,580 @@ "semver": "^7.3.2", "tapable": "^1.0.0" }, - "dependencies": { - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "cosmiconfig": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz", - "integrity": "sha512-xb3ZL6+L8b9JLLCx3ZdoZy4+2ECphCMo2PwqgP1tlfVq6M6YReyzBJtvWWtbDSpNr9hn96pkCiZqUcFEc+54Qg==", - "requires": { - "@types/parse-json": "^4.0.0", - "import-fresh": "^3.1.0", - "parse-json": "^5.0.0", - "path-type": "^4.0.0", - "yaml": "^1.7.2" - } - }, - "fs-extra": { - "version": "9.1.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", - "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", - "requires": { - "at-least-node": "^1.0.0", - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - } - }, - "jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "requires": { - "graceful-fs": "^4.1.6", - "universalify": "^2.0.0" - } - }, - "schema-utils": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz", - "integrity": "sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A==", - "requires": { - "@types/json-schema": "^7.0.4", - "ajv": "^6.12.2", - "ajv-keywords": "^3.4.1" - } - }, - "tapable": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz", - "integrity": "sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==" + "engines": { + "node": ">=10", + "yarn": ">=1.0.0" + }, + "peerDependencies": { + "eslint": ">= 6", + "typescript": ">= 2.7", + "vue-template-compiler": "*", + "webpack": ">= 4" + }, + "peerDependenciesMeta": { + "eslint": { + "optional": true }, - "universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==" + "vue-template-compiler": { + "optional": true } } }, - "form-data": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz", - "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.6", - "mime-types": "^2.1.12" + "node_modules/fork-ts-checker-webpack-plugin/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/cosmiconfig": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz", + "integrity": "sha512-xb3ZL6+L8b9JLLCx3ZdoZy4+2ECphCMo2PwqgP1tlfVq6M6YReyzBJtvWWtbDSpNr9hn96pkCiZqUcFEc+54Qg==", + "dependencies": { + "@types/parse-json": "^4.0.0", + "import-fresh": "^3.1.0", + "parse-json": "^5.0.0", + "path-type": "^4.0.0", + "yaml": "^1.7.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dependencies": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" } }, - "forwarded": { + "node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz", + "integrity": "sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A==", + "dependencies": { + "@types/json-schema": "^7.0.4", + "ajv": "^6.12.2", + "ajv-keywords": "^3.4.1" + }, + "engines": { + "node": ">= 8.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/tapable": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz", + "integrity": "sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==", + "engines": { + "node": ">=6" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/forwarded": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", - "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==" + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "engines": { + "node": ">= 0.6" + } }, - "fraction.js": { + "node_modules/fraction.js": { "version": "4.3.7", "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", - "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==" + "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", + "engines": { + "node": "*" + }, + "funding": { + "type": "patreon", + "url": "https://github.com/sponsors/rawify" + } }, - "fresh": { + "node_modules/fresh": { "version": "0.5.2", "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==" + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "engines": { + "node": ">= 0.6" + } }, - "fs-constants": { + "node_modules/fs-constants": { "version": "1.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/fs-constants/-/fs-constants-1.0.0.tgz", - "integrity": "sha1-a+Dem+mYzhavivwkSXue6bfM2a0=" + "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz", + "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==" }, - "fs-extra": { + "node_modules/fs-extra": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-7.0.1.tgz", "integrity": "sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==", - "requires": { + "dependencies": { "graceful-fs": "^4.1.2", "jsonfile": "^4.0.0", "universalify": "^0.1.0" + }, + "engines": { + "node": ">=6 <7 || >=8" + } + }, + "node_modules/fs-minipass": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-3.0.3.tgz", + "integrity": "sha512-XUBA9XClHbnJWSfBzjkm6RvPsyg3sryZt06BEQoXcF7EK/xpGaQYJgQKDJSUH5SGZ76Y7pFx1QBnXz09rU5Fbw==", + "dependencies": { + "minipass": "^7.0.3" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, - "fs-monkey": { + "node_modules/fs-monkey": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/fs-monkey/-/fs-monkey-1.0.5.tgz", "integrity": "sha512-8uMbBjrhzW76TYgEV27Y5E//W2f/lTFmx78P2w19FZSxarhI/798APGQyuGCwmkNxgwGRhrLfvWyLBvNtuOmew==" }, - "fs.realpath": { + "node_modules/fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=" }, - "fsevents": { + "node_modules/fsevents": { "version": "2.3.3", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", - "optional": true + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } }, - "function-bind": { + "node_modules/function-bind": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", - "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==" + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "function.prototype.name": { + "node_modules/function.prototype.name": { "version": "1.1.6", "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.6.tgz", "integrity": "sha512-Z5kx79swU5P27WEayXM1tBi5Ze/lbIyiNgU3qyXUOf9b2rgXYyF9Dy9Cx+IQv/Lc8WCG6L82zwUPpSS9hGehIg==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "functions-have-names": "^1.2.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "functions-have-names": { + "node_modules/functions-have-names": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz", - "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==" - }, - "gauge": { - "version": "2.7.4", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/gauge/-/gauge-2.7.4.tgz", - "integrity": "sha1-LANAXHU4w51+s3sxcCLjJfsBi/c=", - "requires": { - "aproba": "^1.0.3", + "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/gauge": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/gauge/-/gauge-3.0.2.tgz", + "integrity": "sha512-+5J6MS/5XksCuXq++uFRsnUd7Ovu1XenbeuIuNRJxYWjgQbPuFhT14lAvsWfqfAmnwluf1OwMjz39HjfLPci0Q==", + "dependencies": { + "aproba": "^1.0.3 || ^2.0.0", + "color-support": "^1.1.2", "console-control-strings": "^1.0.0", - "has-unicode": "^2.0.0", - "object-assign": "^4.1.0", + "has-unicode": "^2.0.1", + "object-assign": "^4.1.1", "signal-exit": "^3.0.0", - "string-width": "^1.0.1", - "strip-ansi": "^3.0.1", - "wide-align": "^1.1.0" + "string-width": "^4.2.3", + "strip-ansi": "^6.0.1", + "wide-align": "^1.1.2" }, - "dependencies": { - "ansi-regex": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "integrity": "sha512-TIGnTpdo+E3+pCyAluZvtED5p5wCqLdezCyhPZzKPcxvFplEt4i+W7OONCKgeZFT3+y5NZZfOOS/Bdcanm1MYA==" - }, - "is-fullwidth-code-point": { - "version": "1.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz", - "integrity": "sha1-754xOG8DGn8NZDr4L95QxFfvAMs=", - "requires": { - "number-is-nan": "^1.0.0" - } - }, - "string-width": { - "version": "1.0.2", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/string-width/-/string-width-1.0.2.tgz", - "integrity": "sha1-EYvfW4zcUaKn5w0hHgfisLmxB9M=", - "requires": { - "code-point-at": "^1.0.0", - "is-fullwidth-code-point": "^1.0.0", - "strip-ansi": "^3.0.0" - } - }, - "strip-ansi": { - "version": "3.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/strip-ansi/-/strip-ansi-3.0.1.tgz", - "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=", - "requires": { - "ansi-regex": "^2.0.0" - } - } + "engines": { + "node": ">=10" } }, - "gensync": { + "node_modules/gensync": { "version": "1.0.0-beta.2", "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", - "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==" + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "engines": { + "node": ">=6.9.0" + } }, - "get-caller-file": { + "node_modules/get-caller-file": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", - "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==" + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } }, - "get-intrinsic": { + "node_modules/get-intrinsic": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz", "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==", - "requires": { + "dependencies": { "function-bind": "^1.1.1", "has": "^1.0.3", "has-proto": "^1.0.1", "has-symbols": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "get-own-enumerable-property-symbols": { + "node_modules/get-own-enumerable-property-symbols": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz", "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==" }, - "get-package-type": { + "node_modules/get-package-type": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", - "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==" + "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==", + "engines": { + "node": ">=8.0.0" + } }, - "get-stream": { + "node_modules/get-stream": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", - "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==" + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "get-symbol-description": { + "node_modules/get-symbol-description": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.0.tgz", "integrity": "sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "get-intrinsic": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "getpass": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz", - "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=", - "requires": { - "assert-plus": "^1.0.0" - } - }, - "glob": { + "node_modules/glob": { "version": "7.1.6", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==", - "requires": { + "dependencies": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", "inherits": "2", "minimatch": "^3.0.4", "once": "^1.3.0", "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" } }, - "glob-parent": { + "node_modules/glob-parent": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", - "requires": { + "dependencies": { "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" } }, - "glob-to-regexp": { + "node_modules/glob-to-regexp": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==" }, - "global-modules": { + "node_modules/global-modules": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-2.0.0.tgz", "integrity": "sha512-NGbfmJBp9x8IxyJSd1P+otYK8vonoJactOogrVfFRIAEY1ukil8RSKDz2Yo7wh1oihl51l/r6W4epkeKJHqL8A==", - "requires": { + "dependencies": { "global-prefix": "^3.0.0" + }, + "engines": { + "node": ">=6" } }, - "global-prefix": { + "node_modules/global-prefix": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/global-prefix/-/global-prefix-3.0.0.tgz", "integrity": "sha512-awConJSVCHVGND6x3tmMaKcQvwXLhjdkmomy2W+Goaui8YPgYgXJZewhg3fWC+DlfqqQuWg8AwqjGTD2nAPVWg==", - "requires": { + "dependencies": { "ini": "^1.3.5", "kind-of": "^6.0.2", "which": "^1.3.1" + }, + "engines": { + "node": ">=6" } }, - "globals": { + "node_modules/globals": { "version": "11.12.0", "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", - "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==" + "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", + "engines": { + "node": ">=4" + } }, - "globalthis": { + "node_modules/globalthis": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.3.tgz", "integrity": "sha512-sFdI5LyBiNTHjRd7cGPWapiHWMOXKyuBNX/cWJ3NfzrZQVa8GI/8cofCl74AOVqq9W5kNmguTIzJ/1s2gyI9wA==", - "requires": { + "dependencies": { "define-properties": "^1.1.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "globby": { + "node_modules/globby": { "version": "11.1.0", "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", - "requires": { + "dependencies": { "array-union": "^2.1.0", "dir-glob": "^3.0.1", "fast-glob": "^3.2.9", "ignore": "^5.2.0", "merge2": "^1.4.1", "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "gopd": { + "node_modules/gopd": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", - "requires": { + "dependencies": { "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "got": { - "version": "10.7.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/got/-/got-10.7.0.tgz", - "integrity": "sha1-YoidvNbMoyzWoVTMLQxolRIdCR8=", - "requires": { - "@sindresorhus/is": "^2.0.0", - "@szmarczak/http-timer": "^4.0.0", + "node_modules/got": { + "version": "11.8.6", + "resolved": "https://registry.npmjs.org/got/-/got-11.8.6.tgz", + "integrity": "sha512-6tfZ91bOr7bOXnK7PRDCGBLa1H4U080YHNaAQ2KsMGlLEzRbk44nsZF2E1IeRc3vtJHPVbKCYgdFbaGO2ljd8g==", + "dependencies": { + "@sindresorhus/is": "^4.0.0", + "@szmarczak/http-timer": "^4.0.5", "@types/cacheable-request": "^6.0.1", - "cacheable-lookup": "^2.0.0", - "cacheable-request": "^7.0.1", - "decompress-response": "^5.0.0", - "duplexer3": "^0.1.4", - "get-stream": "^5.0.0", + "@types/responselike": "^1.0.0", + "cacheable-lookup": "^5.0.3", + "cacheable-request": "^7.0.2", + "decompress-response": "^6.0.0", + "http2-wrapper": "^1.0.0-beta.5.2", "lowercase-keys": "^2.0.0", - "mimic-response": "^2.1.0", "p-cancelable": "^2.0.0", - "p-event": "^4.0.0", - "responselike": "^2.0.0", - "to-readable-stream": "^2.0.0", - "type-fest": "^0.10.0" - }, - "dependencies": { - "get-stream": { - "version": "5.2.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/get-stream/-/get-stream-5.2.0.tgz", - "integrity": "sha1-SWaheV7lrOZecGxLe+txJX1uItM=", - "requires": { - "pump": "^3.0.0" - } - }, - "type-fest": { - "version": "0.10.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/type-fest/-/type-fest-0.10.0.tgz", - "integrity": "sha1-fwayufv8WBBo0TQf+r0DSc6vxkI=" - } + "responselike": "^2.0.0" + }, + "engines": { + "node": ">=10.19.0" + }, + "funding": { + "url": "https://github.com/sindresorhus/got?sponsor=1" } }, - "graceful-fs": { + "node_modules/graceful-fs": { "version": "4.2.9", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.9.tgz", "integrity": "sha512-NtNxqUcXgpW2iMrfqSfR73Glt39K+BLwWsPs94yR63v45T0Wbej7eRmL5cWfwEgqXnmjQp3zaJTshdRW/qC2ZQ==" }, - "graphemer": { + "node_modules/graphemer": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==" }, - "gzip-size": { + "node_modules/gzip-size": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-6.0.0.tgz", "integrity": "sha512-ax7ZYomf6jqPTQ4+XCpUGyXKHk5WweS+e05MBO4/y3WJ5RkmPXNKvX+bx1behVILVwr6JSQvZAku021CHPXG3Q==", - "requires": { + "dependencies": { "duplexer": "^0.1.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "handle-thing": { + "node_modules/handle-thing": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.1.tgz", "integrity": "sha512-9Qn4yBxelxoh2Ow62nP+Ka/kMnOXRi8BXnRaUwezLNhqelnN49xKz4F/dPP8OYLxLxq6JDtZb2i9XznUQbNPTg==" }, - "har-schema": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz", - "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=" - }, - "har-validator": { - "version": "5.1.5", - "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz", - "integrity": "sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==", - "requires": { - "ajv": "^6.12.3", - "har-schema": "^2.0.0" - } - }, - "harmony-reflect": { + "node_modules/harmony-reflect": { "version": "1.6.2", "resolved": "https://registry.npmjs.org/harmony-reflect/-/harmony-reflect-1.6.2.tgz", "integrity": "sha512-HIp/n38R9kQjDEziXyDTuW3vvoxxyxjxFzXLrBr18uB47GnSt+G9D29fqrpM5ZkspMcPICud3XsBJQ4Y2URg8g==" }, - "has": { + "node_modules/has": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/has/-/has-1.0.4.tgz", - "integrity": "sha512-qdSAmqLF6209RFj4VVItywPMbm3vWylknmB3nvNiUIs72xAimcM8nVYxYr7ncvZq5qzk9MKIZR8ijqD/1QuYjQ==" + "integrity": "sha512-qdSAmqLF6209RFj4VVItywPMbm3vWylknmB3nvNiUIs72xAimcM8nVYxYr7ncvZq5qzk9MKIZR8ijqD/1QuYjQ==", + "engines": { + "node": ">= 0.4.0" + } }, - "has-bigints": { + "node_modules/has-bigints": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz", - "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==" + "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "has-flag": { + "node_modules/has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==" + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "engines": { + "node": ">=8" + } }, - "has-property-descriptors": { + "node_modules/has-property-descriptors": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz", "integrity": "sha512-62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ==", - "requires": { + "dependencies": { "get-intrinsic": "^1.1.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "has-proto": { + "node_modules/has-proto": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", - "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==" + "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "has-symbols": { + "node_modules/has-symbols": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", - "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==" + "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "has-tostringtag": { + "node_modules/has-tostringtag": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz", "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==", - "requires": { + "dependencies": { "has-symbols": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "has-unicode": { + "node_modules/has-unicode": { "version": "2.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/has-unicode/-/has-unicode-2.0.1.tgz", - "integrity": "sha1-4Ob+aijPUROIVeCG0Wkedx3iqLk=" + "resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz", + "integrity": "sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ==" }, - "he": { + "node_modules/he": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", - "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==" + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "bin": { + "he": "bin/he" + } }, - "highlight.js": { + "node_modules/highlight.js": { "version": "10.7.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/highlight.js/-/highlight.js-10.7.3.tgz", - "integrity": "sha1-aXJy45kTVuQMPKxWanTu9oF1ZTE=" + "resolved": "https://registry.npmjs.org/highlight.js/-/highlight.js-10.7.3.tgz", + "integrity": "sha1-aXJy45kTVuQMPKxWanTu9oF1ZTE=", + "engines": { + "node": "*" + } }, - "history": { + "node_modules/history": { "version": "4.10.1", "resolved": "https://registry.npmjs.org/history/-/history-4.10.1.tgz", "integrity": "sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==", - "requires": { + "dependencies": { "@babel/runtime": "^7.1.2", "loose-envify": "^1.2.0", "resolve-pathname": "^3.0.0", @@ -7186,85 +10106,97 @@ "value-equal": "^1.0.1" } }, - "hoist-non-react-statics": { + "node_modules/hoist-non-react-statics": { "version": "3.3.2", "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz", "integrity": "sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==", - "requires": { - "react-is": "^16.7.0" - }, "dependencies": { - "react-is": { - "version": "16.13.1", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", - "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" - } + "react-is": "^16.7.0" } }, - "hoopy": { + "node_modules/hoist-non-react-statics/node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" + }, + "node_modules/hoopy": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/hoopy/-/hoopy-0.1.4.tgz", - "integrity": "sha512-HRcs+2mr52W0K+x8RzcLzuPPmVIKMSv97RGHy0Ea9y/mpcaK+xTrjICA04KAHi4GRzxliNqNJEFYWHghy3rSfQ==" + "integrity": "sha512-HRcs+2mr52W0K+x8RzcLzuPPmVIKMSv97RGHy0Ea9y/mpcaK+xTrjICA04KAHi4GRzxliNqNJEFYWHghy3rSfQ==", + "engines": { + "node": ">= 6.0.0" + } }, - "hpack.js": { + "node_modules/hpack.js": { "version": "2.1.6", "resolved": "https://registry.npmjs.org/hpack.js/-/hpack.js-2.1.6.tgz", "integrity": "sha512-zJxVehUdMGIKsRaNt7apO2Gqp0BdqW5yaiGHXXmbpvxgBYVZnAql+BJb4RO5ad2MgpbZKn5G6nMnegrH1FcNYQ==", - "requires": { + "dependencies": { "inherits": "^2.0.1", "obuf": "^1.0.0", "readable-stream": "^2.0.1", "wbuf": "^1.1.0" - }, + } + }, + "node_modules/hpack.js/node_modules/readable-stream": { + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "dependencies": { - "readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - } + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" } }, - "html-dom-parser": { + "node_modules/html-dom-parser": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/html-dom-parser/-/html-dom-parser-1.2.0.tgz", "integrity": "sha512-2HIpFMvvffsXHFUFjso0M9LqM+1Lm22BF+Df2ba+7QHJXjk63pWChEnI6YG27eaWqUdfnh5/Vy+OXrNTtepRsg==", - "requires": { + "dependencies": { "domhandler": "4.3.1", "htmlparser2": "7.2.0" } }, - "html-encoding-sniffer": { + "node_modules/html-encoding-sniffer": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz", "integrity": "sha512-D5JbOMBIR/TVZkubHT+OyT2705QvogUW4IBn6nHd756OwieSF9aDYFj4dv6HHEVGYbHaLETa3WggZYWWMyy3ZQ==", - "requires": { + "dependencies": { "whatwg-encoding": "^1.0.5" + }, + "engines": { + "node": ">=10" } }, - "html-entities": { + "node_modules/html-entities": { "version": "2.4.0", "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.4.0.tgz", - "integrity": "sha512-igBTJcNNNhvZFRtm8uA6xMY6xYleeDwn3PeBCkDz7tHttv4F2hsDI2aPgNERWzvRcNYHNT3ymRaQzllmXj4YsQ==" + "integrity": "sha512-igBTJcNNNhvZFRtm8uA6xMY6xYleeDwn3PeBCkDz7tHttv4F2hsDI2aPgNERWzvRcNYHNT3ymRaQzllmXj4YsQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/mdevils" + }, + { + "type": "patreon", + "url": "https://patreon.com/mdevils" + } + ] }, - "html-escaper": { + "node_modules/html-escaper": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==" }, - "html-minifier-terser": { + "node_modules/html-minifier-terser": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz", "integrity": "sha512-YXxSlJBZTP7RS3tWnQw74ooKa6L9b9i9QYXY21eUEvhZ3u9XLfv6OnFsQq6RxkhHygsaUMvYsZRV5rU/OVNZxw==", - "requires": { + "dependencies": { "camel-case": "^4.1.2", "clean-css": "^5.2.2", "commander": "^8.3.0", @@ -7273,604 +10205,907 @@ "relateurl": "^0.2.7", "terser": "^5.10.0" }, - "dependencies": { - "commander": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", - "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==" - } + "bin": { + "html-minifier-terser": "cli.js" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/html-minifier-terser/node_modules/commander": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", + "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", + "engines": { + "node": ">= 12" } }, - "html-react-parser": { + "node_modules/html-react-parser": { "version": "1.4.14", "resolved": "https://registry.npmjs.org/html-react-parser/-/html-react-parser-1.4.14.tgz", "integrity": "sha512-pxhNWGie8Y+DGDpSh8cTa0k3g8PsDcwlfolA+XxYo1AGDeB6e2rdlyv4ptU9bOTiZ2i3fID+6kyqs86MN0FYZQ==", - "requires": { + "dependencies": { "domhandler": "4.3.1", "html-dom-parser": "1.2.0", "react-property": "2.0.0", "style-to-js": "1.1.1" + }, + "peerDependencies": { + "react": "0.14 || 15 || 16 || 17 || 18" } }, - "html-webpack-plugin": { + "node_modules/html-webpack-plugin": { "version": "5.5.3", "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.3.tgz", "integrity": "sha512-6YrDKTuqaP/TquFH7h4srYWsZx+x6k6+FbsTm0ziCwGHDP78Unr1r9F/H4+sGmMbX08GQcJ+K64x55b+7VM/jg==", - "requires": { + "dependencies": { "@types/html-minifier-terser": "^6.0.0", "html-minifier-terser": "^6.0.2", "lodash": "^4.17.21", "pretty-error": "^4.0.0", "tapable": "^2.0.0" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/html-webpack-plugin" + }, + "peerDependencies": { + "webpack": "^5.20.0" } }, - "htmlparser2": { + "node_modules/htmlparser2": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", "integrity": "sha512-H7MImA4MS6cw7nbyURtLPO1Tms7C5H602LRETv95z1MxO/7CP7rDVROehUYeYBUYEON94NXXDEPmZuq+hX4sog==", - "requires": { + "funding": [ + "https://github.com/fb55/htmlparser2?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "dependencies": { "domelementtype": "^2.0.1", "domhandler": "^4.2.2", "domutils": "^2.8.0", "entities": "^3.0.1" } }, - "http-cache-semantics": { + "node_modules/http-cache-semantics": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", "integrity": "sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==" }, - "http-deceiver": { + "node_modules/http-deceiver": { "version": "1.2.7", "resolved": "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz", "integrity": "sha512-LmpOGxTfbpgtGVxJrj5k7asXHCgNZp5nLfp+hWc8QQRqtb7fUy6kRY3BO1h9ddF6yIPYUARgxGOwB42DnxIaNw==" }, - "http-errors": { + "node_modules/http-errors": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", - "requires": { + "dependencies": { "depd": "2.0.0", "inherits": "2.0.4", "setprototypeof": "1.2.0", "statuses": "2.0.1", "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" } }, - "http-parser-js": { + "node_modules/http-parser-js": { "version": "0.5.8", "resolved": "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.8.tgz", "integrity": "sha512-SGeBX54F94Wgu5RH3X5jsDtf4eHyRogWX1XGT3b4HuW3tQPM4AaBzoUji/4AAJNXCEOWZ5O0DgZmJw1947gD5Q==" }, - "http-proxy": { + "node_modules/http-proxy": { "version": "1.18.1", "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz", "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==", - "requires": { + "dependencies": { "eventemitter3": "^4.0.0", "follow-redirects": "^1.0.0", "requires-port": "^1.0.0" + }, + "engines": { + "node": ">=8.0.0" } }, - "http-proxy-agent": { + "node_modules/http-proxy-agent": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-4.0.1.tgz", "integrity": "sha512-k0zdNgqWTGA6aeIRVpvfVob4fL52dTfaehylg0Y4UvSySvOq/Y+BOyPrgpUrA7HylqvU8vIZGsRuXmspskV0Tg==", - "requires": { + "dependencies": { "@tootallnate/once": "1", "agent-base": "6", "debug": "4" + }, + "engines": { + "node": ">= 6" } }, - "http-proxy-middleware": { + "node_modules/http-proxy-middleware": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.6.tgz", "integrity": "sha512-ya/UeJ6HVBYxrgYotAZo1KvPWlgB48kUJLDePFeneHsVujFaW5WNj2NgWCAE//B1Dl02BIfYlpNgBy8Kf8Rjmw==", - "requires": { + "dependencies": { "@types/http-proxy": "^1.17.8", "http-proxy": "^1.18.1", "is-glob": "^4.0.1", "is-plain-obj": "^3.0.0", "micromatch": "^4.0.2" + }, + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "@types/express": "^4.17.13" + }, + "peerDependenciesMeta": { + "@types/express": { + "optional": true + } } }, - "http-signature": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz", - "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=", - "requires": { - "assert-plus": "^1.0.0", - "jsprim": "^1.2.2", - "sshpk": "^1.7.0" + "node_modules/http2-wrapper": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.3.tgz", + "integrity": "sha512-V+23sDMr12Wnz7iTcDeJr3O6AIxlnvT/bmaAAAP/Xda35C90p9599p0F1eHR/N1KILWSoWVAiOMFjBBXaXSMxg==", + "dependencies": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.0.0" + }, + "engines": { + "node": ">=10.19.0" } }, - "https-proxy-agent": { + "node_modules/https-proxy-agent": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", - "requires": { + "dependencies": { "agent-base": "6", "debug": "4" + }, + "engines": { + "node": ">= 6" } }, - "human-signals": { + "node_modules/human-signals": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", - "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==" + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "engines": { + "node": ">=10.17.0" + } }, - "hyphenate-style-name": { + "node_modules/hyphenate-style-name": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/hyphenate-style-name/-/hyphenate-style-name-1.0.4.tgz", "integrity": "sha512-ygGZLjmXfPHj+ZWh6LwbC37l43MhfztxetbFCoYTM2VjkIUpeHgSNn7QIyVFj7YQ1Wl9Cbw5sholVJPzWvC2MQ==" }, - "iconv-lite": { + "node_modules/iconv-lite": { "version": "0.4.24", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", - "requires": { + "dependencies": { "safer-buffer": ">= 2.1.2 < 3" + }, + "engines": { + "node": ">=0.10.0" } }, - "icss-utils": { + "node_modules/icss-utils": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/icss-utils/-/icss-utils-5.1.0.tgz", - "integrity": "sha512-soFhflCVWLfRNOPU3iv5Z9VUdT44xFRbzjLsEzSr5AQmgqPMTHdU3PMT1Cf1ssx8fLNJDA1juftYl+PUcv3MqA==" + "integrity": "sha512-soFhflCVWLfRNOPU3iv5Z9VUdT44xFRbzjLsEzSr5AQmgqPMTHdU3PMT1Cf1ssx8fLNJDA1juftYl+PUcv3MqA==", + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } }, - "idb": { + "node_modules/idb": { "version": "7.1.1", "resolved": "https://registry.npmjs.org/idb/-/idb-7.1.1.tgz", "integrity": "sha512-gchesWBzyvGHRO9W8tzUWFDycow5gwjvFKfyV9FF32Y7F50yZMp7mP+T2mJIWFx49zicqyC4uefHM17o6xKIVQ==" }, - "identity-obj-proxy": { + "node_modules/identity-obj-proxy": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/identity-obj-proxy/-/identity-obj-proxy-3.0.0.tgz", "integrity": "sha512-00n6YnVHKrinT9t0d9+5yZC6UBNJANpYEQvL2LlX6Ab9lnmxzIRcEmTPuyGScvl1+jKuCICX1Z0Ab1pPKKdikA==", - "requires": { + "dependencies": { "harmony-reflect": "^1.4.6" + }, + "engines": { + "node": ">=4" } }, - "ignore": { + "node_modules/ieee754": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", + "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/ignore": { "version": "5.2.4", "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz", - "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==" - }, - "ignore-walk": { - "version": "3.0.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/ignore-walk/-/ignore-walk-3.0.3.tgz", - "integrity": "sha1-AX4kRxhL/q3nwjjkrv3R6PlbHjc=", - "requires": { - "minimatch": "^3.0.4" + "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==", + "engines": { + "node": ">= 4" } }, - "immer": { + "node_modules/immer": { "version": "9.0.21", "resolved": "https://registry.npmjs.org/immer/-/immer-9.0.21.tgz", - "integrity": "sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==" + "integrity": "sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/immer" + } }, - "import-fresh": { + "node_modules/import-fresh": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==", - "requires": { + "dependencies": { "parent-module": "^1.0.0", "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "import-local": { + "node_modules/import-local": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", "integrity": "sha512-ASB07uLtnDs1o6EHjKpX34BKYDSqnFerfTOJL2HvMqF70LnxpjkzDB8J44oT9pu4AMPkQwf8jl6szgvNd2tRIg==", - "requires": { + "dependencies": { "pkg-dir": "^4.2.0", "resolve-cwd": "^3.0.0" + }, + "bin": { + "import-local-fixture": "fixtures/cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "imurmurhash": { + "node_modules/imurmurhash": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", - "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==" + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", + "engines": { + "node": ">=0.8.19" + } }, - "indent-string": { + "node_modules/indent-string": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", - "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==" + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "engines": { + "node": ">=8" + } }, - "inflight": { + "node_modules/inflight": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", - "requires": { + "dependencies": { "once": "^1.3.0", "wrappy": "1" } }, - "inherits": { + "node_modules/inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" }, - "ini": { + "node_modules/ini": { "version": "1.3.8", "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==" }, - "inline-style-parser": { + "node_modules/inline-style-parser": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz", "integrity": "sha512-7NXolsK4CAS5+xvdj5OMMbI962hU/wvwoxk+LWR9Ek9bVtyuuYScDN6eS0rUm6TxApFpw7CX1o4uJzcd4AyD3Q==" }, - "internal-slot": { + "node_modules/internal-slot": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.5.tgz", "integrity": "sha512-Y+R5hJrzs52QCG2laLn4udYVnxsfny9CpOhNhUvk/SSSVyF6T27FzRbF0sroPidSu3X8oEAkOn2K804mjpt6UQ==", - "requires": { + "dependencies": { "get-intrinsic": "^1.2.0", "has": "^1.0.3", "side-channel": "^1.0.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ip-address": { + "version": "9.0.5", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz", + "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==", + "dependencies": { + "jsbn": "1.1.0", + "sprintf-js": "^1.1.3" + }, + "engines": { + "node": ">= 12" } }, - "ipaddr.js": { + "node_modules/ip-address/node_modules/sprintf-js": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", + "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==" + }, + "node_modules/ipaddr.js": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.1.0.tgz", - "integrity": "sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==" + "integrity": "sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==", + "engines": { + "node": ">= 10" + } }, - "is-array-buffer": { + "node_modules/is-array-buffer": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.2.tgz", "integrity": "sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "get-intrinsic": "^1.2.0", "is-typed-array": "^1.1.10" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-arrayish": { + "node_modules/is-arrayish": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==" }, - "is-async-function": { + "node_modules/is-async-function": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/is-async-function/-/is-async-function-2.0.0.tgz", "integrity": "sha512-Y1JXKrfykRJGdlDwdKlLpLyMIiWqWvuSd17TvZk68PLAOGOoF4Xyav1z0Xhoi+gCYjZVeC5SI+hYFOfvXmGRCA==", - "requires": { + "dependencies": { "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-bigint": { + "node_modules/is-bigint": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz", "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==", - "requires": { + "dependencies": { "has-bigints": "^1.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-binary-path": { + "node_modules/is-binary-path": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", - "requires": { + "dependencies": { "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" } }, - "is-boolean-object": { + "node_modules/is-boolean-object": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-callable": { + "node_modules/is-callable": { "version": "1.2.7", "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz", - "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==" + "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "is-core-module": { + "node_modules/is-core-module": { "version": "2.13.0", "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.0.tgz", "integrity": "sha512-Z7dk6Qo8pOCp3l4tsX2C5ZVas4V+UxwQodwZhLopL91TX8UyyHEXafPcyoeeWuLrwzHcr3igO78wNLwHJHsMCQ==", - "requires": { + "dependencies": { "has": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-date-object": { + "node_modules/is-date-object": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==", - "requires": { + "dependencies": { "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-docker": { + "node_modules/is-docker": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", - "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==" + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "is-extglob": { + "node_modules/is-extglob": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", - "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==" + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "engines": { + "node": ">=0.10.0" + } }, - "is-finalizationregistry": { + "node_modules/is-finalizationregistry": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-finalizationregistry/-/is-finalizationregistry-1.0.2.tgz", "integrity": "sha512-0by5vtUJs8iFQb5TYUHHPudOR+qXYIMKtiUzvLIZITZUjknFmziyBJuLhVRc+Ds0dREFlskDNJKYIdIzu/9pfw==", - "requires": { + "dependencies": { "call-bind": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-fullwidth-code-point": { + "node_modules/is-fullwidth-code-point": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==" + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "engines": { + "node": ">=8" + } }, - "is-generator-fn": { + "node_modules/is-generator-fn": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", - "integrity": "sha512-cTIB4yPYL/Grw0EaSzASzg6bBy9gqCofvWN8okThAYIxKJZC+udlRAmGbM0XLeniEJSs8uEgHPGuHSe1XsOLSQ==" + "integrity": "sha512-cTIB4yPYL/Grw0EaSzASzg6bBy9gqCofvWN8okThAYIxKJZC+udlRAmGbM0XLeniEJSs8uEgHPGuHSe1XsOLSQ==", + "engines": { + "node": ">=6" + } }, - "is-generator-function": { + "node_modules/is-generator-function": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.10.tgz", "integrity": "sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==", - "requires": { + "dependencies": { "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-glob": { + "node_modules/is-glob": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", - "requires": { + "dependencies": { "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" } }, - "is-in-browser": { + "node_modules/is-in-browser": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/is-in-browser/-/is-in-browser-1.1.3.tgz", "integrity": "sha512-FeXIBgG/CPGd/WUxuEyvgGTEfwiG9Z4EKGxjNMRqviiIIfsmgrpnHLffEDdwUHqNva1VEW91o3xBT/m8Elgl9g==" }, - "is-map": { + "node_modules/is-lambda": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-lambda/-/is-lambda-1.0.1.tgz", + "integrity": "sha512-z7CMFGNrENq5iFB9Bqo64Xk6Y9sg+epq1myIcdHaGnbMTYOxvzsEtdYqQUylB7LxfkvgrrjP32T6Ywciio9UIQ==" + }, + "node_modules/is-map": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/is-map/-/is-map-2.0.2.tgz", - "integrity": "sha512-cOZFQQozTha1f4MxLFzlgKYPTyj26picdZTx82hbc/Xf4K/tZOOXSCkMvU4pKioRXGDLJRn0GM7Upe7kR721yg==" + "integrity": "sha512-cOZFQQozTha1f4MxLFzlgKYPTyj26picdZTx82hbc/Xf4K/tZOOXSCkMvU4pKioRXGDLJRn0GM7Upe7kR721yg==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "is-module": { + "node_modules/is-module": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/is-module/-/is-module-1.0.0.tgz", "integrity": "sha512-51ypPSPCoTEIN9dy5Oy+h4pShgJmPCygKfyRCISBI+JoWT/2oJvK8QPxmwv7b/p239jXrm9M1mlQbyKJ5A152g==" }, - "is-negative-zero": { + "node_modules/is-negative-zero": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.2.tgz", - "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==" + "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "is-number": { + "node_modules/is-number": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", - "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==" + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" + } }, - "is-number-object": { + "node_modules/is-number-object": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.7.tgz", "integrity": "sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ==", - "requires": { + "dependencies": { "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-obj": { + "node_modules/is-obj": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz", - "integrity": "sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg==" + "integrity": "sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg==", + "engines": { + "node": ">=0.10.0" + } }, - "is-path-inside": { + "node_modules/is-path-inside": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", - "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==" + "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", + "engines": { + "node": ">=8" + } }, - "is-plain-obj": { + "node_modules/is-plain-obj": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-3.0.0.tgz", - "integrity": "sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA==" + "integrity": "sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "is-plain-object": { + "node_modules/is-plain-object": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", - "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==" + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==", + "engines": { + "node": ">=0.10.0" + } }, - "is-potential-custom-element-name": { + "node_modules/is-potential-custom-element-name": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz", "integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==" }, - "is-regex": { + "node_modules/is-regex": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz", "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-regexp": { + "node_modules/is-regexp": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/is-regexp/-/is-regexp-1.0.0.tgz", - "integrity": "sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==" + "integrity": "sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==", + "engines": { + "node": ">=0.10.0" + } }, - "is-root": { + "node_modules/is-root": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-root/-/is-root-2.1.0.tgz", - "integrity": "sha512-AGOriNp96vNBd3HtU+RzFEc75FfR5ymiYv8E553I71SCeXBiMsVDUtdio1OEFvrPyLIQ9tVR5RxXIFe5PUFjMg==" + "integrity": "sha512-AGOriNp96vNBd3HtU+RzFEc75FfR5ymiYv8E553I71SCeXBiMsVDUtdio1OEFvrPyLIQ9tVR5RxXIFe5PUFjMg==", + "engines": { + "node": ">=6" + } }, - "is-set": { + "node_modules/is-set": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/is-set/-/is-set-2.0.2.tgz", - "integrity": "sha512-+2cnTEZeY5z/iXGbLhPrOAaK/Mau5k5eXq9j14CpRTftq0pAJu2MwVRSZhyZWBzx3o6X795Lz6Bpb6R0GKf37g==" + "integrity": "sha512-+2cnTEZeY5z/iXGbLhPrOAaK/Mau5k5eXq9j14CpRTftq0pAJu2MwVRSZhyZWBzx3o6X795Lz6Bpb6R0GKf37g==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "is-shared-array-buffer": { + "node_modules/is-shared-array-buffer": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz", "integrity": "sha512-sqN2UDu1/0y6uvXyStCOzyhAjCSlHceFoMKJW8W9EU9cvic/QdsZ0kEU93HEy3IUEFZIiH/3w+AH/UQbPHNdhA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-stream": { + "node_modules/is-stream": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", - "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==" + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "is-string": { + "node_modules/is-string": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", - "requires": { + "dependencies": { "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-symbol": { + "node_modules/is-symbol": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", - "requires": { + "dependencies": { "has-symbols": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-typed-array": { + "node_modules/is-typed-array": { "version": "1.1.12", "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.12.tgz", "integrity": "sha512-Z14TF2JNG8Lss5/HMqt0//T9JeHXttXy5pH/DBU4vi98ozO2btxzq9MwYDZYnKwU8nRsz/+GVFVRDq3DkVuSPg==", - "requires": { + "dependencies": { "which-typed-array": "^1.1.11" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-typedarray": { + "node_modules/is-typedarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz", "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=" }, - "is-weakmap": { + "node_modules/is-weakmap": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-weakmap/-/is-weakmap-2.0.1.tgz", - "integrity": "sha512-NSBR4kH5oVj1Uwvv970ruUkCV7O1mzgVFO4/rev2cLRda9Tm9HrL70ZPut4rOHgY0FNrUu9BCbXA2sdQ+x0chA==" + "integrity": "sha512-NSBR4kH5oVj1Uwvv970ruUkCV7O1mzgVFO4/rev2cLRda9Tm9HrL70ZPut4rOHgY0FNrUu9BCbXA2sdQ+x0chA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "is-weakref": { + "node_modules/is-weakref": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz", "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==", - "requires": { + "dependencies": { "call-bind": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-weakset": { + "node_modules/is-weakset": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/is-weakset/-/is-weakset-2.0.2.tgz", "integrity": "sha512-t2yVvttHkQktwnNNmBQ98AhENLdPUTDTE21uPqAQ0ARwQfGeQKRVS0NNurH7bTf7RrvcVn1OOge45CnBeHCSmg==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "get-intrinsic": "^1.1.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "is-wsl": { + "node_modules/is-wsl": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", - "requires": { + "dependencies": { "is-docker": "^2.0.0" + }, + "engines": { + "node": ">=8" } }, - "isarray": { + "node_modules/isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" }, - "isexe": { + "node_modules/isexe": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=" }, - "isstream": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz", - "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=" - }, - "istanbul-lib-coverage": { + "node_modules/istanbul-lib-coverage": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz", - "integrity": "sha512-eOeJ5BHCmHYvQK7xt9GkdHuzuCGS1Y6g9Gvnx3Ym33fz/HpLRYxiS0wHNr+m/MBC8B647Xt608vCDEvhl9c6Mw==" + "integrity": "sha512-eOeJ5BHCmHYvQK7xt9GkdHuzuCGS1Y6g9Gvnx3Ym33fz/HpLRYxiS0wHNr+m/MBC8B647Xt608vCDEvhl9c6Mw==", + "engines": { + "node": ">=8" + } }, - "istanbul-lib-instrument": { + "node_modules/istanbul-lib-instrument": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", "integrity": "sha512-pzqtp31nLv/XFOzXGuvhCb8qhjmTVo5vjVk19XE4CRlSWz0KoeJ3bw9XsA7nOp9YBf4qHjwBxkDzKcME/J29Yg==", - "requires": { + "dependencies": { "@babel/core": "^7.12.3", "@babel/parser": "^7.14.7", "@istanbuljs/schema": "^0.1.2", "istanbul-lib-coverage": "^3.2.0", "semver": "^6.3.0" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-instrument/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "istanbul-lib-report": { + "node_modules/istanbul-lib-report": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==", - "requires": { + "dependencies": { "istanbul-lib-coverage": "^3.0.0", "make-dir": "^4.0.0", "supports-color": "^7.1.0" }, + "engines": { + "node": ">=10" + } + }, + "node_modules/istanbul-lib-report/node_modules/make-dir": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "integrity": "sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==", "dependencies": { - "make-dir": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", - "integrity": "sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==", - "requires": { - "semver": "^7.5.3" - } - } + "semver": "^7.5.3" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "istanbul-lib-source-maps": { + "node_modules/istanbul-lib-source-maps": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", "integrity": "sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==", - "requires": { + "dependencies": { "debug": "^4.1.1", "istanbul-lib-coverage": "^3.0.0", "source-map": "^0.6.1" }, - "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - } + "engines": { + "node": ">=10" + } + }, + "node_modules/istanbul-lib-source-maps/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" } }, - "istanbul-reports": { + "node_modules/istanbul-reports": { "version": "3.1.6", "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.6.tgz", "integrity": "sha512-TLgnMkKg3iTDsQ9PbPTdpfAK2DzjF9mqUG7RMgcQl8oFjad8ob4laGxv5XV5U9MAfx8D6tSJiUyuAwzLicaxlg==", - "requires": { + "dependencies": { "html-escaper": "^2.0.0", "istanbul-lib-report": "^3.0.0" + }, + "engines": { + "node": ">=8" } }, - "iterator.prototype": { + "node_modules/iterator.prototype": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/iterator.prototype/-/iterator.prototype-1.1.2.tgz", "integrity": "sha512-DR33HMMr8EzwuRL8Y9D3u2BMj8+RqSE850jfGu59kS7tbmPLzGkZmVSfyCFSDxuZiEY6Rzt3T2NA/qU+NwVj1w==", - "requires": { + "dependencies": { "define-properties": "^1.2.1", "get-intrinsic": "^1.2.1", "has-symbols": "^1.0.3", @@ -7878,134 +11113,135 @@ "set-function-name": "^2.0.1" } }, - "jake": { + "node_modules/jackspeak": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==", + "dependencies": { + "@isaacs/cliui": "^8.0.2" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + }, + "optionalDependencies": { + "@pkgjs/parseargs": "^0.11.0" + } + }, + "node_modules/jake": { "version": "10.8.7", "resolved": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", "integrity": "sha512-ZDi3aP+fG/LchyBzUM804VjddnwfSfsdeYkwt8NcbKRvo4rFkjhs456iLFn3k2ZUWvNe4i48WACDbza8fhq2+w==", - "requires": { + "dependencies": { "async": "^3.2.3", "chalk": "^4.0.2", "filelist": "^1.0.4", "minimatch": "^3.1.2" }, + "bin": { + "jake": "bin/cli.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/jake/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "dependencies": { - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest": { + "node_modules/jest": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest/-/jest-27.5.1.tgz", "integrity": "sha512-Yn0mADZB89zTtjkPJEXwrac3LHudkQMR+Paqa8uxJHCBr9agxztUifWCyiYrjhMPBoUVBjyny0I7XH6ozDr7QQ==", - "requires": { + "dependencies": { "@jest/core": "^27.5.1", "import-local": "^3.0.2", "jest-cli": "^27.5.1" }, - "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "jest-cli": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-27.5.1.tgz", - "integrity": "sha512-Hc6HOOwYq4/74/c62dEE3r5elx8wjYqxY0r0G/nFrLDPMFRu6RA/u8qINOIkvhxG7mMQ5EJsOGfRpI8L6eFUVw==", - "requires": { - "@jest/core": "^27.5.1", - "@jest/test-result": "^27.5.1", - "@jest/types": "^27.5.1", - "chalk": "^4.0.0", - "exit": "^0.1.2", - "graceful-fs": "^4.2.9", - "import-local": "^3.0.2", - "jest-config": "^27.5.1", - "jest-util": "^27.5.1", - "jest-validate": "^27.5.1", - "prompts": "^2.0.1", - "yargs": "^16.2.0" - } + "bin": { + "jest": "bin/jest.js" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + }, + "peerDependencies": { + "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0" + }, + "peerDependenciesMeta": { + "node-notifier": { + "optional": true } } }, - "jest-changed-files": { + "node_modules/jest-changed-files": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-27.5.1.tgz", "integrity": "sha512-buBLMiByfWGCoMsLLzGUUSpAmIAGnbR2KJoMN10ziLhOLvP4e0SlypHnAel8iqQXTrcbmfEY9sSqae5sgUsTvw==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "execa": "^5.0.0", "throat": "^6.0.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-changed-files/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-changed-files/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-changed-files/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-circus": { + "node_modules/jest-circus": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-circus/-/jest-circus-27.5.1.tgz", "integrity": "sha512-D95R7x5UtlMA5iBYsOHFFbMD/GVA4R/Kdq15f7xYWUfWHBto9NYRsOvnSauTgdF+ogCpJ4tyKOXhUifxS65gdw==", - "requires": { + "dependencies": { "@jest/environment": "^27.5.1", "@jest/test-result": "^27.5.1", "@jest/types": "^27.5.1", @@ -8026,60 +11262,77 @@ "stack-utils": "^2.0.3", "throat": "^6.0.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-circus/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-circus/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-circus/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-config": { + "node_modules/jest-circus/node_modules/pretty-format": { "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-27.5.1.tgz", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", + "dependencies": { + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-circus/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-config": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-27.5.1.tgz", "integrity": "sha512-5sAsjm6tGdsVbW9ahcChPAFCk4IlkQUknH5AvKjuLTSlcO/wCZKyFdn7Rg0EkC+OGgWODEy2hDpWB1PgzH0JNA==", - "requires": { + "dependencies": { "@babel/core": "^7.8.0", "@jest/test-sequencer": "^27.5.1", "@jest/types": "^27.5.1", @@ -8105,165 +11358,229 @@ "slash": "^3.0.0", "strip-json-comments": "^3.1.1" }, - "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "jest-get-type": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", - "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==" - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - }, - "strip-json-comments": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", - "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==" + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + }, + "peerDependencies": { + "ts-node": ">=9.0.0" + }, + "peerDependenciesMeta": { + "ts-node": { + "optional": true } } }, - "jest-diff": { + "node_modules/jest-config/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-config/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-config/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-config/node_modules/jest-get-type": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", + "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-config/node_modules/pretty-format": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", + "dependencies": { + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-config/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-config/node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/jest-diff": { "version": "26.6.2", "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-26.6.2.tgz", "integrity": "sha512-6m+9Z3Gv9wN0WFVasqjCL/06+EFCMTqDEUl/b87HYK2rAPTyfz4ZIuSlPhY51PIQRWx5TaxeF1qmXKe9gfN3sA==", - "requires": { + "dependencies": { "chalk": "^4.0.0", "diff-sequences": "^26.6.2", "jest-get-type": "^26.3.0", "pretty-format": "^26.6.2" }, + "engines": { + "node": ">= 10.14.2" + } + }, + "node_modules/jest-diff/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "dependencies": { - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-docblock": { + "node_modules/jest-docblock": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-27.5.1.tgz", "integrity": "sha512-rl7hlABeTsRYxKiUfpHrQrG4e2obOiTQWfMEH3PxPjOtdsfLQO4ReWSZaQ7DETm4xu07rl4q/h4zcKXyU0/OzQ==", - "requires": { + "dependencies": { "detect-newline": "^3.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "jest-each": { + "node_modules/jest-each": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-each/-/jest-each-27.5.1.tgz", "integrity": "sha512-1Ff6p+FbhT/bXQnEouYy00bkNSY7OUpfIcmdl8vZ31A1UUaurOLPA8a8BbJOF2RDUElwJhmeaV7LnagI+5UwNQ==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "chalk": "^4.0.0", "jest-get-type": "^27.5.1", "jest-util": "^27.5.1", "pretty-format": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-each/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "jest-get-type": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", - "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==" - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-each/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-each/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-environment-jsdom": { + "node_modules/jest-each/node_modules/jest-get-type": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", + "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-each/node_modules/pretty-format": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", + "dependencies": { + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-each/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-environment-jsdom": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-27.5.1.tgz", "integrity": "sha512-TFBvkTC1Hnnnrka/fUb56atfDtJ9VMZ94JkjTbggl1PEpwrYtUBKMezB3inLmWqQsXYLcMwNoDQwoBTAvFfsfw==", - "requires": { + "dependencies": { "@jest/environment": "^27.5.1", "@jest/fake-timers": "^27.5.1", "@jest/types": "^27.5.1", @@ -8272,43 +11589,53 @@ "jest-util": "^27.5.1", "jsdom": "^16.6.0" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-environment-jsdom/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-environment-jsdom/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-environment-jsdom/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-environment-node": { + "node_modules/jest-environment-node": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-27.5.1.tgz", "integrity": "sha512-Jt4ZUnxdOsTGwSRAfKEnE6BcwsSPNOijjwifq5sDFSA2kesnXTvNqKHYgM0hDq3549Uf/KzdXNYn4wMZJPlFLw==", - "requires": { + "dependencies": { "@jest/environment": "^27.5.1", "@jest/fake-timers": "^27.5.1", "@jest/types": "^27.5.1", @@ -8316,54 +11643,66 @@ "jest-mock": "^27.5.1", "jest-util": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-environment-node/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-environment-node/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-environment-node/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-get-type": { + "node_modules/jest-get-type": { "version": "26.3.0", "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-26.3.0.tgz", - "integrity": "sha512-TpfaviN1R2pQWkIihlfEanwOXK0zcxrKEE4MlU6Tn7keoXdN6/3gK/xl0yEh8DOunn5pOVGKf8hB4R9gVh04ig==" + "integrity": "sha512-TpfaviN1R2pQWkIihlfEanwOXK0zcxrKEE4MlU6Tn7keoXdN6/3gK/xl0yEh8DOunn5pOVGKf8hB4R9gVh04ig==", + "engines": { + "node": ">= 10.14.2" + } }, - "jest-haste-map": { + "node_modules/jest-haste-map": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-27.5.1.tgz", "integrity": "sha512-7GgkZ4Fw4NFbMSDSpZwXeBiIbx+t/46nJ2QitkOjvwPYyZmqttu2TDSimMHP1EkPOi4xUZAN1doE5Vd25H4Jng==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "@types/graceful-fs": "^4.1.2", "@types/node": "*", "anymatch": "^3.0.3", "fb-watchman": "^2.0.0", - "fsevents": "^2.3.2", "graceful-fs": "^4.2.9", "jest-regex-util": "^27.5.1", "jest-serializer": "^27.5.1", @@ -8372,43 +11711,56 @@ "micromatch": "^4.0.4", "walker": "^1.0.7" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + }, + "optionalDependencies": { + "fsevents": "^2.3.2" + } + }, + "node_modules/jest-haste-map/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-haste-map/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-haste-map/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-jasmine2": { + "node_modules/jest-jasmine2": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-jasmine2/-/jest-jasmine2-27.5.1.tgz", "integrity": "sha512-jtq7VVyG8SqAorDpApwiJJImd0V2wv1xzdheGHRGyuT7gZm6gG47QEskOlzsN1PG/6WNaCo5pmwMHDf3AkG2pQ==", - "requires": { + "dependencies": { "@jest/environment": "^27.5.1", "@jest/source-map": "^27.5.1", "@jest/test-result": "^27.5.1", @@ -8427,154 +11779,207 @@ "pretty-format": "^27.5.1", "throat": "^6.0.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-jasmine2/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-jasmine2/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-jasmine2/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-leak-detector": { + "node_modules/jest-jasmine2/node_modules/pretty-format": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", + "dependencies": { + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-jasmine2/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-leak-detector": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-27.5.1.tgz", "integrity": "sha512-POXfWAMvfU6WMUXftV4HolnJfnPOGEu10fscNCA76KBpRRhcMN2c8d3iT2pxQS3HLbA+5X4sOUPzYO2NUyIlHQ==", - "requires": { + "dependencies": { "jest-get-type": "^27.5.1", "pretty-format": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-leak-detector/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-leak-detector/node_modules/jest-get-type": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", + "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-leak-detector/node_modules/pretty-format": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - }, - "jest-get-type": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", - "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==" - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - } - } + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "jest-matcher-utils": { + "node_modules/jest-matcher-utils": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-27.5.1.tgz", "integrity": "sha512-z2uTx/T6LBaCoNWNFWwChLBKYxTMcGBRjAt+2SbP929/Fflb9aa5LGma654Rz8z9HLxsrUaYzxE9T/EFIL/PAw==", - "requires": { + "dependencies": { "chalk": "^4.0.0", "jest-diff": "^27.5.1", "jest-get-type": "^27.5.1", "pretty-format": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-matcher-utils/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "dependencies": { - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "diff-sequences": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.5.1.tgz", - "integrity": "sha512-k1gCAXAsNgLwEL+Y8Wvl+M6oEFj5bgazfZULpS5CneoPPXRaCCW7dm+q21Ky2VEE5X+VeRDBVg1Pcvvsr4TtNQ==" - }, - "jest-diff": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz", - "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==", - "requires": { - "chalk": "^4.0.0", - "diff-sequences": "^27.5.1", - "jest-get-type": "^27.5.1", - "pretty-format": "^27.5.1" - } - }, - "jest-get-type": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", - "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==" - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - } + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-message-util": { + "node_modules/jest-matcher-utils/node_modules/diff-sequences": { "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-27.5.1.tgz", - "integrity": "sha512-rMyFe1+jnyAAf+NHwTclDz0eAaLkVDdKVHHBFWsBWHnnh5YeJMNWWsv7AbFYXfK3oTqvL7VTWkhNLu1jX24D+g==", - "requires": { - "@babel/code-frame": "^7.12.13", - "@jest/types": "^27.5.1", - "@types/stack-utils": "^2.0.0", + "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.5.1.tgz", + "integrity": "sha512-k1gCAXAsNgLwEL+Y8Wvl+M6oEFj5bgazfZULpS5CneoPPXRaCCW7dm+q21Ky2VEE5X+VeRDBVg1Pcvvsr4TtNQ==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-matcher-utils/node_modules/jest-diff": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz", + "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==", + "dependencies": { + "chalk": "^4.0.0", + "diff-sequences": "^27.5.1", + "jest-get-type": "^27.5.1", + "pretty-format": "^27.5.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-matcher-utils/node_modules/jest-get-type": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", + "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-matcher-utils/node_modules/pretty-format": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", + "dependencies": { + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-matcher-utils/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-message-util": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-27.5.1.tgz", + "integrity": "sha512-rMyFe1+jnyAAf+NHwTclDz0eAaLkVDdKVHHBFWsBWHnnh5YeJMNWWsv7AbFYXfK3oTqvL7VTWkhNLu1jX24D+g==", + "dependencies": { + "@babel/code-frame": "^7.12.13", + "@jest/types": "^27.5.1", + "@types/stack-utils": "^2.0.0", "chalk": "^4.0.0", "graceful-fs": "^4.2.9", "micromatch": "^4.0.4", @@ -8582,110 +11987,151 @@ "slash": "^3.0.0", "stack-utils": "^2.0.3" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-message-util/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-message-util/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-message-util/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-message-util/node_modules/pretty-format": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", + "dependencies": { + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "jest-mock": { + "node_modules/jest-message-util/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-mock": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-27.5.1.tgz", "integrity": "sha512-K4jKbY1d4ENhbrG2zuPWaQBvDly+iZ2yAW+T1fATN78hc0sInwn7wZB8XtlNnvHug5RMwV897Xm4LqmPM4e2Og==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "@types/node": "*" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-mock/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-mock/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-mock/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-pnp-resolver": { + "node_modules/jest-pnp-resolver": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", - "integrity": "sha512-+3NpwQEnRoIBtx4fyhblQDPgJI0H1IEIkX7ShLUjPGA7TtUTvI1oiKi3SR4oBR0hQhQR80l4WAe5RrXBwWMA8w==" + "integrity": "sha512-+3NpwQEnRoIBtx4fyhblQDPgJI0H1IEIkX7ShLUjPGA7TtUTvI1oiKi3SR4oBR0hQhQR80l4WAe5RrXBwWMA8w==", + "engines": { + "node": ">=6" + }, + "peerDependencies": { + "jest-resolve": "*" + }, + "peerDependenciesMeta": { + "jest-resolve": { + "optional": true + } + } }, - "jest-regex-util": { + "node_modules/jest-regex-util": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-27.5.1.tgz", - "integrity": "sha512-4bfKq2zie+x16okqDXjXn9ql2B0dScQu+vcwe4TvFVhkVyuWLqpZrZtXxLLWoXYgn0E87I6r6GRYHF7wFZBUvg==" + "integrity": "sha512-4bfKq2zie+x16okqDXjXn9ql2B0dScQu+vcwe4TvFVhkVyuWLqpZrZtXxLLWoXYgn0E87I6r6GRYHF7wFZBUvg==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } }, - "jest-resolve": { + "node_modules/jest-resolve": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-27.5.1.tgz", "integrity": "sha512-FFDy8/9E6CV83IMbDpcjOhumAQPDyETnU2KZ1O98DwTnz8AOBsW/Xv3GySr1mOZdItLR+zDZ7I/UdTFbgSOVCw==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "chalk": "^4.0.0", "graceful-fs": "^4.2.9", @@ -8697,84 +12143,104 @@ "resolve.exports": "^1.1.0", "slash": "^3.0.0" }, - "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "jest-resolve-dependencies": { + "node_modules/jest-resolve-dependencies": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-27.5.1.tgz", "integrity": "sha512-QQOOdY4PE39iawDn5rzbIePNigfe5B9Z91GDD1ae/xNDlu9kaat8QQ5EKnNmVWPV54hUdxCVwwj6YMgR2O7IOg==", - "requires": { + "dependencies": { "@jest/types": "^27.5.1", "jest-regex-util": "^27.5.1", "jest-snapshot": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-resolve-dependencies/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-resolve-dependencies/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-resolve-dependencies/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-resolve/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "jest-runner": { + "node_modules/jest-resolve/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-resolve/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-runner": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-runner/-/jest-runner-27.5.1.tgz", "integrity": "sha512-g4NPsM4mFCOwFKXO4p/H/kWGdJp9V8kURY2lX8Me2drgXqG7rrZAx5kv+5H7wtt/cdFIjhqYx1HrlqWHaOvDaQ==", - "requires": { + "dependencies": { "@jest/console": "^27.5.1", "@jest/environment": "^27.5.1", "@jest/test-result": "^27.5.1", @@ -8797,43 +12263,53 @@ "source-map-support": "^0.5.6", "throat": "^6.0.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-runner/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-runner/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-runner/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-runtime": { + "node_modules/jest-runtime": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-27.5.1.tgz", "integrity": "sha512-o7gxw3Gf+H2IGt8fv0RiyE1+r83FJBRruoA+FXrlHw6xEyBsU8ugA6IPfTdVyA0w8HClpbK+DGJxH59UrNMx8A==", - "requires": { + "dependencies": { "@jest/environment": "^27.5.1", "@jest/fake-timers": "^27.5.1", "@jest/globals": "^27.5.1", @@ -8857,57 +12333,73 @@ "slash": "^3.0.0", "strip-bom": "^4.0.0" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-runtime/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "strip-bom": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", - "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==" - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-runtime/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-runtime/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-runtime/node_modules/strip-bom": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==", + "engines": { + "node": ">=8" } }, - "jest-serializer": { + "node_modules/jest-serializer": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-serializer/-/jest-serializer-27.5.1.tgz", "integrity": "sha512-jZCyo6iIxO1aqUxpuBlwTDMkzOAJS4a3eYz3YzgxxVQFwLeSA7Jfq5cbqCY+JLvTDrWirgusI/0KwxKMgrdf7w==", - "requires": { + "dependencies": { "@types/node": "*", "graceful-fs": "^4.2.9" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "jest-snapshot": { + "node_modules/jest-snapshot": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-27.5.1.tgz", "integrity": "sha512-yYykXI5a0I31xX67mgeLw1DZ0bJB+gpq5IpSuCAoyDi0+BhgU/RIrL+RTzDmkNTchvDFWKP8lp+w/42Z3us5sA==", - "requires": { + "dependencies": { "@babel/core": "^7.7.2", "@babel/generator": "^7.7.2", "@babel/plugin-syntax-typescript": "^7.7.2", @@ -8931,407 +12423,536 @@ "pretty-format": "^27.5.1", "semver": "^7.3.2" }, - "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "diff-sequences": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.5.1.tgz", - "integrity": "sha512-k1gCAXAsNgLwEL+Y8Wvl+M6oEFj5bgazfZULpS5CneoPPXRaCCW7dm+q21Ky2VEE5X+VeRDBVg1Pcvvsr4TtNQ==" - }, - "jest-diff": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz", - "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==", - "requires": { - "chalk": "^4.0.0", - "diff-sequences": "^27.5.1", - "jest-get-type": "^27.5.1", - "pretty-format": "^27.5.1" - } - }, - "jest-get-type": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", - "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==" - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - } + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "jest-util": { + "node_modules/jest-snapshot/node_modules/@jest/types": { "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-27.5.1.tgz", - "integrity": "sha512-Kv2o/8jNvX1MQ0KGtw480E/w4fBCDOnH6+6DmeKi6LZUIlKA5kwY0YNdlzaWTiVgxqAqik11QyxDOKk543aKXw==", - "requires": { - "@jest/types": "^27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", "@types/node": "*", - "chalk": "^4.0.0", - "ci-info": "^3.2.0", - "graceful-fs": "^4.2.9", - "picomatch": "^2.2.3" + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-snapshot/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-snapshot/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "jest-validate": { + "node_modules/jest-snapshot/node_modules/diff-sequences": { "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-validate/-/jest-validate-27.5.1.tgz", - "integrity": "sha512-thkNli0LYTmOI1tDB3FI1S1RTp/Bqyd9pTarJwL87OIBFuqEb5Apv5EaApEudYg4g86e3CT6kM0RowkhtEnCBQ==", - "requires": { - "@jest/types": "^27.5.1", - "camelcase": "^6.2.0", + "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.5.1.tgz", + "integrity": "sha512-k1gCAXAsNgLwEL+Y8Wvl+M6oEFj5bgazfZULpS5CneoPPXRaCCW7dm+q21Ky2VEE5X+VeRDBVg1Pcvvsr4TtNQ==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-snapshot/node_modules/jest-diff": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz", + "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==", + "dependencies": { "chalk": "^4.0.0", + "diff-sequences": "^27.5.1", "jest-get-type": "^27.5.1", - "leven": "^3.1.0", "pretty-format": "^27.5.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-snapshot/node_modules/jest-get-type": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", + "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-snapshot/node_modules/pretty-format": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "jest-get-type": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", - "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==" - }, - "pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "requires": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - } + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, - "jest-watch-typeahead": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/jest-watch-typeahead/-/jest-watch-typeahead-1.1.0.tgz", - "integrity": "sha512-Va5nLSJTN7YFtC2jd+7wsoe1pNe5K4ShLux/E5iHEwlB9AxaxmggY7to9KUqKojhaJw3aXqt5WAb4jGPOolpEw==", - "requires": { - "ansi-escapes": "^4.3.1", - "chalk": "^4.0.0", - "jest-regex-util": "^28.0.0", + "node_modules/jest-snapshot/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-util": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-27.5.1.tgz", + "integrity": "sha512-Kv2o/8jNvX1MQ0KGtw480E/w4fBCDOnH6+6DmeKi6LZUIlKA5kwY0YNdlzaWTiVgxqAqik11QyxDOKk543aKXw==", + "dependencies": { + "@jest/types": "^27.5.1", + "@types/node": "*", + "chalk": "^4.0.0", + "ci-info": "^3.2.0", + "graceful-fs": "^4.2.9", + "picomatch": "^2.2.3" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-util/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-util/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-util/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-validate": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-validate/-/jest-validate-27.5.1.tgz", + "integrity": "sha512-thkNli0LYTmOI1tDB3FI1S1RTp/Bqyd9pTarJwL87OIBFuqEb5Apv5EaApEudYg4g86e3CT6kM0RowkhtEnCBQ==", + "dependencies": { + "@jest/types": "^27.5.1", + "camelcase": "^6.2.0", + "chalk": "^4.0.0", + "jest-get-type": "^27.5.1", + "leven": "^3.1.0", + "pretty-format": "^27.5.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-validate/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-validate/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-validate/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-validate/node_modules/jest-get-type": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz", + "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==", + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-validate/node_modules/pretty-format": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", + "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", + "dependencies": { + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^17.0.1" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-validate/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-watch-typeahead": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/jest-watch-typeahead/-/jest-watch-typeahead-1.1.0.tgz", + "integrity": "sha512-Va5nLSJTN7YFtC2jd+7wsoe1pNe5K4ShLux/E5iHEwlB9AxaxmggY7to9KUqKojhaJw3aXqt5WAb4jGPOolpEw==", + "dependencies": { + "ansi-escapes": "^4.3.1", + "chalk": "^4.0.0", + "jest-regex-util": "^28.0.0", "jest-watcher": "^28.0.0", "slash": "^4.0.0", "string-length": "^5.0.1", "strip-ansi": "^7.0.1" }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "peerDependencies": { + "jest": "^27.0.0 || ^28.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/@jest/console": { + "version": "28.1.3", + "resolved": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "integrity": "sha512-QPAkP5EwKdK/bxIr6C1I4Vs0rm2nHiANzj/Z5X2JQkrZo6IqvC4ldZ9K95tF0HdidhA8Bo6egxSzUFPYKcEXLw==", "dependencies": { - "@jest/console": { - "version": "28.1.3", - "resolved": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", - "integrity": "sha512-QPAkP5EwKdK/bxIr6C1I4Vs0rm2nHiANzj/Z5X2JQkrZo6IqvC4ldZ9K95tF0HdidhA8Bo6egxSzUFPYKcEXLw==", - "requires": { - "@jest/types": "^28.1.3", - "@types/node": "*", - "chalk": "^4.0.0", - "jest-message-util": "^28.1.3", - "jest-util": "^28.1.3", - "slash": "^3.0.0" - }, - "dependencies": { - "slash": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", - "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==" - } - } - }, - "@jest/test-result": { - "version": "28.1.3", - "resolved": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", - "integrity": "sha512-kZAkxnSE+FqE8YjW8gNuoVkkC9I7S1qmenl8sGcDOLropASP+BkcGKwhXoyqQuGOGeYY0y/ixjrd/iERpEXHNg==", - "requires": { - "@jest/console": "^28.1.3", - "@jest/types": "^28.1.3", - "@types/istanbul-lib-coverage": "^2.0.0", - "collect-v8-coverage": "^1.0.0" - } - }, - "@jest/types": { - "version": "28.1.3", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", - "integrity": "sha512-RyjiyMUZrKz/c+zlMFO1pm70DcIlST8AeWTkoUdZevew44wcNZQHsEVOiCVtgVnlFFD82FPaXycys58cf2muVQ==", - "requires": { - "@jest/schemas": "^28.1.3", - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^17.0.8", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "17.0.28", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.28.tgz", - "integrity": "sha512-N3e3fkS86hNhtk6BEnc0rj3zcehaxx8QWhCROJkqpl5Zaoi7nAic3jH8q94jVD3zu5LGk+PUB6KAiDmimYOEQw==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "emittery": { - "version": "0.10.2", - "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", - "integrity": "sha512-aITqOwnLanpHLNXZJENbOgjUBeHocD+xsSJmNrjovKBW5HbSpW3d1pEls7GFQPUWXiwG9+0P4GtHfEqC/4M0Iw==" - }, - "jest-message-util": { - "version": "28.1.3", - "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", - "integrity": "sha512-PFdn9Iewbt575zKPf1286Ht9EPoJmYT7P0kY+RibeYZ2XtOr53pDLEFoTWXbd1h4JiGiWpTBC84fc8xMXQMb7g==", - "requires": { - "@babel/code-frame": "^7.12.13", - "@jest/types": "^28.1.3", - "@types/stack-utils": "^2.0.0", - "chalk": "^4.0.0", - "graceful-fs": "^4.2.9", - "micromatch": "^4.0.4", - "pretty-format": "^28.1.3", - "slash": "^3.0.0", - "stack-utils": "^2.0.3" - }, - "dependencies": { - "slash": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", - "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==" - } - } - }, - "jest-regex-util": { - "version": "28.0.2", - "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", - "integrity": "sha512-4s0IgyNIy0y9FK+cjoVYoxamT7Zeo7MhzqRGx7YDYmaQn1wucY9rotiGkBzzcMXTtjrCAP/f7f+E0F7+fxPNdw==" - }, - "jest-util": { - "version": "28.1.3", - "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", - "integrity": "sha512-XdqfpHwpcSRko/C35uLYFM2emRAltIIKZiJ9eAmhjsj0CqZMa0p1ib0R5fWIqGhn1a103DebTbpqIaP1qCQ6tQ==", - "requires": { - "@jest/types": "^28.1.3", - "@types/node": "*", - "chalk": "^4.0.0", - "ci-info": "^3.2.0", - "graceful-fs": "^4.2.9", - "picomatch": "^2.2.3" - } - }, - "jest-watcher": { - "version": "28.1.3", - "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", - "integrity": "sha512-t4qcqj9hze+jviFPUN3YAtAEeFnr/azITXQEMARf5cMwKY2SMBRnCQTXLixTl20OR6mLh9KLMrgVJgJISym+1g==", - "requires": { - "@jest/test-result": "^28.1.3", - "@jest/types": "^28.1.3", - "@types/node": "*", - "ansi-escapes": "^4.2.1", - "chalk": "^4.0.0", - "emittery": "^0.10.2", - "jest-util": "^28.1.3", - "string-length": "^4.0.1" - }, - "dependencies": { - "string-length": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", - "integrity": "sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==", - "requires": { - "char-regex": "^1.0.2", - "strip-ansi": "^6.0.0" - } - }, - "strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "requires": { - "ansi-regex": "^5.0.1" - } - } - } - }, - "pretty-format": { - "version": "28.1.3", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", - "integrity": "sha512-8gFb/To0OmxHR9+ZTb14Df2vNxdGCX8g1xWGUTqUw5TiZvcQf5sHKObd5UcPyLLyowNwDAMTF3XWOG1B6mxl1Q==", - "requires": { - "@jest/schemas": "^28.1.3", - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^18.0.0" - }, - "dependencies": { - "ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==" - } - } - }, - "react-is": { - "version": "18.2.0", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", - "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w==" - }, - "slash": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", - "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==" - }, - "string-length": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/string-length/-/string-length-5.0.1.tgz", - "integrity": "sha512-9Ep08KAMUn0OadnVaBuRdE2l615CQ508kr0XMadjClfYpdCyvrbFp6Taebo8yyxokQ4viUd/xPPUA4FGgUa0ow==", - "requires": { - "char-regex": "^2.0.0", - "strip-ansi": "^7.0.1" - }, - "dependencies": { - "char-regex": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-2.0.1.tgz", - "integrity": "sha512-oSvEeo6ZUD7NepqAat3RqoucZ5SeqLJgOvVIwkafu6IP3V0pO38s/ypdVUmDDK6qIIHNlYHJAKX9E7R7HoKElw==" - } - } - }, - "strip-ansi": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", - "requires": { - "ansi-regex": "^6.0.1" - }, - "dependencies": { - "ansi-regex": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", - "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==" - } - } - } + "@jest/types": "^28.1.3", + "@types/node": "*", + "chalk": "^4.0.0", + "jest-message-util": "^28.1.3", + "jest-util": "^28.1.3", + "slash": "^3.0.0" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/@jest/console/node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "engines": { + "node": ">=8" } }, - "jest-watcher": { + "node_modules/jest-watch-typeahead/node_modules/@jest/test-result": { + "version": "28.1.3", + "resolved": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "integrity": "sha512-kZAkxnSE+FqE8YjW8gNuoVkkC9I7S1qmenl8sGcDOLropASP+BkcGKwhXoyqQuGOGeYY0y/ixjrd/iERpEXHNg==", + "dependencies": { + "@jest/console": "^28.1.3", + "@jest/types": "^28.1.3", + "@types/istanbul-lib-coverage": "^2.0.0", + "collect-v8-coverage": "^1.0.0" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/@jest/types": { + "version": "28.1.3", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "integrity": "sha512-RyjiyMUZrKz/c+zlMFO1pm70DcIlST8AeWTkoUdZevew44wcNZQHsEVOiCVtgVnlFFD82FPaXycys58cf2muVQ==", + "dependencies": { + "@jest/schemas": "^28.1.3", + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^17.0.8", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/@types/yargs": { + "version": "17.0.28", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.28.tgz", + "integrity": "sha512-N3e3fkS86hNhtk6BEnc0rj3zcehaxx8QWhCROJkqpl5Zaoi7nAic3jH8q94jVD3zu5LGk+PUB6KAiDmimYOEQw==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest-watch-typeahead/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-watch-typeahead/node_modules/emittery": { + "version": "0.10.2", + "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "integrity": "sha512-aITqOwnLanpHLNXZJENbOgjUBeHocD+xsSJmNrjovKBW5HbSpW3d1pEls7GFQPUWXiwG9+0P4GtHfEqC/4M0Iw==", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sindresorhus/emittery?sponsor=1" + } + }, + "node_modules/jest-watch-typeahead/node_modules/jest-message-util": { + "version": "28.1.3", + "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "integrity": "sha512-PFdn9Iewbt575zKPf1286Ht9EPoJmYT7P0kY+RibeYZ2XtOr53pDLEFoTWXbd1h4JiGiWpTBC84fc8xMXQMb7g==", + "dependencies": { + "@babel/code-frame": "^7.12.13", + "@jest/types": "^28.1.3", + "@types/stack-utils": "^2.0.0", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.9", + "micromatch": "^4.0.4", + "pretty-format": "^28.1.3", + "slash": "^3.0.0", + "stack-utils": "^2.0.3" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/jest-message-util/node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/jest-watch-typeahead/node_modules/jest-regex-util": { + "version": "28.0.2", + "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "integrity": "sha512-4s0IgyNIy0y9FK+cjoVYoxamT7Zeo7MhzqRGx7YDYmaQn1wucY9rotiGkBzzcMXTtjrCAP/f7f+E0F7+fxPNdw==", + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/jest-util": { + "version": "28.1.3", + "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "integrity": "sha512-XdqfpHwpcSRko/C35uLYFM2emRAltIIKZiJ9eAmhjsj0CqZMa0p1ib0R5fWIqGhn1a103DebTbpqIaP1qCQ6tQ==", + "dependencies": { + "@jest/types": "^28.1.3", + "@types/node": "*", + "chalk": "^4.0.0", + "ci-info": "^3.2.0", + "graceful-fs": "^4.2.9", + "picomatch": "^2.2.3" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/jest-watcher": { + "version": "28.1.3", + "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "integrity": "sha512-t4qcqj9hze+jviFPUN3YAtAEeFnr/azITXQEMARf5cMwKY2SMBRnCQTXLixTl20OR6mLh9KLMrgVJgJISym+1g==", + "dependencies": { + "@jest/test-result": "^28.1.3", + "@jest/types": "^28.1.3", + "@types/node": "*", + "ansi-escapes": "^4.2.1", + "chalk": "^4.0.0", + "emittery": "^0.10.2", + "jest-util": "^28.1.3", + "string-length": "^4.0.1" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/jest-watcher/node_modules/string-length": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "integrity": "sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==", + "dependencies": { + "char-regex": "^1.0.2", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/jest-watch-typeahead/node_modules/jest-watcher/node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/jest-watch-typeahead/node_modules/pretty-format": { + "version": "28.1.3", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "integrity": "sha512-8gFb/To0OmxHR9+ZTb14Df2vNxdGCX8g1xWGUTqUw5TiZvcQf5sHKObd5UcPyLLyowNwDAMTF3XWOG1B6mxl1Q==", + "dependencies": { + "@jest/schemas": "^28.1.3", + "ansi-regex": "^5.0.1", + "ansi-styles": "^5.0.0", + "react-is": "^18.0.0" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0" + } + }, + "node_modules/jest-watch-typeahead/node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jest-watch-typeahead/node_modules/react-is": { + "version": "18.2.0", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w==" + }, + "node_modules/jest-watch-typeahead/node_modules/slash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/jest-watch-typeahead/node_modules/string-length": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/string-length/-/string-length-5.0.1.tgz", + "integrity": "sha512-9Ep08KAMUn0OadnVaBuRdE2l615CQ508kr0XMadjClfYpdCyvrbFp6Taebo8yyxokQ4viUd/xPPUA4FGgUa0ow==", + "dependencies": { + "char-regex": "^2.0.0", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12.20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/jest-watch-typeahead/node_modules/string-length/node_modules/char-regex": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-2.0.1.tgz", + "integrity": "sha512-oSvEeo6ZUD7NepqAat3RqoucZ5SeqLJgOvVIwkafu6IP3V0pO38s/ypdVUmDDK6qIIHNlYHJAKX9E7R7HoKElw==", + "engines": { + "node": ">=12.20" + } + }, + "node_modules/jest-watch-typeahead/node_modules/strip-ansi": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/jest-watch-typeahead/node_modules/strip-ansi/node_modules/ansi-regex": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/jest-watcher": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-27.5.1.tgz", "integrity": "sha512-z676SuD6Z8o8qbmEGhoEUFOM1+jfEiL3DXHK/xgEiG2EyNYfFG60jluWcupY6dATjfEsKQuibReS1djInQnoVw==", - "requires": { + "dependencies": { "@jest/test-result": "^27.5.1", "@jest/types": "^27.5.1", "@types/node": "*", @@ -9340,87 +12961,181 @@ "jest-util": "^27.5.1", "string-length": "^4.0.1" }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-watcher/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", "dependencies": { - "@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "requires": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - } - }, - "@types/yargs": { - "version": "16.0.6", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", - "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", - "requires": { - "@types/yargs-parser": "*" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - } + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest-watcher/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" } }, - "jest-worker": { + "node_modules/jest-watcher/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest-worker": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz", "integrity": "sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg==", - "requires": { + "dependencies": { "@types/node": "*", "merge-stream": "^2.0.0", "supports-color": "^8.0.0" }, - "dependencies": { - "supports-color": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", - "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", - "requires": { - "has-flag": "^4.0.0" - } + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/jest-worker/node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/jest/node_modules/@jest/types": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", + "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", + "dependencies": { + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^16.0.0", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + } + }, + "node_modules/jest/node_modules/@types/yargs": { + "version": "16.0.6", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.6.tgz", + "integrity": "sha512-oTP7/Q13GSPrgcwEwdlnkoZSQ1Hg9THe644qq8PG6hhJzjZ3qj1JjEFPIwWV/IXVs5XGIVqtkNOS9kh63WIJ+A==", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/jest/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jest/node_modules/jest-cli": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-27.5.1.tgz", + "integrity": "sha512-Hc6HOOwYq4/74/c62dEE3r5elx8wjYqxY0r0G/nFrLDPMFRu6RA/u8qINOIkvhxG7mMQ5EJsOGfRpI8L6eFUVw==", + "dependencies": { + "@jest/core": "^27.5.1", + "@jest/test-result": "^27.5.1", + "@jest/types": "^27.5.1", + "chalk": "^4.0.0", + "exit": "^0.1.2", + "graceful-fs": "^4.2.9", + "import-local": "^3.0.2", + "jest-config": "^27.5.1", + "jest-util": "^27.5.1", + "jest-validate": "^27.5.1", + "prompts": "^2.0.1", + "yargs": "^16.2.0" + }, + "bin": { + "jest": "bin/jest.js" + }, + "engines": { + "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" + }, + "peerDependencies": { + "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0" + }, + "peerDependenciesMeta": { + "node-notifier": { + "optional": true } } }, - "jiti": { + "node_modules/jiti": { "version": "1.20.0", "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.20.0.tgz", - "integrity": "sha512-3TV69ZbrvV6U5DfQimop50jE9Dl6J8O1ja1dvBbMba/sZ3YBEQqJ2VZRoQPVnhlzjNtU1vaXRZVrVjU4qtm8yA==" + "integrity": "sha512-3TV69ZbrvV6U5DfQimop50jE9Dl6J8O1ja1dvBbMba/sZ3YBEQqJ2VZRoQPVnhlzjNtU1vaXRZVrVjU4qtm8yA==", + "bin": { + "jiti": "bin/jiti.js" + } }, - "js-tokens": { + "node_modules/js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==" }, - "js-yaml": { + "node_modules/js-yaml": { "version": "3.14.1", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", - "requires": { + "dependencies": { "argparse": "^1.0.7", "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" } }, - "jsbn": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz", - "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=" + "node_modules/jsbn": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz", + "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==" }, - "jsdom": { + "node_modules/jsdom": { "version": "16.7.0", "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-16.7.0.tgz", "integrity": "sha512-u9Smc2G1USStM+s/x1ru5Sxrl6mPYCbByG1U/hUmqaVsm4tbNyS7CicOSRyuGQYZhTu0h84qkZZQ/I+dzizSVw==", - "requires": { + "dependencies": { "abab": "^2.0.5", "acorn": "^8.2.4", "acorn-globals": "^6.0.0", @@ -9449,1889 +13164,2845 @@ "ws": "^7.4.6", "xml-name-validator": "^3.0.0" }, - "dependencies": { - "escodegen": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.1.0.tgz", - "integrity": "sha512-2NlIDTwUWJN0mRPQOdtQBzbUHvdGY2P1VXSyU83Q3xKxM7WHX2Ql8dKq782Q9TgQUNOLEzEYu9bzLNj1q88I5w==", - "requires": { - "esprima": "^4.0.1", - "estraverse": "^5.2.0", - "esutils": "^2.0.2", - "source-map": "~0.6.1" - } - }, - "estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==" - }, - "form-data": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz", - "integrity": "sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "canvas": "^2.5.0" + }, + "peerDependenciesMeta": { + "canvas": { "optional": true - }, - "tough-cookie": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", - "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", - "requires": { - "psl": "^1.1.33", - "punycode": "^2.1.1", - "universalify": "^0.2.0", - "url-parse": "^1.5.3" - } - }, - "tr46": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz", - "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==", - "requires": { - "punycode": "^2.1.1" - } - }, - "universalify": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", - "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==" - }, - "webidl-conversions": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz", - "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==" - }, - "whatwg-url": { - "version": "8.7.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz", - "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==", - "requires": { - "lodash": "^4.7.0", - "tr46": "^2.1.0", - "webidl-conversions": "^6.1.0" - } } } }, - "jsesc": { + "node_modules/jsdom/node_modules/escodegen": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.1.0.tgz", + "integrity": "sha512-2NlIDTwUWJN0mRPQOdtQBzbUHvdGY2P1VXSyU83Q3xKxM7WHX2Ql8dKq782Q9TgQUNOLEzEYu9bzLNj1q88I5w==", + "dependencies": { + "esprima": "^4.0.1", + "estraverse": "^5.2.0", + "esutils": "^2.0.2" + }, + "bin": { + "escodegen": "bin/escodegen.js", + "esgenerate": "bin/esgenerate.js" + }, + "engines": { + "node": ">=6.0" + }, + "optionalDependencies": { + "source-map": "~0.6.1" + } + }, + "node_modules/jsdom/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/jsdom/node_modules/form-data": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz", + "integrity": "sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/jsdom/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "optional": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/jsdom/node_modules/tough-cookie": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", + "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", + "dependencies": { + "psl": "^1.1.33", + "punycode": "^2.1.1", + "universalify": "^0.2.0", + "url-parse": "^1.5.3" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/jsdom/node_modules/tr46": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz", + "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==", + "dependencies": { + "punycode": "^2.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/jsdom/node_modules/universalify": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", + "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/jsdom/node_modules/webidl-conversions": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz", + "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==", + "engines": { + "node": ">=10.4" + } + }, + "node_modules/jsdom/node_modules/whatwg-url": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz", + "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==", + "dependencies": { + "lodash": "^4.7.0", + "tr46": "^2.1.0", + "webidl-conversions": "^6.1.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/jsesc": { "version": "2.5.2", "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", - "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==" + "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==", + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=4" + } }, - "json-buffer": { + "node_modules/json-buffer": { "version": "3.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/json-buffer/-/json-buffer-3.0.1.tgz", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", "integrity": "sha1-kziAKjDTtmBfvgYT4JQAjKjAWhM=" }, - "json-parse-even-better-errors": { + "node_modules/json-parse-even-better-errors": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==" }, - "json-schema": { + "node_modules/json-schema": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz", "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==" }, - "json-schema-traverse": { + "node_modules/json-schema-traverse": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==" }, - "json-stable-stringify-without-jsonify": { + "node_modules/json-stable-stringify-without-jsonify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==" }, - "json-stringify-safe": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", - "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=" - }, - "json5": { + "node_modules/json5": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", - "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==" + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", + "bin": { + "json5": "lib/cli.js" + }, + "engines": { + "node": ">=6" + } }, - "jsonfile": { + "node_modules/jsonfile": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", "integrity": "sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=", - "requires": { + "optionalDependencies": { "graceful-fs": "^4.1.6" } }, - "jsonpath": { + "node_modules/jsonpath": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.1.1.tgz", "integrity": "sha512-l6Cg7jRpixfbgoWgkrl77dgEj8RPvND0wMH6TwQmi9Qs4TFfS9u5cUFnbeKTwj5ga5Y3BTGGNI28k117LJ009w==", - "requires": { + "dependencies": { "esprima": "1.2.2", "static-eval": "2.0.2", "underscore": "1.12.1" + } + }, + "node_modules/jsonpath/node_modules/esprima": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-1.2.2.tgz", + "integrity": "sha512-+JpPZam9w5DuJ3Q67SqsMGtiHKENSMRVoxvArfJZK01/BfLEObtZ6orJa/MtoGNR/rfMgp5837T41PAmTwAv/A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" }, - "dependencies": { - "esprima": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/esprima/-/esprima-1.2.2.tgz", - "integrity": "sha512-+JpPZam9w5DuJ3Q67SqsMGtiHKENSMRVoxvArfJZK01/BfLEObtZ6orJa/MtoGNR/rfMgp5837T41PAmTwAv/A==" - } + "engines": { + "node": ">=0.4.0" } }, - "jsonpointer": { + "node_modules/jsonpointer": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz", - "integrity": "sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==" - }, - "jsprim": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz", - "integrity": "sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==", - "requires": { - "assert-plus": "1.0.0", - "extsprintf": "1.3.0", - "json-schema": "0.4.0", - "verror": "1.10.0" - }, - "dependencies": { - "verror": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz", - "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==", - "requires": { - "assert-plus": "^1.0.0", - "core-util-is": "1.0.2", - "extsprintf": "^1.2.0" - } - } + "integrity": "sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==", + "engines": { + "node": ">=0.10.0" } }, - "jss": { + "node_modules/jss": { "version": "10.10.0", "resolved": "https://registry.npmjs.org/jss/-/jss-10.10.0.tgz", "integrity": "sha512-cqsOTS7jqPsPMjtKYDUpdFC0AbhYFLTcuGRqymgmdJIeQ8cH7+AgX7YSgQy79wXloZq2VvATYxUOUQEvS1V/Zw==", - "requires": { + "dependencies": { "@babel/runtime": "^7.3.1", "csstype": "^3.0.2", "is-in-browser": "^1.1.3", "tiny-warning": "^1.0.2" }, - "dependencies": { - "csstype": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", - "integrity": "sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==" - } + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/jss" } }, - "jss-plugin-camel-case": { + "node_modules/jss-plugin-camel-case": { "version": "10.10.0", "resolved": "https://registry.npmjs.org/jss-plugin-camel-case/-/jss-plugin-camel-case-10.10.0.tgz", "integrity": "sha512-z+HETfj5IYgFxh1wJnUAU8jByI48ED+v0fuTuhKrPR+pRBYS2EDwbusU8aFOpCdYhtRc9zhN+PJ7iNE8pAWyPw==", - "requires": { + "dependencies": { "@babel/runtime": "^7.3.1", "hyphenate-style-name": "^1.0.3", "jss": "10.10.0" } }, - "jss-plugin-default-unit": { + "node_modules/jss-plugin-default-unit": { "version": "10.10.0", "resolved": "https://registry.npmjs.org/jss-plugin-default-unit/-/jss-plugin-default-unit-10.10.0.tgz", "integrity": "sha512-SvpajxIECi4JDUbGLefvNckmI+c2VWmP43qnEy/0eiwzRUsafg5DVSIWSzZe4d2vFX1u9nRDP46WCFV/PXVBGQ==", - "requires": { + "dependencies": { "@babel/runtime": "^7.3.1", "jss": "10.10.0" } }, - "jss-plugin-global": { + "node_modules/jss-plugin-global": { "version": "10.10.0", "resolved": "https://registry.npmjs.org/jss-plugin-global/-/jss-plugin-global-10.10.0.tgz", "integrity": "sha512-icXEYbMufiNuWfuazLeN+BNJO16Ge88OcXU5ZDC2vLqElmMybA31Wi7lZ3lf+vgufRocvPj8443irhYRgWxP+A==", - "requires": { + "dependencies": { "@babel/runtime": "^7.3.1", "jss": "10.10.0" } }, - "jss-plugin-nested": { + "node_modules/jss-plugin-nested": { "version": "10.10.0", "resolved": "https://registry.npmjs.org/jss-plugin-nested/-/jss-plugin-nested-10.10.0.tgz", "integrity": "sha512-9R4JHxxGgiZhurDo3q7LdIiDEgtA1bTGzAbhSPyIOWb7ZubrjQe8acwhEQ6OEKydzpl8XHMtTnEwHXCARLYqYA==", - "requires": { + "dependencies": { "@babel/runtime": "^7.3.1", "jss": "10.10.0", "tiny-warning": "^1.0.2" } }, - "jss-plugin-props-sort": { + "node_modules/jss-plugin-props-sort": { "version": "10.10.0", "resolved": "https://registry.npmjs.org/jss-plugin-props-sort/-/jss-plugin-props-sort-10.10.0.tgz", "integrity": "sha512-5VNJvQJbnq/vRfje6uZLe/FyaOpzP/IH1LP+0fr88QamVrGJa0hpRRyAa0ea4U/3LcorJfBFVyC4yN2QC73lJg==", - "requires": { + "dependencies": { "@babel/runtime": "^7.3.1", "jss": "10.10.0" } }, - "jss-plugin-rule-value-function": { + "node_modules/jss-plugin-rule-value-function": { "version": "10.10.0", "resolved": "https://registry.npmjs.org/jss-plugin-rule-value-function/-/jss-plugin-rule-value-function-10.10.0.tgz", "integrity": "sha512-uEFJFgaCtkXeIPgki8ICw3Y7VMkL9GEan6SqmT9tqpwM+/t+hxfMUdU4wQ0MtOiMNWhwnckBV0IebrKcZM9C0g==", - "requires": { + "dependencies": { "@babel/runtime": "^7.3.1", "jss": "10.10.0", "tiny-warning": "^1.0.2" } }, - "jss-plugin-vendor-prefixer": { + "node_modules/jss-plugin-vendor-prefixer": { "version": "10.10.0", "resolved": "https://registry.npmjs.org/jss-plugin-vendor-prefixer/-/jss-plugin-vendor-prefixer-10.10.0.tgz", "integrity": "sha512-UY/41WumgjW8r1qMCO8l1ARg7NHnfRVWRhZ2E2m0DMYsr2DD91qIXLyNhiX83hHswR7Wm4D+oDYNC1zWCJWtqg==", - "requires": { + "dependencies": { "@babel/runtime": "^7.3.1", "css-vendor": "^2.0.8", "jss": "10.10.0" } }, - "jsx-ast-utils": { + "node_modules/jss/node_modules/csstype": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", + "integrity": "sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==" + }, + "node_modules/jsx-ast-utils": { "version": "3.3.5", "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.5.tgz", "integrity": "sha512-ZZow9HBI5O6EPgSJLUb8n2NKgmVWTwCvHGwFuJlMjvLFqlGG6pjirPhtdsseaLZjSibD8eegzmYpUZwoIlj2cQ==", - "requires": { + "dependencies": { "array-includes": "^3.1.6", "array.prototype.flat": "^1.3.1", "object.assign": "^4.1.4", "object.values": "^1.1.6" + }, + "engines": { + "node": ">=4.0" } }, - "keyv": { - "version": "4.0.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/keyv/-/keyv-4.0.3.tgz", - "integrity": "sha1-TzqpjeJUgDyvzSiWc0EI2qNeQlQ=", - "requires": { + "node_modules/keyv": { + "version": "4.5.4", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", + "dependencies": { "json-buffer": "3.0.1" } }, - "kind-of": { + "node_modules/kind-of": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", - "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==" + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "engines": { + "node": ">=0.10.0" + } }, - "kleur": { + "node_modules/kleur": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", - "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==" + "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", + "engines": { + "node": ">=6" + } }, - "klona": { + "node_modules/klona": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/klona/-/klona-2.0.6.tgz", - "integrity": "sha512-dhG34DXATL5hSxJbIexCft8FChFXtmskoZYnoPWjXQuebWYCNkVeV3KkGegCK9CP1oswI/vQibS2GY7Em/sJJA==" + "integrity": "sha512-dhG34DXATL5hSxJbIexCft8FChFXtmskoZYnoPWjXQuebWYCNkVeV3KkGegCK9CP1oswI/vQibS2GY7Em/sJJA==", + "engines": { + "node": ">= 8" + } }, - "kuler": { + "node_modules/kuler": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", "integrity": "sha512-Xq9nH7KlWZmXAtodXDDRE7vs6DU1gTU8zYDHDiWLSip45Egwq3plLHzPn27NgvzL2r1LMPC1vdqh98sQxtqj4A==" }, - "language-subtag-registry": { + "node_modules/language-subtag-registry": { "version": "0.3.22", "resolved": "https://registry.npmjs.org/language-subtag-registry/-/language-subtag-registry-0.3.22.tgz", "integrity": "sha512-tN0MCzyWnoz/4nHS6uxdlFWoUZT7ABptwKPQ52Ea7URk6vll88bWBVhodtnlfEuCcKWNGoc+uGbw1cwa9IKh/w==" }, - "language-tags": { + "node_modules/language-tags": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/language-tags/-/language-tags-1.0.5.tgz", "integrity": "sha512-qJhlO9cGXi6hBGKoxEG/sKZDAHD5Hnu9Hs4WbOY3pCWXDhw0N8x1NenNzm2EnNLkLkk7J2SdxAkDSbb6ftT+UQ==", - "requires": { + "dependencies": { "language-subtag-registry": "~0.3.2" } }, - "launch-editor": { + "node_modules/launch-editor": { "version": "2.6.1", "resolved": "https://registry.npmjs.org/launch-editor/-/launch-editor-2.6.1.tgz", "integrity": "sha512-eB/uXmFVpY4zezmGp5XtU21kwo7GBbKB+EQ+UZeWtGb9yAM5xt/Evk+lYH3eRNAtId+ej4u7TYPFZ07w4s7rRw==", - "requires": { + "dependencies": { "picocolors": "^1.0.0", "shell-quote": "^1.8.1" } }, - "leven": { + "node_modules/leven": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", - "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==" + "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==", + "engines": { + "node": ">=6" + } }, - "levn": { + "node_modules/levn": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz", "integrity": "sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==", - "requires": { + "dependencies": { "prelude-ls": "~1.1.2", "type-check": "~0.3.2" + }, + "engines": { + "node": ">= 0.8.0" } }, - "lilconfig": { + "node_modules/lilconfig": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", - "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==" + "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==", + "engines": { + "node": ">=10" + } }, - "lines-and-columns": { + "node_modules/lines-and-columns": { "version": "1.2.4", "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==" }, - "loader-runner": { + "node_modules/loader-runner": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.0.tgz", - "integrity": "sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==" + "integrity": "sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==", + "engines": { + "node": ">=6.11.5" + } }, - "loader-utils": { + "node_modules/loader-utils": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.4.tgz", "integrity": "sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==", - "requires": { + "dependencies": { "big.js": "^5.2.2", "emojis-list": "^3.0.0", "json5": "^2.1.2" + }, + "engines": { + "node": ">=8.9.0" } }, - "locate-path": { + "node_modules/locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", - "requires": { + "dependencies": { "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "lodash": { + "node_modules/lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, - "lodash.debounce": { + "node_modules/lodash.debounce": { "version": "4.0.8", "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz", "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==" }, - "lodash.memoize": { + "node_modules/lodash.memoize": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", "integrity": "sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag==" }, - "lodash.merge": { + "node_modules/lodash.merge": { "version": "4.6.2", "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==" }, - "lodash.sortby": { + "node_modules/lodash.sortby": { "version": "4.7.0", "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz", "integrity": "sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA==" }, - "lodash.uniq": { + "node_modules/lodash.uniq": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz", "integrity": "sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==" }, - "logform": { + "node_modules/logform": { "version": "2.6.0", "resolved": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", "integrity": "sha512-1ulHeNPp6k/LD8H91o7VYFBng5i1BDE7HoKxVbZiGFidS1Rj65qcywLxX+pVfAPoQJEjRdvKcusKwOupHCVOVQ==", - "requires": { + "dependencies": { "@colors/colors": "1.6.0", "@types/triple-beam": "^1.3.2", "fecha": "^4.2.0", "ms": "^2.1.1", "safe-stable-stringify": "^2.3.1", "triple-beam": "^1.3.0" + }, + "engines": { + "node": ">= 12.0.0" } }, - "loose-envify": { + "node_modules/loose-envify": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", - "requires": { + "dependencies": { "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" } }, - "lower-case": { + "node_modules/lower-case": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", "integrity": "sha512-7fm3l3NAF9WfN6W3JOmf5drwpVqX78JtoGJ3A6W0a6ZnldM41w2fV5D490psKFTpMds8TJse/eHLFFsNHHjHgg==", - "requires": { - "tslib": "^2.0.3" - }, "dependencies": { - "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" - } + "tslib": "^2.0.3" } }, - "lowercase-keys": { + "node_modules/lower-case/node_modules/tslib": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + }, + "node_modules/lowercase-keys": { "version": "2.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/lowercase-keys/-/lowercase-keys-2.0.0.tgz", - "integrity": "sha1-JgPni3tLAAbLyi+8yKMgJVislHk=" + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", + "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==", + "engines": { + "node": ">=8" + } }, - "lru-cache": { + "node_modules/lru-cache": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", - "requires": { + "dependencies": { "yallist": "^3.0.2" } }, - "lunr": { + "node_modules/lunr": { "version": "2.3.9", "resolved": "https://registry.npmjs.org/lunr/-/lunr-2.3.9.tgz", "integrity": "sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow==" }, - "lz-string": { + "node_modules/lz-string": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/lz-string/-/lz-string-1.5.0.tgz", - "integrity": "sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==" + "integrity": "sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==", + "bin": { + "lz-string": "bin/bin.js" + } }, - "magic-string": { + "node_modules/magic-string": { "version": "0.25.9", "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.9.tgz", "integrity": "sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==", - "requires": { + "dependencies": { "sourcemap-codec": "^1.4.8" } }, - "make-dir": { + "node_modules/make-dir": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", - "requires": { + "dependencies": { "semver": "^6.0.0" }, - "dependencies": { - "semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" - } + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/make-dir/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" } }, - "make-error": { + "node_modules/make-error": { "version": "1.3.6", "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" }, - "makeerror": { + "node_modules/make-fetch-happen": { + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-13.0.0.tgz", + "integrity": "sha512-7ThobcL8brtGo9CavByQrQi+23aIfgYU++wg4B87AIS8Rb2ZBt/MEaDqzA00Xwv/jUjAjYkLHjVolYuTLKda2A==", + "dependencies": { + "@npmcli/agent": "^2.0.0", + "cacache": "^18.0.0", + "http-cache-semantics": "^4.1.1", + "is-lambda": "^1.0.1", + "minipass": "^7.0.2", + "minipass-fetch": "^3.0.0", + "minipass-flush": "^1.0.5", + "minipass-pipeline": "^1.2.4", + "negotiator": "^0.6.3", + "promise-retry": "^2.0.1", + "ssri": "^10.0.0" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, + "node_modules/makeerror": { "version": "1.0.12", "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", "integrity": "sha512-JmqCvUhmt43madlpFzG4BQzG2Z3m6tvQDNKdClZnO3VbIudJYmxsT0FNJMeiB2+JTSlTQTSbU8QdesVmwJcmLg==", - "requires": { + "dependencies": { "tmpl": "1.0.5" } }, - "mdn-data": { + "node_modules/mdn-data": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.4.tgz", "integrity": "sha512-iV3XNKw06j5Q7mi6h+9vbx23Tv7JkjEVgKHW4pimwyDGWm0OIQntJJ+u1C6mg6mK1EaTv42XQ7w76yuzH7M2cA==" }, - "media-typer": { + "node_modules/media-typer": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==" + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "engines": { + "node": ">= 0.6" + } }, - "memfs": { + "node_modules/memfs": { "version": "3.5.3", "resolved": "https://registry.npmjs.org/memfs/-/memfs-3.5.3.tgz", "integrity": "sha512-UERzLsxzllchadvbPs5aolHh65ISpKpM+ccLbOJ8/vvpBKmAWf+la7dXFy7Mr0ySHbdHrFv5kGFCUHHe6GFEmw==", - "requires": { + "dependencies": { "fs-monkey": "^1.0.4" + }, + "engines": { + "node": ">= 4.0.0" } }, - "merge-descriptors": { + "node_modules/merge-descriptors": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==" }, - "merge-stream": { + "node_modules/merge-stream": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==" }, - "merge2": { + "node_modules/merge2": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", - "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==" + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "engines": { + "node": ">= 8" + } }, - "methods": { + "node_modules/methods": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==" + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "engines": { + "node": ">= 0.6" + } }, - "micromatch": { + "node_modules/micromatch": { "version": "4.0.5", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", - "requires": { + "dependencies": { "braces": "^3.0.2", "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/mime-db": { + "version": "1.51.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.51.0.tgz", + "integrity": "sha512-5y8A56jg7XVQx2mbv1lu49NR4dokRnhZYTtL+KGfaa27uq4pSTXkwQkFJl4pkRMyNFz/EtYDSkiiEHx3F7UN6g==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.34", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.34.tgz", + "integrity": "sha512-6cP692WwGIs9XXdOO4++N+7qjqv0rqxxVvJ3VHPh/Sc9mVZcQP+ZGhkKiTvWMQRr2tbHkJP/Yn7Y0npb3ZBs4A==", + "dependencies": { + "mime-db": "1.51.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "engines": { + "node": ">=6" + } + }, + "node_modules/mimic-response": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-1.0.1.tgz", + "integrity": "sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==", + "engines": { + "node": ">=4" + } + }, + "node_modules/min-indent": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==", + "engines": { + "node": ">=4" + } + }, + "node_modules/mini-css-extract-plugin": { + "version": "2.7.6", + "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.6.tgz", + "integrity": "sha512-Qk7HcgaPkGG6eD77mLvZS1nmxlao3j+9PkrT9Uc7HAE1id3F41+DdBRYRYkbyfNRGzm8/YWtzhw7nVPmwhqTQw==", + "dependencies": { + "schema-utils": "^4.0.0" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + } + }, + "node_modules/mini-css-extract-plugin/node_modules/ajv": { + "version": "8.12.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", + "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/mini-css-extract-plugin/node_modules/ajv-keywords": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", + "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", + "dependencies": { + "fast-deep-equal": "^3.1.3" + }, + "peerDependencies": { + "ajv": "^8.8.2" + } + }, + "node_modules/mini-css-extract-plugin/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, + "node_modules/mini-css-extract-plugin/node_modules/schema-utils": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", + "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", + "dependencies": { + "@types/json-schema": "^7.0.9", + "ajv": "^8.9.0", + "ajv-formats": "^2.1.1", + "ajv-keywords": "^5.1.0" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/minimalistic-assert": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", + "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/minimist": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==" + }, + "node_modules/minipass": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "integrity": "sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==", + "engines": { + "node": ">=16 || 14 >=14.17" + } + }, + "node_modules/minipass-collect": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/minipass-collect/-/minipass-collect-2.0.1.tgz", + "integrity": "sha512-D7V8PO9oaz7PWGLbCACuI1qEOsq7UKfLotx/C0Aet43fCUB/wfQ7DYeq2oR/svFJGYDHPr38SHATeaj/ZoKHKw==", + "dependencies": { + "minipass": "^7.0.3" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + } + }, + "node_modules/minipass-fetch": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-3.0.4.tgz", + "integrity": "sha512-jHAqnA728uUpIaFm7NWsCnqKT6UqZz7GcI/bDpPATuwYyKwJwW0remxSCxUlKiEty+eopHGa3oc8WxgQ1FFJqg==", + "dependencies": { + "minipass": "^7.0.3", + "minipass-sized": "^1.0.3", + "minizlib": "^2.1.2" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + }, + "optionalDependencies": { + "encoding": "^0.1.13" + } + }, + "node_modules/minipass-flush": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/minipass-flush/-/minipass-flush-1.0.5.tgz", + "integrity": "sha512-JmQSYYpPUqX5Jyn1mXaRwOda1uQ8HP5KAT/oDSLCzt1BYRhQU0/hDtsB1ufZfEEzMZ9aAVmsBw8+FWsIXlClWw==", + "dependencies": { + "minipass": "^3.0.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/minipass-flush/node_modules/minipass": { + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", + "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/minipass-flush/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, + "node_modules/minipass-pipeline": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/minipass-pipeline/-/minipass-pipeline-1.2.4.tgz", + "integrity": "sha512-xuIq7cIOt09RPRJ19gdi4b+RiNvDFYe5JH+ggNvBqGqpQXcru3PcRmOZuHBKWK1Txf9+cQ+HMVN4d6z46LZP7A==", + "dependencies": { + "minipass": "^3.0.0" + }, + "engines": { + "node": ">=8" } }, - "mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==" + "node_modules/minipass-pipeline/node_modules/minipass": { + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", + "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=8" + } }, - "mime-db": { - "version": "1.51.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.51.0.tgz", - "integrity": "sha512-5y8A56jg7XVQx2mbv1lu49NR4dokRnhZYTtL+KGfaa27uq4pSTXkwQkFJl4pkRMyNFz/EtYDSkiiEHx3F7UN6g==" + "node_modules/minipass-pipeline/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, - "mime-types": { - "version": "2.1.34", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.34.tgz", - "integrity": "sha512-6cP692WwGIs9XXdOO4++N+7qjqv0rqxxVvJ3VHPh/Sc9mVZcQP+ZGhkKiTvWMQRr2tbHkJP/Yn7Y0npb3ZBs4A==", - "requires": { - "mime-db": "1.51.0" + "node_modules/minipass-sized": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/minipass-sized/-/minipass-sized-1.0.3.tgz", + "integrity": "sha512-MbkQQ2CTiBMlA2Dm/5cY+9SWFEN8pzzOXi6rlM5Xxq0Yqbda5ZQy9sU75a673FE9ZK0Zsbr6Y5iP6u9nktfg2g==", + "dependencies": { + "minipass": "^3.0.0" + }, + "engines": { + "node": ">=8" } }, - "mimic-fn": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", - "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==" - }, - "mimic-response": { - "version": "2.1.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/mimic-response/-/mimic-response-2.1.0.tgz", - "integrity": "sha1-0Tdj019hPQnsN+uzC6wEacDuj0M=" + "node_modules/minipass-sized/node_modules/minipass": { + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", + "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=8" + } }, - "min-indent": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", - "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==" + "node_modules/minipass-sized/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, - "mini-css-extract-plugin": { - "version": "2.7.6", - "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.6.tgz", - "integrity": "sha512-Qk7HcgaPkGG6eD77mLvZS1nmxlao3j+9PkrT9Uc7HAE1id3F41+DdBRYRYkbyfNRGzm8/YWtzhw7nVPmwhqTQw==", - "requires": { - "schema-utils": "^4.0.0" - }, + "node_modules/minizlib": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", + "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", "dependencies": { - "ajv": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", - "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", - "requires": { - "fast-deep-equal": "^3.1.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" - } - }, - "ajv-keywords": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", - "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", - "requires": { - "fast-deep-equal": "^3.1.3" - } - }, - "json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" - }, - "schema-utils": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", - "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", - "requires": { - "@types/json-schema": "^7.0.9", - "ajv": "^8.9.0", - "ajv-formats": "^2.1.1", - "ajv-keywords": "^5.1.0" - } - } + "minipass": "^3.0.0", + "yallist": "^4.0.0" + }, + "engines": { + "node": ">= 8" } }, - "minimalistic-assert": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", - "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" - }, - "minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", - "requires": { - "brace-expansion": "^1.1.7" + "node_modules/minizlib/node_modules/minipass": { + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", + "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=8" } }, - "minimist": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", - "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==" + "node_modules/minizlib/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, - "mkdirp": { + "node_modules/mkdirp": { "version": "0.5.5", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", - "requires": { + "dependencies": { "minimist": "^1.2.5" + }, + "bin": { + "mkdirp": "bin/cmd.js" } }, - "ms": { + "node_modules/mkdirp-classic": { + "version": "0.5.3", + "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz", + "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==" + }, + "node_modules/ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, - "multicast-dns": { + "node_modules/multicast-dns": { "version": "7.2.5", "resolved": "https://registry.npmjs.org/multicast-dns/-/multicast-dns-7.2.5.tgz", "integrity": "sha512-2eznPJP8z2BFLX50tf0LuODrpINqP1RVIm/CObbTcBRITQgmC/TjcREF1NeTBzIcR5XO/ukWo+YHOjBbFwIupg==", - "requires": { + "dependencies": { "dns-packet": "^5.2.2", "thunky": "^1.0.2" + }, + "bin": { + "multicast-dns": "cli.js" } }, - "mz": { + "node_modules/mz": { "version": "2.7.0", "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==", - "requires": { + "dependencies": { "any-promise": "^1.0.0", "object-assign": "^4.0.1", "thenify-all": "^1.0.0" } }, - "nan": { - "version": "2.14.2", - "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.2.tgz", - "integrity": "sha512-M2ufzIiINKCuDfBSAUr1vWQ+vuVcA9kqx8JJUsbQi6yf1uGRyb7HfpdfUr5qLXf3B/t8dPvcjhKMmlfnP47EzQ==" - }, - "nanoid": { + "node_modules/nanoid": { "version": "3.3.6", "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", - "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==" + "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } }, - "natural-compare": { + "node_modules/natural-compare": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==" }, - "natural-compare-lite": { + "node_modules/natural-compare-lite": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/natural-compare-lite/-/natural-compare-lite-1.4.0.tgz", "integrity": "sha512-Tj+HTDSJJKaZnfiuw+iaF9skdPpTo2GtEly5JHnWV/hfv2Qj/9RKsGISQtLh2ox3l5EAGw487hnBee0sIJ6v2g==" }, - "needle": { - "version": "2.6.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/needle/-/needle-2.6.0.tgz", - "integrity": "sha1-JNu1XyUJ4jJLSpnWH0E5ggE8zb4=", - "requires": { - "debug": "^3.2.6", - "iconv-lite": "^0.4.4", - "sax": "^1.2.4" - }, - "dependencies": { - "debug": { - "version": "3.2.7", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/debug/-/debug-3.2.7.tgz", - "integrity": "sha1-clgLfpFF+zm2Z2+cXl+xALk0F5o=", - "requires": { - "ms": "^2.1.1" - } - } - } - }, - "negotiator": { + "node_modules/negotiator": { "version": "0.6.3", "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", - "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==" + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "engines": { + "node": ">= 0.6" + } }, - "neo-async": { + "node_modules/neo-async": { "version": "2.6.2", "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==" }, - "no-case": { + "node_modules/no-case": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", "integrity": "sha512-fgAN3jGAh+RoxUGZHTSOLJIqUc2wmoBwGR4tbpNAKmmovFoWq0OdRkb0VkldReO2a2iBT/OEulG9XSUc10r3zg==", - "requires": { + "dependencies": { "lower-case": "^2.0.2", "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" - } } }, - "node-fetch": { + "node_modules/no-case/node_modules/tslib": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + }, + "node_modules/node-fetch": { "version": "2.7.0", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", - "requires": { + "dependencies": { "whatwg-url": "^5.0.0" + }, + "engines": { + "node": "4.x || >=6.0.0" + }, + "peerDependencies": { + "encoding": "^0.1.0" + }, + "peerDependenciesMeta": { + "encoding": { + "optional": true + } } }, - "node-forge": { + "node_modules/node-forge": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", - "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==" + "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "engines": { + "node": ">= 6.13.0" + } + }, + "node_modules/node-gyp": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/node-gyp/-/node-gyp-10.0.1.tgz", + "integrity": "sha512-gg3/bHehQfZivQVfqIyy8wTdSymF9yTyP4CJifK73imyNMU8AIGQE2pUa7dNWfmMeG9cDVF2eehiRMv0LC1iAg==", + "dependencies": { + "env-paths": "^2.2.0", + "exponential-backoff": "^3.1.1", + "glob": "^10.3.10", + "graceful-fs": "^4.2.6", + "make-fetch-happen": "^13.0.0", + "nopt": "^7.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "tar": "^6.1.2", + "which": "^4.0.0" + }, + "bin": { + "node-gyp": "bin/node-gyp.js" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, + "node_modules/node-gyp/node_modules/abbrev": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "integrity": "sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ==", + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, + "node_modules/node-gyp/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/node-gyp/node_modules/glob": { + "version": "10.3.10", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", + "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", + "dependencies": { + "foreground-child": "^3.1.0", + "jackspeak": "^2.3.5", + "minimatch": "^9.0.1", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", + "path-scurry": "^1.10.1" + }, + "bin": { + "glob": "dist/esm/bin.mjs" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/node-gyp/node_modules/isexe": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "integrity": "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==", + "engines": { + "node": ">=16" + } + }, + "node_modules/node-gyp/node_modules/minimatch": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", + "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/node-gyp/node_modules/nopt": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "integrity": "sha512-CVDtwCdhYIvnAzFoJ6NJ6dX3oga9/HyciQDnG1vQDjSLMeKLJ4A93ZqYKDrgYSr1FBY5/hMYC+2VCi24pgpkGA==", + "dependencies": { + "abbrev": "^2.0.0" + }, + "bin": { + "nopt": "bin/nopt.js" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } }, - "node-gyp": { + "node_modules/node-gyp/node_modules/which": { "version": "4.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/node-gyp/-/node-gyp-4.0.0.tgz", - "integrity": "sha1-lyZUr05d0M0qGQgbS0b+BEK6b0U=", - "requires": { - "glob": "^7.0.3", - "graceful-fs": "^4.1.2", - "mkdirp": "^0.5.0", - "nopt": "2 || 3", - "npmlog": "0 || 1 || 2 || 3 || 4", - "osenv": "0", - "request": "^2.87.0", - "rimraf": "2", - "semver": "~5.3.0", - "tar": "^4.4.8", - "which": "1" - }, - "dependencies": { - "rimraf": { - "version": "2.7.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha1-NXl/E6f9rcVmFCwp1PB8ytSD4+w=", - "requires": { - "glob": "^7.1.3" - } - }, - "semver": { - "version": "5.3.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/semver/-/semver-5.3.0.tgz", - "integrity": "sha1-myzl094C0XxgEq0yaqa00M9U+U8=" - } + "resolved": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "integrity": "sha512-GlaYyEb07DPxYCKhKzplCWBJtvxZcZMrL+4UkrTSJHHPyZU4mYYTv3qaOe77H7EODLSSopAUFAc6W8U4yqvscg==", + "dependencies": { + "isexe": "^3.1.1" + }, + "bin": { + "node-which": "bin/which.js" + }, + "engines": { + "node": "^16.13.0 || >=18.0.0" } }, - "node-html-parser": { + "node_modules/node-html-parser": { "version": "5.4.2", "resolved": "https://registry.npmjs.org/node-html-parser/-/node-html-parser-5.4.2.tgz", "integrity": "sha512-RaBPP3+51hPne/OolXxcz89iYvQvKOydaqoePpOgXcrOKZhjVIzmpKZz+Hd/RBO2/zN2q6CNJhQzucVz+u3Jyw==", - "requires": { + "dependencies": { "css-select": "^4.2.1", "he": "1.2.0" } }, - "node-int64": { + "node_modules/node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", "integrity": "sha512-O5lz91xSOeoXP6DulyHfllpq+Eg00MWitZIbtPfoSEvqIHdl5gfcY6hYzDWnj0qD5tz52PI08u9qUvSVeUBeHw==" }, - "node-pre-gyp": { - "version": "0.13.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/node-pre-gyp/-/node-pre-gyp-0.13.0.tgz", - "integrity": "sha1-35q3to3WSYE3cXg45PkqM/ydqkI=", - "requires": { - "detect-libc": "^1.0.2", - "mkdirp": "^0.5.1", - "needle": "^2.2.1", - "nopt": "^4.0.1", - "npm-packlist": "^1.1.6", - "npmlog": "^4.0.2", - "rc": "^1.2.7", - "rimraf": "^2.6.1", - "semver": "^5.3.0", - "tar": "^4" - }, - "dependencies": { - "nopt": { - "version": "4.0.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/nopt/-/nopt-4.0.3.tgz", - "integrity": "sha1-o3XK2dAv2SEnjZVMIlTVqlfhXkg=", - "requires": { - "abbrev": "1", - "osenv": "^0.1.4" - } - }, - "rimraf": { - "version": "2.7.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha1-NXl/E6f9rcVmFCwp1PB8ytSD4+w=", - "requires": { - "glob": "^7.1.3" - } - }, - "semver": { - "version": "5.7.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/semver/-/semver-5.7.1.tgz", - "integrity": "sha1-qVT5Ma66UI0we78Gnv8MAclhFvc=" - } - } - }, - "node-releases": { + "node_modules/node-releases": { "version": "2.0.13", "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.13.tgz", "integrity": "sha512-uYr7J37ae/ORWdZeQ1xxMJe3NtdmqMC/JZK+geofDrkLUApKRHPd18/TxtBOJ4A0/+uUIliorNrfYV6s1b02eQ==" }, - "nodegit": { - "version": "0.27.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/nodegit/-/nodegit-0.27.0.tgz", - "integrity": "sha1-TozCNvYOHJcySlrP+ZBW/hFqbr4=", - "requires": { + "node_modules/nodegit": { + "version": "0.28.0-alpha.24", + "resolved": "https://registry.npmjs.org/nodegit/-/nodegit-0.28.0-alpha.24.tgz", + "integrity": "sha512-8EIKwUE3ioml5m6/p2VPbTjDNsyOrImHbjSSFTVQBZLH4oXKpHhmG8TiaVDEqrOFAG7pAcqpHxAMRlUGlkng+Q==", + "hasInstallScript": true, + "dependencies": { + "@axosoft/nan": "^2.18.0-gk.2", + "@mapbox/node-pre-gyp": "^1.0.8", "fs-extra": "^7.0.0", - "got": "^10.7.0", + "got": "^11.8.6", "json5": "^2.1.0", "lodash": "^4.17.14", - "nan": "^2.14.0", - "node-gyp": "^4.0.0", - "node-pre-gyp": "^0.13.0", + "node-gyp": "^10.0.1", "ramda": "^0.25.0", - "tar-fs": "^1.16.3" + "tar-fs": "^2.1.1" + }, + "engines": { + "node": ">= 16" } }, - "nopt": { - "version": "3.0.6", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/nopt/-/nopt-3.0.6.tgz", - "integrity": "sha1-xkZdvwirzU2zWTF/eaxopkayj/k=", - "requires": { + "node_modules/nopt": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz", + "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==", + "dependencies": { "abbrev": "1" + }, + "bin": { + "nopt": "bin/nopt.js" + }, + "engines": { + "node": ">=6" } }, - "normalize-path": { + "node_modules/normalize-path": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", - "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==" + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "engines": { + "node": ">=0.10.0" + } }, - "normalize-range": { + "node_modules/normalize-range": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", - "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==" - }, - "normalize-url": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.1.tgz", - "integrity": "sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA==" - }, - "npm-bundled": { - "version": "1.1.2", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/npm-bundled/-/npm-bundled-1.1.2.tgz", - "integrity": "sha1-lEx4eJvXOQNbcLqiylzDK42GC8E=", - "requires": { - "npm-normalize-package-bin": "^1.0.1" + "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==", + "engines": { + "node": ">=0.10.0" } }, - "npm-normalize-package-bin": { - "version": "1.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/npm-normalize-package-bin/-/npm-normalize-package-bin-1.0.1.tgz", - "integrity": "sha1-bnmkHyP9I1wGIyGCKNp9nCO49uI=" - }, - "npm-packlist": { - "version": "1.4.8", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/npm-packlist/-/npm-packlist-1.4.8.tgz", - "integrity": "sha1-Vu5swTW5+YrT1Rwcldoiu7my7z4=", - "requires": { - "ignore-walk": "^3.0.1", - "npm-bundled": "^1.0.1", - "npm-normalize-package-bin": "^1.0.1" + "node_modules/normalize-url": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz", + "integrity": "sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "npm-run-path": { + "node_modules/npm-run-path": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", - "requires": { + "dependencies": { "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" } }, - "npmlog": { - "version": "4.1.2", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/npmlog/-/npmlog-4.1.2.tgz", - "integrity": "sha1-CKfyqL9zRgR3mp76StXMcXq7lUs=", - "requires": { - "are-we-there-yet": "~1.1.2", - "console-control-strings": "~1.1.0", - "gauge": "~2.7.3", - "set-blocking": "~2.0.0" + "node_modules/npmlog": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/npmlog/-/npmlog-5.0.1.tgz", + "integrity": "sha512-AqZtDUWOMKs1G/8lwylVjrdYgqA4d9nu8hc+0gzRxlDb1I10+FHBGMXs6aiQHFdCUUlqH99MUMuLfzWDNDtfxw==", + "dependencies": { + "are-we-there-yet": "^2.0.0", + "console-control-strings": "^1.1.0", + "gauge": "^3.0.0", + "set-blocking": "^2.0.0" } }, - "nth-check": { + "node_modules/nth-check": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz", "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==", - "requires": { + "dependencies": { "boolbase": "^1.0.0" + }, + "funding": { + "url": "https://github.com/fb55/nth-check?sponsor=1" } }, - "number-is-nan": { - "version": "1.0.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/number-is-nan/-/number-is-nan-1.0.1.tgz", - "integrity": "sha1-CXtgK1NCKlIsGvuHkDGDNpQaAR0=" - }, - "nwsapi": { + "node_modules/nwsapi": { "version": "2.2.7", "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.7.tgz", "integrity": "sha512-ub5E4+FBPKwAZx0UwIQOjYWGHTEq5sPqHQNRN8Z9e4A7u3Tj1weLJsL59yH9vmvqEtBHaOmT6cYQKIZOxp35FQ==" }, - "oauth-sign": { - "version": "0.9.0", - "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz", - "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==" - }, - "object-assign": { + "node_modules/object-assign": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=" + "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=", + "engines": { + "node": ">=0.10.0" + } }, - "object-hash": { + "node_modules/object-hash": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", - "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==" + "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==", + "engines": { + "node": ">= 6" + } }, - "object-inspect": { + "node_modules/object-inspect": { "version": "1.13.0", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.0.tgz", - "integrity": "sha512-HQ4J+ic8hKrgIt3mqk6cVOVrW2ozL4KdvHlqpBv9vDYWx9ysAgENAdvy4FoGF+KFdhR7nQTNm5J0ctAeOwn+3g==" + "integrity": "sha512-HQ4J+ic8hKrgIt3mqk6cVOVrW2ozL4KdvHlqpBv9vDYWx9ysAgENAdvy4FoGF+KFdhR7nQTNm5J0ctAeOwn+3g==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "object-keys": { + "node_modules/object-keys": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", - "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==" + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "engines": { + "node": ">= 0.4" + } }, - "object.assign": { + "node_modules/object.assign": { "version": "4.1.4", "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.4.tgz", "integrity": "sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.1.4", "has-symbols": "^1.0.3", "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "object.entries": { + "node_modules/object.entries": { "version": "1.1.7", "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.1.7.tgz", "integrity": "sha512-jCBs/0plmPsOnrKAfFQXRG2NFjlhZgjjcBLSmTnEhU8U6vVTsVe8ANeQJCHTl3gSsI4J+0emOoCgoKlmQPMgmA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1" + }, + "engines": { + "node": ">= 0.4" } }, - "object.fromentries": { + "node_modules/object.fromentries": { "version": "2.0.7", "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.7.tgz", "integrity": "sha512-UPbPHML6sL8PI/mOqPwsH4G6iyXcCGzLin8KvEPenOZN5lpCNBZZQ+V62vdjB1mQHrmqGQt5/OJzemUA+KJmEA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "object.getownpropertydescriptors": { + "node_modules/object.getownpropertydescriptors": { "version": "2.1.7", "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.7.tgz", "integrity": "sha512-PrJz0C2xJ58FNn11XV2lr4Jt5Gzl94qpy9Lu0JlfEj14z88sqbSBJCBEzdlNUCzY2gburhbrwOZ5BHCmuNUy0g==", - "requires": { + "dependencies": { "array.prototype.reduce": "^1.0.6", "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "safe-array-concat": "^1.0.0" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "object.groupby": { + "node_modules/object.groupby": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/object.groupby/-/object.groupby-1.0.1.tgz", "integrity": "sha512-HqaQtqLnp/8Bn4GL16cj+CUYbnpe1bh0TtEaWvybszDG4tgxCJuRpV8VGuvNaI1fAnI4lUJzDG55MXcOH4JZcQ==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "get-intrinsic": "^1.2.1" } }, - "object.hasown": { + "node_modules/object.hasown": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.1.3.tgz", "integrity": "sha512-fFI4VcYpRHvSLXxP7yiZOMAd331cPfd2p7PFDVbgUsYOfCT3tICVqXWngbjr4m49OvsBwUBQ6O2uQoJvy3RexA==", - "requires": { + "dependencies": { "define-properties": "^1.2.0", "es-abstract": "^1.22.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "object.values": { + "node_modules/object.values": { "version": "1.1.7", "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.7.tgz", "integrity": "sha512-aU6xnDFYT3x17e/f0IiiwlGPTy2jzMySGfUB4fq6z7CV8l85CWHDk5ErhyhpfDHhrOMwGFhSQkhMGHaIotA6Ng==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "obuf": { + "node_modules/obuf": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/obuf/-/obuf-1.1.2.tgz", "integrity": "sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg==" }, - "on-finished": { + "node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", - "requires": { + "dependencies": { "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" } }, - "on-headers": { + "node_modules/on-headers": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", - "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==" + "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==", + "engines": { + "node": ">= 0.8" + } }, - "once": { + "node_modules/once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", - "requires": { + "dependencies": { "wrappy": "1" } }, - "one-time": { + "node_modules/one-time": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", "integrity": "sha512-5DXOiRKwuSEcQ/l0kGCF6Q3jcADFv5tSmRaJck/OqkVFcOzutB134KRSfF0xDrL39MNnqxbHBbUUcjZIhTgb2g==", - "requires": { + "dependencies": { "fn.name": "1.x.x" } }, - "onetime": { + "node_modules/onetime": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", - "requires": { + "dependencies": { "mimic-fn": "^2.1.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "open": { + "node_modules/open": { "version": "8.4.2", "resolved": "https://registry.npmjs.org/open/-/open-8.4.2.tgz", "integrity": "sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ==", - "requires": { + "dependencies": { "define-lazy-prop": "^2.0.0", "is-docker": "^2.1.1", "is-wsl": "^2.2.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "optionator": { + "node_modules/optionator": { "version": "0.8.3", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz", "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==", - "requires": { + "dependencies": { "deep-is": "~0.1.3", "fast-levenshtein": "~2.0.6", "levn": "~0.3.0", "prelude-ls": "~1.1.2", "type-check": "~0.3.2", "word-wrap": "~1.2.3" + }, + "engines": { + "node": ">= 0.8.0" } }, - "os-homedir": { - "version": "1.0.2", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/os-homedir/-/os-homedir-1.0.2.tgz", - "integrity": "sha1-/7xJiDNuDoM94MFox+8VISGqf7M=" - }, - "os-tmpdir": { - "version": "1.0.2", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/os-tmpdir/-/os-tmpdir-1.0.2.tgz", - "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=" - }, - "osenv": { - "version": "0.1.5", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/osenv/-/osenv-0.1.5.tgz", - "integrity": "sha1-hc36+uso6Gd/QW4odZK18/SepBA=", - "requires": { - "os-homedir": "^1.0.0", - "os-tmpdir": "^1.0.0" - } - }, - "p-cancelable": { + "node_modules/p-cancelable": { "version": "2.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/p-cancelable/-/p-cancelable-2.1.1.tgz", - "integrity": "sha1-qrf71BZYL6MqPbSYWcEiSHxe0s8=" - }, - "p-event": { - "version": "4.2.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/p-event/-/p-event-4.2.0.tgz", - "integrity": "sha1-r0sEnIrNka6BCD69Hm9criBEwbU=", - "requires": { - "p-timeout": "^3.1.0" + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.1.1.tgz", + "integrity": "sha512-BZOr3nRQHOntUjTrH8+Lh54smKHoHyur8We1V8DSMVrl5A2malOOwuJRnKRDjSnkoeBh4at6BwEnb5I7Jl31wg==", + "engines": { + "node": ">=8" } }, - "p-finally": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", - "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" - }, - "p-limit": { + "node_modules/p-limit": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", - "requires": { + "dependencies": { "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "p-locate": { + "node_modules/p-locate": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", - "requires": { + "dependencies": { "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "p-retry": { + "node_modules/p-map": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz", + "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==", + "dependencies": { + "aggregate-error": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-retry": { "version": "4.6.2", "resolved": "https://registry.npmjs.org/p-retry/-/p-retry-4.6.2.tgz", "integrity": "sha512-312Id396EbJdvRONlngUx0NydfrIQ5lsYu0znKVUzVvArzEIt08V1qhtyESbGVd1FGX7UKtiFp5uwKZdM8wIuQ==", - "requires": { + "dependencies": { "@types/retry": "0.12.0", "retry": "^0.13.1" + }, + "engines": { + "node": ">=8" } }, - "p-timeout": { - "version": "3.2.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/p-timeout/-/p-timeout-3.2.0.tgz", - "integrity": "sha1-x+F6vJcdKnli74NiazXWNazyPf4=", - "requires": { - "p-finally": "^1.0.0" - } - }, - "p-try": { + "node_modules/p-try": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", - "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==" + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "engines": { + "node": ">=6" + } }, - "param-case": { + "node_modules/param-case": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", "integrity": "sha512-RXlj7zCYokReqWpOPH9oYivUzLYZ5vAPIfEmCTNViosC78F8F0H9y7T7gG2M39ymgutxF5gcFEsyZQSph9Bp3A==", - "requires": { + "dependencies": { "dot-case": "^3.0.4", "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" - } } }, - "parent-module": { + "node_modules/param-case/node_modules/tslib": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + }, + "node_modules/parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", - "requires": { + "dependencies": { "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" } }, - "parse-json": { + "node_modules/parse-json": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", - "requires": { + "dependencies": { "@babel/code-frame": "^7.0.0", "error-ex": "^1.3.1", "json-parse-even-better-errors": "^2.3.0", "lines-and-columns": "^1.1.6" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "parse5": { + "node_modules/parse5": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz", "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==" }, - "parseurl": { + "node_modules/parseurl": { "version": "1.3.3", "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "engines": { + "node": ">= 0.8" + } }, - "pascal-case": { + "node_modules/pascal-case": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", "integrity": "sha512-uWlGT3YSnK9x3BQJaOdcZwrnV6hPpd8jFH1/ucpiLRPh/2zCVJKS19E4GvYHvaCcACn3foXZ0cLB9Wrx1KGe5g==", - "requires": { + "dependencies": { "no-case": "^3.0.4", "tslib": "^2.0.3" - }, - "dependencies": { - "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" - } } }, - "path-exists": { + "node_modules/pascal-case/node_modules/tslib": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + }, + "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", - "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==" + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "engines": { + "node": ">=8" + } }, - "path-is-absolute": { + "node_modules/path-is-absolute": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=" + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "engines": { + "node": ">=0.10.0" + } }, - "path-key": { + "node_modules/path-key": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", - "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==" + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "engines": { + "node": ">=8" + } }, - "path-parse": { + "node_modules/path-parse": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" }, - "path-to-regexp": { + "node_modules/path-scurry": { + "version": "1.10.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz", + "integrity": "sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==", + "dependencies": { + "lru-cache": "^9.1.1 || ^10.0.0", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/path-scurry/node_modules/lru-cache": { + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "integrity": "sha512-2bIM8x+VAf6JT4bKAljS1qUWgMsqZRPGJS6FSahIMPVvctcNhyVp7AJu7quxOW9jwkryBReKZY5tY5JYv2n/7Q==", + "engines": { + "node": "14 || >=16.14" + } + }, + "node_modules/path-to-regexp": { "version": "1.8.0", "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz", "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==", - "requires": { - "isarray": "0.0.1" - }, "dependencies": { - "isarray": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", - "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==" - } + "isarray": "0.0.1" } }, - "path-type": { + "node_modules/path-to-regexp/node_modules/isarray": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", + "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==" + }, + "node_modules/path-type": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", - "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==" + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "engines": { + "node": ">=8" + } }, - "performance-now": { + "node_modules/performance-now": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz", "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=" }, - "picocolors": { + "node_modules/picocolors": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==" }, - "picomatch": { + "node_modules/picomatch": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==" + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } }, - "pify": { + "node_modules/pify": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==" + "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", + "engines": { + "node": ">=0.10.0" + } }, - "pirates": { + "node_modules/pirates": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", - "integrity": "sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg==" + "integrity": "sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg==", + "engines": { + "node": ">= 6" + } }, - "pkg-dir": { + "node_modules/pkg-dir": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", - "requires": { + "dependencies": { "find-up": "^4.0.0" }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", "dependencies": { - "find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "requires": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - } - }, - "locate-path": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", - "requires": { - "p-locate": "^4.1.0" - } - }, - "p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "requires": { - "p-try": "^2.0.0" - } - }, - "p-locate": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", - "requires": { - "p-limit": "^2.2.0" - } - } + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/pkg-dir/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" } }, - "pkg-up": { + "node_modules/pkg-up": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/pkg-up/-/pkg-up-3.1.0.tgz", "integrity": "sha512-nDywThFk1i4BQK4twPQ6TA4RT8bDY96yeuCVBWL3ePARCiEKDRSrNGbFIgUJpLp+XeIR65v8ra7WuJOFUBtkMA==", - "requires": { + "dependencies": { "find-up": "^3.0.0" }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-up/node_modules/find-up": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz", + "integrity": "sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==", "dependencies": { - "find-up": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz", - "integrity": "sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==", - "requires": { - "locate-path": "^3.0.0" - } - }, - "locate-path": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz", - "integrity": "sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==", - "requires": { - "p-locate": "^3.0.0", - "path-exists": "^3.0.0" - } - }, - "p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "requires": { - "p-try": "^2.0.0" - } - }, - "p-locate": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz", - "integrity": "sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==", - "requires": { - "p-limit": "^2.0.0" - } - }, - "path-exists": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", - "integrity": "sha512-bpC7GYwiDYQ4wYLe+FA8lhRjhQCMcQGuSgGGqDkg/QerRWw9CmGRT0iSOVRSZJ29NMLZgIzqaljJ63oaL4NIJQ==" - } + "locate-path": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/pkg-up/node_modules/locate-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz", + "integrity": "sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==", + "dependencies": { + "p-locate": "^3.0.0", + "path-exists": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/pkg-up/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/pkg-up/node_modules/p-locate": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz", + "integrity": "sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==", + "dependencies": { + "p-limit": "^2.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/pkg-up/node_modules/path-exists": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", + "integrity": "sha512-bpC7GYwiDYQ4wYLe+FA8lhRjhQCMcQGuSgGGqDkg/QerRWw9CmGRT0iSOVRSZJ29NMLZgIzqaljJ63oaL4NIJQ==", + "engines": { + "node": ">=4" } }, - "popper.js": { + "node_modules/popper.js": { "version": "1.16.1-lts", "resolved": "https://registry.npmjs.org/popper.js/-/popper.js-1.16.1-lts.tgz", "integrity": "sha512-Kjw8nKRl1m+VrSFCoVGPph93W/qrSO7ZkqPpTf7F4bk/sqcfWK019dWBUpE/fBOsOQY1dks/Bmcbfn1heM/IsA==" }, - "postcss": { + "node_modules/postcss": { "version": "8.4.31", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==", - "requires": { + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { "nanoid": "^3.3.6", "picocolors": "^1.0.0", "source-map-js": "^1.0.2" + }, + "engines": { + "node": "^10 || ^12 || >=14" } }, - "postcss-attribute-case-insensitive": { + "node_modules/postcss-attribute-case-insensitive": { "version": "5.0.2", "resolved": "https://registry.npmjs.org/postcss-attribute-case-insensitive/-/postcss-attribute-case-insensitive-5.0.2.tgz", "integrity": "sha512-XIidXV8fDr0kKt28vqki84fRK8VW8eTuIa4PChv2MqKuT6C9UjmSKzen6KaWhWEoYvwxFCa7n/tC1SZ3tyq4SQ==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.10" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-browser-comments": { + "node_modules/postcss-browser-comments": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/postcss-browser-comments/-/postcss-browser-comments-4.0.0.tgz", - "integrity": "sha512-X9X9/WN3KIvY9+hNERUqX9gncsgBA25XaeR+jshHz2j8+sYyHktHw1JdKuMjeLpGktXidqDhA7b/qm1mrBDmgg==" + "integrity": "sha512-X9X9/WN3KIvY9+hNERUqX9gncsgBA25XaeR+jshHz2j8+sYyHktHw1JdKuMjeLpGktXidqDhA7b/qm1mrBDmgg==", + "engines": { + "node": ">=8" + }, + "peerDependencies": { + "browserslist": ">=4", + "postcss": ">=8" + } }, - "postcss-calc": { + "node_modules/postcss-calc": { "version": "8.2.4", "resolved": "https://registry.npmjs.org/postcss-calc/-/postcss-calc-8.2.4.tgz", "integrity": "sha512-SmWMSJmB8MRnnULldx0lQIyhSNvuDl9HfrZkaqqE/WHAhToYsAvDq+yAsA/kIyINDszOp3Rh0GFoNuH5Ypsm3Q==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.9", "postcss-value-parser": "^4.2.0" + }, + "peerDependencies": { + "postcss": "^8.2.2" } }, - "postcss-clamp": { + "node_modules/postcss-clamp": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/postcss-clamp/-/postcss-clamp-4.1.0.tgz", "integrity": "sha512-ry4b1Llo/9zz+PKC+030KUnPITTJAHeOwjfAyyB60eT0AorGLdzp52s31OsPRHRf8NchkgFoG2y6fCfn1IV1Ow==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=7.6.0" + }, + "peerDependencies": { + "postcss": "^8.4.6" } }, - "postcss-color-functional-notation": { + "node_modules/postcss-color-functional-notation": { "version": "4.2.4", "resolved": "https://registry.npmjs.org/postcss-color-functional-notation/-/postcss-color-functional-notation-4.2.4.tgz", "integrity": "sha512-2yrTAUZUab9s6CpxkxC4rVgFEVaR6/2Pipvi6qcgvnYiVqZcbDHEoBDhrXzyb7Efh2CCfHQNtcqWcIruDTIUeg==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-color-hex-alpha": { + "node_modules/postcss-color-hex-alpha": { "version": "8.0.4", "resolved": "https://registry.npmjs.org/postcss-color-hex-alpha/-/postcss-color-hex-alpha-8.0.4.tgz", "integrity": "sha512-nLo2DCRC9eE4w2JmuKgVA3fGL3d01kGq752pVALF68qpGLmx2Qrk91QTKkdUqqp45T1K1XV8IhQpcu1hoAQflQ==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.4" } }, - "postcss-color-rebeccapurple": { + "node_modules/postcss-color-rebeccapurple": { "version": "7.1.1", "resolved": "https://registry.npmjs.org/postcss-color-rebeccapurple/-/postcss-color-rebeccapurple-7.1.1.tgz", "integrity": "sha512-pGxkuVEInwLHgkNxUc4sdg4g3py7zUeCQ9sMfwyHAT+Ezk8a4OaaVZ8lIY5+oNqA/BXXgLyXv0+5wHP68R79hg==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-colormin": { + "node_modules/postcss-colormin": { "version": "5.3.1", "resolved": "https://registry.npmjs.org/postcss-colormin/-/postcss-colormin-5.3.1.tgz", "integrity": "sha512-UsWQG0AqTFQmpBegeLLc1+c3jIqBNB0zlDGRWR+dQ3pRKJL1oeMzyqmH3o2PIfn9MBdNrVPWhDbT769LxCTLJQ==", - "requires": { + "dependencies": { "browserslist": "^4.21.4", "caniuse-api": "^3.0.0", "colord": "^2.9.1", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-convert-values": { + "node_modules/postcss-convert-values": { "version": "5.1.3", "resolved": "https://registry.npmjs.org/postcss-convert-values/-/postcss-convert-values-5.1.3.tgz", "integrity": "sha512-82pC1xkJZtcJEfiLw6UXnXVXScgtBrjlO5CBmuDQc+dlb88ZYheFsjTn40+zBVi3DkfF7iezO0nJUPLcJK3pvA==", - "requires": { + "dependencies": { "browserslist": "^4.21.4", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-custom-media": { + "node_modules/postcss-custom-media": { "version": "8.0.2", "resolved": "https://registry.npmjs.org/postcss-custom-media/-/postcss-custom-media-8.0.2.tgz", "integrity": "sha512-7yi25vDAoHAkbhAzX9dHx2yc6ntS4jQvejrNcC+csQJAXjj15e7VcWfMgLqBNAbOvqi5uIa9huOVwdHbf+sKqg==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.3" } }, - "postcss-custom-properties": { + "node_modules/postcss-custom-properties": { "version": "12.1.11", "resolved": "https://registry.npmjs.org/postcss-custom-properties/-/postcss-custom-properties-12.1.11.tgz", "integrity": "sha512-0IDJYhgU8xDv1KY6+VgUwuQkVtmYzRwu+dMjnmdMafXYv86SWqfxkc7qdDvWS38vsjaEtv8e0vGOUQrAiMBLpQ==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-custom-selectors": { + "node_modules/postcss-custom-selectors": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/postcss-custom-selectors/-/postcss-custom-selectors-6.0.3.tgz", "integrity": "sha512-fgVkmyiWDwmD3JbpCmB45SvvlCD6z9CG6Ie6Iere22W5aHea6oWa7EM2bpnv2Fj3I94L3VbtvX9KqwSi5aFzSg==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.4" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.3" } }, - "postcss-dir-pseudo-class": { + "node_modules/postcss-dir-pseudo-class": { "version": "6.0.5", "resolved": "https://registry.npmjs.org/postcss-dir-pseudo-class/-/postcss-dir-pseudo-class-6.0.5.tgz", "integrity": "sha512-eqn4m70P031PF7ZQIvSgy9RSJ5uI2171O/OO/zcRNYpJbvaeKFUlar1aJ7rmgiQtbm0FSPsRewjpdS0Oew7MPA==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.10" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-discard-comments": { + "node_modules/postcss-discard-comments": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/postcss-discard-comments/-/postcss-discard-comments-5.1.2.tgz", - "integrity": "sha512-+L8208OVbHVF2UQf1iDmRcbdjJkuBF6IS29yBDSiWUIzpYaAhtNl6JYnYm12FnkeCwQqF5LeklOu6rAqgfBZqQ==" + "integrity": "sha512-+L8208OVbHVF2UQf1iDmRcbdjJkuBF6IS29yBDSiWUIzpYaAhtNl6JYnYm12FnkeCwQqF5LeklOu6rAqgfBZqQ==", + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" + } }, - "postcss-discard-duplicates": { + "node_modules/postcss-discard-duplicates": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-discard-duplicates/-/postcss-discard-duplicates-5.1.0.tgz", - "integrity": "sha512-zmX3IoSI2aoenxHV6C7plngHWWhUOV3sP1T8y2ifzxzbtnuhk1EdPwm0S1bIUNaJ2eNbWeGLEwzw8huPD67aQw==" + "integrity": "sha512-zmX3IoSI2aoenxHV6C7plngHWWhUOV3sP1T8y2ifzxzbtnuhk1EdPwm0S1bIUNaJ2eNbWeGLEwzw8huPD67aQw==", + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" + } }, - "postcss-discard-empty": { + "node_modules/postcss-discard-empty": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/postcss-discard-empty/-/postcss-discard-empty-5.1.1.tgz", - "integrity": "sha512-zPz4WljiSuLWsI0ir4Mcnr4qQQ5e1Ukc3i7UfE2XcrwKK2LIPIqE5jxMRxO6GbI3cv//ztXDsXwEWT3BHOGh3A==" + "integrity": "sha512-zPz4WljiSuLWsI0ir4Mcnr4qQQ5e1Ukc3i7UfE2XcrwKK2LIPIqE5jxMRxO6GbI3cv//ztXDsXwEWT3BHOGh3A==", + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" + } }, - "postcss-discard-overridden": { + "node_modules/postcss-discard-overridden": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-discard-overridden/-/postcss-discard-overridden-5.1.0.tgz", - "integrity": "sha512-21nOL7RqWR1kasIVdKs8HNqQJhFxLsyRfAnUDm4Fe4t4mCWL9OJiHvlHPjcd8zc5Myu89b/7wZDnOSjFgeWRtw==" + "integrity": "sha512-21nOL7RqWR1kasIVdKs8HNqQJhFxLsyRfAnUDm4Fe4t4mCWL9OJiHvlHPjcd8zc5Myu89b/7wZDnOSjFgeWRtw==", + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" + } }, - "postcss-double-position-gradients": { + "node_modules/postcss-double-position-gradients": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/postcss-double-position-gradients/-/postcss-double-position-gradients-3.1.2.tgz", "integrity": "sha512-GX+FuE/uBR6eskOK+4vkXgT6pDkexLokPaz/AbJna9s5Kzp/yl488pKPjhy0obB475ovfT1Wv8ho7U/cHNaRgQ==", - "requires": { + "dependencies": { "@csstools/postcss-progressive-custom-properties": "^1.1.0", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-env-function": { + "node_modules/postcss-env-function": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/postcss-env-function/-/postcss-env-function-4.0.6.tgz", "integrity": "sha512-kpA6FsLra+NqcFnL81TnsU+Z7orGtDTxcOhl6pwXeEq1yFPpRMkCDpHhrz8CFQDr/Wfm0jLiNQ1OsGGPjlqPwA==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.4" } }, - "postcss-flexbugs-fixes": { + "node_modules/postcss-flexbugs-fixes": { "version": "5.0.2", "resolved": "https://registry.npmjs.org/postcss-flexbugs-fixes/-/postcss-flexbugs-fixes-5.0.2.tgz", - "integrity": "sha512-18f9voByak7bTktR2QgDveglpn9DTbBWPUzSOe9g0N4WR/2eSt6Vrcbf0hmspvMI6YWGywz6B9f7jzpFNJJgnQ==" + "integrity": "sha512-18f9voByak7bTktR2QgDveglpn9DTbBWPUzSOe9g0N4WR/2eSt6Vrcbf0hmspvMI6YWGywz6B9f7jzpFNJJgnQ==", + "peerDependencies": { + "postcss": "^8.1.4" + } }, - "postcss-focus-visible": { + "node_modules/postcss-focus-visible": { "version": "6.0.4", "resolved": "https://registry.npmjs.org/postcss-focus-visible/-/postcss-focus-visible-6.0.4.tgz", "integrity": "sha512-QcKuUU/dgNsstIK6HELFRT5Y3lbrMLEOwG+A4s5cA+fx3A3y/JTq3X9LaOj3OC3ALH0XqyrgQIgey/MIZ8Wczw==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.9" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.4" } }, - "postcss-focus-within": { + "node_modules/postcss-focus-within": { "version": "5.0.4", "resolved": "https://registry.npmjs.org/postcss-focus-within/-/postcss-focus-within-5.0.4.tgz", "integrity": "sha512-vvjDN++C0mu8jz4af5d52CB184ogg/sSxAFS+oUJQq2SuCe7T5U2iIsVJtsCp2d6R4j0jr5+q3rPkBVZkXD9fQ==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.9" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.4" } }, - "postcss-font-variant": { + "node_modules/postcss-font-variant": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/postcss-font-variant/-/postcss-font-variant-5.0.0.tgz", - "integrity": "sha512-1fmkBaCALD72CK2a9i468mA/+tr9/1cBxRRMXOUaZqO43oWPR5imcyPjXwuv7PXbCid4ndlP5zWhidQVVa3hmA==" + "integrity": "sha512-1fmkBaCALD72CK2a9i468mA/+tr9/1cBxRRMXOUaZqO43oWPR5imcyPjXwuv7PXbCid4ndlP5zWhidQVVa3hmA==", + "peerDependencies": { + "postcss": "^8.1.0" + } }, - "postcss-gap-properties": { + "node_modules/postcss-gap-properties": { "version": "3.0.5", "resolved": "https://registry.npmjs.org/postcss-gap-properties/-/postcss-gap-properties-3.0.5.tgz", - "integrity": "sha512-IuE6gKSdoUNcvkGIqdtjtcMtZIFyXZhmFd5RUlg97iVEvp1BZKV5ngsAjCjrVy+14uhGBQl9tzmi1Qwq4kqVOg==" + "integrity": "sha512-IuE6gKSdoUNcvkGIqdtjtcMtZIFyXZhmFd5RUlg97iVEvp1BZKV5ngsAjCjrVy+14uhGBQl9tzmi1Qwq4kqVOg==", + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" + } }, - "postcss-image-set-function": { + "node_modules/postcss-image-set-function": { "version": "4.0.7", "resolved": "https://registry.npmjs.org/postcss-image-set-function/-/postcss-image-set-function-4.0.7.tgz", "integrity": "sha512-9T2r9rsvYzm5ndsBE8WgtrMlIT7VbtTfE7b3BQnudUqnBcBo7L758oc+o+pdj/dUV0l5wjwSdjeOH2DZtfv8qw==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-import": { + "node_modules/postcss-import": { "version": "15.1.0", "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", "integrity": "sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.0.0", "read-cache": "^1.0.0", "resolve": "^1.1.7" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "postcss": "^8.0.0" } }, - "postcss-initial": { + "node_modules/postcss-initial": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/postcss-initial/-/postcss-initial-4.0.1.tgz", - "integrity": "sha512-0ueD7rPqX8Pn1xJIjay0AZeIuDoF+V+VvMt/uOnn+4ezUKhZM/NokDeP6DwMNyIoYByuN/94IQnt5FEkaN59xQ==" + "integrity": "sha512-0ueD7rPqX8Pn1xJIjay0AZeIuDoF+V+VvMt/uOnn+4ezUKhZM/NokDeP6DwMNyIoYByuN/94IQnt5FEkaN59xQ==", + "peerDependencies": { + "postcss": "^8.0.0" + } }, - "postcss-js": { + "node_modules/postcss-js": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", "integrity": "sha512-dDLF8pEO191hJMtlHFPRa8xsizHaM82MLfNkUHdUtVEV3tgTp5oj+8qbEqYM57SLfc74KSbw//4SeJma2LRVIw==", - "requires": { + "dependencies": { "camelcase-css": "^2.0.1" + }, + "engines": { + "node": "^12 || ^14 || >= 16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + "peerDependencies": { + "postcss": "^8.4.21" } }, - "postcss-lab-function": { + "node_modules/postcss-lab-function": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/postcss-lab-function/-/postcss-lab-function-4.2.1.tgz", "integrity": "sha512-xuXll4isR03CrQsmxyz92LJB2xX9n+pZJ5jE9JgcnmsCammLyKdlzrBin+25dy6wIjfhJpKBAN80gsTlCgRk2w==", - "requires": { + "dependencies": { "@csstools/postcss-progressive-custom-properties": "^1.1.0", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-load-config": { + "node_modules/postcss-load-config": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.1.tgz", "integrity": "sha512-vEJIc8RdiBRu3oRAI0ymerOn+7rPuMvRXslTvZUKZonDHFIczxztIyJ1urxM1x9JXEikvpWWTUUqal5j/8QgvA==", - "requires": { + "dependencies": { "lilconfig": "^2.0.5", "yaml": "^2.1.1" }, - "dependencies": { - "yaml": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.3.tgz", - "integrity": "sha512-zw0VAJxgeZ6+++/su5AFoqBbZbrEakwu+X0M5HmcwUiBL7AzcuPKjj5we4xfQLp78LkEMpD0cOnUhmgOVy3KdQ==" + "engines": { + "node": ">= 14" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + "peerDependencies": { + "postcss": ">=8.0.9", + "ts-node": ">=9.0.0" + }, + "peerDependenciesMeta": { + "postcss": { + "optional": true + }, + "ts-node": { + "optional": true } } }, - "postcss-loader": { + "node_modules/postcss-load-config/node_modules/yaml": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.3.tgz", + "integrity": "sha512-zw0VAJxgeZ6+++/su5AFoqBbZbrEakwu+X0M5HmcwUiBL7AzcuPKjj5we4xfQLp78LkEMpD0cOnUhmgOVy3KdQ==", + "engines": { + "node": ">= 14" + } + }, + "node_modules/postcss-loader": { "version": "6.2.1", "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-6.2.1.tgz", "integrity": "sha512-WbbYpmAaKcux/P66bZ40bpWsBucjx/TTgVVzRZ9yUO8yQfVBlameJ0ZGVaPfH64hNSBh63a+ICP5nqOpBA0w+Q==", - "requires": { + "dependencies": { "cosmiconfig": "^7.0.0", "klona": "^2.0.5", "semver": "^7.3.5" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "postcss": "^7.0.0 || ^8.0.1", + "webpack": "^5.0.0" } }, - "postcss-logical": { + "node_modules/postcss-logical": { "version": "5.0.4", "resolved": "https://registry.npmjs.org/postcss-logical/-/postcss-logical-5.0.4.tgz", - "integrity": "sha512-RHXxplCeLh9VjinvMrZONq7im4wjWGlRJAqmAVLXyZaXwfDWP73/oq4NdIp+OZwhQUMj0zjqDfM5Fj7qby+B4g==" + "integrity": "sha512-RHXxplCeLh9VjinvMrZONq7im4wjWGlRJAqmAVLXyZaXwfDWP73/oq4NdIp+OZwhQUMj0zjqDfM5Fj7qby+B4g==", + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.4" + } }, - "postcss-media-minmax": { + "node_modules/postcss-media-minmax": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/postcss-media-minmax/-/postcss-media-minmax-5.0.0.tgz", - "integrity": "sha512-yDUvFf9QdFZTuCUg0g0uNSHVlJ5X1lSzDZjPSFaiCWvjgsvu8vEVxtahPrLMinIDEEGnx6cBe6iqdx5YWz08wQ==" + "integrity": "sha512-yDUvFf9QdFZTuCUg0g0uNSHVlJ5X1lSzDZjPSFaiCWvjgsvu8vEVxtahPrLMinIDEEGnx6cBe6iqdx5YWz08wQ==", + "engines": { + "node": ">=10.0.0" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } }, - "postcss-merge-longhand": { + "node_modules/postcss-merge-longhand": { "version": "5.1.7", "resolved": "https://registry.npmjs.org/postcss-merge-longhand/-/postcss-merge-longhand-5.1.7.tgz", "integrity": "sha512-YCI9gZB+PLNskrK0BB3/2OzPnGhPkBEwmwhfYk1ilBHYVAZB7/tkTHFBAnCrvBBOmeYyMYw3DMjT55SyxMBzjQ==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0", "stylehacks": "^5.1.1" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-merge-rules": { + "node_modules/postcss-merge-rules": { "version": "5.1.4", "resolved": "https://registry.npmjs.org/postcss-merge-rules/-/postcss-merge-rules-5.1.4.tgz", "integrity": "sha512-0R2IuYpgU93y9lhVbO/OylTtKMVcHb67zjWIfCiKR9rWL3GUk1677LAqD/BcHizukdZEjT8Ru3oHRoAYoJy44g==", - "requires": { + "dependencies": { "browserslist": "^4.21.4", "caniuse-api": "^3.0.0", "cssnano-utils": "^3.1.0", "postcss-selector-parser": "^6.0.5" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-minify-font-values": { + "node_modules/postcss-minify-font-values": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-minify-font-values/-/postcss-minify-font-values-5.1.0.tgz", "integrity": "sha512-el3mYTgx13ZAPPirSVsHqFzl+BBBDrXvbySvPGFnQcTI4iNslrPaFq4muTkLZmKlGk4gyFAYUBMH30+HurREyA==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-minify-gradients": { + "node_modules/postcss-minify-gradients": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/postcss-minify-gradients/-/postcss-minify-gradients-5.1.1.tgz", "integrity": "sha512-VGvXMTpCEo4qHTNSa9A0a3D+dxGFZCYwR6Jokk+/3oB6flu2/PnPXAh2x7x52EkY5xlIHLm+Le8tJxe/7TNhzw==", - "requires": { + "dependencies": { "colord": "^2.9.1", "cssnano-utils": "^3.1.0", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-minify-params": { + "node_modules/postcss-minify-params": { "version": "5.1.4", "resolved": "https://registry.npmjs.org/postcss-minify-params/-/postcss-minify-params-5.1.4.tgz", "integrity": "sha512-+mePA3MgdmVmv6g+30rn57USjOGSAyuxUmkfiWpzalZ8aiBkdPYjXWtHuwJGm1v5Ojy0Z0LaSYhHaLJQB0P8Jw==", - "requires": { + "dependencies": { "browserslist": "^4.21.4", "cssnano-utils": "^3.1.0", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-minify-selectors": { + "node_modules/postcss-minify-selectors": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/postcss-minify-selectors/-/postcss-minify-selectors-5.2.1.tgz", "integrity": "sha512-nPJu7OjZJTsVUmPdm2TcaiohIwxP+v8ha9NehQ2ye9szv4orirRU3SDdtUmKH+10nzn0bAyOXZ0UEr7OpvLehg==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.5" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-modules-extract-imports": { + "node_modules/postcss-modules-extract-imports": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/postcss-modules-extract-imports/-/postcss-modules-extract-imports-3.0.0.tgz", - "integrity": "sha512-bdHleFnP3kZ4NYDhuGlVK+CMrQ/pqUm8bx/oGL93K6gVwiclvX5x0n76fYMKuIGKzlABOy13zsvqjb0f92TEXw==" + "integrity": "sha512-bdHleFnP3kZ4NYDhuGlVK+CMrQ/pqUm8bx/oGL93K6gVwiclvX5x0n76fYMKuIGKzlABOy13zsvqjb0f92TEXw==", + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } }, - "postcss-modules-local-by-default": { + "node_modules/postcss-modules-local-by-default": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.0.3.tgz", "integrity": "sha512-2/u2zraspoACtrbFRnTijMiQtb4GW4BvatjaG/bCjYQo8kLTdevCUlwuBHx2sCnSyrI3x3qj4ZK1j5LQBgzmwA==", - "requires": { + "dependencies": { "icss-utils": "^5.0.0", "postcss-selector-parser": "^6.0.2", "postcss-value-parser": "^4.1.0" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" } }, - "postcss-modules-scope": { + "node_modules/postcss-modules-scope": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/postcss-modules-scope/-/postcss-modules-scope-3.0.0.tgz", "integrity": "sha512-hncihwFA2yPath8oZ15PZqvWGkWf+XUfQgUGamS4LqoP1anQLOsOJw0vr7J7IwLpoY9fatA2qiGUGmuZL0Iqlg==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.4" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" } }, - "postcss-modules-values": { + "node_modules/postcss-modules-values": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/postcss-modules-values/-/postcss-modules-values-4.0.0.tgz", "integrity": "sha512-RDxHkAiEGI78gS2ofyvCsu7iycRv7oqw5xMWn9iMoR0N/7mf9D50ecQqUo5BZ9Zh2vH4bCUR/ktCqbB9m8vJjQ==", - "requires": { + "dependencies": { "icss-utils": "^5.0.0" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" } }, - "postcss-nested": { + "node_modules/postcss-nested": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", "integrity": "sha512-mEp4xPMi5bSWiMbsgoPfcP74lsWLHkQbZc3sY+jWYd65CUwXrUaTp0fmNpa01ZcETKlIgUdFN/MpS2xZtqL9dQ==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.11" + }, + "engines": { + "node": ">=12.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + "peerDependencies": { + "postcss": "^8.2.14" } }, - "postcss-nesting": { + "node_modules/postcss-nesting": { "version": "10.2.0", "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-10.2.0.tgz", "integrity": "sha512-EwMkYchxiDiKUhlJGzWsD9b2zvq/r2SSubcRrgP+jujMXFzqvANLt16lJANC+5uZ6hjI7lpRmI6O8JIl+8l1KA==", - "requires": { + "dependencies": { "@csstools/selector-specificity": "^2.0.0", "postcss-selector-parser": "^6.0.10" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-normalize": { + "node_modules/postcss-normalize": { "version": "10.0.1", "resolved": "https://registry.npmjs.org/postcss-normalize/-/postcss-normalize-10.0.1.tgz", "integrity": "sha512-+5w18/rDev5mqERcG3W5GZNMJa1eoYYNGo8gB7tEwaos0ajk3ZXAI4mHGcNT47NE+ZnZD1pEpUOFLvltIwmeJA==", - "requires": { + "dependencies": { "@csstools/normalize.css": "*", "postcss-browser-comments": "^4", "sanitize.css": "*" + }, + "engines": { + "node": ">= 12" + }, + "peerDependencies": { + "browserslist": ">= 4", + "postcss": ">= 8" } }, - "postcss-normalize-charset": { + "node_modules/postcss-normalize-charset": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-normalize-charset/-/postcss-normalize-charset-5.1.0.tgz", - "integrity": "sha512-mSgUJ+pd/ldRGVx26p2wz9dNZ7ji6Pn8VWBajMXFf8jk7vUoSrZ2lt/wZR7DtlZYKesmZI680qjr2CeFF2fbUg==" + "integrity": "sha512-mSgUJ+pd/ldRGVx26p2wz9dNZ7ji6Pn8VWBajMXFf8jk7vUoSrZ2lt/wZR7DtlZYKesmZI680qjr2CeFF2fbUg==", + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" + } }, - "postcss-normalize-display-values": { + "node_modules/postcss-normalize-display-values": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-normalize-display-values/-/postcss-normalize-display-values-5.1.0.tgz", "integrity": "sha512-WP4KIM4o2dazQXWmFaqMmcvsKmhdINFblgSeRgn8BJ6vxaMyaJkwAzpPpuvSIoG/rmX3M+IrRZEz2H0glrQNEA==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-normalize-positions": { + "node_modules/postcss-normalize-positions": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/postcss-normalize-positions/-/postcss-normalize-positions-5.1.1.tgz", "integrity": "sha512-6UpCb0G4eofTCQLFVuI3EVNZzBNPiIKcA1AKVka+31fTVySphr3VUgAIULBhxZkKgwLImhzMR2Bw1ORK+37INg==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-normalize-repeat-style": { + "node_modules/postcss-normalize-repeat-style": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/postcss-normalize-repeat-style/-/postcss-normalize-repeat-style-5.1.1.tgz", "integrity": "sha512-mFpLspGWkQtBcWIRFLmewo8aC3ImN2i/J3v8YCFUwDnPu3Xz4rLohDO26lGjwNsQxB3YF0KKRwspGzE2JEuS0g==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-normalize-string": { + "node_modules/postcss-normalize-string": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-normalize-string/-/postcss-normalize-string-5.1.0.tgz", "integrity": "sha512-oYiIJOf4T9T1N4i+abeIc7Vgm/xPCGih4bZz5Nm0/ARVJ7K6xrDlLwvwqOydvyL3RHNf8qZk6vo3aatiw/go3w==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-normalize-timing-functions": { + "node_modules/postcss-normalize-timing-functions": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-normalize-timing-functions/-/postcss-normalize-timing-functions-5.1.0.tgz", "integrity": "sha512-DOEkzJ4SAXv5xkHl0Wa9cZLF3WCBhF3o1SKVxKQAa+0pYKlueTpCgvkFAHfk+Y64ezX9+nITGrDZeVGgITJXjg==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-normalize-unicode": { + "node_modules/postcss-normalize-unicode": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/postcss-normalize-unicode/-/postcss-normalize-unicode-5.1.1.tgz", "integrity": "sha512-qnCL5jzkNUmKVhZoENp1mJiGNPcsJCs1aaRmURmeJGES23Z/ajaln+EPTD+rBeNkSryI+2WTdW+lwcVdOikrpA==", - "requires": { + "dependencies": { "browserslist": "^4.21.4", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-normalize-url": { + "node_modules/postcss-normalize-url": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-normalize-url/-/postcss-normalize-url-5.1.0.tgz", "integrity": "sha512-5upGeDO+PVthOxSmds43ZeMeZfKH+/DKgGRD7TElkkyS46JXAUhMzIKiCa7BabPeIy3AQcTkXwVVN7DbqsiCew==", - "requires": { + "dependencies": { "normalize-url": "^6.0.1", "postcss-value-parser": "^4.2.0" }, - "dependencies": { - "normalize-url": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz", - "integrity": "sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A==" - } + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-normalize-whitespace": { + "node_modules/postcss-normalize-whitespace": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/postcss-normalize-whitespace/-/postcss-normalize-whitespace-5.1.1.tgz", "integrity": "sha512-83ZJ4t3NUDETIHTa3uEg6asWjSBYL5EdkVB0sDncx9ERzOKBVJIUeDO9RyA9Zwtig8El1d79HBp0JEi8wvGQnA==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-opacity-percentage": { + "node_modules/postcss-opacity-percentage": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/postcss-opacity-percentage/-/postcss-opacity-percentage-1.1.3.tgz", - "integrity": "sha512-An6Ba4pHBiDtyVpSLymUUERMo2cU7s+Obz6BTrS+gxkbnSBNKSuD0AVUc+CpBMrpVPKKfoVz0WQCX+Tnst0i4A==" + "integrity": "sha512-An6Ba4pHBiDtyVpSLymUUERMo2cU7s+Obz6BTrS+gxkbnSBNKSuD0AVUc+CpBMrpVPKKfoVz0WQCX+Tnst0i4A==", + "funding": [ + { + "type": "kofi", + "url": "https://ko-fi.com/mrcgrtz" + }, + { + "type": "liberapay", + "url": "https://liberapay.com/mrcgrtz" + } + ], + "engines": { + "node": "^12 || ^14 || >=16" + }, + "peerDependencies": { + "postcss": "^8.2" + } }, - "postcss-ordered-values": { + "node_modules/postcss-ordered-values": { "version": "5.1.3", "resolved": "https://registry.npmjs.org/postcss-ordered-values/-/postcss-ordered-values-5.1.3.tgz", "integrity": "sha512-9UO79VUhPwEkzbb3RNpqqghc6lcYej1aveQteWY+4POIwlqkYE21HKWaLDF6lWNuqCobEAyTovVhtI32Rbv2RQ==", - "requires": { + "dependencies": { "cssnano-utils": "^3.1.0", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-overflow-shorthand": { + "node_modules/postcss-overflow-shorthand": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/postcss-overflow-shorthand/-/postcss-overflow-shorthand-3.0.4.tgz", "integrity": "sha512-otYl/ylHK8Y9bcBnPLo3foYFLL6a6Ak+3EQBPOTR7luMYCOsiVTUk1iLvNf6tVPNGXcoL9Hoz37kpfriRIFb4A==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-page-break": { + "node_modules/postcss-page-break": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/postcss-page-break/-/postcss-page-break-3.0.4.tgz", - "integrity": "sha512-1JGu8oCjVXLa9q9rFTo4MbeeA5FMe00/9C7lN4va606Rdb+HkxXtXsmEDrIraQ11fGz/WvKWa8gMuCKkrXpTsQ==" + "integrity": "sha512-1JGu8oCjVXLa9q9rFTo4MbeeA5FMe00/9C7lN4va606Rdb+HkxXtXsmEDrIraQ11fGz/WvKWa8gMuCKkrXpTsQ==", + "peerDependencies": { + "postcss": "^8" + } }, - "postcss-place": { + "node_modules/postcss-place": { "version": "7.0.5", "resolved": "https://registry.npmjs.org/postcss-place/-/postcss-place-7.0.5.tgz", "integrity": "sha512-wR8igaZROA6Z4pv0d+bvVrvGY4GVHihBCBQieXFY3kuSuMyOmEnnfFzHl/tQuqHZkfkIVBEbDvYcFfHmpSet9g==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-preset-env": { + "node_modules/postcss-preset-env": { "version": "7.8.3", "resolved": "https://registry.npmjs.org/postcss-preset-env/-/postcss-preset-env-7.8.3.tgz", "integrity": "sha512-T1LgRm5uEVFSEF83vHZJV2z19lHg4yJuZ6gXZZkqVsqv63nlr6zabMH3l4Pc01FQCyfWVrh2GaUeCVy9Po+Aag==", - "requires": { + "dependencies": { "@csstools/postcss-cascade-layers": "^1.1.1", "@csstools/postcss-color-function": "^1.1.1", "@csstools/postcss-font-format-keywords": "^1.0.1", @@ -11381,318 +16052,462 @@ "postcss-replace-overflow-wrap": "^4.0.0", "postcss-selector-not": "^6.0.1", "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-pseudo-class-any-link": { + "node_modules/postcss-pseudo-class-any-link": { "version": "7.1.6", "resolved": "https://registry.npmjs.org/postcss-pseudo-class-any-link/-/postcss-pseudo-class-any-link-7.1.6.tgz", "integrity": "sha512-9sCtZkO6f/5ML9WcTLcIyV1yz9D1rf0tWc+ulKcvV30s0iZKS/ONyETvoWsr6vnrmW+X+KmuK3gV/w5EWnT37w==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.10" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-reduce-initial": { + "node_modules/postcss-reduce-initial": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/postcss-reduce-initial/-/postcss-reduce-initial-5.1.2.tgz", "integrity": "sha512-dE/y2XRaqAi6OvjzD22pjTUQ8eOfc6m/natGHgKFBK9DxFmIm69YmaRVQrGgFlEfc1HePIurY0TmDeROK05rIg==", - "requires": { + "dependencies": { "browserslist": "^4.21.4", "caniuse-api": "^3.0.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-reduce-transforms": { + "node_modules/postcss-reduce-transforms": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-reduce-transforms/-/postcss-reduce-transforms-5.1.0.tgz", "integrity": "sha512-2fbdbmgir5AvpW9RLtdONx1QoYG2/EtqpNQbFASDlixBbAYuTcJ0dECwlqNqH7VbaUnEnh8SrxOe2sRIn24XyQ==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-replace-overflow-wrap": { + "node_modules/postcss-replace-overflow-wrap": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/postcss-replace-overflow-wrap/-/postcss-replace-overflow-wrap-4.0.0.tgz", - "integrity": "sha512-KmF7SBPphT4gPPcKZc7aDkweHiKEEO8cla/GjcBK+ckKxiZslIu3C4GCRW3DNfL0o7yW7kMQu9xlZ1kXRXLXtw==" + "integrity": "sha512-KmF7SBPphT4gPPcKZc7aDkweHiKEEO8cla/GjcBK+ckKxiZslIu3C4GCRW3DNfL0o7yW7kMQu9xlZ1kXRXLXtw==", + "peerDependencies": { + "postcss": "^8.0.3" + } }, - "postcss-selector-not": { + "node_modules/postcss-selector-not": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/postcss-selector-not/-/postcss-selector-not-6.0.1.tgz", "integrity": "sha512-1i9affjAe9xu/y9uqWH+tD4r6/hDaXJruk8xn2x1vzxC2U3J3LKO3zJW4CyxlNhA56pADJ/djpEwpH1RClI2rQ==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.10" + }, + "engines": { + "node": "^12 || ^14 || >=16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + "peerDependencies": { + "postcss": "^8.2" } }, - "postcss-selector-parser": { + "node_modules/postcss-selector-parser": { "version": "6.0.13", "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.13.tgz", "integrity": "sha512-EaV1Gl4mUEV4ddhDnv/xtj7sxwrwxdetHdWUGnT4VJQf+4d05v6lHYZr8N573k5Z0BViss7BDhfWtKS3+sfAqQ==", - "requires": { + "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" } }, - "postcss-svgo": { + "node_modules/postcss-svgo": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/postcss-svgo/-/postcss-svgo-5.1.0.tgz", "integrity": "sha512-D75KsH1zm5ZrHyxPakAxJWtkyXew5qwS70v56exwvw542d9CRtTo78K0WeFxZB4G7JXKKMbEZtZayTGdIky/eA==", - "requires": { + "dependencies": { "postcss-value-parser": "^4.2.0", "svgo": "^2.7.0" }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" + } + }, + "node_modules/postcss-svgo/node_modules/css-tree": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.3.tgz", + "integrity": "sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==", "dependencies": { - "css-tree": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.3.tgz", - "integrity": "sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==", - "requires": { - "mdn-data": "2.0.14", - "source-map": "^0.6.1" - } - }, - "mdn-data": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz", - "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==" - }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - }, - "svgo": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/svgo/-/svgo-2.8.0.tgz", - "integrity": "sha512-+N/Q9kV1+F+UeWYoSiULYo4xYSDQlTgb+ayMobAXPwMnLvop7oxKMo9OzIrX5x3eS4L4f2UHhc9axXwY8DpChg==", - "requires": { - "@trysound/sax": "0.2.0", - "commander": "^7.2.0", - "css-select": "^4.1.3", - "css-tree": "^1.1.3", - "csso": "^4.2.0", - "picocolors": "^1.0.0", - "stable": "^0.1.8" - } - } + "mdn-data": "2.0.14", + "source-map": "^0.6.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/postcss-svgo/node_modules/mdn-data": { + "version": "2.0.14", + "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz", + "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==" + }, + "node_modules/postcss-svgo/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" } }, - "postcss-unique-selectors": { + "node_modules/postcss-svgo/node_modules/svgo": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/svgo/-/svgo-2.8.0.tgz", + "integrity": "sha512-+N/Q9kV1+F+UeWYoSiULYo4xYSDQlTgb+ayMobAXPwMnLvop7oxKMo9OzIrX5x3eS4L4f2UHhc9axXwY8DpChg==", + "dependencies": { + "@trysound/sax": "0.2.0", + "commander": "^7.2.0", + "css-select": "^4.1.3", + "css-tree": "^1.1.3", + "csso": "^4.2.0", + "picocolors": "^1.0.0", + "stable": "^0.1.8" + }, + "bin": { + "svgo": "bin/svgo" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/postcss-unique-selectors": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/postcss-unique-selectors/-/postcss-unique-selectors-5.1.1.tgz", "integrity": "sha512-5JiODlELrz8L2HwxfPnhOWZYWDxVHWL83ufOv84NrcgipI7TaeRsatAhK4Tr2/ZiYldpK/wBvw5BD3qfaK96GA==", - "requires": { + "dependencies": { "postcss-selector-parser": "^6.0.5" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "postcss-value-parser": { + "node_modules/postcss-value-parser": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==" }, - "prelude-ls": { + "node_modules/prelude-ls": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz", - "integrity": "sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==" + "integrity": "sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==", + "engines": { + "node": ">= 0.8.0" + } }, - "pretty-bytes": { + "node_modules/pretty-bytes": { "version": "5.6.0", "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.6.0.tgz", - "integrity": "sha512-FFw039TmrBqFK8ma/7OL3sDz/VytdtJr044/QUJtH0wK9lb9jLq9tJyIxUwtQJHwar2BqtiA4iCWSwo9JLkzFg==" + "integrity": "sha512-FFw039TmrBqFK8ma/7OL3sDz/VytdtJr044/QUJtH0wK9lb9jLq9tJyIxUwtQJHwar2BqtiA4iCWSwo9JLkzFg==", + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "pretty-error": { + "node_modules/pretty-error": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/pretty-error/-/pretty-error-4.0.0.tgz", "integrity": "sha512-AoJ5YMAcXKYxKhuJGdcvse+Voc6v1RgnsR3nWcYU7q4t6z0Q6T86sv5Zq8VIRbOWWFpvdGE83LtdSMNd+6Y0xw==", - "requires": { + "dependencies": { "lodash": "^4.17.20", "renderkid": "^3.0.0" } }, - "pretty-format": { + "node_modules/pretty-format": { "version": "26.6.2", "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-26.6.2.tgz", "integrity": "sha512-7AeGuCYNGmycyQbCqd/3PWH4eOoX/OiCa0uphp57NVTeAGdJGaAliecxwBDHYQCIvrW7aDBZCYeNTP/WX69mkg==", - "requires": { + "dependencies": { "@jest/types": "^26.6.2", "ansi-regex": "^5.0.0", "ansi-styles": "^4.0.0", "react-is": "^17.0.1" + }, + "engines": { + "node": ">= 10" + } + }, + "node_modules/proc-log": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-3.0.0.tgz", + "integrity": "sha512-++Vn7NS4Xf9NacaU9Xq3URUuqZETPsf8L4j5/ckhaRYsfPeRyzGw+iDjFhV/Jr3uNmTvvddEJFWh5R1gRgUH8A==", + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, - "process-nextick-args": { + "node_modules/process-nextick-args": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" }, - "promise": { + "node_modules/promise": { "version": "8.3.0", "resolved": "https://registry.npmjs.org/promise/-/promise-8.3.0.tgz", "integrity": "sha512-rZPNPKTOYVNEEKFaq1HqTgOwZD+4/YHS5ukLzQCypkj+OkYx7iv0mA91lJlpPPZ8vMau3IIGj5Qlwrx+8iiSmg==", - "requires": { + "dependencies": { "asap": "~2.0.6" } }, - "prompts": { + "node_modules/promise-retry": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz", + "integrity": "sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g==", + "dependencies": { + "err-code": "^2.0.2", + "retry": "^0.12.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/promise-retry/node_modules/retry": { + "version": "0.12.0", + "resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz", + "integrity": "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow==", + "engines": { + "node": ">= 4" + } + }, + "node_modules/prompts": { "version": "2.4.2", "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", - "requires": { + "dependencies": { "kleur": "^3.0.3", "sisteransi": "^1.0.5" + }, + "engines": { + "node": ">= 6" } }, - "prop-types": { + "node_modules/prop-types": { "version": "15.8.1", "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz", "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==", - "requires": { + "dependencies": { "loose-envify": "^1.4.0", "object-assign": "^4.1.1", "react-is": "^16.13.1" - }, - "dependencies": { - "react-is": { - "version": "16.13.1", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", - "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" - } } }, - "proxy-addr": { + "node_modules/prop-types/node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" + }, + "node_modules/proxy-addr": { "version": "2.0.7", "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", - "requires": { + "dependencies": { "forwarded": "0.2.0", "ipaddr.js": "1.9.1" }, - "dependencies": { - "ipaddr.js": { - "version": "1.9.1", - "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", - "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==" - } + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/proxy-addr/node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "engines": { + "node": ">= 0.10" } }, - "psl": { + "node_modules/psl": { "version": "1.8.0", "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz", "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==" }, - "pump": { + "node_modules/pump": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", - "requires": { + "dependencies": { "end-of-stream": "^1.1.0", "once": "^1.3.1" } }, - "punycode": { + "node_modules/punycode": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" + "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "engines": { + "node": ">=6" + } }, - "q": { + "node_modules/q": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz", - "integrity": "sha512-kV/CThkXo6xyFEZUugw/+pIOywXcDbFYgSct5cT3gqlbkBE1SJdwy6UQoZvodiWF/ckQLZyDE/Bu1M6gVu5lVw==" - }, - "qs": { - "version": "6.5.3", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz", - "integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==" + "integrity": "sha512-kV/CThkXo6xyFEZUugw/+pIOywXcDbFYgSct5cT3gqlbkBE1SJdwy6UQoZvodiWF/ckQLZyDE/Bu1M6gVu5lVw==", + "engines": { + "node": ">=0.6.0", + "teleport": ">=0.2.0" + } }, - "querystringify": { + "node_modules/querystringify": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==" }, - "queue-microtask": { + "node_modules/queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", - "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==" + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] }, - "raf": { + "node_modules/quick-lru": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/raf": { "version": "3.4.1", "resolved": "https://registry.npmjs.org/raf/-/raf-3.4.1.tgz", "integrity": "sha512-Sq4CW4QhwOHE8ucn6J34MqtZCeWFP2aQSmrlroYgqAV1PjStIhJXxYuTgUIfkEk7zTLjmIjLmU5q+fbD1NnOJA==", - "requires": { + "dependencies": { "performance-now": "^2.1.0" } }, - "ramda": { + "node_modules/ramda": { "version": "0.25.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/ramda/-/ramda-0.25.0.tgz", + "resolved": "https://registry.npmjs.org/ramda/-/ramda-0.25.0.tgz", "integrity": "sha1-j99oIxz/qQvC+UYDkKDLdKKbKak=" }, - "randombytes": { + "node_modules/randombytes": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", - "requires": { + "dependencies": { "safe-buffer": "^5.1.0" } }, - "range-parser": { + "node_modules/range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==" + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "engines": { + "node": ">= 0.6" + } }, - "raw-body": { + "node_modules/raw-body": { "version": "2.5.1", "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", - "requires": { + "dependencies": { "bytes": "3.1.2", "http-errors": "2.0.0", "iconv-lite": "0.4.24", "unpipe": "1.0.0" }, - "dependencies": { - "bytes": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", - "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==" - } + "engines": { + "node": ">= 0.8" } }, - "rc": { - "version": "1.2.8", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/rc/-/rc-1.2.8.tgz", - "integrity": "sha1-zZJL9SAKB1uDwYjNa54hG3/A0+0=", - "requires": { - "deep-extend": "^0.6.0", - "ini": "~1.3.0", - "minimist": "^1.2.0", - "strip-json-comments": "~2.0.1" + "node_modules/raw-body/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "engines": { + "node": ">= 0.8" } }, - "react": { + "node_modules/react": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react/-/react-17.0.2.tgz", "integrity": "sha512-gnhPt75i/dq/z3/6q/0asP78D0u592D5L1pd7M8P+dck6Fu/jJeL6iVVK23fptSUZj8Vjf++7wXA8UNclGQcbA==", - "requires": { + "dependencies": { "loose-envify": "^1.1.0", "object-assign": "^4.1.1" + }, + "engines": { + "node": ">=0.10.0" } }, - "react-app-polyfill": { + "node_modules/react-app-polyfill": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/react-app-polyfill/-/react-app-polyfill-3.0.0.tgz", "integrity": "sha512-sZ41cxiU5llIB003yxxQBYrARBqe0repqPTTYBTmMqTz9szeBbE37BehCE891NZsmdZqqP+xWKdT3eo3vOzN8w==", - "requires": { + "dependencies": { "core-js": "^3.19.2", "object-assign": "^4.1.1", "promise": "^8.1.0", "raf": "^3.4.1", "regenerator-runtime": "^0.13.9", "whatwg-fetch": "^3.6.2" + }, + "engines": { + "node": ">=14" } }, - "react-dev-utils": { + "node_modules/react-dev-utils": { "version": "12.0.1", "resolved": "https://registry.npmjs.org/react-dev-utils/-/react-dev-utils-12.0.1.tgz", "integrity": "sha512-84Ivxmr17KjUupyqzFode6xKhjwuEJDROWKJy/BthkL7Wn6NJ8h4WE6k/exAv6ImS+0oZLRRW5j/aINMHyeGeQ==", - "requires": { + "dependencies": { "@babel/code-frame": "^7.16.0", "address": "^1.1.2", "browserslist": "^4.18.1", @@ -11718,88 +16533,113 @@ "strip-ansi": "^6.0.1", "text-table": "^0.2.0" }, + "engines": { + "node": ">=14" + } + }, + "node_modules/react-dev-utils/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "dependencies": { - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "escape-string-regexp": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", - "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==" - }, - "loader-utils": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-3.2.1.tgz", - "integrity": "sha512-ZvFw1KWS3GVyYBYb7qkmRM/WwL2TQQBxgCK62rlvm4WpVQ23Nb4tYjApUlfjrEGvOs7KHEsmyUn75OHZrJMWPw==" - }, - "strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "requires": { - "ansi-regex": "^5.0.1" - } - } + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/react-dev-utils/node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "react-dom": { + "node_modules/react-dev-utils/node_modules/loader-utils": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-3.2.1.tgz", + "integrity": "sha512-ZvFw1KWS3GVyYBYb7qkmRM/WwL2TQQBxgCK62rlvm4WpVQ23Nb4tYjApUlfjrEGvOs7KHEsmyUn75OHZrJMWPw==", + "engines": { + "node": ">= 12.13.0" + } + }, + "node_modules/react-dom": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-17.0.2.tgz", "integrity": "sha512-s4h96KtLDUQlsENhMn1ar8t2bEa+q/YAtj8pPPdIjPDGBDIVNsrD9aXNWqspUe6AzKCIG0C1HZZLqLV7qpOBGA==", - "requires": { + "dependencies": { "loose-envify": "^1.1.0", "object-assign": "^4.1.1", "scheduler": "^0.20.2" + }, + "peerDependencies": { + "react": "17.0.2" } }, - "react-error-boundary": { + "node_modules/react-error-boundary": { "version": "3.1.4", "resolved": "https://registry.npmjs.org/react-error-boundary/-/react-error-boundary-3.1.4.tgz", "integrity": "sha512-uM9uPzZJTF6wRQORmSrvOIgt4lJ9MC1sNgEOj2XGsDTRE4kmpWxg7ENK9EWNKJRMAOY9z0MuF4yIfl6gp4sotA==", "dev": true, - "requires": { + "dependencies": { "@babel/runtime": "^7.12.5" + }, + "engines": { + "node": ">=10", + "npm": ">=6" + }, + "peerDependencies": { + "react": ">=16.13.1" } }, - "react-error-overlay": { + "node_modules/react-error-overlay": { "version": "6.0.11", "resolved": "https://registry.npmjs.org/react-error-overlay/-/react-error-overlay-6.0.11.tgz", "integrity": "sha512-/6UZ2qgEyH2aqzYZgQPxEnz33NJ2gNsnHA2o5+o4wW9bLM/JYQitNP9xPhsXwC08hMMovfGe/8retsdDsczPRg==" }, - "react-highlight": { + "node_modules/react-highlight": { "version": "0.14.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/react-highlight/-/react-highlight-0.14.0.tgz", + "resolved": "https://registry.npmjs.org/react-highlight/-/react-highlight-0.14.0.tgz", "integrity": "sha1-Wu+lUYuqWA+Wto1IEp16XS3Aye8=", - "requires": { + "dependencies": { "highlight.js": "^10.5.0" + }, + "peerDependencies": { + "react": "^15.0.0 || ^16.0.0 || ^17.0.0", + "react-dom": "^15.0.0 || ^16.0.0 || ^17.0.0" } }, - "react-is": { + "node_modules/react-is": { "version": "17.0.2", "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz", "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==" }, - "react-property": { + "node_modules/react-property": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/react-property/-/react-property-2.0.0.tgz", "integrity": "sha512-kzmNjIgU32mO4mmH5+iUyrqlpFQhF8K2k7eZ4fdLSOPFrD1XgEuSBv9LDEgxRXTMBqMd8ppT0x6TIzqE5pdGdw==" }, - "react-refresh": { + "node_modules/react-refresh": { "version": "0.11.0", "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.11.0.tgz", - "integrity": "sha512-F27qZr8uUqwhWZboondsPx8tnC3Ct3SxZA3V5WyEvujRyyNv0VYPhoBg1gZ8/MV5tubQp76Trw8lTv9hzRBa+A==" + "integrity": "sha512-F27qZr8uUqwhWZboondsPx8tnC3Ct3SxZA3V5WyEvujRyyNv0VYPhoBg1gZ8/MV5tubQp76Trw8lTv9hzRBa+A==", + "engines": { + "node": ">=0.10.0" + } }, - "react-router": { + "node_modules/react-router": { "version": "5.3.4", "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz", "integrity": "sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA==", - "requires": { + "dependencies": { "@babel/runtime": "^7.12.13", "history": "^4.9.0", "hoist-non-react-statics": "^3.1.0", @@ -11810,19 +16650,15 @@ "tiny-invariant": "^1.0.2", "tiny-warning": "^1.0.0" }, - "dependencies": { - "react-is": { - "version": "16.13.1", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", - "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" - } + "peerDependencies": { + "react": ">=15" } }, - "react-router-dom": { + "node_modules/react-router-dom": { "version": "5.3.4", "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.4.tgz", "integrity": "sha512-m4EqFMHv/Ih4kpcBCONHbkT68KoAeHN4p3lAGoNryfHi0dMy0kCzEZakiKRsvg5wHZ/JLrLW8o8KomWiz/qbYQ==", - "requires": { + "dependencies": { "@babel/runtime": "^7.12.13", "history": "^4.9.0", "loose-envify": "^1.3.1", @@ -11830,13 +16666,21 @@ "react-router": "5.3.4", "tiny-invariant": "^1.0.2", "tiny-warning": "^1.0.0" + }, + "peerDependencies": { + "react": ">=15" } }, - "react-scripts": { + "node_modules/react-router/node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" + }, + "node_modules/react-scripts": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/react-scripts/-/react-scripts-5.0.1.tgz", "integrity": "sha512-8VAmEm/ZAwQzJ+GOMLbBsTdDKOpuZh7RPs0UymvBR2vRk4iZWCskjbFnxqjrzoIvlNNRZ3QJFx6/qDSi6zSnaQ==", - "requires": { + "dependencies": { "@babel/core": "^7.16.0", "@pmmmwh/react-refresh-webpack-plugin": "^0.5.3", "@svgr/webpack": "^5.5.0", @@ -11857,7 +16701,6 @@ "eslint-webpack-plugin": "^3.1.1", "file-loader": "^6.2.0", "fs-extra": "^10.0.0", - "fsevents": "^2.3.2", "html-webpack-plugin": "^5.5.0", "identity-obj-proxy": "^3.0.0", "jest": "^27.4.3", @@ -11886,535 +16729,722 @@ "webpack-manifest-plugin": "^4.0.2", "workbox-webpack-plugin": "^6.4.1" }, - "dependencies": { - "fs-extra": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz", - "integrity": "sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==", - "requires": { - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - } - }, - "jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "requires": { - "graceful-fs": "^4.1.6", - "universalify": "^2.0.0" - } - }, - "universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==" + "bin": { + "react-scripts": "bin/react-scripts.js" + }, + "engines": { + "node": ">=14.0.0" + }, + "optionalDependencies": { + "fsevents": "^2.3.2" + }, + "peerDependencies": { + "react": ">= 16", + "typescript": "^3.2.1 || ^4" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true } } }, - "react-transition-group": { + "node_modules/react-scripts/node_modules/fs-extra": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz", + "integrity": "sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==", + "dependencies": { + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/react-scripts/node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/react-scripts/node_modules/universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/react-transition-group": { "version": "4.4.5", "resolved": "https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz", "integrity": "sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g==", - "requires": { + "dependencies": { "@babel/runtime": "^7.5.5", "dom-helpers": "^5.0.1", "loose-envify": "^1.4.0", "prop-types": "^15.6.2" + }, + "peerDependencies": { + "react": ">=16.6.0", + "react-dom": ">=16.6.0" } }, - "read-cache": { + "node_modules/read-cache": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==", - "requires": { + "dependencies": { "pify": "^2.3.0" } }, - "readable-stream": { + "node_modules/readable-stream": { "version": "3.6.2", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", - "requires": { + "dependencies": { "inherits": "^2.0.3", "string_decoder": "^1.1.1", "util-deprecate": "^1.0.1" + }, + "engines": { + "node": ">= 6" } }, - "readdirp": { + "node_modules/readdirp": { "version": "3.6.0", "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", - "requires": { + "dependencies": { "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" } }, - "recursive-readdir": { + "node_modules/recursive-readdir": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/recursive-readdir/-/recursive-readdir-2.2.3.tgz", "integrity": "sha512-8HrF5ZsXk5FAH9dgsx3BlUer73nIhuj+9OrQwEbLTPOBzGkL1lsFCR01am+v+0m2Cmbs1nP12hLDl5FA7EszKA==", - "requires": { + "dependencies": { "minimatch": "^3.0.5" + }, + "engines": { + "node": ">=6.0.0" } }, - "redent": { + "node_modules/redent": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz", "integrity": "sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==", - "requires": { + "dependencies": { "indent-string": "^4.0.0", "strip-indent": "^3.0.0" + }, + "engines": { + "node": ">=8" } }, - "reflect.getprototypeof": { + "node_modules/reflect.getprototypeof": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/reflect.getprototypeof/-/reflect.getprototypeof-1.0.4.tgz", "integrity": "sha512-ECkTw8TmJwW60lOTR+ZkODISW6RQ8+2CL3COqtiJKLd6MmB45hN51HprHFziKLGkAuTGQhBb91V8cy+KHlaCjw==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", "get-intrinsic": "^1.2.1", "globalthis": "^1.0.3", "which-builtin-type": "^1.1.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "regenerate": { + "node_modules/regenerate": { "version": "1.4.2", "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz", "integrity": "sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==" }, - "regenerate-unicode-properties": { + "node_modules/regenerate-unicode-properties": { "version": "10.1.1", "resolved": "https://registry.npmjs.org/regenerate-unicode-properties/-/regenerate-unicode-properties-10.1.1.tgz", "integrity": "sha512-X007RyZLsCJVVrjgEFVpLUTZwyOZk3oiL75ZcuYjlIWd6rNJtOjkBwQc5AsRrpbKVkxN6sklw/k/9m2jJYOf8Q==", - "requires": { + "dependencies": { "regenerate": "^1.4.2" + }, + "engines": { + "node": ">=4" } }, - "regenerator-runtime": { + "node_modules/regenerator-runtime": { "version": "0.13.9", "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.9.tgz", "integrity": "sha512-p3VT+cOEgxFsRRA9X4lkI1E+k2/CtnKtU4gcxyaCUreilL/vqI6CdZ3wxVUx3UOUg+gnUOQQcRI7BmSI656MYA==" }, - "regenerator-transform": { + "node_modules/regenerator-transform": { "version": "0.15.2", "resolved": "https://registry.npmjs.org/regenerator-transform/-/regenerator-transform-0.15.2.tgz", "integrity": "sha512-hfMp2BoF0qOk3uc5V20ALGDS2ddjQaLrdl7xrGXvAIow7qeWRM2VA2HuCHkUKk9slq3VwEwLNK3DFBqDfPGYtg==", - "requires": { + "dependencies": { "@babel/runtime": "^7.8.4" } }, - "regex-parser": { + "node_modules/regex-parser": { "version": "2.2.11", "resolved": "https://registry.npmjs.org/regex-parser/-/regex-parser-2.2.11.tgz", "integrity": "sha512-jbD/FT0+9MBU2XAZluI7w2OBs1RBi6p9M83nkoZayQXXU9e8Robt69FcZc7wU4eJD/YFTjn1JdCk3rbMJajz8Q==" }, - "regexp.prototype.flags": { + "node_modules/regexp.prototype.flags": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.1.tgz", "integrity": "sha512-sy6TXMN+hnP/wMy+ISxg3krXx7BAtWVO4UouuCN/ziM9UEne0euamVNafDfvC83bRNr95y0V5iijeDQFUNpvrg==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "set-function-name": "^2.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "regexpu-core": { + "node_modules/regexpu-core": { "version": "5.3.2", "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-5.3.2.tgz", "integrity": "sha512-RAM5FlZz+Lhmo7db9L298p2vHP5ZywrVXmVXpmAD9GuL5MPH6t9ROw1iA/wfHkQ76Qe7AaPF0nGuim96/IrQMQ==", - "requires": { + "dependencies": { "@babel/regjsgen": "^0.8.0", "regenerate": "^1.4.2", "regenerate-unicode-properties": "^10.1.0", "regjsparser": "^0.9.1", "unicode-match-property-ecmascript": "^2.0.0", "unicode-match-property-value-ecmascript": "^2.1.0" + }, + "engines": { + "node": ">=4" } }, - "regjsparser": { + "node_modules/regjsparser": { "version": "0.9.1", "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.9.1.tgz", "integrity": "sha512-dQUtn90WanSNl+7mQKcXAgZxvUe7Z0SqXlgzv0za4LwiUhyzBC58yQO3liFoUgu8GiJVInAhJjkj1N0EtQ5nkQ==", - "requires": { + "dependencies": { "jsesc": "~0.5.0" }, - "dependencies": { - "jsesc": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", - "integrity": "sha512-uZz5UnB7u4T9LvwmFqXii7pZSouaRPorGs5who1Ip7VO0wxanFvBL7GkM6dTHlgX+jhBApRetaWpnDabOeTcnA==" - } + "bin": { + "regjsparser": "bin/parser" } }, - "relateurl": { + "node_modules/regjsparser/node_modules/jsesc": { + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "integrity": "sha512-uZz5UnB7u4T9LvwmFqXii7pZSouaRPorGs5who1Ip7VO0wxanFvBL7GkM6dTHlgX+jhBApRetaWpnDabOeTcnA==", + "bin": { + "jsesc": "bin/jsesc" + } + }, + "node_modules/relateurl": { "version": "0.2.7", "resolved": "https://registry.npmjs.org/relateurl/-/relateurl-0.2.7.tgz", - "integrity": "sha512-G08Dxvm4iDN3MLM0EsP62EDV9IuhXPR6blNz6Utcp7zyV3tr4HVNINt6MpaRWbxoOHT3Q7YN2P+jaHX8vUbgog==" + "integrity": "sha512-G08Dxvm4iDN3MLM0EsP62EDV9IuhXPR6blNz6Utcp7zyV3tr4HVNINt6MpaRWbxoOHT3Q7YN2P+jaHX8vUbgog==", + "engines": { + "node": ">= 0.10" + } }, - "renderkid": { + "node_modules/renderkid": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/renderkid/-/renderkid-3.0.0.tgz", "integrity": "sha512-q/7VIQA8lmM1hF+jn+sFSPWGlMkSAeNYcPLmDQx2zzuiDfaLrOmumR8iaUKlenFgh0XRPIUeSPlH3A+AW3Z5pg==", - "requires": { + "dependencies": { "css-select": "^4.1.3", "dom-converter": "^0.2.0", "htmlparser2": "^6.1.0", "lodash": "^4.17.21", "strip-ansi": "^6.0.1" - }, - "dependencies": { - "entities": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", - "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==" - }, - "htmlparser2": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz", - "integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==", - "requires": { - "domelementtype": "^2.0.1", - "domhandler": "^4.0.0", - "domutils": "^2.5.2", - "entities": "^2.0.0" - } - }, - "strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "requires": { - "ansi-regex": "^5.0.1" - } + } + }, + "node_modules/renderkid/node_modules/entities": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==", + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/htmlparser2": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz", + "integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==", + "funding": [ + "https://github.com/fb55/htmlparser2?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/fb55" } + ], + "dependencies": { + "domelementtype": "^2.0.1", + "domhandler": "^4.0.0", + "domutils": "^2.5.2", + "entities": "^2.0.0" } }, - "request": { - "version": "2.88.2", - "resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz", - "integrity": "sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==", - "requires": { - "aws-sign2": "~0.7.0", - "aws4": "^1.8.0", - "caseless": "~0.12.0", - "combined-stream": "~1.0.6", - "extend": "~3.0.2", - "forever-agent": "~0.6.1", - "form-data": "~2.3.2", - "har-validator": "~5.1.3", - "http-signature": "~1.2.0", - "is-typedarray": "~1.0.0", - "isstream": "~0.1.2", - "json-stringify-safe": "~5.0.1", - "mime-types": "~2.1.19", - "oauth-sign": "~0.9.0", - "performance-now": "^2.1.0", - "qs": "~6.5.2", - "safe-buffer": "^5.1.2", - "tough-cookie": "~2.5.0", - "tunnel-agent": "^0.6.0", - "uuid": "^3.3.2" - } - }, - "require-directory": { + "node_modules/require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", - "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=" + "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", + "engines": { + "node": ">=0.10.0" + } }, - "require-from-string": { + "node_modules/require-from-string": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", - "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==" + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "engines": { + "node": ">=0.10.0" + } }, - "requires-port": { + "node_modules/requires-port": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==" }, - "resolve": { + "node_modules/resolve": { "version": "1.22.8", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==", - "requires": { + "dependencies": { "is-core-module": "^2.13.0", "path-parse": "^1.0.7", "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "resolve-cwd": { + "node_modules/resolve-alpn": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "integrity": "sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==" + }, + "node_modules/resolve-cwd": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", "integrity": "sha512-OrZaX2Mb+rJCpH/6CpSqt9xFVpN++x01XnN2ie9g6P5/3xelLAkXWVADpdz1IHD/KFfEXyE6V0U01OQ3UO2rEg==", - "requires": { + "dependencies": { "resolve-from": "^5.0.0" }, - "dependencies": { - "resolve-from": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", - "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==" - } + "engines": { + "node": ">=8" } }, - "resolve-from": { + "node_modules/resolve-cwd/node_modules/resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "engines": { + "node": ">=8" + } + }, + "node_modules/resolve-from": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", - "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==" + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "engines": { + "node": ">=4" + } }, - "resolve-pathname": { + "node_modules/resolve-pathname": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz", "integrity": "sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng==" }, - "resolve-url-loader": { + "node_modules/resolve-url-loader": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/resolve-url-loader/-/resolve-url-loader-4.0.0.tgz", "integrity": "sha512-05VEMczVREcbtT7Bz+C+96eUO5HDNvdthIiMB34t7FcF8ehcu4wC0sSgPUubs3XW2Q3CNLJk/BJrCU9wVRymiA==", - "requires": { + "dependencies": { "adjust-sourcemap-loader": "^4.0.0", "convert-source-map": "^1.7.0", "loader-utils": "^2.0.0", "postcss": "^7.0.35", "source-map": "0.6.1" }, - "dependencies": { - "convert-source-map": { - "version": "1.9.0", - "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", - "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==" - }, - "picocolors": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-0.2.1.tgz", - "integrity": "sha512-cMlDqaLEqfSaW8Z7N5Jw+lyIW869EzT73/F5lhtY9cLGoVxSXznfgfXMO0Z5K0o0Q2TkTXq+0KFsdnSe3jDViA==" - }, - "postcss": { - "version": "7.0.39", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.39.tgz", - "integrity": "sha512-yioayjNbHn6z1/Bywyb2Y4s3yvDAeXGOyxqD+LnVOinq6Mdmd++SW2wUNVzavyyHxd6+DxzWGIuosg6P1Rj8uA==", - "requires": { - "picocolors": "^0.2.1", - "source-map": "^0.6.1" - } + "engines": { + "node": ">=8.9" + }, + "peerDependencies": { + "rework": "1.0.1", + "rework-visit": "1.0.0" + }, + "peerDependenciesMeta": { + "rework": { + "optional": true }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" + "rework-visit": { + "optional": true } } }, - "resolve.exports": { + "node_modules/resolve-url-loader/node_modules/convert-source-map": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==" + }, + "node_modules/resolve-url-loader/node_modules/picocolors": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-0.2.1.tgz", + "integrity": "sha512-cMlDqaLEqfSaW8Z7N5Jw+lyIW869EzT73/F5lhtY9cLGoVxSXznfgfXMO0Z5K0o0Q2TkTXq+0KFsdnSe3jDViA==" + }, + "node_modules/resolve-url-loader/node_modules/postcss": { + "version": "7.0.39", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.39.tgz", + "integrity": "sha512-yioayjNbHn6z1/Bywyb2Y4s3yvDAeXGOyxqD+LnVOinq6Mdmd++SW2wUNVzavyyHxd6+DxzWGIuosg6P1Rj8uA==", + "dependencies": { + "picocolors": "^0.2.1", + "source-map": "^0.6.1" + }, + "engines": { + "node": ">=6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + } + }, + "node_modules/resolve-url-loader/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/resolve.exports": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", - "integrity": "sha512-/NtpHNDN7jWhAaQ9BvBUYZ6YTXsRBgfqWFWP7BZBaoMJO/I3G5OFzvTuWNlZC3aPjins1F+TNrLKsGbH4rfsRQ==" + "integrity": "sha512-/NtpHNDN7jWhAaQ9BvBUYZ6YTXsRBgfqWFWP7BZBaoMJO/I3G5OFzvTuWNlZC3aPjins1F+TNrLKsGbH4rfsRQ==", + "engines": { + "node": ">=10" + } }, - "responselike": { - "version": "2.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/responselike/-/responselike-2.0.0.tgz", - "integrity": "sha1-JjkbzDF091D5p56sxAoSpcQtdyM=", - "requires": { + "node_modules/responselike": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.1.tgz", + "integrity": "sha512-4gl03wn3hj1HP3yzgdI7d3lCkF95F21Pz4BPGvKHinyQzALR5CapwC8yIi0Rh58DEMQ/SguC03wFj2k0M/mHhw==", + "dependencies": { "lowercase-keys": "^2.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "retry": { + "node_modules/retry": { "version": "0.13.1", "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", - "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==" + "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==", + "engines": { + "node": ">= 4" + } }, - "reusify": { + "node_modules/reusify": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", - "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==" + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } }, - "rimraf": { + "node_modules/rimraf": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", - "requires": { + "dependencies": { "glob": "^7.1.3" + }, + "bin": { + "rimraf": "bin.js" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" } }, - "rollup": { + "node_modules/rollup": { "version": "2.79.1", "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.79.1.tgz", "integrity": "sha512-uKxbd0IhMZOhjAiD5oAFp7BqvkA4Dv47qpOCtaNvng4HBwdbWtdOh8f5nZNuk2rp51PMGk3bzfWu5oayNEuYnw==", - "requires": { + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=10.0.0" + }, + "optionalDependencies": { "fsevents": "~2.3.2" } }, - "rollup-plugin-terser": { + "node_modules/rollup-plugin-terser": { "version": "7.0.2", "resolved": "https://registry.npmjs.org/rollup-plugin-terser/-/rollup-plugin-terser-7.0.2.tgz", "integrity": "sha512-w3iIaU4OxcF52UUXiZNsNeuXIMDvFrr+ZXK6bFZ0Q60qyVfq4uLptoS4bbq3paG3x216eQllFZX7zt6TIImguQ==", - "requires": { + "deprecated": "This package has been deprecated and is no longer maintained. Please use @rollup/plugin-terser", + "dependencies": { "@babel/code-frame": "^7.10.4", "jest-worker": "^26.2.1", "serialize-javascript": "^4.0.0", "terser": "^5.0.0" }, + "peerDependencies": { + "rollup": "^2.0.0" + } + }, + "node_modules/rollup-plugin-terser/node_modules/jest-worker": { + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", + "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", "dependencies": { - "jest-worker": { - "version": "26.6.2", - "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", - "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", - "requires": { - "@types/node": "*", - "merge-stream": "^2.0.0", - "supports-color": "^7.0.0" - } - }, - "serialize-javascript": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-4.0.0.tgz", - "integrity": "sha512-GaNA54380uFefWghODBWEGisLZFj00nS5ACs6yHa9nLqlLpVLO8ChDGeKRjZnV4Nh4n0Qi7nhYZD/9fCPzEqkw==", - "requires": { - "randombytes": "^2.1.0" - } - } + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^7.0.0" + }, + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/rollup-plugin-terser/node_modules/serialize-javascript": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-4.0.0.tgz", + "integrity": "sha512-GaNA54380uFefWghODBWEGisLZFj00nS5ACs6yHa9nLqlLpVLO8ChDGeKRjZnV4Nh4n0Qi7nhYZD/9fCPzEqkw==", + "dependencies": { + "randombytes": "^2.1.0" } }, - "run-parallel": { + "node_modules/run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", - "requires": { + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { "queue-microtask": "^1.2.2" } }, - "safe-array-concat": { + "node_modules/safe-array-concat": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.0.1.tgz", "integrity": "sha512-6XbUAseYE2KtOuGueyeobCySj9L4+66Tn6KQMOPQJrAJEowYKW/YR/MGJZl7FdydUdaFu4LYyDZjxf4/Nmo23Q==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "get-intrinsic": "^1.2.1", "has-symbols": "^1.0.3", "isarray": "^2.0.5" }, - "dependencies": { - "isarray": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", - "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" - } + "engines": { + "node": ">=0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "safe-buffer": { + "node_modules/safe-array-concat/node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, + "node_modules/safe-buffer": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, - "safe-regex-test": { + "node_modules/safe-regex-test": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.0.tgz", "integrity": "sha512-JBUUzyOgEwXQY1NuPtvcj/qcBDbDmEvWufhlnXZIm75DEHp+afM1r1ujJpJsV/gSM4t59tpDyPi1sd6ZaPFfsA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "get-intrinsic": "^1.1.3", "is-regex": "^1.1.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "safe-stable-stringify": { + "node_modules/safe-stable-stringify": { "version": "2.4.3", "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", - "integrity": "sha512-e2bDA2WJT0wxseVd4lsDP4+3ONX6HpMXQa1ZhFQ7SU+GjvORCmShbCMltrtIDfkYhVHrOcPtj+KhmDBdPdZD1g==" + "integrity": "sha512-e2bDA2WJT0wxseVd4lsDP4+3ONX6HpMXQa1ZhFQ7SU+GjvORCmShbCMltrtIDfkYhVHrOcPtj+KhmDBdPdZD1g==", + "engines": { + "node": ">=10" + } }, - "safer-buffer": { + "node_modules/safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, - "sanitize.css": { + "node_modules/sanitize.css": { "version": "13.0.0", "resolved": "https://registry.npmjs.org/sanitize.css/-/sanitize.css-13.0.0.tgz", "integrity": "sha512-ZRwKbh/eQ6w9vmTjkuG0Ioi3HBwPFce0O+v//ve+aOq1oeCy7jMV2qzzAlpsNuqpqCBjjriM1lbtZbF/Q8jVyA==" }, - "sass-loader": { + "node_modules/sass-loader": { "version": "12.6.0", "resolved": "https://registry.npmjs.org/sass-loader/-/sass-loader-12.6.0.tgz", "integrity": "sha512-oLTaH0YCtX4cfnJZxKSLAyglED0naiYfNG1iXfU5w1LNZ+ukoA5DtyDIN5zmKVZwYNJP4KRc5Y3hkWga+7tYfA==", - "requires": { + "dependencies": { "klona": "^2.0.4", "neo-async": "^2.6.2" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "fibers": ">= 3.1.0", + "node-sass": "^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0", + "sass": "^1.3.0", + "sass-embedded": "*", + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "fibers": { + "optional": true + }, + "node-sass": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + } } }, - "sax": { + "node_modules/sax": { "version": "1.2.4", "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz", "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==" }, - "saxes": { + "node_modules/saxes": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/saxes/-/saxes-5.0.1.tgz", "integrity": "sha512-5LBh1Tls8c9xgGjw3QrMwETmTMVk0oFgvrFSvWx62llR2hcEInrKNZ2GZCCuuy2lvWrdl5jhbpeqc5hRYKFOcw==", - "requires": { + "dependencies": { "xmlchars": "^2.2.0" + }, + "engines": { + "node": ">=10" } }, - "scheduler": { + "node_modules/scheduler": { "version": "0.20.2", "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.20.2.tgz", "integrity": "sha512-2eWfGgAqqWFGqtdMmcL5zCMK1U8KlXv8SQFGglL3CEtd0aDVDWgeF/YoCmvln55m5zSk3J/20hTaSBeSObsQDQ==", - "requires": { + "dependencies": { "loose-envify": "^1.1.0", "object-assign": "^4.1.1" } }, - "schema-utils": { + "node_modules/schema-utils": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", - "requires": { + "dependencies": { "@types/json-schema": "^7.0.8", "ajv": "^6.12.5", "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" } }, - "select-hose": { + "node_modules/select-hose": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/select-hose/-/select-hose-2.0.0.tgz", "integrity": "sha512-mEugaLK+YfkijB4fx0e6kImuJdCIt2LxCRcbEYPqRGCs4F2ogyfZU5IAZRdjCP8JPq2AtdNoC/Dux63d9Kiryg==" }, - "selfsigned": { + "node_modules/selfsigned": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/selfsigned/-/selfsigned-2.1.1.tgz", "integrity": "sha512-GSL3aowiF7wa/WtSFwnUrludWFoNhftq8bUkH9pkzjpN2XSPOAYEgg6e0sS9s0rZwgJzJiQRPU18A6clnoW5wQ==", - "requires": { + "dependencies": { "node-forge": "^1" + }, + "engines": { + "node": ">=10" } }, - "semver": { + "node_modules/semver": { "version": "7.5.4", "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", - "requires": { + "dependencies": { "lru-cache": "^6.0.0" }, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/semver/node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", "dependencies": { - "lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "requires": { - "yallist": "^4.0.0" - } - }, - "yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - } + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" } }, - "send": { + "node_modules/semver/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, + "node_modules/send": { "version": "0.18.0", "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==", - "requires": { + "dependencies": { "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", @@ -12429,42 +17459,41 @@ "range-parser": "~1.2.1", "statuses": "2.0.1" }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/send/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - }, - "dependencies": { - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - } - } - }, - "ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" - } + "ms": "2.0.0" } }, - "serialize-javascript": { + "node_modules/send/node_modules/debug/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "node_modules/send/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + }, + "node_modules/serialize-javascript": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.1.tgz", "integrity": "sha512-owoXEFjWRllis8/M1Q+Cw5k8ZH40e3zhp/ovX+Xr/vi1qj6QesbyXXViFbpNvWvPNAD62SutwEXavefrLJWj7w==", - "requires": { + "dependencies": { "randombytes": "^2.1.0" } }, - "serve-index": { + "node_modules/serve-index": { "version": "1.9.1", "resolved": "https://registry.npmjs.org/serve-index/-/serve-index-1.9.1.tgz", "integrity": "sha512-pXHfKNP4qujrtteMrSBb0rc8HJ9Ms/GrXwcUtUtD5s4ewDJI8bT3Cz2zTVRMKtri49pLx2e0Ya8ziP5Ya2pZZw==", - "requires": { + "dependencies": { "accepts": "~1.3.4", "batch": "0.6.1", "debug": "2.6.9", @@ -12473,237 +17502,335 @@ "mime-types": "~2.1.17", "parseurl": "~1.3.2" }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/serve-index/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dependencies": { - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "depd": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", - "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==" - }, - "http-errors": { - "version": "1.6.3", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", - "integrity": "sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==", - "requires": { - "depd": "~1.1.2", - "inherits": "2.0.3", - "setprototypeof": "1.1.0", - "statuses": ">= 1.4.0 < 2" - } - }, - "inherits": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", - "integrity": "sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==" - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - }, - "setprototypeof": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", - "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==" - }, - "statuses": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", - "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==" - } + "ms": "2.0.0" } }, - "serve-static": { + "node_modules/serve-index/node_modules/depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-index/node_modules/http-errors": { + "version": "1.6.3", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", + "integrity": "sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==", + "dependencies": { + "depd": "~1.1.2", + "inherits": "2.0.3", + "setprototypeof": "1.1.0", + "statuses": ">= 1.4.0 < 2" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-index/node_modules/inherits": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "integrity": "sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==" + }, + "node_modules/serve-index/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "node_modules/serve-index/node_modules/setprototypeof": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", + "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==" + }, + "node_modules/serve-index/node_modules/statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-static": { "version": "1.15.0", "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==", - "requires": { + "dependencies": { "encodeurl": "~1.0.2", "escape-html": "~1.0.3", "parseurl": "~1.3.3", "send": "0.18.0" + }, + "engines": { + "node": ">= 0.8.0" } }, - "set-blocking": { + "node_modules/set-blocking": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", - "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=" + "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==" }, - "set-function-name": { + "node_modules/set-function-name": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/set-function-name/-/set-function-name-2.0.1.tgz", "integrity": "sha512-tMNCiqYVkXIZgc2Hnoy2IvC/f8ezc5koaRFkCjrpWzGpCd3qbZXPzVy9MAZzK1ch/X0jvSkojys3oqJN0qCmdA==", - "requires": { + "dependencies": { "define-data-property": "^1.0.1", "functions-have-names": "^1.2.3", "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" } }, - "setimmediate": { + "node_modules/setimmediate": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", "integrity": "sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU=" }, - "setprototypeof": { + "node_modules/setprototypeof": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==" }, - "shebang-command": { + "node_modules/shebang-command": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", - "requires": { + "dependencies": { "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" } }, - "shebang-regex": { + "node_modules/shebang-regex": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", - "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==" + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "engines": { + "node": ">=8" + } }, - "shell-quote": { + "node_modules/shell-quote": { "version": "1.8.1", "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.1.tgz", - "integrity": "sha512-6j1W9l1iAs/4xYBI1SYOVZyFcCis9b4KCLQ8fgAGG07QvzaRLVVRQvAy85yNmmZSjYjg4MWh4gNvlPujU/5LpA==" + "integrity": "sha512-6j1W9l1iAs/4xYBI1SYOVZyFcCis9b4KCLQ8fgAGG07QvzaRLVVRQvAy85yNmmZSjYjg4MWh4gNvlPujU/5LpA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "side-channel": { + "node_modules/side-channel": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", - "requires": { + "dependencies": { "call-bind": "^1.0.0", "get-intrinsic": "^1.0.2", "object-inspect": "^1.9.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "signal-exit": { + "node_modules/signal-exit": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz", "integrity": "sha512-VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA==" }, - "simple-swizzle": { + "node_modules/simple-swizzle": { "version": "0.2.2", "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", "integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==", - "requires": { - "is-arrayish": "^0.3.1" - }, "dependencies": { - "is-arrayish": { - "version": "0.3.2", - "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", - "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==" - } + "is-arrayish": "^0.3.1" } }, - "sisteransi": { + "node_modules/simple-swizzle/node_modules/is-arrayish": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==" + }, + "node_modules/sisteransi": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==" }, - "slash": { + "node_modules/slash": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", - "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==" + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/smart-buffer": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz", + "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==", + "engines": { + "node": ">= 6.0.0", + "npm": ">= 3.0.0" + } }, - "sockjs": { + "node_modules/sockjs": { "version": "0.3.24", "resolved": "https://registry.npmjs.org/sockjs/-/sockjs-0.3.24.tgz", "integrity": "sha512-GJgLTZ7vYb/JtPSSZ10hsOYIvEYsjbNU+zPdIHcUaWVNUEPivzxku31865sSSud0Da0W4lEeOPlmw93zLQchuQ==", - "requires": { + "dependencies": { "faye-websocket": "^0.11.3", "uuid": "^8.3.2", "websocket-driver": "^0.7.4" + } + }, + "node_modules/sockjs/node_modules/uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "bin": { + "uuid": "dist/bin/uuid" + } + }, + "node_modules/socks": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.1.tgz", + "integrity": "sha512-B6w7tkwNid7ToxjZ08rQMT8M9BJAf8DKx8Ft4NivzH0zBUfd6jldGcisJn/RLgxcX3FPNDdNQCUEMMT79b+oCQ==", + "dependencies": { + "ip-address": "^9.0.5", + "smart-buffer": "^4.2.0" }, + "engines": { + "node": ">= 10.0.0", + "npm": ">= 3.0.0" + } + }, + "node_modules/socks-proxy-agent": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.2.tgz", + "integrity": "sha512-8zuqoLv1aP/66PHF5TqwJ7Czm3Yv32urJQHrVyhD7mmA6d61Zv8cIXQYPTWwmg6qlupnPvs/QKDmfa4P/qct2g==", "dependencies": { - "uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" - } + "agent-base": "^7.0.2", + "debug": "^4.3.4", + "socks": "^2.7.1" + }, + "engines": { + "node": ">= 14" } }, - "source-list-map": { + "node_modules/socks-proxy-agent/node_modules/agent-base": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.0.tgz", + "integrity": "sha512-o/zjMZRhJxny7OyEF+Op8X+efiELC7k7yOjMzgfzVqOzXqkBkWI79YoTdOtsuWd5BWhAGAuOY/Xa6xpiaWXiNg==", + "dependencies": { + "debug": "^4.3.4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/source-list-map": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/source-list-map/-/source-list-map-2.0.1.tgz", "integrity": "sha512-qnQ7gVMxGNxsiL4lEuJwe/To8UnK7fAnmbGEEH8RpLouuKbeEm0lhbQVFIrNSuB+G7tVrAlVsZgETT5nljf+Iw==" }, - "source-map": { + "node_modules/source-map": { "version": "0.7.4", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz", - "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==" + "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==", + "engines": { + "node": ">= 8" + } }, - "source-map-js": { + "node_modules/source-map-js": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz", - "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==" + "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==", + "engines": { + "node": ">=0.10.0" + } }, - "source-map-loader": { + "node_modules/source-map-loader": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/source-map-loader/-/source-map-loader-3.0.2.tgz", "integrity": "sha512-BokxPoLjyl3iOrgkWaakaxqnelAJSS+0V+De0kKIq6lyWrXuiPgYTGp6z3iHmqljKAaLXwZa+ctD8GccRJeVvg==", - "requires": { + "dependencies": { "abab": "^2.0.5", "iconv-lite": "^0.6.3", "source-map-js": "^1.0.1" }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + } + }, + "node_modules/source-map-loader/node_modules/iconv-lite": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", "dependencies": { - "iconv-lite": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", - "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", - "requires": { - "safer-buffer": ">= 2.1.2 < 3.0.0" - } - } + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" } }, - "source-map-support": { + "node_modules/source-map-support": { "version": "0.5.21", "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", - "requires": { + "dependencies": { "buffer-from": "^1.0.0", "source-map": "^0.6.0" - }, - "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - } } }, - "sourcemap-codec": { + "node_modules/source-map-support/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sourcemap-codec": { "version": "1.4.8", "resolved": "https://registry.npmjs.org/sourcemap-codec/-/sourcemap-codec-1.4.8.tgz", - "integrity": "sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA==" + "integrity": "sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA==", + "deprecated": "Please use @jridgewell/sourcemap-codec instead" }, - "spdy": { + "node_modules/spdy": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/spdy/-/spdy-4.0.2.tgz", "integrity": "sha512-r46gZQZQV+Kl9oItvl1JZZqJKGr+oEkB08A6BzkiR7593/7IbtuncXHd2YoYeTsG4157ZssMu9KYvUHLcjcDoA==", - "requires": { + "dependencies": { "debug": "^4.1.0", "handle-thing": "^2.0.0", "http-deceiver": "^1.2.7", "select-hose": "^2.0.0", "spdy-transport": "^3.0.0" + }, + "engines": { + "node": ">=6.0.0" } }, - "spdy-transport": { + "node_modules/spdy-transport": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/spdy-transport/-/spdy-transport-3.0.0.tgz", "integrity": "sha512-hsLVFE5SjA6TCisWeJXFKniGGOpBgMLmerfO2aCyCU5s7nJ/rpAepqmFifv/GCbSbueEeAJJnmSQ2rKC/g8Fcw==", - "requires": { + "dependencies": { "debug": "^4.1.0", "detect-node": "^2.0.4", "hpack.js": "^2.1.6", @@ -12712,104 +17839,141 @@ "wbuf": "^1.7.3" } }, - "sprintf-js": { + "node_modules/sprintf-js": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==" }, - "sshpk": { - "version": "1.16.1", - "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz", - "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==", - "requires": { - "asn1": "~0.2.3", - "assert-plus": "^1.0.0", - "bcrypt-pbkdf": "^1.0.0", - "dashdash": "^1.12.0", - "ecc-jsbn": "~0.1.1", - "getpass": "^0.1.1", - "jsbn": "~0.1.0", - "safer-buffer": "^2.0.2", - "tweetnacl": "~0.14.0" + "node_modules/ssri": { + "version": "10.0.5", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-10.0.5.tgz", + "integrity": "sha512-bSf16tAFkGeRlUNDjXu8FzaMQt6g2HZJrun7mtMbIPOddxt3GLMSz5VWUWcqTJUPfLEaDIepGxv+bYQW49596A==", + "dependencies": { + "minipass": "^7.0.3" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, - "stable": { + "node_modules/stable": { "version": "0.1.8", "resolved": "https://registry.npmjs.org/stable/-/stable-0.1.8.tgz", - "integrity": "sha512-ji9qxRnOVfcuLDySj9qzhGSEFVobyt1kIOSkj1qZzYLzq7Tos/oUUWvotUPQLlrsidqsK6tBH89Bc9kL5zHA6w==" + "integrity": "sha512-ji9qxRnOVfcuLDySj9qzhGSEFVobyt1kIOSkj1qZzYLzq7Tos/oUUWvotUPQLlrsidqsK6tBH89Bc9kL5zHA6w==", + "deprecated": "Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility" }, - "stack-trace": { + "node_modules/stack-trace": { "version": "0.0.10", "resolved": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", - "integrity": "sha512-KGzahc7puUKkzyMt+IqAep+TVNbKP+k2Lmwhub39m1AsTSkaDutx56aDCo+HLDzf/D26BIHTJWNiTG1KAJiQCg==" + "integrity": "sha512-KGzahc7puUKkzyMt+IqAep+TVNbKP+k2Lmwhub39m1AsTSkaDutx56aDCo+HLDzf/D26BIHTJWNiTG1KAJiQCg==", + "engines": { + "node": "*" + } }, - "stack-utils": { + "node_modules/stack-utils": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", "integrity": "sha512-XlkWvfIm6RmsWtNJx+uqtKLS8eqFbxUg0ZzLXqY0caEy9l7hruX8IpiDnjsLavoBgqCCR71TqWO8MaXYheJ3RQ==", - "requires": { + "dependencies": { "escape-string-regexp": "^2.0.0" }, - "dependencies": { - "escape-string-regexp": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", - "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==" - } + "engines": { + "node": ">=10" + } + }, + "node_modules/stack-utils/node_modules/escape-string-regexp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==", + "engines": { + "node": ">=8" } }, - "stackframe": { + "node_modules/stackframe": { "version": "1.3.4", "resolved": "https://registry.npmjs.org/stackframe/-/stackframe-1.3.4.tgz", "integrity": "sha512-oeVtt7eWQS+Na6F//S4kJ2K2VbRlS9D43mAlMyVpVWovy9o+jfgH8O9agzANzaiLjclA0oYzUXEM4PurhSUChw==" }, - "static-eval": { + "node_modules/static-eval": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/static-eval/-/static-eval-2.0.2.tgz", "integrity": "sha512-N/D219Hcr2bPjLxPiV+TQE++Tsmrady7TqAJugLy7Xk1EumfDWS/f5dtBbkRCGE7wKKXuYockQoj8Rm2/pVKyg==", - "requires": { + "dependencies": { "escodegen": "^1.8.1" } }, - "statuses": { + "node_modules/statuses": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==" + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/string_decoder": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "dependencies": { + "safe-buffer": "~5.1.0" + } }, - "string-length": { + "node_modules/string-length": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", "integrity": "sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==", - "requires": { + "dependencies": { "char-regex": "^1.0.2", "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" } }, - "string-natural-compare": { + "node_modules/string-natural-compare": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/string-natural-compare/-/string-natural-compare-3.0.1.tgz", "integrity": "sha512-n3sPwynL1nwKi3WJ6AIsClwBMa0zTi54fn2oLU6ndfTSIO05xaznjSf15PcBZU6FNWbmN5Q6cxT4V5hGvB4taw==" }, - "string-strip-html": { + "node_modules/string-strip-html": { "version": "8.5.0", "resolved": "https://registry.npmjs.org/string-strip-html/-/string-strip-html-8.5.0.tgz", - "integrity": "sha512-5ICsK1B1j0A3AF1d45m0sqQCcmi1Q+t1QpF+b794LO5FTHV+ITkGR5C+UCDJQZgs5LMuRruqr6j48PxQVIurJQ==" + "integrity": "sha512-5ICsK1B1j0A3AF1d45m0sqQCcmi1Q+t1QpF+b794LO5FTHV+ITkGR5C+UCDJQZgs5LMuRruqr6j48PxQVIurJQ==", + "engines": { + "node": ">=14" + } }, - "string-width": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.0.tgz", - "integrity": "sha512-zUz5JD+tgqtuDjMhwIg5uFVV3dtqZ9yQJlZVfq4I01/K5Paj5UHj7VyrQOJvzawSVlKpObApbfD0Ed6yJc+1eg==", - "requires": { + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.0" + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/string-width-cjs": { + "name": "string-width", + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" } }, - "string.prototype.matchall": { + "node_modules/string.prototype.matchall": { "version": "4.0.10", "resolved": "https://registry.npmjs.org/string.prototype.matchall/-/string.prototype.matchall-4.0.10.tgz", "integrity": "sha512-rGXbGmOEosIQi6Qva94HUjgPs9vKW+dkG7Y8Q5O2OYkWL6wFaTRZO8zM4mhP94uX55wgyrXzfS2aGtGzUL7EJQ==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1", @@ -12819,127 +17983,175 @@ "regexp.prototype.flags": "^1.5.0", "set-function-name": "^2.0.0", "side-channel": "^1.0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "string.prototype.trim": { + "node_modules/string.prototype.trim": { "version": "1.2.8", "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.8.tgz", "integrity": "sha512-lfjY4HcixfQXOfaqCvcBuOIapyaroTXhbkfJN3gcB1OtyupngWK4sEET9Knd0cXd28kTUqu/kHoV4HKSJdnjiQ==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "string.prototype.trimend": { + "node_modules/string.prototype.trimend": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.7.tgz", "integrity": "sha512-Ni79DqeB72ZFq1uH/L6zJ+DKZTkOtPIHovb3YZHQViE+HDouuU4mBrLOLDn5Dde3RF8qw5qVETEjhu9locMLvA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "string.prototype.trimstart": { + "node_modules/string.prototype.trimstart": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.7.tgz", "integrity": "sha512-NGhtDFu3jCEm7B4Fy0DpLewdJQOZcQ0rGbwQ/+stjnrp2i+rlKeCvos9hOIeCmqwratM47OBxY7uFZzjxHXmrg==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "define-properties": "^1.2.0", "es-abstract": "^1.22.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "requires": { - "safe-buffer": "~5.1.0" - } - }, - "stringify-object": { + "node_modules/stringify-object": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz", "integrity": "sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw==", - "requires": { + "dependencies": { "get-own-enumerable-property-symbols": "^3.0.0", "is-obj": "^1.0.1", "is-regexp": "^1.0.0" + }, + "engines": { + "node": ">=4" } }, - "strip-ansi": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", - "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==", - "requires": { - "ansi-regex": "^5.0.0" + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi-cjs": { + "name": "strip-ansi", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" } }, - "strip-bom": { + "node_modules/strip-bom": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", - "integrity": "sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==" + "integrity": "sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==", + "engines": { + "node": ">=4" + } }, - "strip-comments": { + "node_modules/strip-comments": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/strip-comments/-/strip-comments-2.0.1.tgz", - "integrity": "sha512-ZprKx+bBLXv067WTCALv8SSz5l2+XhpYCsVtSqlMnkAXMWDq+/ekVbl1ghqP9rUHTzv6sm/DwCOiYutU/yp1fw==" + "integrity": "sha512-ZprKx+bBLXv067WTCALv8SSz5l2+XhpYCsVtSqlMnkAXMWDq+/ekVbl1ghqP9rUHTzv6sm/DwCOiYutU/yp1fw==", + "engines": { + "node": ">=10" + } }, - "strip-final-newline": { + "node_modules/strip-final-newline": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", - "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==" + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "engines": { + "node": ">=6" + } }, - "strip-indent": { + "node_modules/strip-indent": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", "integrity": "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==", - "requires": { + "dependencies": { "min-indent": "^1.0.0" + }, + "engines": { + "node": ">=8" } }, - "strip-json-comments": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", - "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=" - }, - "style-loader": { + "node_modules/style-loader": { "version": "3.3.3", "resolved": "https://registry.npmjs.org/style-loader/-/style-loader-3.3.3.tgz", - "integrity": "sha512-53BiGLXAcll9maCYtZi2RCQZKa8NQQai5C4horqKyRmHj9H7QmcUyucrH+4KW/gBQbXM2AsB0axoEcFZPlfPcw==" + "integrity": "sha512-53BiGLXAcll9maCYtZi2RCQZKa8NQQai5C4horqKyRmHj9H7QmcUyucrH+4KW/gBQbXM2AsB0axoEcFZPlfPcw==", + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + } }, - "style-to-js": { + "node_modules/style-to-js": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/style-to-js/-/style-to-js-1.1.1.tgz", "integrity": "sha512-RJ18Z9t2B02sYhZtfWKQq5uplVctgvjTfLWT7+Eb1zjUjIrWzX5SdlkwLGQozrqarTmEzJJ/YmdNJCUNI47elg==", - "requires": { + "dependencies": { "style-to-object": "0.3.0" } }, - "style-to-object": { + "node_modules/style-to-object": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/style-to-object/-/style-to-object-0.3.0.tgz", "integrity": "sha512-CzFnRRXhzWIdItT3OmF8SQfWyahHhjq3HwcMNCNLn+N7klOOqPjMeG/4JSu77D7ypZdGvSzvkrbyeTMizz2VrA==", - "requires": { + "dependencies": { "inline-style-parser": "0.1.1" } }, - "stylehacks": { + "node_modules/stylehacks": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/stylehacks/-/stylehacks-5.1.1.tgz", "integrity": "sha512-sBpcd5Hx7G6seo7b1LkpttvTz7ikD0LlH5RmdcBNb6fFR0Fl7LQwHDFr300q4cwUqi+IYrFGmsIHieMBfnN/Bw==", - "requires": { + "dependencies": { "browserslist": "^4.21.4", "postcss-selector-parser": "^6.0.4" + }, + "engines": { + "node": "^10 || ^12 || >=14.0" + }, + "peerDependencies": { + "postcss": "^8.2.15" } }, - "sucrase": { + "node_modules/sucrase": { "version": "3.34.0", "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.34.0.tgz", "integrity": "sha512-70/LQEZ07TEcxiU2dz51FKaE6hCTWC6vr7FOk3Gr0U60C3shtAN+H+BFr9XlYe5xqf3RA8nrc+VIwzCfnxuXJw==", - "requires": { + "dependencies": { "@jridgewell/gen-mapping": "^0.3.2", "commander": "^4.0.0", "glob": "7.1.6", @@ -12948,46 +18160,67 @@ "pirates": "^4.0.1", "ts-interface-checker": "^0.1.9" }, - "dependencies": { - "commander": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", - "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==" - } + "bin": { + "sucrase": "bin/sucrase", + "sucrase-node": "bin/sucrase-node" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/sucrase/node_modules/commander": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", + "engines": { + "node": ">= 6" } }, - "supports-color": { + "node_modules/supports-color": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "requires": { + "dependencies": { "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" } }, - "supports-hyperlinks": { + "node_modules/supports-hyperlinks": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", "integrity": "sha512-RpsAZlpWcDwOPQA22aCH4J0t7L8JmAvsCxfOSEwm7cQs3LshN36QaTkwd70DnBOXDWGssw2eUoc8CaRWT0XunA==", - "requires": { + "dependencies": { "has-flag": "^4.0.0", "supports-color": "^7.0.0" + }, + "engines": { + "node": ">=8" } }, - "supports-preserve-symlinks-flag": { + "node_modules/supports-preserve-symlinks-flag": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", - "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==" + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, - "svg-parser": { + "node_modules/svg-parser": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/svg-parser/-/svg-parser-2.0.4.tgz", "integrity": "sha512-e4hG1hRwoOdRb37cIMSgzNsxyzKfayW6VOflrwvR+/bzrkyxY/31WkbgnQpgtrNp1SdpJvpUAGTa/ZoiPNDuRQ==" }, - "svgo": { + "node_modules/svgo": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/svgo/-/svgo-1.3.2.tgz", "integrity": "sha512-yhy/sQYxR5BkC98CY7o31VGsg014AKLEPxdfhora76l36hD9Rdy5NZA/Ocn6yayNPgSamYdtX2rFJdcv07AYVw==", - "requires": { + "deprecated": "This SVGO version is no longer supported. Upgrade to v2.x.x.", + "dependencies": { "chalk": "^2.4.1", "coa": "^2.0.2", "css-select": "^2.0.0", @@ -13002,122 +18235,151 @@ "unquote": "~1.1.1", "util.promisify": "~1.0.0" }, + "bin": { + "svgo": "bin/svgo" + }, + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/svgo/node_modules/ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dependencies": { + "color-convert": "^1.9.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/svgo/node_modules/chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dependencies": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/svgo/node_modules/color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dependencies": { + "color-name": "1.1.3" + } + }, + "node_modules/svgo/node_modules/color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" + }, + "node_modules/svgo/node_modules/css-select": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz", + "integrity": "sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==", + "dependencies": { + "boolbase": "^1.0.0", + "css-what": "^3.2.1", + "domutils": "^1.7.0", + "nth-check": "^1.0.2" + } + }, + "node_modules/svgo/node_modules/css-what": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz", + "integrity": "sha512-ACUm3L0/jiZTqfzRM3Hi9Q8eZqd6IK37mMWPLz9PJxkLWllYeRf+EHUSHYEtFop2Eqytaq1FizFVh7XfBnXCDQ==", + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/svgo/node_modules/dom-serializer": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-0.2.2.tgz", + "integrity": "sha512-2/xPb3ORsQ42nHYiSunXkDjPLBaEj/xTwUO4B7XCZQTRk7EBtTOPaygh10YAAh2OI1Qrp6NWfpAhzswj0ydt9g==", "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" - }, - "css-select": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz", - "integrity": "sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==", - "requires": { - "boolbase": "^1.0.0", - "css-what": "^3.2.1", - "domutils": "^1.7.0", - "nth-check": "^1.0.2" - } - }, - "css-what": { - "version": "3.4.2", - "resolved": "https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz", - "integrity": "sha512-ACUm3L0/jiZTqfzRM3Hi9Q8eZqd6IK37mMWPLz9PJxkLWllYeRf+EHUSHYEtFop2Eqytaq1FizFVh7XfBnXCDQ==" - }, - "dom-serializer": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-0.2.2.tgz", - "integrity": "sha512-2/xPb3ORsQ42nHYiSunXkDjPLBaEj/xTwUO4B7XCZQTRk7EBtTOPaygh10YAAh2OI1Qrp6NWfpAhzswj0ydt9g==", - "requires": { - "domelementtype": "^2.0.1", - "entities": "^2.0.0" - }, - "dependencies": { - "domelementtype": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", - "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==" - } - } - }, - "domelementtype": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.3.1.tgz", - "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==" - }, - "domutils": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/domutils/-/domutils-1.7.0.tgz", - "integrity": "sha512-Lgd2XcJ/NjEw+7tFvfKxOzCYKZsdct5lczQ2ZaQY8Djz7pfAD3Gbp8ySJWtreII/vDlMVmxwa6pHmdxIYgttDg==", - "requires": { - "dom-serializer": "0", - "domelementtype": "1" - } - }, - "entities": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", - "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==" - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==" - }, - "nth-check": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz", - "integrity": "sha512-WeBOdju8SnzPN5vTUJYxYUxLeXpCaVP5i5e0LF8fg7WORF2Wd7wFX/pk0tYZk7s8T+J7VLy0Da6J1+wCT0AtHg==", - "requires": { - "boolbase": "~1.0.0" - } - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "requires": { - "has-flag": "^3.0.0" - } + "domelementtype": "^2.0.1", + "entities": "^2.0.0" + } + }, + "node_modules/svgo/node_modules/dom-serializer/node_modules/domelementtype": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fb55" } + ] + }, + "node_modules/svgo/node_modules/domelementtype": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.3.1.tgz", + "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==" + }, + "node_modules/svgo/node_modules/domutils": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-1.7.0.tgz", + "integrity": "sha512-Lgd2XcJ/NjEw+7tFvfKxOzCYKZsdct5lczQ2ZaQY8Djz7pfAD3Gbp8ySJWtreII/vDlMVmxwa6pHmdxIYgttDg==", + "dependencies": { + "dom-serializer": "0", + "domelementtype": "1" + } + }, + "node_modules/svgo/node_modules/entities": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==", + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/svgo/node_modules/has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", + "engines": { + "node": ">=4" + } + }, + "node_modules/svgo/node_modules/nth-check": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz", + "integrity": "sha512-WeBOdju8SnzPN5vTUJYxYUxLeXpCaVP5i5e0LF8fg7WORF2Wd7wFX/pk0tYZk7s8T+J7VLy0Da6J1+wCT0AtHg==", + "dependencies": { + "boolbase": "~1.0.0" + } + }, + "node_modules/svgo/node_modules/supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dependencies": { + "has-flag": "^3.0.0" + }, + "engines": { + "node": ">=4" } }, - "symbol-tree": { + "node_modules/symbol-tree": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==" }, - "tailwindcss": { + "node_modules/tailwindcss": { "version": "3.3.3", "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.3.tgz", "integrity": "sha512-A0KgSkef7eE4Mf+nKJ83i75TMyq8HqY3qmFIJSWy8bNt0v1lG7jUcpGpoTFxAwYcWOphcTBLPPJg+bDfhDf52w==", - "requires": { + "dependencies": { "@alloc/quick-lru": "^5.2.0", "arg": "^5.0.2", "chokidar": "^3.5.3", @@ -13141,328 +18403,369 @@ "resolve": "^1.22.2", "sucrase": "^3.32.0" }, - "dependencies": { - "arg": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", - "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==" - } + "bin": { + "tailwind": "lib/cli.js", + "tailwindcss": "lib/cli.js" + }, + "engines": { + "node": ">=14.0.0" } }, - "tapable": { + "node_modules/tailwindcss/node_modules/arg": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==" + }, + "node_modules/tapable": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz", - "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==" - }, - "tar": { - "version": "4.4.19", - "resolved": "https://registry.npmjs.org/tar/-/tar-4.4.19.tgz", - "integrity": "sha512-a20gEsvHnWe0ygBY8JbxoM4w3SJdhc7ZAuxkLqh+nvNQN2IOt0B5lLgM490X5Hl8FF0dl0tOf2ewFYAlIFgzVA==", - "requires": { - "chownr": "^1.1.4", - "fs-minipass": "^1.2.7", - "minipass": "^2.9.0", - "minizlib": "^1.3.3", - "mkdirp": "^0.5.5", - "safe-buffer": "^5.2.1", - "yallist": "^3.1.1" - }, - "dependencies": { - "fs-minipass": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-1.2.7.tgz", - "integrity": "sha512-GWSSJGFy4e9GUeCcbIkED+bgAoFyj7XF1mV8rma3QW4NIqX9Kyx79N/PF61H5udOV3aY1IaMLs6pGbH71nlCTA==", - "requires": { - "minipass": "^2.6.0" - } - }, - "minipass": { - "version": "2.9.0", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-2.9.0.tgz", - "integrity": "sha512-wxfUjg9WebH+CUDX/CdbRlh5SmfZiy/hpkxaRI16Y9W56Pa75sWgd/rvFilSgrauD9NyFymP/+JFV3KwzIsJeg==", - "requires": { - "safe-buffer": "^5.1.2", - "yallist": "^3.0.0" - } - }, - "minizlib": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-1.3.3.tgz", - "integrity": "sha512-6ZYMOEnmVsdCeTJVE0W9ZD+pVnE8h9Hma/iOwwRDsdQoePpoX56/8B6z3P9VNwppJuBKNRuFDRNRqRWexT9G9Q==", - "requires": { - "minipass": "^2.9.0" - } - }, - "safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" - } + "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==", + "engines": { + "node": ">=6" } }, - "tar-fs": { - "version": "1.16.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/tar-fs/-/tar-fs-1.16.3.tgz", - "integrity": "sha1-lmpiiEHaLEAQQGqCFny9Xgxy1Qk=", - "requires": { - "chownr": "^1.0.1", - "mkdirp": "^0.5.1", - "pump": "^1.0.0", - "tar-stream": "^1.1.2" - }, - "dependencies": { - "pump": { - "version": "1.0.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/pump/-/pump-1.0.3.tgz", - "integrity": "sha1-Xf6DEcM7v2/BgmH580cCxHwIqVQ=", - "requires": { - "end-of-stream": "^1.1.0", - "once": "^1.3.1" - } - } + "node_modules/tar": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", + "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "dependencies": { + "chownr": "^2.0.0", + "fs-minipass": "^2.0.0", + "minipass": "^5.0.0", + "minizlib": "^2.1.1", + "mkdirp": "^1.0.3", + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" } }, - "tar-stream": { - "version": "1.6.2", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/tar-stream/-/tar-stream-1.6.2.tgz", - "integrity": "sha1-jqVdqzeXIlPZqa+Q/c1VmuQ1xVU=", - "requires": { - "bl": "^1.0.0", - "buffer-alloc": "^1.2.0", - "end-of-stream": "^1.0.0", + "node_modules/tar-fs": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.1.tgz", + "integrity": "sha512-V0r2Y9scmbDRLCNex/+hYzvp/zyYjvFbHPNgVTKfQvVrb6guiE/fxP+XblDNR011utopbkex2nM4dHNV6GDsng==", + "dependencies": { + "chownr": "^1.1.1", + "mkdirp-classic": "^0.5.2", + "pump": "^3.0.0", + "tar-stream": "^2.1.4" + } + }, + "node_modules/tar-fs/node_modules/chownr": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz", + "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==" + }, + "node_modules/tar-stream": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz", + "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==", + "dependencies": { + "bl": "^4.0.3", + "end-of-stream": "^1.4.1", "fs-constants": "^1.0.0", - "readable-stream": "^2.3.0", - "to-buffer": "^1.1.1", - "xtend": "^4.0.0" - }, - "dependencies": { - "readable-stream": { - "version": "2.3.7", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha1-Hsoc9xGu+BTAT2IlKjamL2yyO1c=", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha1-nPFhG6YmhdcDCunkujQUnDrwP8g=", - "requires": { - "safe-buffer": "~5.1.0" - } - } + "inherits": "^2.0.3", + "readable-stream": "^3.1.1" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/tar/node_modules/fs-minipass": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", + "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", + "dependencies": { + "minipass": "^3.0.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/tar/node_modules/fs-minipass/node_modules/minipass": { + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", + "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/tar/node_modules/minipass": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", + "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==", + "engines": { + "node": ">=8" } }, - "temp-dir": { + "node_modules/tar/node_modules/mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", + "bin": { + "mkdirp": "bin/cmd.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/tar/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, + "node_modules/temp-dir": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/temp-dir/-/temp-dir-2.0.0.tgz", - "integrity": "sha512-aoBAniQmmwtcKp/7BzsH8Cxzv8OL736p7v1ihGb5e9DJ9kTwGWHrQrVB5+lfVDzfGrdRzXch+ig7LHaY1JTOrg==" + "integrity": "sha512-aoBAniQmmwtcKp/7BzsH8Cxzv8OL736p7v1ihGb5e9DJ9kTwGWHrQrVB5+lfVDzfGrdRzXch+ig7LHaY1JTOrg==", + "engines": { + "node": ">=8" + } }, - "tempy": { + "node_modules/tempy": { "version": "0.6.0", "resolved": "https://registry.npmjs.org/tempy/-/tempy-0.6.0.tgz", "integrity": "sha512-G13vtMYPT/J8A4X2SjdtBTphZlrp1gKv6hZiOjw14RCWg6GbHuQBGtjlx75xLbYV/wEc0D7G5K4rxKP/cXk8Bw==", - "requires": { + "dependencies": { "is-stream": "^2.0.0", "temp-dir": "^2.0.0", "type-fest": "^0.16.0", "unique-string": "^2.0.0" }, - "dependencies": { - "type-fest": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.16.0.tgz", - "integrity": "sha512-eaBzG6MxNzEn9kiwvtre90cXaNLkmadMWa1zQMs3XORCXNbsH/OewwbxC5ia9dCxIxnTAsSxXJaa/p5y8DlvJg==" - } + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "terminal-link": { + "node_modules/tempy/node_modules/type-fest": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.16.0.tgz", + "integrity": "sha512-eaBzG6MxNzEn9kiwvtre90cXaNLkmadMWa1zQMs3XORCXNbsH/OewwbxC5ia9dCxIxnTAsSxXJaa/p5y8DlvJg==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/terminal-link": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", "integrity": "sha512-un0FmiRUQNr5PJqy9kP7c40F5BOfpGlYTrxonDChEZB7pzZxRNp/bt+ymiy9/npwXya9KH99nJ/GXFIiUkYGFQ==", - "requires": { + "dependencies": { "ansi-escapes": "^4.2.1", "supports-hyperlinks": "^2.0.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "terser": { + "node_modules/terser": { "version": "5.22.0", "resolved": "https://registry.npmjs.org/terser/-/terser-5.22.0.tgz", "integrity": "sha512-hHZVLgRA2z4NWcN6aS5rQDc+7Dcy58HOf2zbYwmFcQ+ua3h6eEFf5lIDKTzbWwlazPyOZsFQO8V80/IjVNExEw==", - "requires": { + "dependencies": { "@jridgewell/source-map": "^0.3.3", "acorn": "^8.8.2", "commander": "^2.20.0", "source-map-support": "~0.5.20" }, - "dependencies": { - "commander": { - "version": "2.20.3", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", - "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==" - } + "bin": { + "terser": "bin/terser" + }, + "engines": { + "node": ">=10" } }, - "terser-webpack-plugin": { + "node_modules/terser-webpack-plugin": { "version": "5.3.9", "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.9.tgz", "integrity": "sha512-ZuXsqE07EcggTWQjXUj+Aot/OMcD0bMKGgF63f7UxYcu5/AJF53aIpK1YoP5xR9l6s/Hy2b+t1AM0bLNPRuhwA==", - "requires": { + "dependencies": { "@jridgewell/trace-mapping": "^0.3.17", "jest-worker": "^27.4.5", "schema-utils": "^3.1.1", "serialize-javascript": "^6.0.1", "terser": "^5.16.8" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.1.0" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "esbuild": { + "optional": true + }, + "uglify-js": { + "optional": true + } } }, - "test-exclude": { + "node_modules/terser/node_modules/commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==" + }, + "node_modules/test-exclude": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==", - "requires": { + "dependencies": { "@istanbuljs/schema": "^0.1.2", "glob": "^7.1.4", "minimatch": "^3.0.4" + }, + "engines": { + "node": ">=8" } }, - "text-hex": { + "node_modules/text-hex": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", "integrity": "sha512-uuVGNWzgJ4yhRaNSiubPY7OjISw4sw4E5Uv0wbjp+OzcbmVU/rsT8ujgcXJhn9ypzsgr5vlzpPqP+MBBKcGvbg==" }, - "text-table": { + "node_modules/text-table": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==" }, - "thenify": { + "node_modules/thenify": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", "integrity": "sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==", - "requires": { + "dependencies": { "any-promise": "^1.0.0" } }, - "thenify-all": { + "node_modules/thenify-all": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", "integrity": "sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==", - "requires": { + "dependencies": { "thenify": ">= 3.1.0 < 4" + }, + "engines": { + "node": ">=0.8" } }, - "throat": { + "node_modules/throat": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/throat/-/throat-6.0.2.tgz", "integrity": "sha512-WKexMoJj3vEuK0yFEapj8y64V0A6xcuPuK9Gt1d0R+dzCSJc0lHqQytAbSB4cDAK0dWh4T0E2ETkoLE2WZ41OQ==" }, - "thunky": { + "node_modules/thunky": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/thunky/-/thunky-1.1.0.tgz", "integrity": "sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==" }, - "tiny-invariant": { + "node_modules/tiny-invariant": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.1.tgz", "integrity": "sha512-AD5ih2NlSssTCwsMznbvwMZpJ1cbhkGd2uueNxzv2jDlEeZdU04JQfRnggJQ8DrcVBGjAsCKwFBbDlVNtEMlzw==" }, - "tiny-warning": { + "node_modules/tiny-warning": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz", "integrity": "sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA==" }, - "tmp": { + "node_modules/tmp": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz", "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==", "dev": true, - "requires": { + "dependencies": { "rimraf": "^3.0.0" + }, + "engines": { + "node": ">=8.17.0" } }, - "tmp-promise": { + "node_modules/tmp-promise": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-3.0.3.tgz", "integrity": "sha512-RwM7MoPojPxsOBYnyd2hy0bxtIlVrihNs9pj5SUvY8Zz1sQcQG2tG1hSr8PDxfgEB8RNKDhqbIlroIarSNDNsQ==", "dev": true, - "requires": { + "dependencies": { "tmp": "^0.2.0" } }, - "tmpl": { + "node_modules/tmpl": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==" }, - "to-buffer": { - "version": "1.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/to-buffer/-/to-buffer-1.1.1.tgz", - "integrity": "sha1-STvUj2LXxD/N7TE6A9ytsuEhOoA=" - }, - "to-fast-properties": { + "node_modules/to-fast-properties": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", - "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==" - }, - "to-readable-stream": { - "version": "2.1.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/to-readable-stream/-/to-readable-stream-2.1.0.tgz", - "integrity": "sha1-gogDFhIb6mYs3CJq2zCt21DLBug=" + "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==", + "engines": { + "node": ">=4" + } }, - "to-regex-range": { + "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", - "requires": { + "dependencies": { "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" } }, - "toidentifier": { + "node_modules/toidentifier": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", - "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==" - }, - "tough-cookie": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz", - "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==", - "requires": { - "psl": "^1.1.28", - "punycode": "^2.1.1" + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "engines": { + "node": ">=0.6" } }, - "tr46": { + "node_modules/tr46": { "version": "0.0.3", "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" }, - "triple-beam": { + "node_modules/triple-beam": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", - "integrity": "sha512-aZbgViZrg1QNcG+LULa7nhZpJTZSLm/mXnHXnbAbjmN5aSa0y7V+wvv6+4WaBtpISJzThKy+PIPxc1Nq1EJ9mg==" + "integrity": "sha512-aZbgViZrg1QNcG+LULa7nhZpJTZSLm/mXnHXnbAbjmN5aSa0y7V+wvv6+4WaBtpISJzThKy+PIPxc1Nq1EJ9mg==", + "engines": { + "node": ">= 14.0.0" + } }, - "tryer": { + "node_modules/tryer": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/tryer/-/tryer-1.0.1.tgz", "integrity": "sha512-c3zayb8/kWWpycWYg87P71E1S1ZL6b6IJxfb5fvsUgsf0S2MVGaDhDXXjDMpdCpfWXqptc+4mXwmiy1ypXqRAA==" }, - "ts-interface-checker": { + "node_modules/ts-interface-checker": { "version": "0.1.13", "resolved": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", "integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==" }, - "ts-node": { + "node_modules/ts-node": { "version": "10.9.1", "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.1.tgz", "integrity": "sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw==", - "requires": { + "dependencies": { "@cspotcode/source-map-support": "^0.8.0", "@tsconfig/node10": "^1.0.7", "@tsconfig/node12": "^1.0.7", @@ -13477,377 +18780,522 @@ "v8-compile-cache-lib": "^3.0.1", "yn": "3.1.1" }, - "dependencies": { - "acorn-walk": { - "version": "8.2.0", - "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.2.0.tgz", - "integrity": "sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==" + "bin": { + "ts-node": "dist/bin.js", + "ts-node-cwd": "dist/bin-cwd.js", + "ts-node-esm": "dist/bin-esm.js", + "ts-node-script": "dist/bin-script.js", + "ts-node-transpile-only": "dist/bin-transpile.js", + "ts-script": "dist/bin-script-deprecated.js" + }, + "peerDependencies": { + "@swc/core": ">=1.2.50", + "@swc/wasm": ">=1.2.50", + "@types/node": "*", + "typescript": ">=2.7" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "@swc/wasm": { + "optional": true } } }, - "tsconfig-paths": { + "node_modules/ts-node/node_modules/acorn-walk": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.2.0.tgz", + "integrity": "sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/tsconfig-paths": { "version": "3.14.2", "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.2.tgz", "integrity": "sha512-o/9iXgCYc5L/JxCHPe3Hvh8Q/2xm5Z+p18PESBU6Ff33695QnCHBEjcytY2q19ua7Mbl/DavtBOLq+oG0RCL+g==", - "requires": { + "dependencies": { "@types/json5": "^0.0.29", "json5": "^1.0.2", "minimist": "^1.2.6", "strip-bom": "^3.0.0" - }, + } + }, + "node_modules/tsconfig-paths/node_modules/json5": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", "dependencies": { - "json5": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", - "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", - "requires": { - "minimist": "^1.2.0" - } - } + "minimist": "^1.2.0" + }, + "bin": { + "json5": "lib/cli.js" } }, - "tslib": { + "node_modules/tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" }, - "tsutils": { + "node_modules/tsutils": { "version": "3.21.0", "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", "integrity": "sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==", - "requires": { + "dependencies": { "tslib": "^1.8.1" + }, + "engines": { + "node": ">= 6" + }, + "peerDependencies": { + "typescript": ">=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta" } }, - "tunnel-agent": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", - "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=", - "requires": { - "safe-buffer": "^5.0.1" - } - }, - "tweetnacl": { - "version": "0.14.5", - "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz", - "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=" - }, - "type-check": { + "node_modules/type-check": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==", - "requires": { + "dependencies": { "prelude-ls": "~1.1.2" + }, + "engines": { + "node": ">= 0.8.0" } }, - "type-detect": { + "node_modules/type-detect": { "version": "4.0.8", "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", - "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==" + "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", + "engines": { + "node": ">=4" + } }, - "type-fest": { + "node_modules/type-fest": { "version": "0.20.2", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", - "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==" + "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, - "type-is": { + "node_modules/type-is": { "version": "1.6.18", "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", - "requires": { + "dependencies": { "media-typer": "0.3.0", "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" } }, - "typed-array-buffer": { + "node_modules/typed-array-buffer": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.0.tgz", "integrity": "sha512-Y8KTSIglk9OZEr8zywiIHG/kmQ7KWyjseXs1CbSo8vC42w7hg2HgYTxSWwP0+is7bWDc1H+Fo026CpHFwm8tkw==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "get-intrinsic": "^1.2.1", "is-typed-array": "^1.1.10" + }, + "engines": { + "node": ">= 0.4" } }, - "typed-array-byte-length": { + "node_modules/typed-array-byte-length": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/typed-array-byte-length/-/typed-array-byte-length-1.0.0.tgz", "integrity": "sha512-Or/+kvLxNpeQ9DtSydonMxCx+9ZXOswtwJn17SNLvhptaXYDJvkFFP5zbfU/uLmvnBJlI4yrnXRxpdWH/M5tNA==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "for-each": "^0.3.3", "has-proto": "^1.0.1", "is-typed-array": "^1.1.10" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "typed-array-byte-offset": { + "node_modules/typed-array-byte-offset": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/typed-array-byte-offset/-/typed-array-byte-offset-1.0.0.tgz", "integrity": "sha512-RD97prjEt9EL8YgAgpOkf3O4IF9lhJFr9g0htQkm0rchFp/Vx7LW5Q8fSXXub7BXAODyUQohRMyOc3faCPd0hg==", - "requires": { + "dependencies": { "available-typed-arrays": "^1.0.5", "call-bind": "^1.0.2", "for-each": "^0.3.3", "has-proto": "^1.0.1", "is-typed-array": "^1.1.10" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "typed-array-length": { + "node_modules/typed-array-length": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/typed-array-length/-/typed-array-length-1.0.4.tgz", "integrity": "sha512-KjZypGq+I/H7HI5HlOoGHkWUUGq+Q0TPhQurLbyrVrvnKTBgzLhIJ7j6J/XTQOi0d1RjyZ0wdas8bKs2p0x3Ng==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "for-each": "^0.3.3", "is-typed-array": "^1.1.9" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "typedarray-to-buffer": { + "node_modules/typedarray-to-buffer": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz", "integrity": "sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==", - "requires": { + "dependencies": { "is-typedarray": "^1.0.0" } }, - "typescript": { + "node_modules/typescript": { "version": "4.9.5", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", - "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==" + "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=4.2.0" + } }, - "unbox-primitive": { + "node_modules/unbox-primitive": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz", "integrity": "sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==", - "requires": { + "dependencies": { "call-bind": "^1.0.2", "has-bigints": "^1.0.2", "has-symbols": "^1.0.3", "which-boxed-primitive": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "underscore": { + "node_modules/underscore": { "version": "1.12.1", "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.12.1.tgz", "integrity": "sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw==" }, - "unicode-canonical-property-names-ecmascript": { + "node_modules/unicode-canonical-property-names-ecmascript": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.0.tgz", - "integrity": "sha512-yY5PpDlfVIU5+y/BSCxAJRBIS1Zc2dDG3Ujq+sR0U+JjUevW2JhocOF+soROYDSaAezOzOKuyyixhD6mBknSmQ==" + "integrity": "sha512-yY5PpDlfVIU5+y/BSCxAJRBIS1Zc2dDG3Ujq+sR0U+JjUevW2JhocOF+soROYDSaAezOzOKuyyixhD6mBknSmQ==", + "engines": { + "node": ">=4" + } }, - "unicode-match-property-ecmascript": { + "node_modules/unicode-match-property-ecmascript": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-2.0.0.tgz", "integrity": "sha512-5kaZCrbp5mmbz5ulBkDkbY0SsPOjKqVS35VpL9ulMPfSl0J0Xsm+9Evphv9CoIZFwre7aJoa94AY6seMKGVN5Q==", - "requires": { + "dependencies": { "unicode-canonical-property-names-ecmascript": "^2.0.0", "unicode-property-aliases-ecmascript": "^2.0.0" + }, + "engines": { + "node": ">=4" } }, - "unicode-match-property-value-ecmascript": { + "node_modules/unicode-match-property-value-ecmascript": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.1.0.tgz", - "integrity": "sha512-qxkjQt6qjg/mYscYMC0XKRn3Rh0wFPlfxB0xkt9CfyTvpX1Ra0+rAmdX2QyAobptSEvuy4RtpPRui6XkV+8wjA==" + "integrity": "sha512-qxkjQt6qjg/mYscYMC0XKRn3Rh0wFPlfxB0xkt9CfyTvpX1Ra0+rAmdX2QyAobptSEvuy4RtpPRui6XkV+8wjA==", + "engines": { + "node": ">=4" + } }, - "unicode-property-aliases-ecmascript": { + "node_modules/unicode-property-aliases-ecmascript": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz", - "integrity": "sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w==" + "integrity": "sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w==", + "engines": { + "node": ">=4" + } + }, + "node_modules/unique-filename": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/unique-filename/-/unique-filename-3.0.0.tgz", + "integrity": "sha512-afXhuC55wkAmZ0P18QsVE6kp8JaxrEokN2HGIoIVv2ijHQd419H0+6EigAFcIzXeMIkcIkNBpB3L/DXB3cTS/g==", + "dependencies": { + "unique-slug": "^4.0.0" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, + "node_modules/unique-slug": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/unique-slug/-/unique-slug-4.0.0.tgz", + "integrity": "sha512-WrcA6AyEfqDX5bWige/4NQfPZMtASNVxdmWR76WESYQVAACSgWcR6e9i0mofqqBxYFtL4oAxPIptY73/0YE1DQ==", + "dependencies": { + "imurmurhash": "^0.1.4" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } }, - "unique-string": { + "node_modules/unique-string": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/unique-string/-/unique-string-2.0.0.tgz", "integrity": "sha512-uNaeirEPvpZWSgzwsPGtU2zVSTrn/8L5q/IexZmH0eH6SA73CmAA5U4GwORTxQAZs95TAXLNqeLoPPNO5gZfWg==", - "requires": { + "dependencies": { "crypto-random-string": "^2.0.0" + }, + "engines": { + "node": ">=8" } }, - "universal-user-agent": { + "node_modules/universal-user-agent": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" }, - "universalify": { + "node_modules/universalify": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", - "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==" + "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==", + "engines": { + "node": ">= 4.0.0" + } }, - "unpipe": { + "node_modules/unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", - "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==" + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "engines": { + "node": ">= 0.8" + } }, - "unquote": { + "node_modules/unquote": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/unquote/-/unquote-1.1.1.tgz", "integrity": "sha512-vRCqFv6UhXpWxZPyGDh/F3ZpNv8/qo7w6iufLpQg9aKnQ71qM4B5KiI7Mia9COcjEhrO9LueHpMYjYzsWH3OIg==" }, - "unxhr": { + "node_modules/unxhr": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/unxhr/-/unxhr-1.0.1.tgz", - "integrity": "sha512-MAhukhVHyaLGDjyDYhy8gVjWJyhTECCdNsLwlMoGFoNJ3o79fpQhtQuzmAE4IxCMDwraF4cW8ZjpAV0m9CRQbg==" + "integrity": "sha512-MAhukhVHyaLGDjyDYhy8gVjWJyhTECCdNsLwlMoGFoNJ3o79fpQhtQuzmAE4IxCMDwraF4cW8ZjpAV0m9CRQbg==", + "engines": { + "node": ">=8.11" + } }, - "upath": { + "node_modules/upath": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/upath/-/upath-1.2.0.tgz", - "integrity": "sha512-aZwGpamFO61g3OlfT7OQCHqhGnW43ieH9WZeP7QxN/G/jS4jfqUkZxoryvJgVPEcrl5NL/ggHsSmLMHuH64Lhg==" + "integrity": "sha512-aZwGpamFO61g3OlfT7OQCHqhGnW43ieH9WZeP7QxN/G/jS4jfqUkZxoryvJgVPEcrl5NL/ggHsSmLMHuH64Lhg==", + "engines": { + "node": ">=4", + "yarn": "*" + } }, - "update-browserslist-db": { + "node_modules/update-browserslist-db": { "version": "1.0.13", "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", "integrity": "sha512-xebP81SNcPuNpPP3uzeW1NYXxI3rxyJzF3pD6sH4jE7o/IX+WtSpwnVU+qIsDPyk0d3hmFQ7mjqc6AtV604hbg==", - "requires": { + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { "escalade": "^3.1.1", "picocolors": "^1.0.0" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" } }, - "uri-js": { + "node_modules/uri-js": { "version": "4.4.1", "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", - "requires": { + "dependencies": { "punycode": "^2.1.0" } }, - "url-parse": { + "node_modules/url-parse": { "version": "1.5.10", "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", - "requires": { + "dependencies": { "querystringify": "^2.1.1", "requires-port": "^1.0.0" } }, - "util-deprecate": { + "node_modules/util-deprecate": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=" }, - "util.promisify": { + "node_modules/util.promisify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/util.promisify/-/util.promisify-1.0.1.tgz", "integrity": "sha512-g9JpC/3He3bm38zsLupWryXHoEcS22YHthuPQSJdMy6KNrzIRzWqcsHzD/WUnqe45whVou4VIsPew37DoXWNrA==", - "requires": { + "dependencies": { "define-properties": "^1.1.3", "es-abstract": "^1.17.2", "has-symbols": "^1.0.1", "object.getownpropertydescriptors": "^2.1.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "utila": { + "node_modules/utila": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/utila/-/utila-0.4.0.tgz", "integrity": "sha512-Z0DbgELS9/L/75wZbro8xAnT50pBVFQZ+hUEueGDU5FN51YSCYM+jdxsfCiHjwNP/4LCDD0i/graKpeBnOXKRA==" }, - "utils-merge": { + "node_modules/utils-merge": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==" - }, - "uuid": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", - "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==" + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", + "engines": { + "node": ">= 0.4.0" + } }, - "v8-compile-cache-lib": { + "node_modules/v8-compile-cache-lib": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==" }, - "v8-to-istanbul": { + "node_modules/v8-to-istanbul": { "version": "8.1.1", "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-8.1.1.tgz", "integrity": "sha512-FGtKtv3xIpR6BYhvgH8MI/y78oT7d8Au3ww4QIxymrCtZEh5b8gCw2siywE+puhEmuWKDtmfrvF5UlB298ut3w==", - "requires": { + "dependencies": { "@types/istanbul-lib-coverage": "^2.0.1", "convert-source-map": "^1.6.0", "source-map": "^0.7.3" }, - "dependencies": { - "convert-source-map": { - "version": "1.9.0", - "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", - "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==" - } + "engines": { + "node": ">=10.12.0" } }, - "value-equal": { + "node_modules/v8-to-istanbul/node_modules/convert-source-map": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==" + }, + "node_modules/value-equal": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz", "integrity": "sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw==" }, - "vary": { + "node_modules/vary": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==" + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "engines": { + "node": ">= 0.8" + } }, - "verror": { + "node_modules/verror": { "version": "1.10.1", "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.1.tgz", "integrity": "sha512-veufcmxri4e3XSrT0xwfUR7kguIkaxBeosDg00yDWhk49wdwkSUrvvsm7nc75e1PUyvIeZj6nS8VQRYz2/S4Xg==", - "requires": { + "dependencies": { "assert-plus": "^1.0.0", "core-util-is": "1.0.2", "extsprintf": "^1.2.0" + }, + "engines": { + "node": ">=0.6.0" } }, - "w3c-hr-time": { + "node_modules/w3c-hr-time": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz", "integrity": "sha512-z8P5DvDNjKDoFIHK7q8r8lackT6l+jo/Ye3HOle7l9nICP9lf1Ci25fy9vHd0JOWewkIFzXIEig3TdKT7JQ5fQ==", - "requires": { + "deprecated": "Use your platform's native performance.now() and performance.timeOrigin.", + "dependencies": { "browser-process-hrtime": "^1.0.0" } }, - "w3c-xmlserializer": { + "node_modules/w3c-xmlserializer": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-2.0.0.tgz", "integrity": "sha512-4tzD0mF8iSiMiNs30BiLO3EpfGLZUT2MSX/G+o7ZywDzliWQ3OPtTZ0PTC3B3ca1UAf4cJMHB+2Bf56EriJuRA==", - "requires": { + "dependencies": { "xml-name-validator": "^3.0.0" + }, + "engines": { + "node": ">=10" } }, - "walker": { + "node_modules/walker": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", "integrity": "sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==", - "requires": { + "dependencies": { "makeerror": "1.0.12" } }, - "watchpack": { + "node_modules/watchpack": { "version": "2.4.0", "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.0.tgz", "integrity": "sha512-Lcvm7MGST/4fup+ifyKi2hjyIAwcdI4HRgtvTpIUxBRhB+RFtUh8XtDOxUfctVCnhVi+QQj49i91OyvzkJl6cg==", - "requires": { + "dependencies": { "glob-to-regexp": "^0.4.1", "graceful-fs": "^4.1.2" + }, + "engines": { + "node": ">=10.13.0" } }, - "wbuf": { + "node_modules/wbuf": { "version": "1.7.3", "resolved": "https://registry.npmjs.org/wbuf/-/wbuf-1.7.3.tgz", "integrity": "sha512-O84QOnr0icsbFGLS0O3bI5FswxzRr8/gHwWkDlQFskhSPryQXvrTMxjxGP4+iWYoauLoBvfDpkrOauZ+0iZpDA==", - "requires": { + "dependencies": { "minimalistic-assert": "^1.0.0" } }, - "web-vitals": { + "node_modules/web-vitals": { "version": "0.2.4", "resolved": "https://registry.npmjs.org/web-vitals/-/web-vitals-0.2.4.tgz", "integrity": "sha512-6BjspCO9VriYy12z356nL6JBS0GYeEcA457YyRzD+dD6XYCQ75NKhcOHUMHentOE7OcVCIXXDvOm0jKFfQG2Gg==" }, - "webidl-conversions": { + "node_modules/webidl-conversions": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" }, - "webpack": { + "node_modules/webpack": { "version": "5.89.0", "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.89.0.tgz", "integrity": "sha512-qyfIC10pOr70V+jkmud8tMfajraGCZMBWJtrmuBymQKCrLTRejBI8STDp1MCyZu/QTdZSeacCQYpYNQVOzX5kw==", - "requires": { + "dependencies": { "@types/eslint-scope": "^3.7.3", "@types/estree": "^1.0.0", "@webassemblyjs/ast": "^1.11.5", @@ -13873,72 +19321,98 @@ "watchpack": "^2.4.0", "webpack-sources": "^3.2.3" }, - "dependencies": { - "eslint-scope": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", - "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", - "requires": { - "esrecurse": "^4.3.0", - "estraverse": "^4.1.1" - } + "bin": { + "webpack": "bin/webpack.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependenciesMeta": { + "webpack-cli": { + "optional": true } } }, - "webpack-dev-middleware": { + "node_modules/webpack-dev-middleware": { "version": "5.3.3", "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.3.tgz", "integrity": "sha512-hj5CYrY0bZLB+eTO+x/j67Pkrquiy7kWepMHmUMoPsmcUaeEnQJqFzHJOyxgWlq746/wUuA64p9ta34Kyb01pA==", - "requires": { + "dependencies": { "colorette": "^2.0.10", "memfs": "^3.4.3", "mime-types": "^2.1.31", "range-parser": "^1.2.1", "schema-utils": "^4.0.0" }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/webpack-dev-middleware/node_modules/ajv": { + "version": "8.12.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", + "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", "dependencies": { - "ajv": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", - "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", - "requires": { - "fast-deep-equal": "^3.1.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" - } - }, - "ajv-keywords": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", - "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", - "requires": { - "fast-deep-equal": "^3.1.3" - } - }, - "json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" - }, - "schema-utils": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", - "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", - "requires": { - "@types/json-schema": "^7.0.9", - "ajv": "^8.9.0", - "ajv-formats": "^2.1.1", - "ajv-keywords": "^5.1.0" - } - } + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/webpack-dev-middleware/node_modules/ajv-keywords": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", + "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", + "dependencies": { + "fast-deep-equal": "^3.1.3" + }, + "peerDependencies": { + "ajv": "^8.8.2" + } + }, + "node_modules/webpack-dev-middleware/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, + "node_modules/webpack-dev-middleware/node_modules/schema-utils": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", + "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", + "dependencies": { + "@types/json-schema": "^7.0.9", + "ajv": "^8.9.0", + "ajv-formats": "^2.1.1", + "ajv-keywords": "^5.1.0" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" } }, - "webpack-dev-server": { + "node_modules/webpack-dev-server": { "version": "4.15.1", "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.1.tgz", "integrity": "sha512-5hbAst3h3C3L8w6W4P96L5vaV0PxSmJhxZvWKYIdgxOQm8pNZ5dEOmmSLBVpP85ReeyRt6AS1QJNyo/oFFPeVA==", - "requires": { + "dependencies": { "@types/bonjour": "^3.5.9", "@types/connect-history-api-fallback": "^1.3.5", "@types/express": "^4.17.13", @@ -13970,146 +19444,231 @@ "webpack-dev-middleware": "^5.3.1", "ws": "^8.13.0" }, - "dependencies": { - "ajv": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", - "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", - "requires": { - "fast-deep-equal": "^3.1.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" - } - }, - "ajv-keywords": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", - "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", - "requires": { - "fast-deep-equal": "^3.1.3" - } - }, - "json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + "bin": { + "webpack-dev-server": "bin/webpack-dev-server.js" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.37.0 || ^5.0.0" + }, + "peerDependenciesMeta": { + "webpack": { + "optional": true }, - "schema-utils": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", - "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", - "requires": { - "@types/json-schema": "^7.0.9", - "ajv": "^8.9.0", - "ajv-formats": "^2.1.1", - "ajv-keywords": "^5.1.0" - } + "webpack-cli": { + "optional": true + } + } + }, + "node_modules/webpack-dev-server/node_modules/ajv": { + "version": "8.12.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", + "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/webpack-dev-server/node_modules/ajv-keywords": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", + "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", + "dependencies": { + "fast-deep-equal": "^3.1.3" + }, + "peerDependencies": { + "ajv": "^8.8.2" + } + }, + "node_modules/webpack-dev-server/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, + "node_modules/webpack-dev-server/node_modules/schema-utils": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", + "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", + "dependencies": { + "@types/json-schema": "^7.0.9", + "ajv": "^8.9.0", + "ajv-formats": "^2.1.1", + "ajv-keywords": "^5.1.0" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/webpack-dev-server/node_modules/ws": { + "version": "8.14.2", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz", + "integrity": "sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==", + "engines": { + "node": ">=10.0.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": ">=5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true }, - "ws": { - "version": "8.14.2", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz", - "integrity": "sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==" + "utf-8-validate": { + "optional": true } } }, - "webpack-manifest-plugin": { + "node_modules/webpack-manifest-plugin": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/webpack-manifest-plugin/-/webpack-manifest-plugin-4.1.1.tgz", "integrity": "sha512-YXUAwxtfKIJIKkhg03MKuiFAD72PlrqCiwdwO4VEXdRO5V0ORCNwaOwAZawPZalCbmH9kBDmXnNeQOw+BIEiow==", - "requires": { + "dependencies": { "tapable": "^2.0.0", "webpack-sources": "^2.2.0" }, + "engines": { + "node": ">=12.22.0" + }, + "peerDependencies": { + "webpack": "^4.44.2 || ^5.47.0" + } + }, + "node_modules/webpack-manifest-plugin/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/webpack-manifest-plugin/node_modules/webpack-sources": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-2.3.1.tgz", + "integrity": "sha512-y9EI9AO42JjEcrTJFOYmVywVZdKVUfOvDUPsJea5GIr1JOEGFVqwlY2K098fFoIjOkDzHn2AjRvM8dsBZu+gCA==", "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - }, - "webpack-sources": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-2.3.1.tgz", - "integrity": "sha512-y9EI9AO42JjEcrTJFOYmVywVZdKVUfOvDUPsJea5GIr1JOEGFVqwlY2K098fFoIjOkDzHn2AjRvM8dsBZu+gCA==", - "requires": { - "source-list-map": "^2.0.1", - "source-map": "^0.6.1" - } - } + "source-list-map": "^2.0.1", + "source-map": "^0.6.1" + }, + "engines": { + "node": ">=10.13.0" } }, - "webpack-sources": { + "node_modules/webpack-sources": { "version": "3.2.3", "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz", - "integrity": "sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==" + "integrity": "sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==", + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/webpack/node_modules/eslint-scope": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^4.1.1" + }, + "engines": { + "node": ">=8.0.0" + } }, - "websocket-driver": { + "node_modules/websocket-driver": { "version": "0.7.4", "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz", "integrity": "sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==", - "requires": { + "dependencies": { "http-parser-js": ">=0.5.1", "safe-buffer": ">=5.1.0", "websocket-extensions": ">=0.1.1" + }, + "engines": { + "node": ">=0.8.0" } }, - "websocket-extensions": { + "node_modules/websocket-extensions": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz", - "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==" + "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==", + "engines": { + "node": ">=0.8.0" + } }, - "whatwg-encoding": { + "node_modules/whatwg-encoding": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-1.0.5.tgz", "integrity": "sha512-b5lim54JOPN9HtzvK9HFXvBma/rnfFeqsic0hSpjtDbVxR3dJKLc+KB4V6GgiGOvl7CY/KNh8rxSo9DKQrnUEw==", - "requires": { + "dependencies": { "iconv-lite": "0.4.24" } }, - "whatwg-fetch": { + "node_modules/whatwg-fetch": { "version": "3.6.19", "resolved": "https://registry.npmjs.org/whatwg-fetch/-/whatwg-fetch-3.6.19.tgz", "integrity": "sha512-d67JP4dHSbm2TrpFj8AbO8DnL1JXL5J9u0Kq2xW6d0TFDbCA3Muhdt8orXC22utleTVj7Prqt82baN6RBvnEgw==" }, - "whatwg-mimetype": { + "node_modules/whatwg-mimetype": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz", "integrity": "sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==" }, - "whatwg-url": { + "node_modules/whatwg-url": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { + "dependencies": { "tr46": "~0.0.3", "webidl-conversions": "^3.0.0" } }, - "which": { + "node_modules/which": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "requires": { + "dependencies": { "isexe": "^2.0.0" + }, + "bin": { + "which": "bin/which" } }, - "which-boxed-primitive": { + "node_modules/which-boxed-primitive": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", - "requires": { + "dependencies": { "is-bigint": "^1.0.1", "is-boolean-object": "^1.1.0", "is-number-object": "^1.0.4", "is-string": "^1.0.5", "is-symbol": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "which-builtin-type": { + "node_modules/which-builtin-type": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/which-builtin-type/-/which-builtin-type-1.1.3.tgz", "integrity": "sha512-YmjsSMDBYsM1CaFiayOVT06+KJeXf0o5M/CAd4o1lTadFAtacTUM49zoYxr/oroopFDfhvN6iEcBxUyc3gvKmw==", - "requires": { + "dependencies": { "function.prototype.name": "^1.1.5", "has-tostringtag": "^1.0.0", "is-async-function": "^2.0.0", @@ -14123,79 +19682,63 @@ "which-collection": "^1.0.1", "which-typed-array": "^1.1.9" }, - "dependencies": { - "isarray": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", - "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" - } + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "which-collection": { + "node_modules/which-builtin-type/node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, + "node_modules/which-collection": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/which-collection/-/which-collection-1.0.1.tgz", "integrity": "sha512-W8xeTUwaln8i3K/cY1nGXzdnVZlidBcagyNFtBdD5kxnb4TvGKR7FfSIS3mYpwWS1QUCutfKz8IY8RjftB0+1A==", - "requires": { + "dependencies": { "is-map": "^2.0.1", "is-set": "^2.0.1", "is-weakmap": "^2.0.1", "is-weakset": "^2.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "which-typed-array": { + "node_modules/which-typed-array": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.11.tgz", "integrity": "sha512-qe9UWWpkeG5yzZ0tNYxDmd7vo58HDBc39mZ0xWWpolAGADdFOzkfamWLDxkOWcvHQKVmdTyQdLD4NOfjLWTKew==", - "requires": { + "dependencies": { "available-typed-arrays": "^1.0.5", "call-bind": "^1.0.2", "for-each": "^0.3.3", "gopd": "^1.0.1", "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, - "wide-align": { - "version": "1.1.3", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/wide-align/-/wide-align-1.1.3.tgz", - "integrity": "sha1-rgdOa9wMFKQx6ATmJFScYzsABFc=", - "requires": { - "string-width": "^1.0.2 || 2" - }, + "node_modules/wide-align": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.5.tgz", + "integrity": "sha512-eDMORYaPNZ4sQIuuYPDHdQvf4gyCF9rEEV/yPxGfwPkRodwEgiMUUXTx/dex+Me0wxx53S+NgUHaP7y3MGlDmg==", "dependencies": { - "ansi-regex": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.1.tgz", - "integrity": "sha512-+O9Jct8wf++lXxxFc4hc8LsjaSq0HFzzL7cVsw8pRDIPdjKD2mT4ytDZlLuSBZ4cLKZFXIrMGO7DbQCtMJJMKw==" - }, - "is-fullwidth-code-point": { - "version": "2.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", - "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=" - }, - "string-width": { - "version": "2.1.1", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/string-width/-/string-width-2.1.1.tgz", - "integrity": "sha1-q5Pyeo3BPSjKyBXEYhQ6bZASrp4=", - "requires": { - "is-fullwidth-code-point": "^2.0.0", - "strip-ansi": "^4.0.0" - } - }, - "strip-ansi": { - "version": "4.0.0", - "resolved": "https://repox.jfrog.io/repox/api/npm/npm/strip-ansi/-/strip-ansi-4.0.0.tgz", - "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=", - "requires": { - "ansi-regex": "^3.0.0" - } - } + "string-width": "^1.0.2 || 2 || 3 || 4" } }, - "winston": { + "node_modules/winston": { "version": "3.11.0", "resolved": "https://registry.npmjs.org/winston/-/winston-3.11.0.tgz", "integrity": "sha512-L3yR6/MzZAOl0DsysUXHVjOwv8mKZ71TrA/41EIduGpOOV5LQVodqN+QdQ6BS6PJ/RdIshZhq84P/fStEZkk7g==", - "requires": { + "dependencies": { "@colors/colors": "^1.6.0", "@dabh/diagnostics": "^2.0.2", "async": "^3.2.3", @@ -14207,45 +19750,54 @@ "stack-trace": "0.0.x", "triple-beam": "^1.3.0", "winston-transport": "^4.5.0" + }, + "engines": { + "node": ">= 12.0.0" } }, - "winston-transport": { + "node_modules/winston-transport": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.6.0.tgz", "integrity": "sha512-wbBA9PbPAHxKiygo7ub7BYRiKxms0tpfU2ljtWzb3SjRjv5yl6Ozuy/TkXf00HTAt+Uylo3gSkNwzc4ME0wiIg==", - "requires": { + "dependencies": { "logform": "^2.3.2", "readable-stream": "^3.6.0", "triple-beam": "^1.3.0" + }, + "engines": { + "node": ">= 12.0.0" } }, - "word-wrap": { + "node_modules/word-wrap": { "version": "1.2.5", "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", - "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==" + "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", + "engines": { + "node": ">=0.10.0" + } }, - "workbox-background-sync": { + "node_modules/workbox-background-sync": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-background-sync/-/workbox-background-sync-6.6.0.tgz", "integrity": "sha512-jkf4ZdgOJxC9u2vztxLuPT/UjlH7m/nWRQ/MgGL0v8BJHoZdVGJd18Kck+a0e55wGXdqyHO+4IQTk0685g4MUw==", - "requires": { + "dependencies": { "idb": "^7.0.1", "workbox-core": "6.6.0" } }, - "workbox-broadcast-update": { + "node_modules/workbox-broadcast-update": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-broadcast-update/-/workbox-broadcast-update-6.6.0.tgz", "integrity": "sha512-nm+v6QmrIFaB/yokJmQ/93qIJ7n72NICxIwQwe5xsZiV2aI93MGGyEyzOzDPVz5THEr5rC3FJSsO3346cId64Q==", - "requires": { + "dependencies": { "workbox-core": "6.6.0" } }, - "workbox-build": { + "node_modules/workbox-build": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-build/-/workbox-build-6.6.0.tgz", "integrity": "sha512-Tjf+gBwOTuGyZwMz2Nk/B13Fuyeo0Q84W++bebbVsfr9iLkDSo6j6PST8tET9HYA58mlRXwlMGpyWO8ETJiXdQ==", - "requires": { + "dependencies": { "@apideck/better-ajv-errors": "^0.3.1", "@babel/core": "^7.11.1", "@babel/preset-env": "^7.11.0", @@ -14284,145 +19836,163 @@ "workbox-sw": "6.6.0", "workbox-window": "6.6.0" }, + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/workbox-build/node_modules/ajv": { + "version": "8.12.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", + "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/workbox-build/node_modules/fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", "dependencies": { - "ajv": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", - "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", - "requires": { - "fast-deep-equal": "^3.1.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" - } - }, - "fs-extra": { - "version": "9.1.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", - "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", - "requires": { - "at-least-node": "^1.0.0", - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - } - }, - "json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" - }, - "jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "requires": { - "graceful-fs": "^4.1.6", - "universalify": "^2.0.0" - } - }, - "source-map": { - "version": "0.8.0-beta.0", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.8.0-beta.0.tgz", - "integrity": "sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==", - "requires": { - "whatwg-url": "^7.0.0" - } - }, - "tr46": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", - "integrity": "sha512-dTpowEjclQ7Kgx5SdBkqRzVhERQXov8/l9Ft9dVM9fmg0W0KQSVaXX9T4i6twCPNtYiZM53lpSSUAwJbFPOHxA==", - "requires": { - "punycode": "^2.1.0" - } - }, - "universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==" - }, - "webidl-conversions": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", - "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==" - }, - "whatwg-url": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.1.0.tgz", - "integrity": "sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==", - "requires": { - "lodash.sortby": "^4.7.0", - "tr46": "^1.0.1", - "webidl-conversions": "^4.0.2" - } - } + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/workbox-build/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, + "node_modules/workbox-build/node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/workbox-build/node_modules/source-map": { + "version": "0.8.0-beta.0", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.8.0-beta.0.tgz", + "integrity": "sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==", + "dependencies": { + "whatwg-url": "^7.0.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/workbox-build/node_modules/tr46": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", + "integrity": "sha512-dTpowEjclQ7Kgx5SdBkqRzVhERQXov8/l9Ft9dVM9fmg0W0KQSVaXX9T4i6twCPNtYiZM53lpSSUAwJbFPOHxA==", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/workbox-build/node_modules/universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/workbox-build/node_modules/webidl-conversions": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", + "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==" + }, + "node_modules/workbox-build/node_modules/whatwg-url": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.1.0.tgz", + "integrity": "sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==", + "dependencies": { + "lodash.sortby": "^4.7.0", + "tr46": "^1.0.1", + "webidl-conversions": "^4.0.2" } }, - "workbox-cacheable-response": { + "node_modules/workbox-cacheable-response": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-cacheable-response/-/workbox-cacheable-response-6.6.0.tgz", "integrity": "sha512-JfhJUSQDwsF1Xv3EV1vWzSsCOZn4mQ38bWEBR3LdvOxSPgB65gAM6cS2CX8rkkKHRgiLrN7Wxoyu+TuH67kHrw==", - "requires": { + "deprecated": "workbox-background-sync@6.6.0", + "dependencies": { "workbox-core": "6.6.0" } }, - "workbox-core": { + "node_modules/workbox-core": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-core/-/workbox-core-6.6.0.tgz", "integrity": "sha512-GDtFRF7Yg3DD859PMbPAYPeJyg5gJYXuBQAC+wyrWuuXgpfoOrIQIvFRZnQ7+czTIQjIr1DhLEGFzZanAT/3bQ==" }, - "workbox-expiration": { + "node_modules/workbox-expiration": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-expiration/-/workbox-expiration-6.6.0.tgz", "integrity": "sha512-baplYXcDHbe8vAo7GYvyAmlS4f6998Jff513L4XvlzAOxcl8F620O91guoJ5EOf5qeXG4cGdNZHkkVAPouFCpw==", - "requires": { + "dependencies": { "idb": "^7.0.1", "workbox-core": "6.6.0" } }, - "workbox-google-analytics": { + "node_modules/workbox-google-analytics": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-google-analytics/-/workbox-google-analytics-6.6.0.tgz", "integrity": "sha512-p4DJa6OldXWd6M9zRl0H6vB9lkrmqYFkRQ2xEiNdBFp9U0LhsGO7hsBscVEyH9H2/3eZZt8c97NB2FD9U2NJ+Q==", - "requires": { + "deprecated": "It is not compatible with newer versions of GA starting with v4, as long as you are using GAv3 it should be ok, but the package is not longer being maintained", + "dependencies": { "workbox-background-sync": "6.6.0", "workbox-core": "6.6.0", "workbox-routing": "6.6.0", "workbox-strategies": "6.6.0" } }, - "workbox-navigation-preload": { + "node_modules/workbox-navigation-preload": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-navigation-preload/-/workbox-navigation-preload-6.6.0.tgz", "integrity": "sha512-utNEWG+uOfXdaZmvhshrh7KzhDu/1iMHyQOV6Aqup8Mm78D286ugu5k9MFD9SzBT5TcwgwSORVvInaXWbvKz9Q==", - "requires": { + "dependencies": { "workbox-core": "6.6.0" } }, - "workbox-precaching": { + "node_modules/workbox-precaching": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-precaching/-/workbox-precaching-6.6.0.tgz", "integrity": "sha512-eYu/7MqtRZN1IDttl/UQcSZFkHP7dnvr/X3Vn6Iw6OsPMruQHiVjjomDFCNtd8k2RdjLs0xiz9nq+t3YVBcWPw==", - "requires": { + "dependencies": { "workbox-core": "6.6.0", "workbox-routing": "6.6.0", "workbox-strategies": "6.6.0" } }, - "workbox-range-requests": { + "node_modules/workbox-range-requests": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-range-requests/-/workbox-range-requests-6.6.0.tgz", "integrity": "sha512-V3aICz5fLGq5DpSYEU8LxeXvsT//mRWzKrfBOIxzIdQnV/Wj7R+LyJVTczi4CQ4NwKhAaBVaSujI1cEjXW+hTw==", - "requires": { + "dependencies": { "workbox-core": "6.6.0" } }, - "workbox-recipes": { + "node_modules/workbox-recipes": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-recipes/-/workbox-recipes-6.6.0.tgz", "integrity": "sha512-TFi3kTgYw73t5tg73yPVqQC8QQjxJSeqjXRO4ouE/CeypmP2O/xqmB/ZFBBQazLTPxILUQ0b8aeh0IuxVn9a6A==", - "requires": { + "dependencies": { "workbox-cacheable-response": "6.6.0", "workbox-core": "6.6.0", "workbox-expiration": "6.6.0", @@ -14431,124 +20001,234 @@ "workbox-strategies": "6.6.0" } }, - "workbox-routing": { + "node_modules/workbox-routing": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-routing/-/workbox-routing-6.6.0.tgz", "integrity": "sha512-x8gdN7VDBiLC03izAZRfU+WKUXJnbqt6PG9Uh0XuPRzJPpZGLKce/FkOX95dWHRpOHWLEq8RXzjW0O+POSkKvw==", - "requires": { + "dependencies": { "workbox-core": "6.6.0" } }, - "workbox-strategies": { + "node_modules/workbox-strategies": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-strategies/-/workbox-strategies-6.6.0.tgz", "integrity": "sha512-eC07XGuINAKUWDnZeIPdRdVja4JQtTuc35TZ8SwMb1ztjp7Ddq2CJ4yqLvWzFWGlYI7CG/YGqaETntTxBGdKgQ==", - "requires": { + "dependencies": { "workbox-core": "6.6.0" } }, - "workbox-streams": { + "node_modules/workbox-streams": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-streams/-/workbox-streams-6.6.0.tgz", "integrity": "sha512-rfMJLVvwuED09CnH1RnIep7L9+mj4ufkTyDPVaXPKlhi9+0czCu+SJggWCIFbPpJaAZmp2iyVGLqS3RUmY3fxg==", - "requires": { + "dependencies": { "workbox-core": "6.6.0", "workbox-routing": "6.6.0" } }, - "workbox-sw": { + "node_modules/workbox-sw": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-sw/-/workbox-sw-6.6.0.tgz", "integrity": "sha512-R2IkwDokbtHUE4Kus8pKO5+VkPHD2oqTgl+XJwh4zbF1HyjAbgNmK/FneZHVU7p03XUt9ICfuGDYISWG9qV/CQ==" }, - "workbox-webpack-plugin": { + "node_modules/workbox-webpack-plugin": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-webpack-plugin/-/workbox-webpack-plugin-6.6.0.tgz", "integrity": "sha512-xNZIZHalboZU66Wa7x1YkjIqEy1gTR+zPM+kjrYJzqN7iurYZBctBLISyScjhkJKYuRrZUP0iqViZTh8rS0+3A==", - "requires": { + "dependencies": { "fast-json-stable-stringify": "^2.1.0", "pretty-bytes": "^5.4.1", "upath": "^1.2.0", "webpack-sources": "^1.4.3", "workbox-build": "6.6.0" }, + "engines": { + "node": ">=10.0.0" + }, + "peerDependencies": { + "webpack": "^4.4.0 || ^5.9.0" + } + }, + "node_modules/workbox-webpack-plugin/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/workbox-webpack-plugin/node_modules/webpack-sources": { + "version": "1.4.3", + "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-1.4.3.tgz", + "integrity": "sha512-lgTS3Xhv1lCOKo7SA5TjKXMjpSM4sBjNV5+q2bqesbSPs5FjGmU6jjtBSkX9b4qW87vDIsCIlUPOEhbZrMdjeQ==", "dependencies": { - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" - }, - "webpack-sources": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-1.4.3.tgz", - "integrity": "sha512-lgTS3Xhv1lCOKo7SA5TjKXMjpSM4sBjNV5+q2bqesbSPs5FjGmU6jjtBSkX9b4qW87vDIsCIlUPOEhbZrMdjeQ==", - "requires": { - "source-list-map": "^2.0.0", - "source-map": "~0.6.1" - } - } + "source-list-map": "^2.0.0", + "source-map": "~0.6.1" } }, - "workbox-window": { + "node_modules/workbox-window": { "version": "6.6.0", "resolved": "https://registry.npmjs.org/workbox-window/-/workbox-window-6.6.0.tgz", "integrity": "sha512-L4N9+vka17d16geaJXXRjENLFldvkWy7JyGxElRD0JvBxvFEd8LOhr+uXCcar/NzAmIBRv9EZ+M+Qr4mOoBITw==", - "requires": { + "dependencies": { "@types/trusted-types": "^2.0.2", "workbox-core": "6.6.0" } }, - "wrappy": { + "node_modules/wrap-ansi": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", + "dependencies": { + "ansi-styles": "^6.1.0", + "string-width": "^5.0.1", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi-cjs": { + "name": "wrap-ansi", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/ansi-regex": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/ansi-styles": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==" + }, + "node_modules/wrap-ansi/node_modules/string-width": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "dependencies": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/wrap-ansi/node_modules/strip-ansi": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" }, - "write-file-atomic": { + "node_modules/write-file-atomic": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-3.0.3.tgz", "integrity": "sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q==", - "requires": { + "dependencies": { "imurmurhash": "^0.1.4", "is-typedarray": "^1.0.0", "signal-exit": "^3.0.2", "typedarray-to-buffer": "^3.1.5" } }, - "ws": { + "node_modules/ws": { "version": "7.5.9", "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.9.tgz", - "integrity": "sha512-F+P9Jil7UiSKSkppIiD94dN07AwvFixvLIj1Og1Rl9GGMuNipJnV9JzjD6XuqmAeiswGvUmNLjr5cFuXwNS77Q==" + "integrity": "sha512-F+P9Jil7UiSKSkppIiD94dN07AwvFixvLIj1Og1Rl9GGMuNipJnV9JzjD6XuqmAeiswGvUmNLjr5cFuXwNS77Q==", + "engines": { + "node": ">=8.3.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": "^5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } }, - "xml-name-validator": { + "node_modules/xml-name-validator": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-3.0.0.tgz", "integrity": "sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw==" }, - "xmlchars": { + "node_modules/xmlchars": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz", "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==" }, - "xtend": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", - "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==" - }, - "yallist": { + "node_modules/yallist": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==" }, - "yaml": { + "node_modules/yaml": { "version": "1.10.2", "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", - "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==" + "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==", + "engines": { + "node": ">= 6" + } }, - "yargs": { + "node_modules/yargs": { "version": "16.2.0", "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", - "requires": { + "dependencies": { "cliui": "^7.0.2", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", @@ -14557,69 +20237,100 @@ "y18n": "^5.0.5", "yargs-parser": "^20.2.2" }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs/node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", "dependencies": { - "ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "requires": { - "color-convert": "^2.0.1" - } - }, - "cliui": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", - "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", - "requires": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "wrap-ansi": "^7.0.0" - } - }, - "color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "requires": { - "color-name": "~1.1.4" - } - }, - "color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" - }, - "wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "requires": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - } - }, - "y18n": { - "version": "5.0.5", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.5.tgz", - "integrity": "sha512-hsRUr4FFrvhhRH12wOdfs38Gy7k2FFzB9qgN9v3aLykRq0dRcdcpz5C9FxdS2NuhOrI/628b/KSTJ3rwHysYSg==" - }, - "yargs-parser": { - "version": "20.2.4", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", - "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==" - } + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/yargs/node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "node_modules/yargs/node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/yargs/node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + }, + "node_modules/yargs/node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/yargs/node_modules/y18n": { + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.5.tgz", + "integrity": "sha512-hsRUr4FFrvhhRH12wOdfs38Gy7k2FFzB9qgN9v3aLykRq0dRcdcpz5C9FxdS2NuhOrI/628b/KSTJ3rwHysYSg==", + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs/node_modules/yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", + "engines": { + "node": ">=10" } }, - "yn": { + "node_modules/yn": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", - "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==" + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "engines": { + "node": ">=6" + } }, - "yocto-queue": { + "node_modules/yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", - "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==" + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } } } } diff --git a/frontend/package.json b/frontend/package.json index c0daee1d2cf..f3036996f29 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -19,7 +19,7 @@ "html-react-parser": "^1.4.14", "lunr": "^2.3.9", "node-html-parser": "^5.4.2", - "nodegit": "^0.27.0", + "nodegit": "^0.28.0-alpha.24", "react": "^17.0.2", "react-dom": "^17.0.2", "react-highlight": "^0.14.0", diff --git a/frontend/public/covered_rules.json b/frontend/public/covered_rules.json index 31a07b15773..764f09ecdaa 100644 --- a/frontend/public/covered_rules.json +++ b/frontend/public/covered_rules.json @@ -99,84 +99,116 @@ "S5117": "sonar-abap 3.8.0.2034", "S5118": "sonar-abap 3.8.0.2034" }, + "ANSIBLE": { + "S1135": "sonar-iac-enterprise 1.37.0.12742", + "S2260": "sonar-iac-enterprise 1.37.0.12742", + "S2612": "sonar-iac-enterprise 1.38.0.13264", + "S4830": "sonar-iac-enterprise 1.38.0.13264", + "S5332": "sonar-iac-enterprise 1.38.0.13264", + "S5849": "sonar-iac-enterprise 1.38.0.13264", + "S6321": "sonar-iac-enterprise 1.38.0.13264", + "S6428": "sonar-iac-enterprise 1.38.0.13264", + "S6429": "sonar-iac-enterprise 1.38.0.13264", + "S6430": "sonar-iac-enterprise 1.38.0.13264", + "S6431": "sonar-iac-enterprise 1.38.0.13264", + "S6433": "sonar-iac-enterprise 1.38.0.13264", + "S6437": "sonar-iac-enterprise 1.38.0.13264", + "S6473": "sonar-iac-enterprise 1.38.0.13264", + "S6596": "sonar-iac-enterprise 1.38.0.13264", + "S6867": "sonar-iac-enterprise 1.38.0.13264", + "S6868": "sonar-iac-enterprise 1.38.0.13264" + }, "APEX": { - "S100": "slang-enterprise 1.4.0.155", - "S101": "slang-enterprise 1.4.0.155", - "S103": "slang-enterprise 1.4.0.155", - "S104": "slang-enterprise 1.4.0.155", - "S105": "slang-enterprise 1.4.0.155", - "S1066": "slang-enterprise 1.4.0.155", - "S1067": "slang-enterprise 1.4.0.155", - "S107": "slang-enterprise 1.4.0.155", - "S108": "slang-enterprise 1.4.0.155", - "S1110": "slang-enterprise 1.4.0.155", - "S1125": "slang-enterprise 1.4.0.155", - "S1134": "slang-enterprise 1.4.0.155", - "S1135": "slang-enterprise 1.4.0.155", - "S1144": "slang-enterprise 1.4.0.155", - "S1145": "slang-enterprise 1.4.0.155", - "S1151": "slang-enterprise 1.4.0.155", - "S117": "slang-enterprise 1.4.0.155", - "S1172": "slang-enterprise 1.4.0.155", - "S1186": "slang-enterprise 1.4.0.155", - "S1192": "slang-enterprise 1.4.0.155", - "S122": "slang-enterprise 1.4.0.155", - "S125": "slang-enterprise 1.4.0.155", - "S126": "slang-enterprise 1.4.0.155", - "S131": "slang-enterprise 1.4.0.155", - "S1313": "slang-enterprise 1.4.0.155", - "S134": "slang-enterprise 1.4.0.155", - "S138": "slang-enterprise 1.4.0.155", - "S1451": "slang-enterprise 1.4.0.155", - "S1479": "slang-enterprise 1.4.0.155", - "S1481": "slang-enterprise 1.4.0.155", - "S1656": "slang-enterprise 1.4.0.155", - "S1763": "slang-enterprise 1.4.0.155", - "S1764": "slang-enterprise 1.4.0.155", - "S1821": "slang-enterprise 1.4.0.155", - "S1862": "slang-enterprise 1.4.0.155", - "S1871": "slang-enterprise 1.4.0.155", - "S1940": "slang-enterprise 1.4.0.155", - "S2068": "slang-enterprise 1.4.0.155", - "S2260": "slang-enterprise 1.4.0.155", - "S2757": "slang-enterprise 1.4.0.155", - "S3776": "slang-enterprise 1.4.0.155", - "S3923": "slang-enterprise 1.4.0.155", - "S4144": "slang-enterprise 1.4.0.155", - "S4663": "slang-enterprise 1.4.0.155", - "S5376": "slang-enterprise 1.7.0.883", - "S5377": "slang-enterprise 1.7.0.883", - "S5378": "slang-enterprise 1.7.0.883", - "S5379": "slang-enterprise 1.7.0.883", - "S5382": "slang-enterprise 1.7.0.883", - "S5384": "slang-enterprise 1.7.0.883", - "S5386": "slang-enterprise 1.7.0.883", - "S5387": "slang-enterprise 1.7.0.883", - "S5389": "slang-enterprise 1.7.0.883", - "S5390": "slang-enterprise 1.7.0.883", - "S5394": "slang-enterprise 1.7.0.883", - "S5395": "slang-enterprise 1.7.0.883" + "S100": "sonar-apex 1.17.0.87", + "S101": "sonar-apex 1.17.0.87", + "S103": "sonar-apex 1.17.0.87", + "S104": "sonar-apex 1.17.0.87", + "S105": "sonar-apex 1.17.0.87", + "S1066": "sonar-apex 1.17.0.87", + "S1067": "sonar-apex 1.17.0.87", + "S107": "sonar-apex 1.17.0.87", + "S108": "sonar-apex 1.17.0.87", + "S1110": "sonar-apex 1.17.0.87", + "S1125": "sonar-apex 1.17.0.87", + "S1134": "sonar-apex 1.17.0.87", + "S1135": "sonar-apex 1.17.0.87", + "S1144": "sonar-apex 1.17.0.87", + "S1145": "sonar-apex 1.17.0.87", + "S1151": "sonar-apex 1.17.0.87", + "S117": "sonar-apex 1.17.0.87", + "S1172": "sonar-apex 1.17.0.87", + "S1186": "sonar-apex 1.17.0.87", + "S1192": "sonar-apex 1.17.0.87", + "S122": "sonar-apex 1.17.0.87", + "S125": "sonar-apex 1.17.0.87", + "S126": "sonar-apex 1.17.0.87", + "S131": "sonar-apex 1.17.0.87", + "S1313": "sonar-apex 1.17.0.87", + "S134": "sonar-apex 1.17.0.87", + "S138": "sonar-apex 1.17.0.87", + "S1451": "sonar-apex 1.17.0.87", + "S1479": "sonar-apex 1.17.0.87", + "S1481": "sonar-apex 1.17.0.87", + "S1656": "sonar-apex 1.17.0.87", + "S1763": "sonar-apex 1.17.0.87", + "S1764": "sonar-apex 1.17.0.87", + "S1821": "sonar-apex 1.17.0.87", + "S1862": "sonar-apex 1.17.0.87", + "S1871": "sonar-apex 1.17.0.87", + "S1940": "sonar-apex 1.17.0.87", + "S2068": "sonar-apex 1.17.0.87", + "S2260": "sonar-apex 1.17.0.87", + "S2757": "sonar-apex 1.17.0.87", + "S3776": "sonar-apex 1.17.0.87", + "S3923": "sonar-apex 1.17.0.87", + "S4144": "sonar-apex 1.17.0.87", + "S4663": "sonar-apex 1.17.0.87", + "S5376": "sonar-apex 1.17.0.87", + "S5377": "sonar-apex 1.17.0.87", + "S5378": "sonar-apex 1.17.0.87", + "S5379": "sonar-apex 1.17.0.87", + "S5382": "sonar-apex 1.17.0.87", + "S5384": "sonar-apex 1.17.0.87", + "S5386": "sonar-apex 1.17.0.87", + "S5387": "sonar-apex 1.17.0.87", + "S5389": "sonar-apex 1.17.0.87", + "S5390": "sonar-apex 1.17.0.87", + "S5394": "sonar-apex 1.17.0.87", + "S5395": "sonar-apex 1.17.0.87" }, "AZURE_RESOURCE_MANAGER": { - "S1135": "sonar-iac 1.19.0.5623", - "S2260": "sonar-iac 1.18.0.4757", - "S4423": "sonar-iac 1.18.0.4757", - "S5332": "sonar-iac 1.18.0.4757", - "S6321": "sonar-iac 1.18.0.4757", - "S6329": "sonar-iac 1.18.0.4757", - "S6364": "sonar-iac 1.18.0.4757", - "S6378": "sonar-iac 1.19.0.5623", - "S6379": "sonar-iac 1.19.0.5623", - "S6380": "sonar-iac 1.19.0.5623", - "S6381": "sonar-iac 1.18.0.4757", - "S6382": "sonar-iac 1.18.0.4757", - "S6383": "sonar-iac 1.18.0.4757", - "S6385": "sonar-iac 1.18.0.4757", - "S6387": "sonar-iac 1.18.0.4757", - "S6388": "sonar-iac 1.18.0.4757", - "S6413": "sonar-iac 1.18.0.4757", - "S6648": "sonar-iac 1.19.0.5623", - "S6656": "sonar-iac 1.19.0.5623" + "S1135": "sonar-iac-enterprise 1.19.0.5623", + "S117": "sonar-iac-enterprise 1.28.0.9889", + "S1192": "sonar-iac-enterprise 1.28.0.9889", + "S1481": "sonar-iac-enterprise 1.28.0.9889", + "S2260": "sonar-iac-enterprise 1.18.0.4757", + "S4423": "sonar-iac-enterprise 1.18.0.4757", + "S4507": "sonar-iac-enterprise 1.28.0.9889", + "S5332": "sonar-iac-enterprise 1.18.0.4757", + "S6321": "sonar-iac-enterprise 1.18.0.4757", + "S6329": "sonar-iac-enterprise 1.18.0.4757", + "S6364": "sonar-iac-enterprise 1.18.0.4757", + "S6378": "sonar-iac-enterprise 1.19.0.5623", + "S6379": "sonar-iac-enterprise 1.19.0.5623", + "S6380": "sonar-iac-enterprise 1.19.0.5623", + "S6381": "sonar-iac-enterprise 1.18.0.4757", + "S6382": "sonar-iac-enterprise 1.18.0.4757", + "S6383": "sonar-iac-enterprise 1.18.0.4757", + "S6385": "sonar-iac-enterprise 1.18.0.4757", + "S6387": "sonar-iac-enterprise 1.18.0.4757", + "S6388": "sonar-iac-enterprise 1.18.0.4757", + "S6413": "sonar-iac-enterprise 1.18.0.4757", + "S6437": "sonar-iac-enterprise 1.28.0.9889", + "S6648": "sonar-iac-enterprise 1.19.0.5623", + "S6656": "sonar-iac-enterprise 1.19.0.5623", + "S6874": "sonar-iac-enterprise 1.28.0.9889", + "S6949": "sonar-iac-enterprise 1.28.0.9889", + "S6952": "sonar-iac-enterprise 1.28.0.9889", + "S6953": "sonar-iac-enterprise 1.28.0.9889", + "S6954": "sonar-iac-enterprise 1.28.0.9889", + "S6955": "sonar-iac-enterprise 1.28.0.9889", + "S6956": "sonar-iac-enterprise 1.28.0.9889", + "S6975": "sonar-iac-enterprise 1.28.0.9889" }, "C": { "S100": "sonar-cpp 5.1.0.10083", @@ -196,7 +228,7 @@ "S1103": "sonar-cpp 5.1.0.10083", "S1110": "sonar-cpp 5.1.0.10083", "S1116": "sonar-cpp 5.1.0.10083", - "S1117": "sonar-cpp v0.0.8", + "S1117": "sonar-cpp 6.7.0.15300", "S1121": "sonar-cpp 5.1.0.10083", "S1123": "sonar-cpp 5.1.0.10083", "S113": "sonar-cpp 5.1.0.10083", @@ -289,6 +321,7 @@ "S2216": "sonar-cpp 5.1.0.10083", "S2234": "sonar-cpp 5.1.0.10083", "S2245": "sonar-cpp 6.15.0.25047", + "S2253": "sonar-cpp 6.62.0.78645", "S2259": "sonar-cpp 5.1.0.10083", "S2260": "sonar-cpp 5.1.0.10083", "S2275": "sonar-cpp 6.2.0.11201", @@ -300,7 +333,10 @@ "S2393": "sonar-cpp 5.1.0.10083", "S2479": "sonar-cpp 5.1.0.10083", "S2583": "sonar-cpp 5.1.0.10083", - "S2589": "sonar-cpp 5.1.0.10083", + "S2589": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S2612": "sonar-cpp 6.13.0.22261", "S2637": "sonar-cpp 5.1.0.10083", "S2665": "sonar-cpp 5.1.0.10083", @@ -318,12 +354,15 @@ "S3358": "sonar-cpp 5.1.0.10083", "S3400": { "since": "sonar-cpp 5.1.0.10083", - "until": "sonar-cpp 6.41.1.62265" + "until": "sonar-cpp 6.46.1.62260" }, "S3457": "sonar-cpp 6.2.0.11201", "S3458": "sonar-cpp 5.1.0.10083", "S3491": "sonar-cpp 5.1.0.10083", - "S3516": "sonar-cpp 5.1.0.10083", + "S3516": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S3518": "sonar-cpp 5.1.0.10083", "S3519": "sonar-cpp 5.1.0.10083", "S3520": "sonar-cpp 5.1.0.10083", @@ -332,7 +371,10 @@ "S3584": "sonar-cpp 5.1.0.10083", "S3588": "sonar-cpp 5.1.0.10083", "S3590": "sonar-cpp 5.1.0.10083", - "S3626": "sonar-cpp 5.1.0.10083", + "S3626": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S3646": "sonar-cpp 5.1.0.10083", "S3687": "sonar-cpp 5.1.0.10083", "S3689": "sonar-cpp 5.1.0.10083", @@ -370,6 +412,7 @@ "S5271": "sonar-cpp 6.2.0.11201", "S5273": "sonar-cpp 6.2.0.11201", "S5276": "sonar-cpp 6.10.0.18490", + "S5277": "sonar-cpp 6.62.0.78645", "S5278": "sonar-cpp 6.2.0.11201", "S5279": "sonar-cpp 6.2.0.11201", "S5280": "sonar-cpp 6.2.0.11201", @@ -381,24 +424,24 @@ "S5314": "sonar-cpp 6.10.0.18490", "S5332": "sonar-cpp 6.14.0.23970", "S5350": "sonar-cpp 6.4.0.11646", - "S5381": "sonar-cpp 0.0.10", + "S5381": "sonar-cpp 6.9.0.17076", "S5443": "sonar-cpp 6.15.0.25047", - "S5485": "sonar-cpp v0.0.6", - "S5486": "sonar-cpp v0.0.6", - "S5487": "sonar-cpp v0.0.6", - "S5488": "sonar-cpp v0.0.6", - "S5489": "sonar-cpp v0.0.6", - "S5491": "sonar-cpp v0.0.7", - "S5494": "sonar-cpp v0.0.7", - "S5501": "sonar-cpp v0.0.7", + "S5485": "sonar-cpp 6.5.0.12506", + "S5486": "sonar-cpp 6.5.0.12506", + "S5487": "sonar-cpp 6.5.0.12506", + "S5488": "sonar-cpp 6.5.0.12506", + "S5489": "sonar-cpp 6.5.0.12506", + "S5491": "sonar-cpp 6.6.0.13759", + "S5494": "sonar-cpp 6.6.0.13759", + "S5501": "sonar-cpp 6.6.0.13759", "S5527": "sonar-cpp 6.14.0.23970", - "S5536": "sonar-cpp v0.0.6", + "S5536": "sonar-cpp 6.5.0.12506", "S5542": "sonar-cpp 6.14.0.23970", "S5547": "sonar-cpp 6.14.0.23970", - "S5570": "sonar-cpp v0.0.7", - "S5639": "sonar-cpp v0.0.6", - "S5658": "sonar-cpp v0.0.7", - "S5782": "sonar-cpp 0.0.10", + "S5570": "sonar-cpp 6.6.0.13759", + "S5639": "sonar-cpp 6.5.0.12506", + "S5658": "sonar-cpp 6.6.0.13759", + "S5782": "sonar-cpp 6.9.0.17076", "S5798": "sonar-cpp 6.11.0.19130", "S5801": "sonar-cpp 6.10.0.18490", "S5802": "sonar-cpp 6.13.0.22261", @@ -416,7 +459,13 @@ "S5982": "sonar-cpp 6.13.0.22261", "S6069": "sonar-cpp 6.14.0.23970", "S6200": "sonar-cpp 6.27.0.38122", + "S6418": "sonar-cpp 6.61.0.77816", "S6655": "sonar-cpp 6.47.0.62356", + "S6871": "sonar-cpp 6.53.0.67215", + "S6936": "sonar-cpp 6.54.0.69031", + "S6991": "sonar-cpp 6.57.0.73017", + "S6996": "sonar-cpp 6.57.0.73017", + "S7116": "sonar-cpp 6.61.0.77816", "S784": "sonar-cpp 5.1.0.10083", "S787": "sonar-cpp 5.1.0.10083", "S793": "sonar-cpp 5.1.0.10083", @@ -424,7 +473,10 @@ "S797": "sonar-cpp 5.1.0.10083", "S798": "sonar-cpp 5.1.0.10083", "S799": "sonar-cpp 5.1.0.10083", - "S802": "sonar-cpp 5.1.0.10083", + "S802": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S810": "sonar-cpp 5.1.0.10083", "S813": "sonar-cpp 5.1.0.10083", "S814": "sonar-cpp 5.1.0.10083", @@ -444,7 +496,7 @@ "S854": "sonar-cpp 5.1.0.10083", "S855": "sonar-cpp 5.1.0.10083", "S856": "sonar-cpp 5.1.0.10083", - "S859": "sonar-cpp v0.0.6", + "S859": "sonar-cpp 6.5.0.12506", "S860": "sonar-cpp 6.2.0.11201", "S864": "sonar-cpp 5.1.0.10083", "S867": "sonar-cpp 5.1.0.10083", @@ -484,6 +536,7 @@ "S959": "sonar-cpp 5.1.0.10083", "S960": "sonar-cpp 5.1.0.10083", "S961": "sonar-cpp 5.1.0.10083", + "S963": "sonar-cpp 6.62.0.78645", "S966": "sonar-cpp 5.1.0.10083", "S967": "sonar-cpp 6.3.0.11371", "S968": "sonar-cpp 5.1.0.10083", @@ -507,34 +560,34 @@ "S999": "sonar-cpp 5.1.0.10083" }, "CLOUDFORMATION": { - "S1135": "sonar-iac 1.13.0.3464", - "S2260": "sonar-iac 1.0.0.746", - "S4423": "sonar-iac 1.4.0.1288", - "S5332": "sonar-iac 1.4.0.1288", - "S6245": "sonar-iac 1.0.0.746", - "S6249": "sonar-iac 1.0.0.746", - "S6252": "sonar-iac 1.0.0.746", - "S6258": "sonar-iac 1.0.0.746", - "S6265": "sonar-iac 1.0.0.746", - "S6270": "sonar-iac 1.0.0.746", - "S6273": "sonar-iac 1.0.0.746", - "S6275": "sonar-iac 1.1.0.861", - "S6281": "sonar-iac 1.0.0.746", - "S6294": "sonar-iac 1.0.0.746", - "S6295": "sonar-iac 1.0.0.746", - "S6302": "sonar-iac 1.2.0.976", - "S6303": "sonar-iac 1.1.0.861", - "S6304": "sonar-iac 1.2.0.976", - "S6308": "sonar-iac 1.1.0.861", - "S6317": "sonar-iac 1.2.0.976", - "S6319": "sonar-iac 1.1.0.861", - "S6321": "sonar-iac 1.2.0.976", - "S6327": "sonar-iac 1.1.0.861", - "S6329": "sonar-iac 1.2.0.976", - "S6330": "sonar-iac 1.1.0.861", - "S6332": "sonar-iac 1.1.0.861", - "S6333": "sonar-iac 1.2.0.976", - "S6364": "sonar-iac 1.4.0.1288" + "S1135": "sonar-iac-enterprise 1.13.0.3464", + "S2260": "sonar-iac-enterprise 1.0.0.746", + "S4423": "sonar-iac-enterprise 1.4.0.1288", + "S5332": "sonar-iac-enterprise 1.4.0.1288", + "S6245": "sonar-iac-enterprise 1.0.0.746", + "S6249": "sonar-iac-enterprise 1.0.0.746", + "S6252": "sonar-iac-enterprise 1.0.0.746", + "S6258": "sonar-iac-enterprise 1.0.0.746", + "S6265": "sonar-iac-enterprise 1.0.0.746", + "S6270": "sonar-iac-enterprise 1.0.0.746", + "S6273": "sonar-iac-enterprise 1.0.0.746", + "S6275": "sonar-iac-enterprise 1.1.0.861", + "S6281": "sonar-iac-enterprise 1.0.0.746", + "S6294": "sonar-iac-enterprise 1.0.0.746", + "S6295": "sonar-iac-enterprise 1.0.0.746", + "S6302": "sonar-iac-enterprise 1.2.0.976", + "S6303": "sonar-iac-enterprise 1.1.0.861", + "S6304": "sonar-iac-enterprise 1.2.0.976", + "S6308": "sonar-iac-enterprise 1.1.0.861", + "S6317": "sonar-iac-enterprise 1.2.0.976", + "S6319": "sonar-iac-enterprise 1.1.0.861", + "S6321": "sonar-iac-enterprise 1.2.0.976", + "S6327": "sonar-iac-enterprise 1.1.0.861", + "S6329": "sonar-iac-enterprise 1.2.0.976", + "S6330": "sonar-iac-enterprise 1.1.0.861", + "S6332": "sonar-iac-enterprise 1.1.0.861", + "S6333": "sonar-iac-enterprise 1.2.0.976", + "S6364": "sonar-iac-enterprise 1.4.0.1288" }, "COBOL": { "S105": "sonar-cobol 4.0.1.2609", @@ -888,7 +941,7 @@ "S1990": "sonar-cpp 5.1.0.10083", "S2068": "sonar-cpp 6.15.0.25047", "S2095": "sonar-cpp 5.1.0.10083", - "S2107": "sonar-cpp v0.0.6", + "S2107": "sonar-cpp 6.5.0.12506", "S2123": "sonar-cpp 5.1.0.10083", "S2156": "sonar-cpp 5.1.0.10083", "S2190": "sonar-cpp 6.2.0.11201", @@ -897,6 +950,7 @@ "S2216": "sonar-cpp 5.1.0.10083", "S2234": "sonar-cpp 5.1.0.10083", "S2245": "sonar-cpp 6.15.0.25047", + "S2253": "sonar-cpp 6.62.0.78645", "S2259": "sonar-cpp 5.1.0.10083", "S2260": "sonar-cpp 5.1.0.10083", "S2275": "sonar-cpp 6.2.0.11201", @@ -912,7 +966,10 @@ "S2479": "sonar-cpp 5.1.0.10083", "S2486": "sonar-cpp 5.1.0.10083", "S2583": "sonar-cpp 5.1.0.10083", - "S2589": "sonar-cpp 5.1.0.10083", + "S2589": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S2612": "sonar-cpp 6.13.0.22261", "S2637": "sonar-cpp 5.1.0.10083", "S2665": "sonar-cpp 5.1.0.10083", @@ -940,7 +997,7 @@ "S3358": "sonar-cpp 5.1.0.10083", "S3400": { "since": "sonar-cpp 5.1.0.10083", - "until": "sonar-cpp 6.41.1.62265" + "until": "sonar-cpp 6.46.1.62260" }, "S3432": "sonar-cpp 5.1.0.10083", "S3457": "sonar-cpp 6.2.0.11201", @@ -951,7 +1008,10 @@ "S3471": "sonar-cpp 5.1.0.10083", "S3490": "sonar-cpp 5.1.0.10083", "S3491": "sonar-cpp 6.12.0.20255", - "S3516": "sonar-cpp 5.1.0.10083", + "S3516": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S3518": "sonar-cpp 5.1.0.10083", "S3519": "sonar-cpp 5.1.0.10083", "S3520": "sonar-cpp 5.1.0.10083", @@ -973,7 +1033,10 @@ "S3608": "sonar-cpp 5.1.0.10083", "S3609": "sonar-cpp 5.1.0.10083", "S3624": "sonar-cpp 6.0.0.10816", - "S3626": "sonar-cpp 5.1.0.10083", + "S3626": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S3628": "sonar-cpp 5.1.0.10083", "S3630": "sonar-cpp 5.1.0.10083", "S3636": "sonar-cpp 5.1.0.10083", @@ -1011,7 +1074,7 @@ "S3949": "sonar-cpp 6.2.0.11201", "S3972": "sonar-cpp 5.1.0.10083", "S3973": "sonar-cpp 5.1.0.10083", - "S4136": "sonar-cpp v0.0.6", + "S4136": "sonar-cpp 6.5.0.12506", "S4143": "sonar-cpp 5.1.0.10083", "S4144": "sonar-cpp 5.1.0.10083", "S4263": "sonar-cpp 5.1.0.10083", @@ -1069,11 +1132,11 @@ "S5307": "sonar-cpp 6.3.0.11371", "S5308": "sonar-cpp 6.2.0.11201", "S5309": "sonar-cpp 6.3.0.11371", - "S5311": "sonar-cpp v0.0.6", - "S5312": "sonar-cpp v0.0.6", - "S5313": "sonar-cpp v0.0.6", + "S5311": "sonar-cpp 6.5.0.12506", + "S5312": "sonar-cpp 6.5.0.12506", + "S5313": "sonar-cpp 6.5.0.12506", "S5314": "sonar-cpp 6.10.0.18490", - "S5316": "sonar-cpp v0.0.6", + "S5316": "sonar-cpp 6.5.0.12506", "S5318": "sonar-cpp 6.3.0.11371", "S5319": "sonar-cpp 6.3.0.11371", "S5332": "sonar-cpp 6.14.0.23970", @@ -1082,44 +1145,44 @@ "S5357": "sonar-cpp 6.4.0.11646", "S5358": "sonar-cpp 6.4.0.11646", "S5359": "sonar-cpp 6.4.0.11646", - "S5381": "sonar-cpp 0.0.10", - "S5404": "sonar-cpp v0.0.7", + "S5381": "sonar-cpp 6.9.0.17076", + "S5404": "sonar-cpp 6.6.0.13759", "S5408": "sonar-cpp 6.4.0.11646", - "S5409": "sonar-cpp v0.0.6", - "S5414": "sonar-cpp v0.0.6", + "S5409": "sonar-cpp 6.5.0.12506", + "S5414": "sonar-cpp 6.5.0.12506", "S5415": "sonar-cpp 6.13.0.22261", "S5416": "sonar-cpp 6.4.0.11646", - "S5417": "sonar-cpp v0.0.6", - "S5419": "sonar-cpp v0.0.6", + "S5417": "sonar-cpp 6.5.0.12506", + "S5419": "sonar-cpp 6.5.0.12506", "S5421": "sonar-cpp 6.4.0.11646", - "S5422": "sonar-cpp v0.0.6", - "S5425": "sonar-cpp v0.0.7", + "S5422": "sonar-cpp 6.5.0.12506", + "S5425": "sonar-cpp 6.6.0.13759", "S5443": "sonar-cpp 6.15.0.25047", - "S5485": "sonar-cpp v0.0.6", - "S5486": "sonar-cpp v0.0.6", - "S5487": "sonar-cpp v0.0.6", - "S5488": "sonar-cpp v0.0.6", - "S5489": "sonar-cpp v0.0.6", - "S5491": "sonar-cpp v0.0.7", - "S5494": "sonar-cpp v0.0.7", - "S5495": "sonar-cpp v0.0.6", - "S5500": "sonar-cpp v0.0.7", - "S5501": "sonar-cpp v0.0.7", - "S5502": "sonar-cpp v0.0.6", - "S5506": "sonar-cpp v0.0.6", - "S5507": "sonar-cpp v0.0.7", - "S5523": "sonar-cpp v0.0.6", - "S5524": "sonar-cpp v0.0.6", + "S5485": "sonar-cpp 6.5.0.12506", + "S5486": "sonar-cpp 6.5.0.12506", + "S5487": "sonar-cpp 6.5.0.12506", + "S5488": "sonar-cpp 6.5.0.12506", + "S5489": "sonar-cpp 6.5.0.12506", + "S5491": "sonar-cpp 6.6.0.13759", + "S5494": "sonar-cpp 6.6.0.13759", + "S5495": "sonar-cpp 6.5.0.12506", + "S5500": "sonar-cpp 6.6.0.13759", + "S5501": "sonar-cpp 6.6.0.13759", + "S5502": "sonar-cpp 6.5.0.12506", + "S5506": "sonar-cpp 6.5.0.12506", + "S5507": "sonar-cpp 6.6.0.13759", + "S5523": "sonar-cpp 6.5.0.12506", + "S5524": "sonar-cpp 6.5.0.12506", "S5527": "sonar-cpp 6.14.0.23970", - "S5536": "sonar-cpp v0.0.6", + "S5536": "sonar-cpp 6.5.0.12506", "S5542": "sonar-cpp 6.14.0.23970", "S5547": "sonar-cpp 6.14.0.23970", "S5553": "sonar-cpp 6.11.0.19130", - "S5566": "sonar-cpp v0.0.8", - "S5570": "sonar-cpp v0.0.7", - "S5639": "sonar-cpp v0.0.6", - "S5658": "sonar-cpp v0.0.7", - "S5782": "sonar-cpp 0.0.10", + "S5566": "sonar-cpp 6.7.0.15300", + "S5570": "sonar-cpp 6.6.0.13759", + "S5639": "sonar-cpp 6.5.0.12506", + "S5658": "sonar-cpp 6.6.0.13759", + "S5782": "sonar-cpp 6.9.0.17076", "S5798": "sonar-cpp 6.11.0.19130", "S5801": "sonar-cpp 6.10.0.18490", "S5802": "sonar-cpp 6.13.0.22261", @@ -1233,6 +1296,7 @@ "S6369": "sonar-cpp 6.29.0.41127", "S6372": "sonar-cpp 6.29.0.41127", "S6391": "sonar-cpp 6.29.0.41127", + "S6418": "sonar-cpp 6.61.0.77816", "S6427": "sonar-cpp 6.35.0.50389", "S6456": "sonar-cpp 6.40.0.60592", "S6458": "sonar-cpp 6.40.0.60592", @@ -1255,6 +1319,28 @@ "S6621": "sonar-cpp 6.46.0.62229", "S6636": "sonar-cpp 6.46.0.62229", "S6655": "sonar-cpp 6.47.0.62356", + "S6871": "sonar-cpp 6.53.0.67215", + "S6872": "sonar-cpp 6.53.0.67215", + "S6936": "sonar-cpp 6.54.0.69031", + "S6991": "sonar-cpp 6.57.0.73017", + "S6994": "sonar-cpp 6.57.0.73017", + "S6996": "sonar-cpp 6.57.0.73017", + "S7012": "sonar-cpp 6.57.0.73017", + "S7032": "sonar-cpp 6.58.0.74356", + "S7033": "sonar-cpp 6.58.0.74356", + "S7034": "sonar-cpp 6.58.0.74356", + "S7035": "sonar-cpp 6.58.0.74356", + "S7038": "sonar-cpp 6.58.0.74356", + "S7040": "sonar-cpp 6.58.0.74356", + "S7042": "sonar-cpp 6.58.0.74356", + "S7116": "sonar-cpp 6.61.0.77816", + "S7118": "sonar-cpp 6.61.0.77816", + "S7119": "sonar-cpp 6.61.0.77816", + "S7121": "sonar-cpp 6.61.0.77816", + "S7127": "sonar-cpp 6.61.0.77816", + "S7129": "sonar-cpp 6.61.0.77816", + "S7132": "sonar-cpp 6.61.0.77816", + "S7172": "sonar-cpp master", "S784": "sonar-cpp 5.1.0.10083", "S787": "sonar-cpp 5.1.0.10083", "S793": "sonar-cpp 5.1.0.10083", @@ -1262,7 +1348,10 @@ "S797": "sonar-cpp 5.1.0.10083", "S798": "sonar-cpp 5.1.0.10083", "S799": "sonar-cpp 5.1.0.10083", - "S802": "sonar-cpp 5.1.0.10083", + "S802": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S810": "sonar-cpp 5.1.0.10083", "S811": "sonar-cpp 6.3.0.11371", "S812": "sonar-cpp 5.1.0.10083", @@ -1296,8 +1385,8 @@ "S878": "sonar-cpp 5.1.0.10083", "S881": "sonar-cpp 5.1.0.10083", "S886": "sonar-cpp 5.1.0.10083", - "S890": "sonar-cpp v0.0.6", - "S892": "sonar-cpp v0.0.6", + "S890": "sonar-cpp 6.5.0.12506", + "S892": "sonar-cpp 6.5.0.12506", "S897": "sonar-cpp 5.1.0.10083", "S905": "sonar-cpp 5.1.0.10083", "S907": "sonar-cpp 5.1.0.10083", @@ -1318,7 +1407,7 @@ "S935": "sonar-cpp 5.1.0.10083", "S936": "sonar-cpp 5.1.0.10083", "S943": "sonar-cpp 5.1.0.10083", - "S945": "sonar-cpp v0.0.6", + "S945": "sonar-cpp 6.5.0.12506", "S946": "sonar-cpp 6.2.0.11201", "S953": "sonar-cpp 5.1.0.10083", "S954": "sonar-cpp 5.1.0.10083", @@ -1351,610 +1440,694 @@ "S999": "sonar-cpp 5.1.0.10083" }, "CSH": { - "S100": "sonar-dotnet 6.6.0.3969", - "S1006": "sonar-dotnet 6.6.0.3969", - "S101": "sonar-dotnet 6.6.0.3969", - "S103": "sonar-dotnet 6.6.0.3969", - "S104": "sonar-dotnet 6.6.0.3969", - "S1048": "sonar-dotnet 7.0.0.4787", - "S105": "sonar-dotnet 6.6.0.3969", - "S106": "sonar-dotnet 7.5.0.6605", - "S1066": "sonar-dotnet 6.6.0.3969", - "S1067": "sonar-dotnet 6.6.0.3969", - "S107": "sonar-dotnet 6.6.0.3969", - "S1075": "sonar-dotnet 6.6.0.3969", - "S108": "sonar-dotnet 6.6.0.3969", - "S109": "sonar-dotnet 7.0.0.4787", - "S110": "sonar-dotnet 6.6.0.3969", - "S1104": "sonar-dotnet 6.6.0.3969", - "S1109": "sonar-dotnet 6.6.0.3969", - "S1110": "sonar-dotnet 6.7", - "S1116": "sonar-dotnet 6.6.0.3969", - "S1117": "sonar-dotnet 6.6.0.3969", - "S1118": "sonar-dotnet 6.6.0.3969", - "S112": "sonar-dotnet 6.6.0.3969", - "S1121": "sonar-dotnet 6.6.0.3969", - "S1123": "sonar-dotnet 6.6.0.3969", - "S1125": "sonar-dotnet 6.6.0.3969", - "S1128": "sonar-dotnet 7.17.0.9346", - "S113": "sonar-dotnet 6.7", - "S1133": "sonar-dotnet 8.53.0.62665", - "S1134": "sonar-dotnet 6.6.0.3969", - "S1135": "sonar-dotnet 6.6.0.3969", - "S1144": "sonar-dotnet 6.6.0.3969", - "S1145": { - "since": "sonar-dotnet 6.6.0.3969", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S1147": "sonar-dotnet 6.8.0.4636", - "S1151": "sonar-dotnet 7.0.0.4787", - "S1155": "sonar-dotnet 6.6.0.3969", - "S1163": "sonar-dotnet 6.6.0.3969", - "S1168": "sonar-dotnet 6.6.0.3969", - "S1172": "sonar-dotnet 6.6.0.3969", - "S1185": "sonar-dotnet 6.6.0.3969", - "S1186": "sonar-dotnet 6.6.0.3969", - "S1192": "sonar-dotnet 7.1.0.5212", - "S1199": "sonar-dotnet 7.17.0.9346", - "S1200": "sonar-dotnet 6.6.0.3969", - "S1206": "sonar-dotnet 6.6.0.3969", - "S121": "sonar-dotnet 6.6.0.3969", - "S1210": "sonar-dotnet 6.6.0.3969", - "S1215": "sonar-dotnet 6.6.0.3969", - "S122": "sonar-dotnet 6.6.0.3969", - "S1226": "sonar-dotnet 6.6.0.3969", - "S1227": "sonar-dotnet 6.6.0.3969", - "S1244": "sonar-dotnet 6.6.0.3969", - "S125": "sonar-dotnet 6.6.0.3969", - "S126": "sonar-dotnet 6.6.0.3969", - "S1264": "sonar-dotnet 7.0.0.4787", - "S127": "sonar-dotnet 6.6.0.3969", - "S1301": "sonar-dotnet 6.6.0.3969", - "S1309": "sonar-dotnet 6.6.0.3969", - "S131": "sonar-dotnet 6.6.0.3969", - "S1313": "sonar-dotnet 6.6.0.3969", - "S134": "sonar-dotnet 6.6.0.3969", - "S138": "sonar-dotnet 6.8.0.4636", - "S1449": "sonar-dotnet 6.6.0.3969", - "S1450": "sonar-dotnet 6.6.0.3969", - "S1451": "sonar-dotnet 6.6.0.3969", - "S1479": "sonar-dotnet 6.6.0.3969", - "S1481": "sonar-dotnet 6.6.0.3969", - "S1523": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S1541": "sonar-dotnet 6.6.0.3969", - "S1607": "sonar-dotnet 6.6.0.3969", - "S1643": "sonar-dotnet 6.6.0.3969", - "S1656": "sonar-dotnet 6.6.0.3969", - "S1659": "sonar-dotnet 6.6.0.3969", - "S1694": "sonar-dotnet 6.6.0.3969", - "S1696": "sonar-dotnet 6.6.0.3969", - "S1697": { - "since": "sonar-dotnet 6.6.0.3969", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S1698": "sonar-dotnet 6.6.0.3969", - "S1699": "sonar-dotnet 6.6.0.3969", - "S1751": "sonar-dotnet 6.6.0.3969", - "S1764": "sonar-dotnet 6.6.0.3969", - "S1821": "sonar-dotnet 7.0.0.4787", - "S1848": "sonar-dotnet 6.6.0.3969", - "S1854": "sonar-dotnet 6.6.0.3969", - "S1858": "sonar-dotnet 6.6.0.3969", - "S1862": "sonar-dotnet 6.6.0.3969", - "S1871": "sonar-dotnet 6.6.0.3969", - "S1905": "sonar-dotnet 6.6.0.3969", - "S1939": "sonar-dotnet 6.6.0.3969", - "S1940": "sonar-dotnet 6.6.0.3969", - "S1944": "sonar-dotnet 6.6.0.3969", - "S1994": "sonar-dotnet 6.6.0.3969", - "S2053": "sonar-dotnet 8.16.0.25740", - "S2068": "sonar-dotnet 6.6.0.3969", - "S2070": { - "since": "sonar-dotnet 6.6.0.3969", - "until": "sonar-dotnet 8.25.0.33663" - }, + "S100": "sonar-dotnet-enterprise 10.0.0.102753", + "S1006": "sonar-dotnet-enterprise 10.0.0.102753", + "S101": "sonar-dotnet-enterprise 10.0.0.102753", + "S103": "sonar-dotnet-enterprise 10.0.0.102753", + "S104": "sonar-dotnet-enterprise 10.0.0.102753", + "S1048": "sonar-dotnet-enterprise 10.0.0.102753", + "S105": "sonar-dotnet-enterprise 10.0.0.102753", + "S106": "sonar-dotnet-enterprise 10.0.0.102753", + "S1066": "sonar-dotnet-enterprise 10.0.0.102753", + "S1067": "sonar-dotnet-enterprise 10.0.0.102753", + "S107": "sonar-dotnet-enterprise 10.0.0.102753", + "S1075": "sonar-dotnet-enterprise 10.0.0.102753", + "S108": "sonar-dotnet-enterprise 10.0.0.102753", + "S109": "sonar-dotnet-enterprise 10.0.0.102753", + "S110": "sonar-dotnet-enterprise 10.0.0.102753", + "S1104": "sonar-dotnet-enterprise 10.0.0.102753", + "S1109": "sonar-dotnet-enterprise 10.0.0.102753", + "S1110": "sonar-dotnet-enterprise 10.0.0.102753", + "S1116": "sonar-dotnet-enterprise 10.0.0.102753", + "S1117": "sonar-dotnet-enterprise 10.0.0.102753", + "S1118": "sonar-dotnet-enterprise 10.0.0.102753", + "S112": "sonar-dotnet-enterprise 10.0.0.102753", + "S1121": "sonar-dotnet-enterprise 10.0.0.102753", + "S1123": "sonar-dotnet-enterprise 10.0.0.102753", + "S1125": "sonar-dotnet-enterprise 10.0.0.102753", + "S1128": "sonar-dotnet-enterprise 10.0.0.102753", + "S113": "sonar-dotnet-enterprise 10.0.0.102753", + "S1133": "sonar-dotnet-enterprise 10.0.0.102753", + "S1134": "sonar-dotnet-enterprise 10.0.0.102753", + "S1135": "sonar-dotnet-enterprise 10.0.0.102753", + "S1144": "sonar-dotnet-enterprise 10.0.0.102753", + "S1147": "sonar-dotnet-enterprise 10.0.0.102753", + "S1151": "sonar-dotnet-enterprise 10.0.0.102753", + "S1155": "sonar-dotnet-enterprise 10.0.0.102753", + "S1163": "sonar-dotnet-enterprise 10.0.0.102753", + "S1168": "sonar-dotnet-enterprise 10.0.0.102753", + "S1172": "sonar-dotnet-enterprise 10.0.0.102753", + "S1185": "sonar-dotnet-enterprise 10.0.0.102753", + "S1186": "sonar-dotnet-enterprise 10.0.0.102753", + "S1192": "sonar-dotnet-enterprise 10.0.0.102753", + "S1199": "sonar-dotnet-enterprise 10.0.0.102753", + "S1200": "sonar-dotnet-enterprise 10.0.0.102753", + "S1206": "sonar-dotnet-enterprise 10.0.0.102753", + "S121": "sonar-dotnet-enterprise 10.0.0.102753", + "S1210": "sonar-dotnet-enterprise 10.0.0.102753", + "S1215": "sonar-dotnet-enterprise 10.0.0.102753", + "S122": "sonar-dotnet-enterprise 10.0.0.102753", + "S1226": "sonar-dotnet-enterprise 10.0.0.102753", + "S1227": "sonar-dotnet-enterprise 10.0.0.102753", + "S1244": "sonar-dotnet-enterprise 10.0.0.102753", + "S125": "sonar-dotnet-enterprise 10.0.0.102753", + "S126": "sonar-dotnet-enterprise 10.0.0.102753", + "S1264": "sonar-dotnet-enterprise 10.0.0.102753", + "S127": "sonar-dotnet-enterprise 10.0.0.102753", + "S1301": "sonar-dotnet-enterprise 10.0.0.102753", + "S1309": "sonar-dotnet-enterprise 10.0.0.102753", + "S131": "sonar-dotnet-enterprise 10.0.0.102753", + "S1312": "sonar-dotnet-enterprise 10.0.0.102753", + "S1313": "sonar-dotnet-enterprise 10.0.0.102753", + "S134": "sonar-dotnet-enterprise 10.0.0.102753", + "S138": "sonar-dotnet-enterprise 10.0.0.102753", + "S1449": "sonar-dotnet-enterprise 10.0.0.102753", + "S1450": "sonar-dotnet-enterprise 10.0.0.102753", + "S1451": "sonar-dotnet-enterprise 10.0.0.102753", + "S1479": "sonar-dotnet-enterprise 10.0.0.102753", + "S1481": "sonar-dotnet-enterprise 10.0.0.102753", + "S1541": "sonar-dotnet-enterprise 10.0.0.102753", + "S1607": "sonar-dotnet-enterprise 10.0.0.102753", + "S1643": "sonar-dotnet-enterprise 10.0.0.102753", + "S1656": "sonar-dotnet-enterprise 10.0.0.102753", + "S1659": "sonar-dotnet-enterprise 10.0.0.102753", + "S1694": "sonar-dotnet-enterprise 10.0.0.102753", + "S1696": "sonar-dotnet-enterprise 10.0.0.102753", + "S1698": "sonar-dotnet-enterprise 10.0.0.102753", + "S1699": "sonar-dotnet-enterprise 10.0.0.102753", + "S1751": "sonar-dotnet-enterprise 10.0.0.102753", + "S1764": "sonar-dotnet-enterprise 10.0.0.102753", + "S1821": "sonar-dotnet-enterprise 10.0.0.102753", + "S1848": "sonar-dotnet-enterprise 10.0.0.102753", + "S1854": "sonar-dotnet-enterprise 10.0.0.102753", + "S1858": "sonar-dotnet-enterprise 10.0.0.102753", + "S1862": "sonar-dotnet-enterprise 10.0.0.102753", + "S1871": "sonar-dotnet-enterprise 10.0.0.102753", + "S1905": "sonar-dotnet-enterprise 10.0.0.102753", + "S1939": "sonar-dotnet-enterprise 10.0.0.102753", + "S1940": "sonar-dotnet-enterprise 10.0.0.102753", + "S1944": "sonar-dotnet-enterprise 10.0.0.102753", + "S1994": "sonar-dotnet-enterprise 10.0.0.102753", + "S2053": "sonar-dotnet-enterprise 10.0.0.102753", + "S2068": "sonar-dotnet-enterprise 10.0.0.102753", "S2076": "sonar-security 7.4.0.1949", - "S2077": "sonar-dotnet 7.9.0.7583", + "S2077": "sonar-dotnet-enterprise 10.0.0.102753", "S2078": "sonar-security 7.4.0.1949", "S2083": "sonar-security 7.4.0.1949", "S2091": "sonar-security 7.4.0.1949", - "S2092": "sonar-dotnet 7.1.0.5212", - "S2094": "sonar-dotnet 8.54.0.64047", - "S2114": "sonar-dotnet 6.6.0.3969", - "S2115": "sonar-dotnet 8.22.0.31243", - "S2123": "sonar-dotnet 6.6.0.3969", - "S2148": "sonar-dotnet 7.5.0.6605", - "S2156": "sonar-dotnet 6.6.0.3969", - "S2166": "sonar-dotnet 8.53.0.62665", - "S2178": "sonar-dotnet 6.6.0.3969", - "S2183": "sonar-dotnet 6.6.0.3969", - "S2184": "sonar-dotnet 6.6.0.3969", - "S2187": "sonar-dotnet 6.6.0.3969", - "S2190": "sonar-dotnet 6.6.0.3969", - "S2197": "sonar-dotnet 6.6.0.3969", - "S2198": "sonar-dotnet 8.53.0.62665", - "S2201": "sonar-dotnet 6.6.0.3969", - "S2219": "sonar-dotnet 6.6.0.3969", - "S2221": "sonar-dotnet 6.6.0.3969", - "S2222": "sonar-dotnet 8.34.0.42011", - "S2223": "sonar-dotnet 6.6.0.3969", - "S2225": "sonar-dotnet 6.6.0.3969", - "S2228": { - "since": "sonar-dotnet 6.6.0.3969", - "until": "sonar-dotnet 9.11.0.78383" - }, - "S2234": "sonar-dotnet 6.6.0.3969", - "S2245": "sonar-dotnet 7.1.0.5212", - "S2251": "sonar-dotnet 8.0.0.9566", - "S2252": "sonar-dotnet 7.17.0.9346", - "S2255": { - "since": "sonar-dotnet 7.1.0.5212", - "until": "sonar-dotnet 9.8.0.76515" - }, - "S2257": "sonar-dotnet 8.16.0.25740", - "S2259": "sonar-dotnet 6.6.0.3969", - "S2275": "sonar-dotnet 6.6.0.3969", - "S2278": { - "since": "sonar-dotnet 6.6.0.3969", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S2290": "sonar-dotnet 6.6.0.3969", - "S2291": "sonar-dotnet 6.6.0.3969", - "S2292": "sonar-dotnet 6.6.0.3969", - "S2302": "sonar-dotnet 6.8.0.4636", - "S2306": "sonar-dotnet 6.6.0.3969", - "S2325": "sonar-dotnet 6.6.0.3969", - "S2326": "sonar-dotnet 6.6.0.3969", - "S2327": "sonar-dotnet 7.3.0.5690", - "S2328": "sonar-dotnet 6.6.0.3969", - "S2330": "sonar-dotnet 6.6.0.3969", - "S2333": "sonar-dotnet 6.6.0.3969", - "S2339": "sonar-dotnet 6.6.0.3969", - "S2342": "sonar-dotnet 6.6.0.3969", - "S2344": "sonar-dotnet 6.6.0.3969", - "S2345": "sonar-dotnet 6.6.0.3969", - "S2346": "sonar-dotnet 6.6.0.3969", - "S2357": "sonar-dotnet 6.6.0.3969", - "S2360": "sonar-dotnet 6.6.0.3969", - "S2365": "sonar-dotnet 6.6.0.3969", - "S2368": "sonar-dotnet 6.6.0.3969", - "S2372": "sonar-dotnet 6.6.0.3969", - "S2376": "sonar-dotnet 6.6.0.3969", - "S2386": "sonar-dotnet 6.6.0.3969", - "S2387": "sonar-dotnet 6.6.0.3969", - "S2436": "sonar-dotnet 6.6.0.3969", - "S2437": "sonar-dotnet 6.6.0.3969", - "S2445": "sonar-dotnet 8.54.0.64047", - "S2479": "sonar-dotnet 8.0.0.9566", - "S2486": "sonar-dotnet 6.6.0.3969", - "S2551": "sonar-dotnet 6.6.0.3969", - "S2583": "sonar-dotnet 6.6.0.3969", - "S2589": "sonar-dotnet 6.6.0.3969", - "S2612": "sonar-dotnet 8.19.0.28253", + "S2092": "sonar-dotnet-enterprise 10.0.0.102753", + "S2094": "sonar-dotnet-enterprise 10.0.0.102753", + "S2114": "sonar-dotnet-enterprise 10.0.0.102753", + "S2115": "sonar-dotnet-enterprise 10.0.0.102753", + "S2123": "sonar-dotnet-enterprise 10.0.0.102753", + "S2139": "sonar-dotnet-enterprise 10.0.0.102753", + "S2148": "sonar-dotnet-enterprise 10.0.0.102753", + "S2156": "sonar-dotnet-enterprise 10.0.0.102753", + "S2166": "sonar-dotnet-enterprise 10.0.0.102753", + "S2178": "sonar-dotnet-enterprise 10.0.0.102753", + "S2183": "sonar-dotnet-enterprise 10.0.0.102753", + "S2184": "sonar-dotnet-enterprise 10.0.0.102753", + "S2187": "sonar-dotnet-enterprise 10.0.0.102753", + "S2190": "sonar-dotnet-enterprise 10.0.0.102753", + "S2197": "sonar-dotnet-enterprise 10.0.0.102753", + "S2198": "sonar-dotnet-enterprise 10.0.0.102753", + "S2201": "sonar-dotnet-enterprise 10.0.0.102753", + "S2219": "sonar-dotnet-enterprise 10.0.0.102753", + "S2221": "sonar-dotnet-enterprise 10.0.0.102753", + "S2222": "sonar-dotnet-enterprise 10.0.0.102753", + "S2223": "sonar-dotnet-enterprise 10.0.0.102753", + "S2225": "sonar-dotnet-enterprise 10.0.0.102753", + "S2234": "sonar-dotnet-enterprise 10.0.0.102753", + "S2245": "sonar-dotnet-enterprise 10.0.0.102753", + "S2251": "sonar-dotnet-enterprise 10.0.0.102753", + "S2252": "sonar-dotnet-enterprise 10.0.0.102753", + "S2257": "sonar-dotnet-enterprise 10.0.0.102753", + "S2259": "sonar-dotnet-enterprise 10.0.0.102753", + "S2275": "sonar-dotnet-enterprise 10.0.0.102753", + "S2290": "sonar-dotnet-enterprise 10.0.0.102753", + "S2291": "sonar-dotnet-enterprise 10.0.0.102753", + "S2292": "sonar-dotnet-enterprise 10.0.0.102753", + "S2302": "sonar-dotnet-enterprise 10.0.0.102753", + "S2306": "sonar-dotnet-enterprise 10.0.0.102753", + "S2325": "sonar-dotnet-enterprise 10.0.0.102753", + "S2326": "sonar-dotnet-enterprise 10.0.0.102753", + "S2327": "sonar-dotnet-enterprise 10.0.0.102753", + "S2328": "sonar-dotnet-enterprise 10.0.0.102753", + "S2330": "sonar-dotnet-enterprise 10.0.0.102753", + "S2333": "sonar-dotnet-enterprise 10.0.0.102753", + "S2339": "sonar-dotnet-enterprise 10.0.0.102753", + "S2342": "sonar-dotnet-enterprise 10.0.0.102753", + "S2344": "sonar-dotnet-enterprise 10.0.0.102753", + "S2345": "sonar-dotnet-enterprise 10.0.0.102753", + "S2346": "sonar-dotnet-enterprise 10.0.0.102753", + "S2357": "sonar-dotnet-enterprise 10.0.0.102753", + "S2360": "sonar-dotnet-enterprise 10.0.0.102753", + "S2365": "sonar-dotnet-enterprise 10.0.0.102753", + "S2368": "sonar-dotnet-enterprise 10.0.0.102753", + "S2372": "sonar-dotnet-enterprise 10.0.0.102753", + "S2376": "sonar-dotnet-enterprise 10.0.0.102753", + "S2386": "sonar-dotnet-enterprise 10.0.0.102753", + "S2387": "sonar-dotnet-enterprise 10.0.0.102753", + "S2436": "sonar-dotnet-enterprise 10.0.0.102753", + "S2437": "sonar-dotnet-enterprise 10.0.0.102753", + "S2445": "sonar-dotnet-enterprise 10.0.0.102753", + "S2479": "sonar-dotnet-enterprise 10.0.0.102753", + "S2486": "sonar-dotnet-enterprise 10.0.0.102753", + "S2551": "sonar-dotnet-enterprise 10.0.0.102753", + "S2583": "sonar-dotnet-enterprise 10.0.0.102753", + "S2589": "sonar-dotnet-enterprise 10.0.0.102753", + "S2612": "sonar-dotnet-enterprise 10.0.0.102753", + "S2629": "sonar-dotnet-enterprise 10.0.0.102753", "S2631": "sonar-security 7.4.0.1949", - "S2674": "sonar-dotnet 6.6.0.3969", - "S2681": "sonar-dotnet 6.6.0.3969", - "S2688": "sonar-dotnet 6.6.0.3969", - "S2692": "sonar-dotnet 6.6.0.3969", - "S2696": "sonar-dotnet 6.6.0.3969", - "S2699": "sonar-dotnet 6.6.0.3969", - "S2701": "sonar-dotnet 6.6.0.3969", - "S2737": "sonar-dotnet 6.6.0.3969", - "S2743": "sonar-dotnet 6.6.0.3969", - "S2755": "sonar-dotnet 8.4.0.15306", - "S2757": "sonar-dotnet 6.6.0.3969", - "S2758": { - "since": "sonar-dotnet 6.6.0.3969", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S2760": "sonar-dotnet 6.6.0.3969", - "S2761": "sonar-dotnet 6.6.0.3969", - "S2857": "sonar-dotnet 8.0.0.9566", - "S2925": "sonar-dotnet 9.4.0.72892", - "S2930": "sonar-dotnet 6.6.0.3969", - "S2931": "sonar-dotnet 6.6.0.3969", - "S2933": "sonar-dotnet 6.6.0.3969", - "S2934": "sonar-dotnet 6.6.0.3969", - "S2952": "sonar-dotnet 6.6.0.3969", - "S2953": "sonar-dotnet 6.6.0.3969", - "S2955": "sonar-dotnet 6.6.0.3969", - "S2970": "sonar-dotnet 8.54.0.64047", - "S2971": "sonar-dotnet 6.6.0.3969", - "S2995": "sonar-dotnet 6.6.0.3969", - "S2996": "sonar-dotnet 6.6.0.3969", - "S2997": "sonar-dotnet 6.6.0.3969", - "S3005": "sonar-dotnet 6.6.0.3969", - "S3010": "sonar-dotnet 6.6.0.3969", - "S3011": "sonar-dotnet 7.9.0.7583", - "S3052": "sonar-dotnet 6.6.0.3969", - "S3059": "sonar-dotnet 8.30.0.37606", - "S3060": "sonar-dotnet 6.8.0.4636", - "S3063": "sonar-dotnet 8.53.0.62665", - "S3168": "sonar-dotnet 6.6.0.3969", - "S3169": "sonar-dotnet 6.6.0.3969", - "S3172": "sonar-dotnet 6.6.0.3969", - "S3215": "sonar-dotnet 6.6.0.3969", - "S3216": "sonar-dotnet 6.6.0.3969", - "S3217": "sonar-dotnet 6.6.0.3969", - "S3218": "sonar-dotnet 6.6.0.3969", - "S3220": "sonar-dotnet 6.6.0.3969", - "S3234": "sonar-dotnet 6.6.0.3969", - "S3235": "sonar-dotnet 6.6.0.3969", - "S3236": "sonar-dotnet 6.6.0.3969", - "S3237": "sonar-dotnet 6.6.0.3969", - "S3240": "sonar-dotnet 6.6.0.3969", - "S3241": "sonar-dotnet 6.6.0.3969", - "S3242": "sonar-dotnet 6.6.0.3969", - "S3244": "sonar-dotnet 6.6.0.3969", - "S3246": "sonar-dotnet 6.6.0.3969", - "S3247": "sonar-dotnet 6.6.0.3969", - "S3249": "sonar-dotnet 6.6.0.3969", - "S3251": "sonar-dotnet 6.6.0.3969", - "S3253": "sonar-dotnet 6.6.0.3969", - "S3254": "sonar-dotnet 6.6.0.3969", - "S3256": "sonar-dotnet 6.6.0.3969", - "S3257": "sonar-dotnet 6.6.0.3969", - "S3260": "sonar-dotnet 8.30.0.37606", - "S3261": "sonar-dotnet 6.6.0.3969", - "S3262": "sonar-dotnet 6.6.0.3969", - "S3263": "sonar-dotnet 6.6.0.3969", - "S3264": "sonar-dotnet 6.6.0.3969", - "S3265": "sonar-dotnet 6.6.0.3969", - "S3267": "sonar-dotnet 8.30.0.37606", - "S3329": "sonar-dotnet 8.16.0.25740", - "S3330": "sonar-dotnet 7.1.0.5212", - "S3343": "sonar-dotnet 6.8.0.4636", - "S3346": "sonar-dotnet 6.6.0.3969", - "S3353": "sonar-dotnet 6.8.0.4636", - "S3358": "sonar-dotnet 6.8.0.4636", - "S3363": "sonar-dotnet 9.5.0.73987", - "S3366": "sonar-dotnet 6.8.0.4636", - "S3376": "sonar-dotnet 6.6.0.3969", - "S3397": "sonar-dotnet 6.6.0.3969", - "S3398": "sonar-dotnet 8.54.0.64047", - "S3400": "sonar-dotnet 7.1.0.5212", - "S3415": "sonar-dotnet 6.6.0.3969", - "S3427": "sonar-dotnet 6.6.0.3969", - "S3431": "sonar-dotnet 6.6.0.3969", - "S3433": "sonar-dotnet 6.6.0.3969", - "S3440": "sonar-dotnet 6.6.0.3969", - "S3441": "sonar-dotnet 6.6.0.3969", - "S3442": "sonar-dotnet 6.6.0.3969", - "S3443": "sonar-dotnet 6.6.0.3969", - "S3444": "sonar-dotnet 6.6.0.3969", - "S3445": "sonar-dotnet 6.6.0.3969", - "S3447": "sonar-dotnet 6.6.0.3969", - "S3449": "sonar-dotnet 6.6.0.3969", - "S3450": "sonar-dotnet 6.6.0.3969", - "S3451": "sonar-dotnet 6.6.0.3969", - "S3453": "sonar-dotnet 6.6.0.3969", - "S3456": "sonar-dotnet 6.6.0.3969", - "S3457": "sonar-dotnet 6.6.0.3969", - "S3458": "sonar-dotnet 6.6.0.3969", - "S3459": "sonar-dotnet 6.6.0.3969", - "S3464": "sonar-dotnet 6.8.0.4636", - "S3466": "sonar-dotnet 6.6.0.3969", - "S3532": "sonar-dotnet 6.6.0.3969", - "S3597": "sonar-dotnet 6.6.0.3969", - "S3598": "sonar-dotnet 6.6.0.3969", - "S3600": "sonar-dotnet 6.6.0.3969", - "S3603": "sonar-dotnet 6.6.0.3969", - "S3604": "sonar-dotnet 6.6.0.3969", - "S3610": "sonar-dotnet 6.6.0.3969", - "S3626": "sonar-dotnet 6.6.0.3969", - "S3649": "sonar-dotnet 6.6.0.3969", - "S3655": "sonar-dotnet 6.6.0.3969", - "S3693": { - "since": "sonar-dotnet 6.6.0.3969", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S3717": "sonar-dotnet 6.6.0.3969", - "S3776": "sonar-dotnet 6.6.0.3969", - "S3869": "sonar-dotnet 6.6.0.3969", - "S3871": "sonar-dotnet 6.6.0.3969", - "S3872": "sonar-dotnet 6.6.0.3969", - "S3874": "sonar-dotnet 6.6.0.3969", - "S3875": "sonar-dotnet 6.6.0.3969", - "S3876": "sonar-dotnet 6.6.0.3969", - "S3877": "sonar-dotnet 6.6.0.3969", - "S3878": "sonar-dotnet 8.53.0.62665", - "S3880": "sonar-dotnet 6.6.0.3969", - "S3881": "sonar-dotnet 6.6.0.3969", - "S3884": "sonar-dotnet 6.6.0.3969", - "S3885": "sonar-dotnet 6.6.0.3969", - "S3887": "sonar-dotnet 6.6.0.3969", - "S3889": "sonar-dotnet 6.6.0.3969", - "S3897": "sonar-dotnet 6.6.0.3969", - "S3898": "sonar-dotnet 6.6.0.3969", - "S3900": "sonar-dotnet 6.6.0.3969", - "S3902": "sonar-dotnet 6.6.0.3969", - "S3903": "sonar-dotnet 6.6.0.3969", - "S3904": "sonar-dotnet 6.6.0.3969", - "S3906": "sonar-dotnet 6.6.0.3969", - "S3908": "sonar-dotnet 6.6.0.3969", - "S3909": "sonar-dotnet 6.6.0.3969", - "S3923": "sonar-dotnet 7.1.0.5212", - "S3925": "sonar-dotnet 6.6.0.3969", - "S3926": "sonar-dotnet 6.6.0.3969", - "S3927": "sonar-dotnet 6.6.0.3969", - "S3928": "sonar-dotnet 6.6.0.3969", - "S3937": "sonar-dotnet 7.5.0.6605", - "S3949": "sonar-dotnet 8.2.0.13747", - "S3956": "sonar-dotnet 6.6.0.3969", - "S3962": "sonar-dotnet 6.6.0.3969", - "S3963": "sonar-dotnet 6.6.0.3969", - "S3966": "sonar-dotnet 6.6.0.3969", - "S3967": "sonar-dotnet 6.6.0.3969", - "S3971": "sonar-dotnet 6.6.0.3969", - "S3972": "sonar-dotnet 6.6.0.3969", - "S3973": "sonar-dotnet 7.3.0.5690", - "S3981": "sonar-dotnet 6.6.0.3969", - "S3984": "sonar-dotnet 6.6.0.3969", - "S3990": "sonar-dotnet 6.6.0.3969", - "S3992": "sonar-dotnet 6.6.0.3969", - "S3993": "sonar-dotnet 6.6.0.3969", - "S3994": "sonar-dotnet 6.6.0.3969", - "S3995": "sonar-dotnet 6.6.0.3969", - "S3996": "sonar-dotnet 6.6.0.3969", - "S3997": "sonar-dotnet 6.6.0.3969", - "S3998": "sonar-dotnet 6.6.0.3969", - "S4000": "sonar-dotnet 6.6.0.3969", - "S4002": "sonar-dotnet 6.6.0.3969", - "S4004": "sonar-dotnet 6.6.0.3969", - "S4005": "sonar-dotnet 6.6.0.3969", - "S4015": "sonar-dotnet 6.6.0.3969", - "S4016": "sonar-dotnet 6.6.0.3969", - "S4017": "sonar-dotnet 6.6.0.3969", - "S4018": "sonar-dotnet 6.6.0.3969", - "S4019": "sonar-dotnet 6.6.0.3969", - "S4022": "sonar-dotnet 6.6.0.3969", - "S4023": "sonar-dotnet 6.6.0.3969", - "S4025": "sonar-dotnet 6.6.0.3969", - "S4026": "sonar-dotnet 6.6.0.3969", - "S4027": "sonar-dotnet 6.6.0.3969", - "S4035": "sonar-dotnet 6.6.0.3969", - "S4036": "sonar-dotnet 8.17.0.26580", - "S4039": "sonar-dotnet 6.6.0.3969", - "S4040": "sonar-dotnet 6.6.0.3969", - "S4041": "sonar-dotnet 6.6.0.3969", - "S4047": "sonar-dotnet 6.6.0.3969", - "S4049": "sonar-dotnet 6.6.0.3969", - "S4050": "sonar-dotnet 6.6.0.3969", - "S4052": "sonar-dotnet 6.6.0.3969", - "S4055": "sonar-dotnet 6.6.0.3969", - "S4056": "sonar-dotnet 6.6.0.3969", - "S4057": "sonar-dotnet 6.6.0.3969", - "S4058": "sonar-dotnet 6.6.0.3969", - "S4059": "sonar-dotnet 6.6.0.3969", - "S4060": "sonar-dotnet 6.6.0.3969", - "S4061": "sonar-dotnet 6.6.0.3969", - "S4069": "sonar-dotnet 6.6.0.3969", - "S4070": "sonar-dotnet 6.6.0.3969", - "S4136": "sonar-dotnet 7.17.0.9346", - "S4142": { - "since": "sonar-dotnet 6.6.0.3969", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S4143": "sonar-dotnet 7.3.0.5690", - "S4144": "sonar-dotnet 6.6.0.3969", - "S4158": "sonar-dotnet 6.6.0.3969", - "S4159": "sonar-dotnet 6.8.0.4636", - "S4200": "sonar-dotnet 6.8.0.4636", - "S4201": "sonar-dotnet 7.17.0.9346", - "S4210": "sonar-dotnet 6.8.0.4636", - "S4211": "sonar-dotnet 7.1.0.5212", - "S4212": "sonar-dotnet 6.8.0.4636", - "S4214": "sonar-dotnet 6.6.0.3969", - "S4220": "sonar-dotnet 6.6.0.3969", - "S4225": "sonar-dotnet 6.6.0.3969", - "S4226": "sonar-dotnet 6.6.0.3969", - "S4260": "sonar-dotnet 6.6.0.3969", - "S4261": "sonar-dotnet 7.0.0.4787", - "S4275": "sonar-dotnet 7.3.0.5690", - "S4277": "sonar-dotnet 6.8.0.4636", - "S4423": "sonar-dotnet 8.16.0.25740", - "S4426": "sonar-dotnet 7.1.0.5212", - "S4428": "sonar-dotnet 7.0.0.4787", - "S4432": { - "since": "sonar-dotnet 7.1.0.5212", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S4433": "sonar-dotnet 7.1.0.5212", - "S4456": "sonar-dotnet 7.1.0.5212", - "S4457": "sonar-dotnet 7.1.0.5212", - "S4462": "sonar-dotnet 7.1.0.5212", - "S4487": "sonar-dotnet 8.0.0.9566", - "S4502": "sonar-dotnet 8.22.0.31243", - "S4507": "sonar-dotnet 7.9.0.7583", - "S4524": "sonar-dotnet 7.1.0.5212", - "S4529": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4545": "sonar-dotnet 8.54.0.64047", - "S4564": { - "since": "sonar-dotnet 7.1.0.5212", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S4581": "sonar-dotnet 7.1.0.5212", - "S4583": "sonar-dotnet 7.17.0.9346", - "S4586": "sonar-dotnet 7.1.0.5212", - "S4635": "sonar-dotnet 8.0.0.9566", - "S4663": "sonar-dotnet 8.53.0.62665", - "S4721": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4784": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S4787": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.9.0.77355" - }, - "S4790": "sonar-dotnet 7.9.0.7583", - "S4792": "sonar-dotnet 7.9.0.7583", - "S4797": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4817": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4818": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.9.0.77355" - }, - "S4823": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S4825": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4829": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S4830": "sonar-dotnet 8.1.0.13383", - "S4834": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S5034": "sonar-dotnet 7.17.0.9346", - "S5042": "sonar-dotnet 7.9.1.7622", - "S5122": "sonar-dotnet 8.22.0.31243", + "S2674": "sonar-dotnet-enterprise 10.0.0.102753", + "S2681": "sonar-dotnet-enterprise 10.0.0.102753", + "S2688": "sonar-dotnet-enterprise 10.0.0.102753", + "S2692": "sonar-dotnet-enterprise 10.0.0.102753", + "S2696": "sonar-dotnet-enterprise 10.0.0.102753", + "S2699": "sonar-dotnet-enterprise 10.0.0.102753", + "S2701": "sonar-dotnet-enterprise 10.0.0.102753", + "S2737": "sonar-dotnet-enterprise 10.0.0.102753", + "S2743": "sonar-dotnet-enterprise 10.0.0.102753", + "S2755": "sonar-dotnet-enterprise 10.0.0.102753", + "S2757": "sonar-dotnet-enterprise 10.0.0.102753", + "S2760": "sonar-dotnet-enterprise 10.0.0.102753", + "S2761": "sonar-dotnet-enterprise 10.0.0.102753", + "S2857": "sonar-dotnet-enterprise 10.0.0.102753", + "S2925": "sonar-dotnet-enterprise 10.0.0.102753", + "S2930": "sonar-dotnet-enterprise 10.0.0.102753", + "S2931": "sonar-dotnet-enterprise 10.0.0.102753", + "S2933": "sonar-dotnet-enterprise 10.0.0.102753", + "S2934": "sonar-dotnet-enterprise 10.0.0.102753", + "S2952": "sonar-dotnet-enterprise 10.0.0.102753", + "S2953": "sonar-dotnet-enterprise 10.0.0.102753", + "S2955": "sonar-dotnet-enterprise 10.0.0.102753", + "S2970": "sonar-dotnet-enterprise 10.0.0.102753", + "S2971": "sonar-dotnet-enterprise 10.0.0.102753", + "S2995": "sonar-dotnet-enterprise 10.0.0.102753", + "S2996": "sonar-dotnet-enterprise 10.0.0.102753", + "S2997": "sonar-dotnet-enterprise 10.0.0.102753", + "S3005": "sonar-dotnet-enterprise 10.0.0.102753", + "S3010": "sonar-dotnet-enterprise 10.0.0.102753", + "S3011": "sonar-dotnet-enterprise 10.0.0.102753", + "S3052": "sonar-dotnet-enterprise 10.0.0.102753", + "S3059": "sonar-dotnet-enterprise 10.0.0.102753", + "S3060": "sonar-dotnet-enterprise 10.0.0.102753", + "S3063": "sonar-dotnet-enterprise 10.0.0.102753", + "S3168": "sonar-dotnet-enterprise 10.0.0.102753", + "S3169": "sonar-dotnet-enterprise 10.0.0.102753", + "S3172": "sonar-dotnet-enterprise 10.0.0.102753", + "S3215": "sonar-dotnet-enterprise 10.0.0.102753", + "S3216": "sonar-dotnet-enterprise 10.0.0.102753", + "S3217": "sonar-dotnet-enterprise 10.0.0.102753", + "S3218": "sonar-dotnet-enterprise 10.0.0.102753", + "S3220": "sonar-dotnet-enterprise 10.0.0.102753", + "S3234": "sonar-dotnet-enterprise 10.0.0.102753", + "S3235": "sonar-dotnet-enterprise 10.0.0.102753", + "S3236": "sonar-dotnet-enterprise 10.0.0.102753", + "S3237": "sonar-dotnet-enterprise 10.0.0.102753", + "S3240": "sonar-dotnet-enterprise 10.0.0.102753", + "S3241": "sonar-dotnet-enterprise 10.0.0.102753", + "S3242": "sonar-dotnet-enterprise 10.0.0.102753", + "S3244": "sonar-dotnet-enterprise 10.0.0.102753", + "S3246": "sonar-dotnet-enterprise 10.0.0.102753", + "S3247": "sonar-dotnet-enterprise 10.0.0.102753", + "S3249": "sonar-dotnet-enterprise 10.0.0.102753", + "S3251": "sonar-dotnet-enterprise 10.0.0.102753", + "S3253": "sonar-dotnet-enterprise 10.0.0.102753", + "S3254": "sonar-dotnet-enterprise 10.0.0.102753", + "S3256": "sonar-dotnet-enterprise 10.0.0.102753", + "S3257": "sonar-dotnet-enterprise 10.0.0.102753", + "S3260": "sonar-dotnet-enterprise 10.0.0.102753", + "S3261": "sonar-dotnet-enterprise 10.0.0.102753", + "S3262": "sonar-dotnet-enterprise 10.0.0.102753", + "S3263": "sonar-dotnet-enterprise 10.0.0.102753", + "S3264": "sonar-dotnet-enterprise 10.0.0.102753", + "S3265": "sonar-dotnet-enterprise 10.0.0.102753", + "S3267": "sonar-dotnet-enterprise 10.0.0.102753", + "S3329": "sonar-dotnet-enterprise 10.0.0.102753", + "S3330": "sonar-dotnet-enterprise 10.0.0.102753", + "S3343": "sonar-dotnet-enterprise 10.0.0.102753", + "S3346": "sonar-dotnet-enterprise 10.0.0.102753", + "S3353": "sonar-dotnet-enterprise 10.0.0.102753", + "S3358": "sonar-dotnet-enterprise 10.0.0.102753", + "S3363": "sonar-dotnet-enterprise 10.0.0.102753", + "S3366": "sonar-dotnet-enterprise 10.0.0.102753", + "S3376": "sonar-dotnet-enterprise 10.0.0.102753", + "S3397": "sonar-dotnet-enterprise 10.0.0.102753", + "S3398": "sonar-dotnet-enterprise 10.0.0.102753", + "S3400": "sonar-dotnet-enterprise 10.0.0.102753", + "S3415": "sonar-dotnet-enterprise 10.0.0.102753", + "S3416": "sonar-dotnet-enterprise 10.0.0.102753", + "S3427": "sonar-dotnet-enterprise 10.0.0.102753", + "S3431": "sonar-dotnet-enterprise 10.0.0.102753", + "S3433": "sonar-dotnet-enterprise 10.0.0.102753", + "S3440": "sonar-dotnet-enterprise 10.0.0.102753", + "S3441": "sonar-dotnet-enterprise 10.0.0.102753", + "S3442": "sonar-dotnet-enterprise 10.0.0.102753", + "S3443": "sonar-dotnet-enterprise 10.0.0.102753", + "S3444": "sonar-dotnet-enterprise 10.0.0.102753", + "S3445": "sonar-dotnet-enterprise 10.0.0.102753", + "S3447": "sonar-dotnet-enterprise 10.0.0.102753", + "S3449": "sonar-dotnet-enterprise 10.0.0.102753", + "S3450": "sonar-dotnet-enterprise 10.0.0.102753", + "S3451": "sonar-dotnet-enterprise 10.0.0.102753", + "S3453": "sonar-dotnet-enterprise 10.0.0.102753", + "S3456": "sonar-dotnet-enterprise 10.0.0.102753", + "S3457": "sonar-dotnet-enterprise 10.0.0.102753", + "S3458": "sonar-dotnet-enterprise 10.0.0.102753", + "S3459": "sonar-dotnet-enterprise 10.0.0.102753", + "S3464": "sonar-dotnet-enterprise 10.0.0.102753", + "S3466": "sonar-dotnet-enterprise 10.0.0.102753", + "S3532": "sonar-dotnet-enterprise 10.0.0.102753", + "S3597": "sonar-dotnet-enterprise 10.0.0.102753", + "S3598": "sonar-dotnet-enterprise 10.0.0.102753", + "S3600": "sonar-dotnet-enterprise 10.0.0.102753", + "S3603": "sonar-dotnet-enterprise 10.0.0.102753", + "S3604": "sonar-dotnet-enterprise 10.0.0.102753", + "S3610": "sonar-dotnet-enterprise 10.0.0.102753", + "S3626": "sonar-dotnet-enterprise 10.0.0.102753", + "S3649": "sonar-security 7.4.0.1949", + "S3655": "sonar-dotnet-enterprise 10.0.0.102753", + "S3717": "sonar-dotnet-enterprise 10.0.0.102753", + "S3776": "sonar-dotnet-enterprise 10.0.0.102753", + "S3869": "sonar-dotnet-enterprise 10.0.0.102753", + "S3871": "sonar-dotnet-enterprise 10.0.0.102753", + "S3872": "sonar-dotnet-enterprise 10.0.0.102753", + "S3874": "sonar-dotnet-enterprise 10.0.0.102753", + "S3875": "sonar-dotnet-enterprise 10.0.0.102753", + "S3876": "sonar-dotnet-enterprise 10.0.0.102753", + "S3877": "sonar-dotnet-enterprise 10.0.0.102753", + "S3878": "sonar-dotnet-enterprise 10.0.0.102753", + "S3880": "sonar-dotnet-enterprise 10.0.0.102753", + "S3881": "sonar-dotnet-enterprise 10.0.0.102753", + "S3884": "sonar-dotnet-enterprise 10.0.0.102753", + "S3885": "sonar-dotnet-enterprise 10.0.0.102753", + "S3887": "sonar-dotnet-enterprise 10.0.0.102753", + "S3889": "sonar-dotnet-enterprise 10.0.0.102753", + "S3897": "sonar-dotnet-enterprise 10.0.0.102753", + "S3898": "sonar-dotnet-enterprise 10.0.0.102753", + "S3900": "sonar-dotnet-enterprise 10.0.0.102753", + "S3902": "sonar-dotnet-enterprise 10.0.0.102753", + "S3903": "sonar-dotnet-enterprise 10.0.0.102753", + "S3904": "sonar-dotnet-enterprise 10.0.0.102753", + "S3906": "sonar-dotnet-enterprise 10.0.0.102753", + "S3908": "sonar-dotnet-enterprise 10.0.0.102753", + "S3909": "sonar-dotnet-enterprise 10.0.0.102753", + "S3923": "sonar-dotnet-enterprise 10.0.0.102753", + "S3925": "sonar-dotnet-enterprise 10.0.0.102753", + "S3926": "sonar-dotnet-enterprise 10.0.0.102753", + "S3927": "sonar-dotnet-enterprise 10.0.0.102753", + "S3928": "sonar-dotnet-enterprise 10.0.0.102753", + "S3937": "sonar-dotnet-enterprise 10.0.0.102753", + "S3949": "sonar-dotnet-enterprise 10.0.0.102753", + "S3956": "sonar-dotnet-enterprise 10.0.0.102753", + "S3962": "sonar-dotnet-enterprise 10.0.0.102753", + "S3963": "sonar-dotnet-enterprise 10.0.0.102753", + "S3966": "sonar-dotnet-enterprise 10.0.0.102753", + "S3967": "sonar-dotnet-enterprise 10.0.0.102753", + "S3971": "sonar-dotnet-enterprise 10.0.0.102753", + "S3972": "sonar-dotnet-enterprise 10.0.0.102753", + "S3973": "sonar-dotnet-enterprise 10.0.0.102753", + "S3981": "sonar-dotnet-enterprise 10.0.0.102753", + "S3984": "sonar-dotnet-enterprise 10.0.0.102753", + "S3990": "sonar-dotnet-enterprise 10.0.0.102753", + "S3992": "sonar-dotnet-enterprise 10.0.0.102753", + "S3993": "sonar-dotnet-enterprise 10.0.0.102753", + "S3994": "sonar-dotnet-enterprise 10.0.0.102753", + "S3995": "sonar-dotnet-enterprise 10.0.0.102753", + "S3996": "sonar-dotnet-enterprise 10.0.0.102753", + "S3997": "sonar-dotnet-enterprise 10.0.0.102753", + "S3998": "sonar-dotnet-enterprise 10.0.0.102753", + "S4000": "sonar-dotnet-enterprise 10.0.0.102753", + "S4002": "sonar-dotnet-enterprise 10.0.0.102753", + "S4004": "sonar-dotnet-enterprise 10.0.0.102753", + "S4005": "sonar-dotnet-enterprise 10.0.0.102753", + "S4015": "sonar-dotnet-enterprise 10.0.0.102753", + "S4016": "sonar-dotnet-enterprise 10.0.0.102753", + "S4017": "sonar-dotnet-enterprise 10.0.0.102753", + "S4018": "sonar-dotnet-enterprise 10.0.0.102753", + "S4019": "sonar-dotnet-enterprise 10.0.0.102753", + "S4022": "sonar-dotnet-enterprise 10.0.0.102753", + "S4023": "sonar-dotnet-enterprise 10.0.0.102753", + "S4025": "sonar-dotnet-enterprise 10.0.0.102753", + "S4026": "sonar-dotnet-enterprise 10.0.0.102753", + "S4027": "sonar-dotnet-enterprise 10.0.0.102753", + "S4035": "sonar-dotnet-enterprise 10.0.0.102753", + "S4036": "sonar-dotnet-enterprise 10.0.0.102753", + "S4039": "sonar-dotnet-enterprise 10.0.0.102753", + "S4040": "sonar-dotnet-enterprise 10.0.0.102753", + "S4041": "sonar-dotnet-enterprise 10.0.0.102753", + "S4047": "sonar-dotnet-enterprise 10.0.0.102753", + "S4049": "sonar-dotnet-enterprise 10.0.0.102753", + "S4050": "sonar-dotnet-enterprise 10.0.0.102753", + "S4052": "sonar-dotnet-enterprise 10.0.0.102753", + "S4055": "sonar-dotnet-enterprise 10.0.0.102753", + "S4056": "sonar-dotnet-enterprise 10.0.0.102753", + "S4057": "sonar-dotnet-enterprise 10.0.0.102753", + "S4058": "sonar-dotnet-enterprise 10.0.0.102753", + "S4059": "sonar-dotnet-enterprise 10.0.0.102753", + "S4060": "sonar-dotnet-enterprise 10.0.0.102753", + "S4061": "sonar-dotnet-enterprise 10.0.0.102753", + "S4069": "sonar-dotnet-enterprise 10.0.0.102753", + "S4070": "sonar-dotnet-enterprise 10.0.0.102753", + "S4136": "sonar-dotnet-enterprise 10.0.0.102753", + "S4143": "sonar-dotnet-enterprise 10.0.0.102753", + "S4144": "sonar-dotnet-enterprise 10.0.0.102753", + "S4158": "sonar-dotnet-enterprise 10.0.0.102753", + "S4159": "sonar-dotnet-enterprise 10.0.0.102753", + "S4200": "sonar-dotnet-enterprise 10.0.0.102753", + "S4201": "sonar-dotnet-enterprise 10.0.0.102753", + "S4210": "sonar-dotnet-enterprise 10.0.0.102753", + "S4211": "sonar-dotnet-enterprise 10.0.0.102753", + "S4212": "sonar-dotnet-enterprise 10.0.0.102753", + "S4214": "sonar-dotnet-enterprise 10.0.0.102753", + "S4220": "sonar-dotnet-enterprise 10.0.0.102753", + "S4225": "sonar-dotnet-enterprise 10.0.0.102753", + "S4226": "sonar-dotnet-enterprise 10.0.0.102753", + "S4260": "sonar-dotnet-enterprise 10.0.0.102753", + "S4261": "sonar-dotnet-enterprise 10.0.0.102753", + "S4275": "sonar-dotnet-enterprise 10.0.0.102753", + "S4277": "sonar-dotnet-enterprise 10.0.0.102753", + "S4347": "sonar-dotnet-enterprise 10.0.0.102753", + "S4423": "sonar-dotnet-enterprise 10.0.0.102753", + "S4426": "sonar-dotnet-enterprise 10.0.0.102753", + "S4428": "sonar-dotnet-enterprise 10.0.0.102753", + "S4433": "sonar-dotnet-enterprise 10.0.0.102753", + "S4456": "sonar-dotnet-enterprise 10.0.0.102753", + "S4457": "sonar-dotnet-enterprise 10.0.0.102753", + "S4462": "sonar-dotnet-enterprise 10.0.0.102753", + "S4487": "sonar-dotnet-enterprise 10.0.0.102753", + "S4502": "sonar-dotnet-enterprise 10.0.0.102753", + "S4507": "sonar-dotnet-enterprise 10.0.0.102753", + "S4524": "sonar-dotnet-enterprise 10.0.0.102753", + "S4545": "sonar-dotnet-enterprise 10.0.0.102753", + "S4581": "sonar-dotnet-enterprise 10.0.0.102753", + "S4583": "sonar-dotnet-enterprise 10.0.0.102753", + "S4586": "sonar-dotnet-enterprise 10.0.0.102753", + "S4635": "sonar-dotnet-enterprise 10.0.0.102753", + "S4663": "sonar-dotnet-enterprise 10.0.0.102753", + "S4790": "sonar-dotnet-enterprise 10.0.0.102753", + "S4792": "sonar-dotnet-enterprise 10.0.0.102753", + "S4830": "sonar-dotnet-enterprise 10.0.0.102753", + "S5034": "sonar-dotnet-enterprise 10.0.0.102753", + "S5042": "sonar-dotnet-enterprise 10.0.0.102753", + "S5122": "sonar-dotnet-enterprise 10.0.0.102753", "S5131": "sonar-security 7.7.0.4011", "S5135": "sonar-security 8.4.0.2759", "S5144": "sonar-security 7.7.0.4011", "S5145": "sonar-security 7.7.0.4011", "S5146": "sonar-security 7.7.0.4011", - "S5167": "sonar-security 7.7.0.4011", - "S5332": "sonar-dotnet 8.16.0.25740", + "S5147": "sonar-security 10.7.0.32997", + "S5167": { + "since": "sonar-security 7.7.0.4011", + "until": "sonar-security 10.7.0.32997" + }, + "S5332": "sonar-dotnet-enterprise 10.0.0.102753", "S5334": "sonar-security 8.7.0.7826", - "S5443": "sonar-dotnet 8.19.0.28253", - "S5445": "sonar-dotnet 8.19.0.28253", - "S5542": "sonar-dotnet 8.1.0.13383", - "S5547": "sonar-dotnet 8.1.0.13383", - "S5659": "sonar-dotnet 8.5.0.15942", - "S5693": "sonar-dotnet 8.19.0.28253", - "S5753": "sonar-dotnet 8.17.0.26580", - "S5766": "sonar-dotnet 8.9.0.19135", - "S5773": "sonar-dotnet 8.9.0.19135", - "S5856": "sonar-dotnet 8.56.0.67649", + "S5344": "sonar-dotnet-enterprise 10.0.0.102753", + "S5443": "sonar-dotnet-enterprise 10.0.0.102753", + "S5445": "sonar-dotnet-enterprise 10.0.0.102753", + "S5542": "sonar-dotnet-enterprise 10.0.0.102753", + "S5547": "sonar-dotnet-enterprise 10.0.0.102753", + "S5659": "sonar-dotnet-enterprise 10.0.0.102753", + "S5693": "sonar-dotnet-enterprise 10.0.0.102753", + "S5753": "sonar-dotnet-enterprise 10.0.0.102753", + "S5766": "sonar-dotnet-enterprise 10.0.0.102753", + "S5773": "sonar-dotnet-enterprise 10.0.0.102753", + "S5856": "sonar-dotnet-enterprise 10.0.0.102753", "S5883": "sonar-security 9.2.0.14426", "S6096": "sonar-security 8.7.0.7826", "S6173": "sonar-security 10.2.0.22608", "S6287": "sonar-security 9.2.0.14426", "S6350": "sonar-security 9.2.0.14426", - "S6354": "sonar-dotnet 8.35.0.42613", + "S6354": "sonar-dotnet-enterprise 10.0.0.102753", + "S6377": "sonar-dotnet-enterprise 10.0.0.102753", "S6399": "sonar-security 10.3.0.27281", - "S6419": "sonar-dotnet 8.41.0.50478", - "S6420": "sonar-dotnet 8.41.0.50478", - "S6421": "sonar-dotnet 8.41.0.50478", - "S6422": "sonar-dotnet 8.41.0.50478", - "S6423": "sonar-dotnet 8.41.0.50478", - "S6424": "sonar-dotnet 8.41.0.50478", - "S6444": "sonar-dotnet 8.51.0.59060", - "S6507": "sonar-dotnet 8.54.0.64047", - "S6513": "sonar-dotnet 8.55.0.65544", - "S6561": "sonar-dotnet 9.5.0.73987", - "S6562": "sonar-dotnet 9.5.0.73987", - "S6563": "sonar-dotnet 9.5.0.73987", - "S6566": "sonar-dotnet 9.5.0.73987", - "S6575": "sonar-dotnet 9.5.0.73987", - "S6580": "sonar-dotnet 9.5.0.73987", - "S6585": "sonar-dotnet 9.5.0.73987", - "S6588": "sonar-dotnet 9.5.0.73987", - "S6602": "sonar-dotnet 9.1.0.70676", - "S6603": "sonar-dotnet 9.1.0.70676", - "S6605": "sonar-dotnet 9.1.0.70676", - "S6607": "sonar-dotnet 9.1.0.70676", - "S6608": "sonar-dotnet 9.1.0.70676", - "S6609": "sonar-dotnet 9.1.0.70676", - "S6610": "sonar-dotnet 9.1.0.70676", - "S6612": "sonar-dotnet 9.1.0.70676", - "S6613": "sonar-dotnet 9.1.0.70676", - "S6617": "sonar-dotnet 9.1.0.70676", - "S6618": "sonar-dotnet 9.1.0.70676", + "S6418": "sonar-dotnet-enterprise 10.2.0.105762", + "S6419": "sonar-dotnet-enterprise 10.0.0.102753", + "S6420": "sonar-dotnet-enterprise 10.0.0.102753", + "S6421": "sonar-dotnet-enterprise 10.0.0.102753", + "S6422": "sonar-dotnet-enterprise 10.0.0.102753", + "S6423": "sonar-dotnet-enterprise 10.0.0.102753", + "S6424": "sonar-dotnet-enterprise 10.0.0.102753", + "S6444": "sonar-dotnet-enterprise 10.0.0.102753", + "S6507": "sonar-dotnet-enterprise 10.0.0.102753", + "S6513": "sonar-dotnet-enterprise 10.0.0.102753", + "S6547": "sonar-security 10.7.0.32997", + "S6549": "sonar-security 10.7.0.32997", + "S6561": "sonar-dotnet-enterprise 10.0.0.102753", + "S6562": "sonar-dotnet-enterprise 10.0.0.102753", + "S6563": "sonar-dotnet-enterprise 10.0.0.102753", + "S6566": "sonar-dotnet-enterprise 10.0.0.102753", + "S6575": "sonar-dotnet-enterprise 10.0.0.102753", + "S6580": "sonar-dotnet-enterprise 10.0.0.102753", + "S6585": "sonar-dotnet-enterprise 10.0.0.102753", + "S6588": "sonar-dotnet-enterprise 10.0.0.102753", + "S6602": "sonar-dotnet-enterprise 10.0.0.102753", + "S6603": "sonar-dotnet-enterprise 10.0.0.102753", + "S6605": "sonar-dotnet-enterprise 10.0.0.102753", + "S6607": "sonar-dotnet-enterprise 10.0.0.102753", + "S6608": "sonar-dotnet-enterprise 10.0.0.102753", + "S6609": "sonar-dotnet-enterprise 10.0.0.102753", + "S6610": "sonar-dotnet-enterprise 10.0.0.102753", + "S6612": "sonar-dotnet-enterprise 10.0.0.102753", + "S6613": "sonar-dotnet-enterprise 10.0.0.102753", + "S6617": "sonar-dotnet-enterprise 10.0.0.102753", + "S6618": "sonar-dotnet-enterprise 10.0.0.102753", "S6639": "sonar-security 10.2.0.22608", - "S6640": "sonar-dotnet 9.5.0.73987", + "S6640": "sonar-dotnet-enterprise 10.0.0.102753", "S6641": "sonar-security 10.2.0.22608", - "S6798": "sonar-dotnet master", - "S818": "sonar-dotnet 6.6.0.3969", - "S881": "sonar-dotnet 7.1.0.5212", - "S907": "sonar-dotnet 6.6.0.3969", - "S927": "sonar-dotnet 6.6.0.3969" + "S6664": "sonar-dotnet-enterprise 10.0.0.102753", + "S6667": "sonar-dotnet-enterprise 10.0.0.102753", + "S6668": "sonar-dotnet-enterprise 10.0.0.102753", + "S6669": "sonar-dotnet-enterprise 10.0.0.102753", + "S6670": "sonar-dotnet-enterprise 10.0.0.102753", + "S6672": "sonar-dotnet-enterprise 10.0.0.102753", + "S6673": "sonar-dotnet-enterprise 10.0.0.102753", + "S6674": "sonar-dotnet-enterprise 10.0.0.102753", + "S6675": "sonar-dotnet-enterprise 10.0.0.102753", + "S6677": "sonar-dotnet-enterprise 10.0.0.102753", + "S6678": "sonar-dotnet-enterprise 10.0.0.102753", + "S6680": "sonar-security 10.7.0.32997", + "S6776": "sonar-security 10.7.0.32997", + "S6781": "sonar-dotnet-enterprise 10.0.0.102753", + "S6797": "sonar-dotnet-enterprise 10.0.0.102753", + "S6798": "sonar-dotnet-enterprise 10.0.0.102753", + "S6800": "sonar-dotnet-enterprise 10.0.0.102753", + "S6802": "sonar-dotnet-enterprise 10.0.0.102753", + "S6803": "sonar-dotnet-enterprise 10.0.0.102753", + "S6930": "sonar-dotnet-enterprise 10.0.0.102753", + "S6931": "sonar-dotnet-enterprise 10.0.0.102753", + "S6932": "sonar-dotnet-enterprise 10.0.0.102753", + "S6934": "sonar-dotnet-enterprise 10.0.0.102753", + "S6960": "sonar-dotnet-enterprise 10.0.0.102753", + "S6961": "sonar-dotnet-enterprise 10.0.0.102753", + "S6962": "sonar-dotnet-enterprise 10.0.0.102753", + "S6964": "sonar-dotnet-enterprise 10.0.0.102753", + "S6965": "sonar-dotnet-enterprise 10.0.0.102753", + "S6966": "sonar-dotnet-enterprise 10.0.0.102753", + "S6967": "sonar-dotnet-enterprise 10.0.0.102753", + "S6968": "sonar-dotnet-enterprise 10.0.0.102753", + "S7039": "sonar-dotnet-enterprise 10.0.0.102753", + "S7044": "sonar-security 10.7.0.32997", + "S7130": "sonar-dotnet-enterprise 10.2.0.105762", + "S7131": "sonar-dotnet-enterprise 10.2.0.105762", + "S7133": "sonar-dotnet-enterprise 10.2.0.105762", + "S818": "sonar-dotnet-enterprise 10.0.0.102753", + "S881": "sonar-dotnet-enterprise 10.0.0.102753", + "S907": "sonar-dotnet-enterprise 10.0.0.102753", + "S927": "sonar-dotnet-enterprise 10.0.0.102753" }, "CSS": { - "S1116": "sonar-css 1.0.0.457", - "S1128": "sonar-css 1.0.0.457", + "S1116": "SonarJS 8.6.0.16913", + "S1128": "SonarJS 8.6.0.16913", "S125": "SonarJS 10.9.0.24449", - "S4647": "sonar-css 1.0.0.457", - "S4648": "sonar-css 1.0.0.457", - "S4649": "sonar-css 1.0.0.457", - "S4650": "sonar-css 1.0.0.457", - "S4651": "sonar-css 1.0.0.457", - "S4652": "sonar-css 1.0.0.457", - "S4653": "sonar-css 1.0.0.457", - "S4654": "sonar-css 1.0.0.457", - "S4655": "sonar-css 1.0.0.457", - "S4656": "sonar-css 1.0.0.457", - "S4657": "sonar-css 1.0.0.457", - "S4658": "sonar-css 1.0.0.457", - "S4659": "sonar-css 1.0.0.457", - "S4660": "sonar-css 1.0.0.457", - "S4661": "sonar-css 1.0.0.457", - "S4662": "sonar-css 1.0.0.457", - "S4663": "sonar-css 1.0.0.457", - "S4664": "sonar-css 1.0.0.457", - "S4666": "sonar-css 1.0.0.457", - "S4667": "sonar-css 1.0.0.457", - "S4668": "sonar-css 1.0.0.457", - "S4670": "sonar-css 1.0.0.457", - "S5362": "sonar-css 1.4.0.1899" + "S4647": "SonarJS 8.6.0.16913", + "S4648": "SonarJS 8.6.0.16913", + "S4649": "SonarJS 8.6.0.16913", + "S4650": "SonarJS 8.6.0.16913", + "S4651": "SonarJS 8.6.0.16913", + "S4652": "SonarJS 8.6.0.16913", + "S4653": "SonarJS 8.6.0.16913", + "S4654": "SonarJS 8.6.0.16913", + "S4655": "SonarJS 8.6.0.16913", + "S4656": "SonarJS 8.6.0.16913", + "S4657": "SonarJS 8.6.0.16913", + "S4658": "SonarJS 8.6.0.16913", + "S4659": "SonarJS 8.6.0.16913", + "S4660": "SonarJS 8.6.0.16913", + "S4661": "SonarJS 8.6.0.16913", + "S4662": "SonarJS 8.6.0.16913", + "S4663": "SonarJS 8.6.0.16913", + "S4664": "SonarJS 8.6.0.16913", + "S4666": "SonarJS 8.6.0.16913", + "S4667": "SonarJS 8.6.0.16913", + "S4668": "SonarJS 8.6.0.16913", + "S4670": "SonarJS 8.6.0.16913", + "S5362": "SonarJS 8.6.0.16913" + }, + "DART": { + "S101": "sonar-dart 0.1.0.1359", + "S106": "sonar-dart 0.1.0.1359", + "S1065": "sonar-dart 0.1.0.1359", + "S1068": "sonar-dart 0.1.0.1359", + "S107": "sonar-dart 0.1.0.1359", + "S1116": "sonar-dart 0.1.0.1359", + "S1118": "sonar-dart 0.1.0.1359", + "S1123": "sonar-dart 0.1.0.1359", + "S1128": "sonar-dart 0.1.0.1359", + "S113": "sonar-dart 0.3.0.1808", + "S1133": "sonar-dart 0.1.0.1359", + "S1134": "sonar-dart 0.1.0.1359", + "S1135": "sonar-dart 0.1.0.1359", + "S1143": "sonar-dart 0.1.0.1359", + "S115": "sonar-dart 0.1.0.1359", + "S1155": "sonar-dart 0.1.0.1359", + "S1161": "sonar-dart 0.1.0.1359", + "S1185": "sonar-dart 0.1.0.1359", + "S1192": "sonar-dart 0.1.0.1359", + "S120": "sonar-dart 0.2.0.1567", + "S1206": "sonar-dart 0.1.0.1359", + "S121": "sonar-dart 0.1.0.1359", + "S1481": "sonar-dart 0.1.0.1359", + "S1541": "sonar-dart 0.4.0.1887", + "S1578": "sonar-dart 0.1.0.1359", + "S1679": "sonar-dart 0.1.0.1359", + "S1854": "sonar-dart 0.1.0.1359", + "S1874": "sonar-dart 0.1.0.1359", + "S2159": "sonar-dart 0.1.0.1359", + "S2175": "sonar-dart 0.1.0.1359", + "S2260": "sonar-dart 0.1.0.1359", + "S2358": "sonar-dart 0.1.0.1359", + "S2432": "sonar-dart 0.1.0.1359", + "S2471": "sonar-dart 0.1.0.1359", + "S2486": "sonar-dart 0.1.0.1359", + "S2933": "sonar-dart 0.1.0.1359", + "S2963": "sonar-dart 0.1.0.1359", + "S2971": "sonar-dart 0.1.0.1359", + "S3240": "sonar-dart 0.1.0.1359", + "S3257": "sonar-dart 0.1.0.1359", + "S3358": "sonar-dart 0.1.0.1359", + "S3512": "sonar-dart 0.1.0.1359", + "S3562": "sonar-dart 0.1.0.1359", + "S3689": "sonar-dart 0.1.0.1359", + "S3776": "sonar-dart 0.1.0.1359", + "S3962": "sonar-dart 0.1.0.1359", + "S4123": "sonar-dart 0.1.0.1359", + "S4647": "sonar-dart 0.1.0.1359", + "S4977": "sonar-dart 0.1.0.1359", + "S5416": "sonar-dart 0.1.0.1359", + "S5856": "sonar-dart 0.1.0.1359", + "S6207": "sonar-dart 0.1.0.1359", + "S6531": "sonar-dart 0.1.0.1359", + "S6535": "sonar-dart 0.1.0.1359", + "S6582": "sonar-dart 0.1.0.1359", + "S6606": "sonar-dart 0.1.0.1359", + "S6619": "sonar-dart 0.1.0.1359", + "S7045": "sonar-dart 0.1.0.1359", + "S7046": "sonar-dart 0.1.0.1359", + "S7047": "sonar-dart 0.1.0.1359", + "S7048": "sonar-dart 0.1.0.1359", + "S7049": "sonar-dart 0.1.0.1359", + "S7050": "sonar-dart 0.1.0.1359", + "S7051": "sonar-dart 0.1.0.1359", + "S7052": "sonar-dart 0.1.0.1359", + "S7053": "sonar-dart 0.1.0.1359", + "S7054": "sonar-dart 0.1.0.1359", + "S7055": "sonar-dart 0.1.0.1359", + "S7057": "sonar-dart 0.1.0.1359", + "S7058": "sonar-dart 0.1.0.1359", + "S7061": "sonar-dart 0.1.0.1359", + "S7062": "sonar-dart 0.1.0.1359", + "S7064": "sonar-dart 0.1.0.1359", + "S7066": "sonar-dart 0.1.0.1359", + "S7067": "sonar-dart 0.1.0.1359", + "S7068": "sonar-dart 0.1.0.1359", + "S7069": "sonar-dart 0.1.0.1359", + "S7075": "sonar-dart 0.3.0.1808", + "S7078": "sonar-dart 0.3.0.1808", + "S7079": "sonar-dart 0.3.0.1808", + "S7083": "sonar-dart 0.3.0.1808", + "S7084": "sonar-dart 0.3.0.1808", + "S7087": "sonar-dart 0.3.0.1808", + "S7088": "sonar-dart 0.3.0.1808", + "S7089": "sonar-dart 0.3.0.1808", + "S7090": "sonar-dart 0.3.0.1808", + "S7092": "sonar-dart 0.3.0.1808", + "S7093": "sonar-dart 0.3.0.1808", + "S7094": "sonar-dart 0.3.0.1808", + "S7095": "sonar-dart 0.3.0.1808", + "S7096": "sonar-dart 0.3.0.1808", + "S7097": "sonar-dart 0.3.0.1808", + "S7098": "sonar-dart 0.3.0.1808", + "S7099": "sonar-dart 0.3.0.1808", + "S7100": "sonar-dart 0.3.0.1808", + "S7101": "sonar-dart 0.3.0.1808", + "S7102": "sonar-dart 0.3.0.1808", + "S7103": "sonar-dart 0.3.0.1808", + "S7104": "sonar-dart 0.3.0.1808", + "S7105": "sonar-dart 0.3.0.1808", + "S7107": "sonar-dart 0.3.0.1808", + "S7108": "sonar-dart 0.3.0.1808", + "S7109": "sonar-dart 0.3.0.1808", + "S7110": "sonar-dart 0.3.0.1808", + "S7111": "sonar-dart 0.3.0.1808", + "S7112": "sonar-dart 0.3.0.1808", + "S7113": "sonar-dart 0.3.0.1808", + "S7114": "sonar-dart 0.3.0.1808", + "S7115": "sonar-dart 0.3.0.1808", + "S7117": "sonar-dart 0.3.0.1808", + "S7120": "sonar-dart 0.3.0.1808", + "S7122": "sonar-dart 0.3.0.1808", + "S7123": "sonar-dart 0.3.0.1808", + "S7124": "sonar-dart 0.3.0.1808", + "S927": "sonar-dart 0.1.0.1359" }, "DOCKER": { - "S1135": "sonar-iac 1.13.0.3464", - "S2260": "sonar-iac 1.10.0.2836", - "S2612": "sonar-iac 1.13.0.3464", - "S4423": "sonar-iac 1.15.0.3752", - "S4507": "sonar-iac 1.13.0.3464", - "S4790": "sonar-iac 1.15.0.3752", - "S4830": "sonar-iac 1.15.0.3752", - "S5332": "sonar-iac 1.10.0.2836", - "S6431": "sonar-iac 1.13.0.3464", - "S6437": "sonar-iac 1.15.0.3752", - "S6469": "sonar-iac 1.10.0.2836", - "S6470": "sonar-iac 1.10.0.2836", - "S6471": "sonar-iac 1.10.0.2836", - "S6472": "sonar-iac 1.10.0.2836", - "S6473": "sonar-iac 1.10.0.2836", - "S6476": "sonar-iac 1.10.0.2836", - "S6497": "sonar-iac 1.13.0.3464", - "S6500": "sonar-iac 1.13.0.3464", - "S6502": "sonar-iac 1.13.0.3464", - "S6504": "sonar-iac 1.15.0.3752", - "S6505": "sonar-iac 1.15.0.3752", - "S6506": "sonar-iac 1.15.0.3752", - "S6570": "sonar-iac 1.21.0.5999", - "S6573": "sonar-iac 1.21.0.5999", - "S6574": "sonar-iac 1.21.0.5999", - "S6579": "sonar-iac 1.21.0.5999", - "S6581": "sonar-iac 1.21.0.5999", - "S6584": "sonar-iac 1.21.0.5999", - "S6586": "sonar-iac 1.21.0.5999", - "S6587": "sonar-iac 1.21.0.5999", - "S6589": "sonar-iac 1.21.0.5999", - "S6595": "sonar-iac 1.21.0.5999", - "S6596": "sonar-iac 1.21.0.5999", - "S6597": "sonar-iac 1.21.0.5999" + "S1135": "sonar-iac-enterprise 1.13.0.3464", + "S2260": "sonar-iac-enterprise 1.10.0.2836", + "S2612": "sonar-iac-enterprise 1.13.0.3464", + "S4423": "sonar-iac-enterprise 1.15.0.3752", + "S4507": "sonar-iac-enterprise 1.13.0.3464", + "S4790": "sonar-iac-enterprise 1.15.0.3752", + "S4830": "sonar-iac-enterprise 1.15.0.3752", + "S5332": "sonar-iac-enterprise 1.10.0.2836", + "S6431": "sonar-iac-enterprise 1.13.0.3464", + "S6437": "sonar-iac-enterprise 1.15.0.3752", + "S6469": "sonar-iac-enterprise 1.10.0.2836", + "S6470": "sonar-iac-enterprise 1.10.0.2836", + "S6471": "sonar-iac-enterprise 1.10.0.2836", + "S6472": "sonar-iac-enterprise 1.10.0.2836", + "S6473": "sonar-iac-enterprise 1.10.0.2836", + "S6476": "sonar-iac-enterprise 1.10.0.2836", + "S6497": "sonar-iac-enterprise 1.13.0.3464", + "S6500": "sonar-iac-enterprise 1.13.0.3464", + "S6502": "sonar-iac-enterprise 1.13.0.3464", + "S6504": "sonar-iac-enterprise 1.15.0.3752", + "S6505": "sonar-iac-enterprise 1.15.0.3752", + "S6506": "sonar-iac-enterprise 1.15.0.3752", + "S6570": "sonar-iac-enterprise 1.21.0.5999", + "S6573": "sonar-iac-enterprise 1.21.0.5999", + "S6574": "sonar-iac-enterprise 1.21.0.5999", + "S6579": "sonar-iac-enterprise 1.21.0.5999", + "S6581": "sonar-iac-enterprise 1.21.0.5999", + "S6584": "sonar-iac-enterprise 1.21.0.5999", + "S6586": "sonar-iac-enterprise 1.21.0.5999", + "S6587": "sonar-iac-enterprise 1.21.0.5999", + "S6589": "sonar-iac-enterprise 1.21.0.5999", + "S6595": "sonar-iac-enterprise 1.21.0.5999", + "S6596": "sonar-iac-enterprise 1.21.0.5999", + "S6597": "sonar-iac-enterprise 1.21.0.5999", + "S7018": "sonar-iac-enterprise 1.33.0.11761", + "S7019": "sonar-iac-enterprise 1.33.0.11761", + "S7020": "sonar-iac-enterprise 1.33.0.11761", + "S7021": "sonar-iac-enterprise 1.33.0.11761", + "S7023": "sonar-iac-enterprise 1.33.0.11761", + "S7026": "sonar-iac-enterprise 1.33.0.11761", + "S7028": "sonar-iac-enterprise 1.33.0.11761", + "S7029": "sonar-iac-enterprise 1.33.0.11761", + "S7030": "sonar-iac-enterprise 1.33.0.11761", + "S7031": "sonar-iac-enterprise 1.33.0.11761" }, "FLEX": { "S100": "sonar-flex 2.4.0.1222", @@ -2035,44 +2208,50 @@ "S4524": "sonar-flex 2.5.0.1819" }, "GO": { - "S100": "slang-enterprise 1.6.0.719", - "S103": "slang-enterprise 1.6.0.719", - "S104": "slang-enterprise 1.6.0.719", - "S1067": "slang-enterprise 1.6.0.719", - "S107": "slang-enterprise 1.6.0.719", - "S108": "slang-enterprise 1.6.0.719", - "S1110": "slang-enterprise 1.6.0.719", - "S1125": "slang-enterprise 1.6.0.719", - "S1134": "slang-enterprise 1.6.0.719", - "S1135": "slang-enterprise 1.6.0.719", - "S1145": "slang-enterprise 1.6.0.719", - "S1151": "slang-enterprise 1.6.0.719", - "S117": "slang-enterprise 1.6.0.719", - "S1186": "slang-enterprise 1.6.0.719", - "S1192": "slang-enterprise 1.6.0.719", - "S122": "slang-enterprise 1.6.0.719", - "S126": "slang-enterprise 1.6.0.719", - "S131": "slang-enterprise 1.6.0.719", - "S1313": "slang-enterprise 1.6.0.719", - "S1314": "slang-enterprise 1.6.0.719", - "S134": "slang-enterprise 1.6.0.719", - "S138": "slang-enterprise 1.6.0.719", - "S1451": "slang-enterprise 1.6.0.719", - "S1479": "slang-enterprise 1.6.0.719", - "S1656": "slang-enterprise 1.6.0.719", - "S1763": "slang-enterprise 1.6.0.719", - "S1764": "slang-enterprise 1.6.0.719", - "S1821": "slang-enterprise 1.6.0.719", - "S1862": "slang-enterprise 1.6.0.719", - "S1871": "slang-enterprise 1.6.0.719", - "S1940": "slang-enterprise 1.6.0.719", - "S2068": "slang-enterprise 1.6.0.719", - "S2260": "slang-enterprise 1.6.0.719", - "S2757": "slang-enterprise 1.6.0.719", - "S3776": "slang-enterprise 1.6.0.719", - "S3923": "slang-enterprise 1.6.0.719", - "S4144": "slang-enterprise 1.6.0.719", - "S4663": "slang-enterprise 1.6.0.719" + "S100": "sonar-go 1.17.0.123", + "S103": "sonar-go 1.17.0.123", + "S104": "sonar-go 1.17.0.123", + "S1067": "sonar-go 1.17.0.123", + "S107": "sonar-go 1.17.0.123", + "S108": "sonar-go 1.17.0.123", + "S1110": "sonar-go 1.17.0.123", + "S1125": "sonar-go 1.17.0.123", + "S1134": "sonar-go 1.17.0.123", + "S1135": "sonar-go 1.17.0.123", + "S1145": "sonar-go 1.17.0.123", + "S1151": "sonar-go 1.17.0.123", + "S117": "sonar-go 1.17.0.123", + "S1186": "sonar-go 1.17.0.123", + "S1192": "sonar-go 1.17.0.123", + "S122": "sonar-go 1.17.0.123", + "S126": "sonar-go 1.17.0.123", + "S131": "sonar-go 1.17.0.123", + "S1313": { + "since": "sonar-go 1.17.0.123", + "until": "sonar-go 1.18.0.240" + }, + "S1314": "sonar-go 1.17.0.123", + "S134": "sonar-go 1.17.0.123", + "S138": "sonar-go 1.17.0.123", + "S1451": "sonar-go 1.17.0.123", + "S1479": "sonar-go 1.17.0.123", + "S1656": "sonar-go 1.17.0.123", + "S1763": "sonar-go 1.17.0.123", + "S1764": "sonar-go 1.17.0.123", + "S1821": "sonar-go 1.17.0.123", + "S1862": "sonar-go 1.17.0.123", + "S1871": "sonar-go 1.17.0.123", + "S1940": "sonar-go 1.17.0.123", + "S2068": { + "since": "sonar-go 1.17.0.123", + "until": "sonar-go 1.18.0.240" + }, + "S2260": "sonar-go 1.17.0.123", + "S2757": "sonar-go 1.17.0.123", + "S3776": "sonar-go 1.17.0.123", + "S3923": "sonar-go 1.17.0.123", + "S4144": "sonar-go 1.17.0.123", + "S4663": "sonar-go 1.17.0.123" }, "HTML": { "S103": "sonar-html 2.6.0.1053", @@ -2140,6 +2319,7 @@ "S4084": "sonar-html 3.0.0.1411", "S4645": "sonar-html 3.0.0.1411", "S5148": "sonar-html 3.2.0.2082", + "S5247": "sonar-html 3.12.0.4743", "S5254": "sonar-html 3.2.0.2082", "S5255": "sonar-html 3.2.0.2082", "S5256": "sonar-html 3.2.0.2082", @@ -2147,7 +2327,30 @@ "S5258": "sonar-html 3.2.0.2082", "S5260": "sonar-html 3.2.0.2082", "S5264": "sonar-html 3.2.0.2082", - "S5725": "sonar-html 3.3.0.2534" + "S5725": "sonar-html 3.3.0.2534", + "S6793": "sonar-html 3.14.0.5048", + "S6807": "sonar-html 3.16.0.5274", + "S6811": "sonar-html 3.16.0.5274", + "S6819": "sonar-html 3.16.0.5274", + "S6821": "sonar-html 3.16.0.5274", + "S6822": "sonar-html 3.16.0.5274", + "S6823": "sonar-html 3.14.0.5048", + "S6824": "sonar-html 3.16.0.5274", + "S6825": "sonar-html 3.14.0.5048", + "S6827": "sonar-html 3.14.0.5048", + "S6840": "sonar-html 3.14.0.5048", + "S6841": "sonar-html 3.14.0.5048", + "S6842": "sonar-html 3.14.0.5048", + "S6843": "sonar-html 3.14.0.5048", + "S6844": "sonar-html 3.14.0.5048", + "S6845": "sonar-html 3.14.0.5048", + "S6846": "sonar-html 3.14.0.5048", + "S6847": "sonar-html 3.14.0.5048", + "S6848": "sonar-html 3.14.0.5048", + "S6850": "sonar-html 3.14.0.5048", + "S6851": "sonar-html 3.14.0.5048", + "S6852": "sonar-html 3.14.0.5048", + "S6853": "sonar-html 3.14.0.5048" }, "JAVA": { "S100": "sonar-java 4.15.0.12310", @@ -2450,6 +2653,7 @@ "S2187": "sonar-java 4.15.0.12310", "S2188": "sonar-java 4.15.0.12310", "S2189": "sonar-java 4.15.0.12310", + "S2190": "sonar-dataflow-bug-detection 1.1.0.1419", "S2196": "sonar-java 4.15.0.12310", "S2197": "sonar-java 4.15.0.12310", "S2200": "sonar-java 4.15.0.12310", @@ -2884,7 +3088,10 @@ "S5146": "sonar-security 7.7.0.4011", "S5147": "sonar-security 9.4.0.15885", "S5164": "sonar-java 5.14.0.18788", - "S5167": "sonar-security 7.7.0.4011", + "S5167": { + "since": "sonar-security 7.7.0.4011", + "until": "sonar-security 10.7.0.32997" + }, "S5194": "sonar-java 5.12.0.17701", "S5247": "sonar-java 6.13.0.25138", "S5261": "sonar-java 5.14.0.18788", @@ -2913,6 +3120,7 @@ "S5413": "sonar-java 5.14.0.18788", "S5443": "sonar-java 6.13.0.25138", "S5445": "sonar-java 6.13.0.25138", + "S5496": "sonar-security 10.7.0.32997", "S5527": "sonar-java 6.1.0.20866", "S5542": "sonar-java 6.1.0.20866", "S5547": "sonar-java 6.1.0.20866", @@ -3023,6 +3231,8 @@ "S6293": "sonar-java 7.4.0.27839", "S6300": "sonar-java 7.4.0.27839", "S6301": "sonar-java 7.4.0.27839", + "S6320": "sonar-dataflow-bug-detection 1.0.0.1067", + "S6322": "sonar-dataflow-bug-detection 1.0.0.1067", "S6326": "sonar-java 7.12.0.29739", "S6331": "sonar-java 7.12.0.29739", "S6350": "sonar-security 9.2.0.14426", @@ -3042,28 +3252,72 @@ "S6398": "sonar-security 9.4.0.15885", "S6399": "sonar-security 9.4.0.15885", "S6411": "sonar-java 7.12.0.29739", + "S6416": "sonar-dataflow-bug-detection 1.1.0.1419", + "S6417": "sonar-dataflow-bug-detection 1.2.0.1485", "S6418": "sonar-java 7.12.0.29739", "S6432": "sonar-java 7.16.0.30901", "S6437": "sonar-java 7.14.0.30229", + "S6466": "sonar-dataflow-bug-detection 1.17.0.4892", "S6485": "sonar-java 7.19.0.31550", "S6539": "sonar-java 7.18.0.31443", "S6541": "sonar-java 7.18.0.31443", "S6547": "sonar-security 10.1.0.21056", "S6548": "sonar-java 7.18.0.31443", "S6549": "sonar-security 10.1.0.21056", + "S6555": "sonar-dataflow-bug-detection 1.16.0.4300", + "S6646": "sonar-dataflow-bug-detection 1.17.0.4892", + "S6649": "sonar-dataflow-bug-detection 1.17.0.4892", + "S6651": "sonar-dataflow-bug-detection 1.17.0.4892", + "S6665": "sonar-java 8.5.0.37199", + "S6707": "sonar-dataflow-bug-detection 1.17.0.4892", + "S6780": "sonar-dataflow-bug-detection 1.19.0.6564", "S6804": "sonar-java 7.27.0.33463", "S6806": "sonar-java 7.27.0.33463", "S6809": "sonar-java 7.27.0.33463", "S6810": "sonar-java 7.27.0.33463", "S6813": "sonar-java 7.27.0.33463", "S6814": "sonar-java 7.27.0.33463", - "S6817": "sonar-java master", - "S6818": "sonar-java master", - "S6829": "sonar-java master", - "S6830": "sonar-java master", - "S6831": "sonar-java master", - "S6833": "sonar-java master", - "S6837": "sonar-java master", + "S6816": "sonar-java 7.28.0.33738", + "S6817": "sonar-java 7.28.0.33738", + "S6818": "sonar-java 7.28.0.33738", + "S6829": "sonar-java 7.28.0.33738", + "S6830": "sonar-java 7.28.0.33738", + "S6831": "sonar-java 7.28.0.33738", + "S6832": "sonar-java 7.28.0.33738", + "S6833": "sonar-java 7.28.0.33738", + "S6837": "sonar-java 7.28.0.33738", + "S6838": "sonar-java 7.30.0.34429", + "S6856": "sonar-java 7.30.0.34429", + "S6857": "sonar-java 7.30.0.34429", + "S6862": "sonar-java 7.30.0.34429", + "S6863": "sonar-java 7.30.0.34429", + "S6876": "sonar-java 7.32.0.35531", + "S6877": "sonar-java 7.32.0.35531", + "S6878": "sonar-java 7.32.0.35531", + "S6880": "sonar-java 7.32.0.35531", + "S6881": "sonar-java 7.32.0.35531", + "S6885": "sonar-java 7.32.0.35531", + "S6889": "sonar-java 7.31.0.34839", + "S6891": "sonar-java 7.32.0.35531", + "S6898": "sonar-java 7.32.0.35531", + "S6901": "sonar-java 7.32.0.35531", + "S6904": "sonar-java 7.31.0.34839", + "S6905": "sonar-java 7.32.0.35531", + "S6906": "sonar-java 7.32.0.35531", + "S6909": "sonar-java 7.32.0.35531", + "S6912": "sonar-java 7.32.0.35531", + "S6913": "sonar-java 7.32.0.35531", + "S6914": "sonar-java 7.32.0.35531", + "S6915": "sonar-java 7.32.0.35531", + "S6916": "sonar-java 7.32.0.35531", + "S6923": "sonar-java 7.32.0.35531", + "S6926": "sonar-java 7.32.0.35531", + "S6976": "sonar-dataflow-bug-detection 1.27.0.9068", + "S7027": "sonar-architecture 1.0.0.1901", + "S7044": "sonar-security 10.7.0.32997", + "S7091": "sonar-architecture 1.0.0.1901", + "S7134": "sonar-architecture 1.1.0.2157", + "S7158": "sonar-java 8.7.0.37452", "S818": "sonar-java 4.15.0.12310", "S864": "sonar-java 4.15.0.12310", "S881": "sonar-java 4.15.0.12310", @@ -3090,13 +3344,15 @@ "S1067": "SonarJS 3.3.0.5702", "S1068": "SonarJS 10.4.0.22160", "S107": "SonarJS 3.3.0.5702", + "S1077": "SonarJS 10.10.0.24774", "S108": "SonarJS 3.3.0.5702", "S1082": "SonarJS 10.8.0.24207", "S109": "SonarJS 6.0.0.9595", + "S1090": "SonarJS 10.14.0.26080", "S1105": "SonarJS 3.3.0.5702", "S1110": "SonarJS 3.3.0.5702", "S1116": "SonarJS 3.3.0.5702", - "S1117": "SonarJS 5.2.0.7766", + "S1117": "SonarJS 3.3.0.5702", "S1119": "SonarJS 3.3.0.5702", "S1121": "SonarJS 3.3.0.5702", "S1125": "SonarJS 3.3.0.5702", @@ -3126,6 +3382,7 @@ "S126": "SonarJS 3.3.0.5702", "S1264": "SonarJS 3.3.0.5702", "S128": "SonarJS 3.3.0.5702", + "S1291": "SonarJS 10.18.0.28572", "S1301": "SonarJS 3.3.0.5702", "S131": "SonarJS 3.3.0.5702", "S1313": "SonarJS 7.1.0.14721", @@ -3156,10 +3413,6 @@ "until": "SonarJS 6.5.0.13383" }, "S1523": "SonarJS 3.3.0.5702", - "S1524": { - "since": "SonarJS 3.3.0.5702", - "until": "SonarJS 5.1.1.7506" - }, "S1525": "SonarJS 3.3.0.5702", "S1526": "SonarJS 3.3.0.5702", "S1527": "SonarJS 6.2.0.12043", @@ -3181,6 +3434,7 @@ "S1537": "SonarJS 3.3.0.5702", "S1539": "SonarJS 6.2.0.12043", "S1541": "SonarJS 3.3.0.5702", + "S1607": "SonarJS 10.15.0.27423", "S1656": "SonarJS 3.3.0.5702", "S1697": { "since": "SonarJS 3.3.0.5702", @@ -3203,6 +3457,7 @@ "S1874": "SonarJS 7.4.0.15472", "S1940": "SonarJS 5.0.0.6962", "S1994": "SonarJS 3.3.0.5702", + "S2004": "SonarJS 10.12.0.25537", "S2068": "SonarJS 6.1.0.11503", "S2076": "sonar-security 8.8.0.10287", "S2077": "SonarJS 5.1.0.7456", @@ -3212,6 +3467,7 @@ "S2123": "SonarJS 3.3.0.5702", "S2137": "SonarJS 3.3.0.5702", "S2138": "SonarJS 3.3.0.5702", + "S2187": "SonarJS 10.11.0.25043", "S2189": "SonarJS 3.3.0.5702", "S2201": "SonarJS 3.3.0.5702", "S2208": "SonarJS 3.3.0.5702", @@ -3225,6 +3481,7 @@ "S2255": "SonarJS 5.1.0.7456", "S2259": "SonarJS 3.3.0.5702", "S2260": "SonarJS 3.3.0.5702", + "S2301": "SonarJS 10.15.0.27423", "S2310": "SonarJS 3.3.0.5702", "S2376": "SonarJS 3.3.0.5702", "S2392": "SonarJS 3.3.0.5702", @@ -3318,7 +3575,10 @@ "until": "SonarJS 6.7.0.14237" }, "S3003": "SonarJS 3.3.0.5702", - "S3271": "SonarJS 3.3.0.5702", + "S3271": { + "since": "SonarJS 3.3.0.5702", + "until": "SonarJS 10.18.0.28572" + }, "S3317": "SonarJS 3.3.0.5702", "S3330": "SonarJS 6.6.0.13923", "S3353": "SonarJS 3.3.0.5702", @@ -3385,6 +3645,7 @@ "S4030": "SonarJS 3.3.0.5702", "S4036": "SonarJS 9.3.0.18033", "S4043": "SonarJS 3.3.0.5702", + "S4084": "SonarJS 10.14.0.26080", "S4123": "SonarJS 6.6.0.13923", "S4125": "SonarJS 9.4.0.18205", "S4138": "SonarJS 6.6.0.13923", @@ -3434,6 +3695,11 @@ "S5147": "sonar-security 8.7.0.7826", "S5148": "SonarJS 9.4.0.18205", "S5247": "SonarJS 6.7.0.14237", + "S5254": "SonarJS 10.14.0.26080", + "S5256": "SonarJS 10.14.0.26080", + "S5257": "SonarJS 10.14.0.26080", + "S5260": "SonarJS 10.14.0.26080", + "S5264": "SonarJS 10.14.0.26080", "S5332": "SonarJS 7.1.0.14721", "S5334": "sonar-security 8.7.0.7826", "S5443": "SonarJS 7.1.0.14721", @@ -3470,6 +3736,7 @@ "S5876": "SonarJS 7.1.0.14721", "S5883": "sonar-security 8.8.0.10287", "S5958": "SonarJS 8.5.0.16762", + "S5973": "SonarJS 10.11.0.25043", "S6019": "SonarJS 8.4.0.16431", "S6035": "SonarJS 8.2.0.16042", "S6079": "SonarJS 8.5.0.16762", @@ -3509,6 +3776,7 @@ "S6351": "SonarJS 8.4.0.16431", "S6353": "SonarJS 8.4.0.16431", "S6397": "SonarJS 9.4.0.18205", + "S6418": "SonarJS 10.18.0.28572", "S6426": "SonarJS 9.3.0.18033", "S6435": "SonarJS 9.5.0.18531", "S6438": "SonarJS 9.5.0.18531", @@ -3533,6 +3801,7 @@ "S6557": "SonarJS 10.2.0.21568", "S6582": "SonarJS 10.2.0.21568", "S6594": "SonarJS 10.2.0.21568", + "S6627": "SonarJS 10.15.0.27423", "S6635": "SonarJS 10.3.0.21893", "S6637": "SonarJS 10.3.0.21893", "S6638": "SonarJS 10.3.0.21893", @@ -3566,6 +3835,10 @@ "S6772": "SonarJS 10.7.0.22914", "S6774": "SonarJS 10.7.0.22914", "S6775": "SonarJS 10.7.0.22914", + "S6788": "SonarJS 10.10.0.24774", + "S6789": "SonarJS 10.10.0.24774", + "S6790": "SonarJS 10.10.0.24774", + "S6791": "SonarJS 10.10.0.24774", "S6793": "SonarJS 10.8.0.24207", "S6807": "SonarJS 10.8.0.24207", "S6811": "SonarJS 10.8.0.24207", @@ -3577,6 +3850,38 @@ "S6825": "SonarJS 10.8.0.24207", "S6827": "SonarJS 10.8.0.24207", "S6836": "SonarJS 10.9.0.24449", + "S6840": "SonarJS 10.10.0.24774", + "S6841": "SonarJS 10.10.0.24774", + "S6842": "SonarJS 10.10.0.24774", + "S6843": "SonarJS 10.10.0.24774", + "S6844": "SonarJS 10.10.0.24774", + "S6845": "SonarJS 10.10.0.24774", + "S6846": "SonarJS 10.10.0.24774", + "S6847": "SonarJS 10.10.0.24774", + "S6848": "SonarJS 10.10.0.24774", + "S6849": { + "since": "SonarJS 10.10.0.24774", + "until": "SonarJS 10.13.2.25981" + }, + "S6850": "SonarJS 10.10.0.24774", + "S6851": "SonarJS 10.10.0.24774", + "S6852": "SonarJS 10.10.0.24774", + "S6853": "SonarJS 10.10.0.24774", + "S6854": { + "since": "SonarJS 10.10.0.24774", + "until": "SonarJS 10.13.2.25981" + }, + "S6855": { + "since": "SonarJS 10.10.0.24774", + "until": "SonarJS 10.13.2.25981" + }, + "S6859": "SonarJS 10.11.0.25043", + "S6861": "SonarJS 10.11.0.25043", + "S6957": "SonarJS 10.13.0.25911", + "S6958": "SonarJS 10.13.0.25911", + "S6959": "SonarJS 10.13.0.25911", + "S7059": "SonarJS 10.15.0.27423", + "S7060": "SonarJS 10.15.0.27423", "S878": "SonarJS 3.3.0.5702", "S881": "SonarJS 3.3.0.5702", "S888": "SonarJS 3.3.0.5702", @@ -3589,49 +3894,49 @@ } }, "KOTLIN": { - "S100": "slang-enterprise 1.4.0.155", - "S101": "slang-enterprise 1.4.0.155", - "S103": "slang-enterprise 1.4.0.155", - "S104": "slang-enterprise 1.4.0.155", - "S105": "slang-enterprise 1.4.0.155", - "S1066": "slang-enterprise 1.4.0.155", - "S1067": "slang-enterprise 1.4.0.155", - "S107": "slang-enterprise 1.4.0.155", - "S108": "slang-enterprise 1.4.0.155", - "S1110": "slang-enterprise 1.4.0.155", - "S1125": "slang-enterprise 1.4.0.155", + "S100": "sonar-kotlin 2.0.0.29", + "S101": "sonar-kotlin 2.0.0.29", + "S103": "sonar-kotlin 2.0.0.29", + "S104": "sonar-kotlin 2.0.0.29", + "S105": "sonar-kotlin 2.0.0.29", + "S1066": "sonar-kotlin 2.0.0.29", + "S1067": "sonar-kotlin 2.0.0.29", + "S107": "sonar-kotlin 2.0.0.29", + "S108": "sonar-kotlin 2.0.0.29", + "S1110": "sonar-kotlin 2.0.0.29", + "S1125": "sonar-kotlin 2.0.0.29", "S1128": "sonar-kotlin 2.2.0.499", "S1133": "sonar-kotlin 2.2.0.499", - "S1134": "slang-enterprise 1.4.0.155", - "S1135": "slang-enterprise 1.4.0.155", + "S1134": "sonar-kotlin 2.0.0.29", + "S1135": "sonar-kotlin 2.0.0.29", "S1143": "sonar-kotlin 2.4.0.703", - "S1144": "slang-enterprise 1.4.0.155", - "S1145": "slang-enterprise 1.4.0.155", - "S1151": "slang-enterprise 1.4.0.155", - "S117": "slang-enterprise 1.4.0.155", - "S1172": "slang-enterprise 1.4.0.155", - "S1186": "slang-enterprise 1.4.0.155", - "S1192": "slang-enterprise 1.4.0.155", + "S1144": "sonar-kotlin 2.0.0.29", + "S1145": "sonar-kotlin 2.0.0.29", + "S1151": "sonar-kotlin 2.0.0.29", + "S117": "sonar-kotlin 2.0.0.29", + "S1172": "sonar-kotlin 2.0.0.29", + "S1186": "sonar-kotlin 2.0.0.29", + "S1192": "sonar-kotlin 2.0.0.29", "S1206": "sonar-kotlin 2.11.0.1828", - "S122": "slang-enterprise 1.4.0.155", - "S125": "slang-enterprise 1.4.0.155", - "S126": "slang-enterprise 1.4.0.155", - "S1313": "slang-enterprise 1.4.0.155", - "S134": "slang-enterprise 1.4.0.155", - "S138": "slang-enterprise 1.4.0.155", - "S1451": "slang-enterprise 1.4.0.155", - "S1479": "slang-enterprise 1.4.0.155", - "S1481": "slang-enterprise 1.4.0.155", - "S1656": "slang-enterprise 1.4.0.155", - "S1763": "slang-enterprise 1.4.0.155", - "S1764": "slang-enterprise 1.4.0.155", - "S1821": "slang-enterprise 1.4.0.155", - "S1862": "slang-enterprise 1.4.0.155", - "S1871": "slang-enterprise 1.4.0.155", + "S122": "sonar-kotlin 2.0.0.29", + "S125": "sonar-kotlin 2.0.0.29", + "S126": "sonar-kotlin 2.0.0.29", + "S1313": "sonar-kotlin 2.0.0.29", + "S134": "sonar-kotlin 2.0.0.29", + "S138": "sonar-kotlin 2.0.0.29", + "S1451": "sonar-kotlin 2.0.0.29", + "S1479": "sonar-kotlin 2.0.0.29", + "S1481": "sonar-kotlin 2.0.0.29", + "S1656": "sonar-kotlin 2.0.0.29", + "S1763": "sonar-kotlin 2.0.0.29", + "S1764": "sonar-kotlin 2.0.0.29", + "S1821": "sonar-kotlin 2.0.0.29", + "S1862": "sonar-kotlin 2.0.0.29", + "S1871": "sonar-kotlin 2.0.0.29", "S1874": "sonar-kotlin 2.2.0.499", - "S1940": "slang-enterprise 1.4.0.155", + "S1940": "sonar-kotlin 2.0.0.29", "S2053": "sonar-kotlin 2.3.0.609", - "S2068": "slang-enterprise 1.4.0.155", + "S2068": "sonar-kotlin 2.0.0.29", "S2097": "sonar-kotlin 2.12.0.1956", "S2114": "sonar-kotlin 2.12.0.1956", "S2116": "sonar-kotlin 2.12.0.1956", @@ -3640,20 +3945,21 @@ "S2151": "sonar-kotlin 2.4.0.703", "S2175": "sonar-kotlin 2.12.0.1956", "S2245": "sonar-kotlin 2.0.0.29", - "S2260": "slang-enterprise 1.4.0.155", + "S2260": "sonar-kotlin 2.0.0.29", "S2695": "sonar-kotlin 2.12.0.1956", - "S2757": "slang-enterprise 1.4.0.155", + "S2757": "sonar-kotlin 2.0.0.29", "S3329": "sonar-kotlin 2.0.0.29", - "S3776": "slang-enterprise 1.4.0.155", - "S3923": "slang-enterprise 1.4.0.155", + "S3353": "sonar-kotlin 2.19.0.4327", + "S3776": "sonar-kotlin 2.0.0.29", + "S3923": "sonar-kotlin 2.0.0.29", "S3958": "sonar-kotlin 2.12.0.1956", "S3981": "sonar-kotlin 2.12.0.1956", - "S4144": "slang-enterprise 1.4.0.155", + "S4144": "sonar-kotlin 2.0.0.29", "S4347": "sonar-kotlin 2.3.0.609", "S4423": "sonar-kotlin 2.0.0.29", "S4426": "sonar-kotlin 2.0.0.29", "S4507": "sonar-kotlin 2.5.0.754", - "S4663": "slang-enterprise 1.4.0.155", + "S4663": "sonar-kotlin 2.0.0.29", "S4738": "sonar-kotlin 2.4.0.703", "S4790": "sonar-kotlin 2.0.0.29", "S4830": "sonar-kotlin 2.0.0.29", @@ -3707,6 +4013,10 @@ "S6517": "sonar-kotlin 2.14.0.2352", "S6518": "sonar-kotlin 2.14.0.2352", "S6519": "sonar-kotlin 2.14.0.2352", + "S6524": "sonar-kotlin 2.19.0.4327", + "S6526": "sonar-kotlin 2.19.0.4327", + "S6527": "sonar-kotlin 2.19.0.4327", + "S6528": "sonar-kotlin 2.19.0.4327", "S6529": "sonar-kotlin 2.15.0.2579", "S6530": "sonar-kotlin 2.15.0.2579", "S6531": "sonar-kotlin 2.15.0.2579", @@ -3714,6 +4024,7 @@ "S6558": "sonar-kotlin 2.15.0.2579", "S6611": "sonar-kotlin 2.15.0.2579", "S6615": "sonar-kotlin 2.15.0.2579", + "S6619": "sonar-kotlin 2.19.0.4327", "S6623": "sonar-kotlin 2.16.0.2832", "S6624": "sonar-kotlin 2.16.0.2832", "S6625": "sonar-kotlin 2.16.0.2832", @@ -3724,14 +4035,29 @@ "S899": "sonar-kotlin 2.12.0.1956" }, "KUBERNETES": { - "S1135": "sonar-iac 1.13.0.3464", - "S2260": "sonar-iac 1.9.0.2259", - "S5849": "sonar-iac 1.9.0.2259", - "S6428": "sonar-iac 1.9.0.2259", - "S6429": "sonar-iac 1.9.0.2259", - "S6430": "sonar-iac 1.9.0.2259", - "S6431": "sonar-iac 1.9.0.2259", - "S6433": "sonar-iac 1.9.0.2259" + "S1135": "sonar-iac-enterprise 1.13.0.3464", + "S117": "sonar-iac-enterprise 1.32.0.11383", + "S1874": "sonar-iac-enterprise 1.32.0.11383", + "S2260": "sonar-iac-enterprise 1.9.0.2259", + "S5332": "sonar-iac-enterprise 1.26.0.8471", + "S5849": "sonar-iac-enterprise 1.9.0.2259", + "S6428": "sonar-iac-enterprise 1.9.0.2259", + "S6429": "sonar-iac-enterprise 1.9.0.2259", + "S6430": "sonar-iac-enterprise 1.9.0.2259", + "S6431": "sonar-iac-enterprise 1.9.0.2259", + "S6433": "sonar-iac-enterprise 1.9.0.2259", + "S6473": "sonar-iac-enterprise 1.26.0.8471", + "S6596": "sonar-iac-enterprise 1.32.0.11383", + "S6865": "sonar-iac-enterprise 1.26.0.8471", + "S6867": "sonar-iac-enterprise 1.26.0.8471", + "S6868": "sonar-iac-enterprise 1.26.0.8471", + "S6869": "sonar-iac-enterprise 1.26.0.8471", + "S6870": "sonar-iac-enterprise 1.26.0.8471", + "S6873": "sonar-iac-enterprise 1.32.0.11383", + "S6892": "sonar-iac-enterprise 1.32.0.11383", + "S6893": "sonar-iac-enterprise 1.32.0.11383", + "S6897": "sonar-iac-enterprise 1.32.0.11383", + "S6907": "sonar-iac-enterprise 1.32.0.11383" }, "OBJC": { "S100": "sonar-cpp 5.1.0.10083", @@ -3849,14 +4175,15 @@ "S1917": "sonar-cpp 5.1.0.10083", "S1986": "sonar-cpp 5.1.0.10083", "S2068": "sonar-cpp 6.15.0.25047", - "S2095": "sonar-cpp v0.0.6", + "S2095": "sonar-cpp 6.5.0.12506", "S2123": "sonar-cpp 5.1.0.10083", "S2190": "sonar-cpp 6.2.0.11201", "S2193": "sonar-cpp 5.1.0.10083", "S2216": "sonar-cpp 5.1.0.10083", "S2234": "sonar-cpp 5.1.0.10083", "S2245": "sonar-cpp 6.15.0.25047", - "S2259": "sonar-cpp v0.0.6", + "S2253": "sonar-cpp 6.62.0.78645", + "S2259": "sonar-cpp 6.5.0.12506", "S2260": "sonar-cpp 5.1.0.10083", "S2275": "sonar-cpp 6.2.0.11201", "S2323": "sonar-cpp 5.1.0.10083", @@ -3868,7 +4195,7 @@ "S2479": "sonar-cpp 5.1.0.10083", "S2486": "sonar-cpp 5.1.0.10083", "S2612": "sonar-cpp 6.13.0.22261", - "S2637": "sonar-cpp v0.0.6", + "S2637": "sonar-cpp 6.5.0.12506", "S2665": "sonar-cpp 5.1.0.10083", "S2668": "sonar-cpp 5.1.0.10083", "S2681": "sonar-cpp 5.1.0.10083", @@ -3885,21 +4212,21 @@ "S3358": "sonar-cpp 5.1.0.10083", "S3400": { "since": "sonar-cpp 5.1.0.10083", - "until": "sonar-cpp 6.41.1.62265" + "until": "sonar-cpp 6.46.1.62260" }, "S3457": "sonar-cpp 6.2.0.11201", "S3458": "sonar-cpp 5.1.0.10083", "S3485": "sonar-cpp 5.1.0.10083", "S3486": "sonar-cpp 5.1.0.10083", "S3491": "sonar-cpp 5.1.0.10083", - "S3518": "sonar-cpp v0.0.6", - "S3519": "sonar-cpp v0.0.6", - "S3520": "sonar-cpp v0.0.6", - "S3529": "sonar-cpp v0.0.6", + "S3518": "sonar-cpp 6.5.0.12506", + "S3519": "sonar-cpp 6.5.0.12506", + "S3520": "sonar-cpp 6.5.0.12506", + "S3529": "sonar-cpp 6.5.0.12506", "S3562": "sonar-cpp 5.1.0.10083", - "S3584": "sonar-cpp v0.0.6", - "S3588": "sonar-cpp v0.0.6", - "S3590": "sonar-cpp v0.0.6", + "S3584": "sonar-cpp 6.5.0.12506", + "S3588": "sonar-cpp 6.5.0.12506", + "S3590": "sonar-cpp 6.5.0.12506", "S3646": "sonar-cpp 5.1.0.10083", "S3687": "sonar-cpp 5.1.0.10083", "S3689": "sonar-cpp 5.1.0.10083", @@ -3910,7 +4237,7 @@ "S3744": "sonar-cpp 5.1.0.10083", "S3776": "sonar-cpp 5.1.0.10083", "S3806": "sonar-cpp 5.1.0.10083", - "S3807": "sonar-cpp v0.0.6", + "S3807": "sonar-cpp 6.5.0.12506", "S3923": "sonar-cpp 5.1.0.10083", "S3935": "sonar-cpp 5.1.0.10083", "S3936": "sonar-cpp 5.1.0.10083", @@ -3935,6 +4262,7 @@ "S5271": "sonar-cpp 6.2.0.11201", "S5273": "sonar-cpp 6.2.0.11201", "S5276": "sonar-cpp 6.10.0.18490", + "S5277": "sonar-cpp 6.62.0.78645", "S5278": "sonar-cpp 6.2.0.11201", "S5279": "sonar-cpp 6.2.0.11201", "S5280": "sonar-cpp 6.2.0.11201", @@ -3945,23 +4273,23 @@ "S5308": "sonar-cpp 6.2.0.11201", "S5314": "sonar-cpp 6.10.0.18490", "S5332": "sonar-cpp 6.14.0.23970", - "S5381": "sonar-cpp 0.0.10", + "S5381": "sonar-cpp 6.9.0.17076", "S5443": "sonar-cpp 6.15.0.25047", - "S5485": "sonar-cpp v0.0.6", - "S5486": "sonar-cpp v0.0.6", - "S5487": "sonar-cpp v0.0.6", - "S5488": "sonar-cpp v0.0.6", - "S5489": "sonar-cpp v0.0.6", - "S5491": "sonar-cpp v0.0.7", - "S5494": "sonar-cpp v0.0.7", - "S5501": "sonar-cpp v0.0.7", - "S5536": "sonar-cpp v0.0.6", + "S5485": "sonar-cpp 6.5.0.12506", + "S5486": "sonar-cpp 6.5.0.12506", + "S5487": "sonar-cpp 6.5.0.12506", + "S5488": "sonar-cpp 6.5.0.12506", + "S5489": "sonar-cpp 6.5.0.12506", + "S5491": "sonar-cpp 6.6.0.13759", + "S5494": "sonar-cpp 6.6.0.13759", + "S5501": "sonar-cpp 6.6.0.13759", + "S5536": "sonar-cpp 6.5.0.12506", "S5542": "sonar-cpp 6.14.0.23970", "S5547": "sonar-cpp 6.14.0.23970", - "S5570": "sonar-cpp v0.0.7", - "S5639": "sonar-cpp v0.0.6", - "S5658": "sonar-cpp v0.0.7", - "S5782": "sonar-cpp 0.0.10", + "S5570": "sonar-cpp 6.6.0.13759", + "S5639": "sonar-cpp 6.5.0.12506", + "S5658": "sonar-cpp 6.6.0.13759", + "S5782": "sonar-cpp 6.9.0.17076", "S5798": "sonar-cpp 6.11.0.19130", "S5801": "sonar-cpp 6.10.0.18490", "S5802": "sonar-cpp 6.13.0.22261", @@ -3979,6 +4307,12 @@ "S5982": "sonar-cpp 6.13.0.22261", "S6069": "sonar-cpp 6.14.0.23970", "S6200": "sonar-cpp 6.27.0.38122", + "S6418": "sonar-cpp 6.61.0.77816", + "S6871": "sonar-cpp 6.53.0.67215", + "S6936": "sonar-cpp 6.54.0.69031", + "S6991": "sonar-cpp 6.57.0.73017", + "S6996": "sonar-cpp 6.57.0.73017", + "S7116": "sonar-cpp 6.61.0.77816", "S784": "sonar-cpp 5.1.0.10083", "S787": "sonar-cpp 5.1.0.10083", "S793": "sonar-cpp 5.1.0.10083", @@ -3986,7 +4320,10 @@ "S797": "sonar-cpp 5.1.0.10083", "S798": "sonar-cpp 5.1.0.10083", "S799": "sonar-cpp 5.1.0.10083", - "S802": "sonar-cpp 5.1.0.10083", + "S802": { + "since": "sonar-cpp 5.1.0.10083", + "until": "sonar-cpp 6.53.0.67215" + }, "S810": "sonar-cpp 5.1.0.10083", "S813": "sonar-cpp 5.1.0.10083", "S814": "sonar-cpp 5.1.0.10083", @@ -3997,7 +4334,7 @@ "S824": "sonar-cpp 5.1.0.10083", "S834": "sonar-cpp 5.1.0.10083", "S835": "sonar-cpp 5.1.0.10083", - "S836": "sonar-cpp v0.0.6", + "S836": "sonar-cpp 6.5.0.12506", "S841": "sonar-cpp 5.1.0.10083", "S845": "sonar-cpp 6.17.0.27551", "S851": "sonar-cpp 5.1.0.10083", @@ -4005,7 +4342,7 @@ "S854": "sonar-cpp 5.1.0.10083", "S855": "sonar-cpp 5.1.0.10083", "S856": "sonar-cpp 5.1.0.10083", - "S859": "sonar-cpp v0.0.6", + "S859": "sonar-cpp 6.5.0.12506", "S860": "sonar-cpp 6.2.0.11201", "S864": "sonar-cpp 5.1.0.10083", "S867": "sonar-cpp 5.1.0.10083", @@ -4045,6 +4382,7 @@ "S959": "sonar-cpp 5.1.0.10083", "S960": "sonar-cpp 5.1.0.10083", "S961": "sonar-cpp 5.1.0.10083", + "S963": "sonar-cpp 6.62.0.78645", "S966": "sonar-cpp 5.1.0.10083", "S967": "sonar-cpp 6.3.0.11371", "S968": "sonar-cpp 5.1.0.10083", @@ -4296,7 +4634,10 @@ "S5144": "sonar-security 7.7.0.4011", "S5145": "sonar-security 7.7.0.4011", "S5146": "sonar-security 7.7.0.4011", - "S5167": "sonar-security 7.7.0.4011", + "S5167": { + "since": "sonar-security 7.7.0.4011", + "until": "sonar-security 10.7.0.32997" + }, "S5328": "sonar-php 3.1.0.4743", "S5332": "sonar-php 3.15.0.7197", "S5334": "sonar-security 7.9.0.5105", @@ -4312,6 +4653,7 @@ "S5779": "sonar-php 3.8.0.6152", "S5783": "sonar-php 3.8.0.6152", "S5785": "sonar-php 3.8.0.6152", + "S5797": "sonar-php 3.38.0.12239", "S5808": "sonar-php 3.15.0.7197", "S5842": "sonar-php 3.20.0.8080", "S5843": "sonar-php 3.21.0.8193", @@ -4356,8 +4698,10 @@ "S6395": "sonar-php 3.23.0.8726", "S6396": "sonar-php 3.23.0.8726", "S6397": "sonar-php 3.23.0.8726", + "S6418": "sonar-php 3.39.0.12526", "S6437": "sonar-php 3.29.0.9684", "S6600": "sonar-php 3.29.0.9684", + "S7044": "sonar-security 10.7.0.32997", "S836": "sonar-php 2.12.0.2871", "S881": "sonar-php 2.12.0.2871", "S905": "sonar-php 2.12.0.2871", @@ -4409,7 +4753,7 @@ "S109": "sonar-plsql 3.2.0.1753", "S1103": "sonar-plsql 3.2.0.1753", "S1110": "sonar-plsql 3.2.0.1753", - "S1117": "sonar-plsql 3.5.0.3437", + "S1117": "sonar-plsql 3.2.0.1753", "S1125": "sonar-plsql 3.2.0.1753", "S1126": "sonar-plsql 3.2.0.1753", "S1131": "sonar-plsql 3.2.0.1753", @@ -4439,10 +4783,6 @@ "S1481": "sonar-plsql 3.2.0.1753", "S1499": "sonar-plsql 3.2.0.1753", "S1523": "sonar-plsql 3.3.0.2273", - "S1524": { - "since": "sonar-plsql 3.2.0.1753", - "until": "sonar-plsql 3.4.1.2576" - }, "S1541": "sonar-plsql 3.2.0.1753", "S1542": "sonar-plsql 3.2.0.1753", "S1559": "sonar-plsql 3.2.0.1753", @@ -4666,6 +5006,7 @@ "S2208": "sonar-python 2.11.0.6843", "S2245": "sonar-python 1.16.0.4432", "S2257": "sonar-python 3.3.0.7945", + "S2259": "sonar-dataflow-bug-detection 1.3.0.1749", "S2260": "sonar-python 1.9.0.2010", "S2275": "sonar-python 2.12.0.7065", "S2316": "sonar-python 1.9.0.2010", @@ -4674,6 +5015,8 @@ "S2319": "sonar-python 1.9.0.2010", "S2320": "sonar-python 1.9.0.2010", "S2325": "sonar-python 1.9.0.2010", + "S2583": "sonar-dataflow-bug-detection 1.6.0.2275", + "S2589": "sonar-dataflow-bug-detection 1.7.0.2417", "S2612": "sonar-python 3.3.0.7945", "S2631": "sonar-security 8.4.0.2759", "S2638": "sonar-python 2.8.0.6204", @@ -4696,6 +5039,7 @@ "S3403": "sonar-python 2.6.0.5863", "S3457": "sonar-python 2.12.0.7065", "S3516": "sonar-python 2.1.0.5269", + "S3518": "sonar-dataflow-bug-detection 1.15.0.4060", "S3626": "sonar-python 1.17.0.4900", "S3649": "sonar-security 8.1.0.675", "S3699": "sonar-python 3.11.0.9522", @@ -4737,7 +5081,10 @@ "S5145": "sonar-security 8.2.0.1225", "S5146": "sonar-security 8.2.0.1225", "S5147": "sonar-security 9.3.0.14923", - "S5167": "sonar-security 8.2.0.1225", + "S5167": { + "since": "sonar-security 8.2.0.1225", + "until": "sonar-security 10.7.0.32997" + }, "S5247": "sonar-python 2.10.0.6571", "S5300": "sonar-python 2.5.0.5733", "S5332": "sonar-python 1.15.0.4069", @@ -4754,6 +5101,7 @@ "S5603": "sonar-python 2.1.0.5269", "S5607": "sonar-python 2.13.0.7236", "S5632": "sonar-python 2.4.0.5513", + "S5633": "sonar-dataflow-bug-detection 1.6.0.2275", "S5642": "sonar-python 4.6.0.12071", "S5644": "sonar-python 2.13.0.7236", "S5655": "sonar-python 2.9.0.6410", @@ -4840,8 +5188,13 @@ "S6395": "sonar-python 3.12.0.9583", "S6396": "sonar-python 3.12.0.9583", "S6397": "sonar-python 3.12.0.9583", + "S6417": "sonar-dataflow-bug-detection 1.6.0.2275", + "S6418": "sonar-python 4.22.0.16914", "S6437": "sonar-python 4.3.0.11660", "S6463": "sonar-python 3.19.0.10254", + "S6464": "sonar-dataflow-bug-detection 1.8.0.2712", + "S6465": "sonar-dataflow-bug-detection 1.8.0.2712", + "S6466": "sonar-dataflow-bug-detection 1.8.0.2712", "S6468": "sonar-python 3.21.0.10628", "S6537": "sonar-python 4.2.0.11487", "S6538": "sonar-python 4.2.0.11487", @@ -4856,12 +5209,13 @@ "S6556": "sonar-python 4.3.0.11660", "S6559": "sonar-python 4.3.0.11660", "S6560": "sonar-python 4.3.0.11660", + "S6639": "sonar-security 10.4.0.30099", "S6659": "sonar-python 4.6.0.12071", "S6660": "sonar-python 4.6.0.12071", "S6661": "sonar-python 4.6.0.12071", "S6662": "sonar-python 4.6.0.12071", "S6663": "sonar-python 4.6.0.12071", - "S6680": "sonar-security master", + "S6680": "sonar-security 10.4.0.30099", "S6709": "sonar-python 4.8.0.12420", "S6711": "sonar-python 4.8.0.12420", "S6714": "sonar-python 4.8.0.12420", @@ -4874,10 +5228,45 @@ "S6740": "sonar-python 4.9.0.13528", "S6741": "sonar-python 4.9.0.13528", "S6742": "sonar-python 4.9.0.13528", + "S6776": "sonar-security 10.4.0.30099", + "S6779": "sonar-python 4.11.0.13826", + "S6781": "sonar-python 4.11.0.13826", + "S6785": "sonar-python 4.14.0.14263", + "S6786": "sonar-python 4.11.0.13826", "S6792": "sonar-python 4.10.0.13725", "S6794": "sonar-python 4.10.0.13725", + "S6795": "sonar-python 4.22.0.16914", "S6796": "sonar-python 4.10.0.13725", "S6799": "sonar-python 4.10.0.13725", + "S6839": "sonar-security 10.4.0.30099", + "S6882": "sonar-python 4.16.0.14672", + "S6883": "sonar-python 4.16.0.14672", + "S6886": "sonar-dataflow-bug-detection 1.26.0.8705", + "S6887": "sonar-python 4.16.0.14672", + "S6890": "sonar-python 4.16.0.14672", + "S6894": "sonar-python 4.16.0.14672", + "S6899": "sonar-dataflow-bug-detection 1.26.0.8705", + "S6900": "sonar-python 4.16.0.14672", + "S6903": "sonar-python 4.16.0.14672", + "S6908": "sonar-python 4.17.0.14845", + "S6911": "sonar-python 4.17.0.14845", + "S6918": "sonar-python 4.17.0.14845", + "S6919": "sonar-python 4.17.0.14845", + "S6925": "sonar-python 4.17.0.14845", + "S6928": "sonar-python 4.17.0.14845", + "S6929": "sonar-python 4.17.0.14845", + "S6969": "sonar-python 4.18.0.15334", + "S6971": "sonar-python 4.18.0.15334", + "S6972": "sonar-python 4.18.0.15334", + "S6973": "sonar-python 4.18.0.15334", + "S6974": "sonar-python 4.18.0.15334", + "S6978": "sonar-python 4.22.0.16914", + "S6979": "sonar-python 4.22.0.16914", + "S6982": "sonar-python 4.22.0.16914", + "S6983": "sonar-python 4.22.0.16914", + "S6984": "sonar-python 4.22.0.16914", + "S6985": "sonar-python 4.22.0.16914", + "S7044": "sonar-security 10.7.0.32997", "S905": "sonar-python 2.11.0.6843", "S930": "sonar-python 2.4.0.5513", "S935": "sonar-python 4.6.0.12071" @@ -4943,157 +5332,216 @@ "S907": "sonar-rpg 2.3.0.1187" }, "RUBY": { - "S100": "slang-enterprise 1.4.0.155", - "S101": "slang-enterprise 1.4.0.155", - "S103": "slang-enterprise 1.4.0.155", - "S104": "slang-enterprise 1.4.0.155", - "S105": "slang-enterprise 1.4.0.155", - "S1066": "slang-enterprise 1.4.0.155", - "S1067": "slang-enterprise 1.4.0.155", - "S107": "slang-enterprise 1.4.0.155", - "S108": "slang-enterprise 1.4.0.155", - "S1110": "slang-enterprise 1.4.0.155", - "S1134": "slang-enterprise 1.4.0.155", - "S1135": "slang-enterprise 1.4.0.155", - "S1145": "slang-enterprise 1.4.0.155", - "S1151": "slang-enterprise 1.4.0.155", - "S117": "slang-enterprise 1.4.0.155", - "S1172": "slang-enterprise 1.4.0.155", - "S1186": "slang-enterprise 1.4.0.155", - "S1192": "slang-enterprise 1.4.0.155", - "S122": "slang-enterprise 1.4.0.155", - "S126": "slang-enterprise 1.4.0.155", - "S131": "slang-enterprise 1.4.0.155", - "S1313": "slang-enterprise 1.4.0.155", - "S1314": "slang-enterprise 1.4.0.155", - "S134": "slang-enterprise 1.4.0.155", - "S138": "slang-enterprise 1.4.0.155", - "S1451": "slang-enterprise 1.4.0.155", - "S1479": "slang-enterprise 1.4.0.155", - "S1481": "slang-enterprise 1.4.0.155", - "S1656": "slang-enterprise 1.4.0.155", - "S1763": "slang-enterprise 1.4.0.155", - "S1764": "slang-enterprise 1.4.0.155", - "S1821": "slang-enterprise 1.4.0.155", - "S1862": "slang-enterprise 1.4.0.155", - "S1871": "slang-enterprise 1.4.0.155", - "S1940": "slang-enterprise 1.4.0.155", - "S2068": "slang-enterprise 1.4.0.155", - "S2260": "slang-enterprise 1.4.0.155", - "S2757": "slang-enterprise 1.4.0.155", - "S3776": "slang-enterprise 1.4.0.155", - "S3923": "slang-enterprise 1.4.0.155", - "S4144": "slang-enterprise 1.4.0.155", - "S4663": "slang-enterprise 1.4.0.155" + "S100": "sonar-ruby 1.17.0.110", + "S101": "sonar-ruby 1.17.0.110", + "S103": "sonar-ruby 1.17.0.110", + "S104": "sonar-ruby 1.17.0.110", + "S105": "sonar-ruby 1.17.0.110", + "S1066": "sonar-ruby 1.17.0.110", + "S1067": "sonar-ruby 1.17.0.110", + "S107": "sonar-ruby 1.17.0.110", + "S108": "sonar-ruby 1.17.0.110", + "S1110": "sonar-ruby 1.17.0.110", + "S1134": "sonar-ruby 1.17.0.110", + "S1135": "sonar-ruby 1.17.0.110", + "S1145": "sonar-ruby 1.17.0.110", + "S1151": "sonar-ruby 1.17.0.110", + "S117": "sonar-ruby 1.17.0.110", + "S1172": "sonar-ruby 1.17.0.110", + "S1186": "sonar-ruby 1.17.0.110", + "S1192": "sonar-ruby 1.17.0.110", + "S122": "sonar-ruby 1.17.0.110", + "S126": "sonar-ruby 1.17.0.110", + "S131": "sonar-ruby 1.17.0.110", + "S1313": "sonar-ruby 1.17.0.110", + "S1314": "sonar-ruby 1.17.0.110", + "S134": "sonar-ruby 1.17.0.110", + "S138": "sonar-ruby 1.17.0.110", + "S1451": "sonar-ruby 1.17.0.110", + "S1479": "sonar-ruby 1.17.0.110", + "S1481": "sonar-ruby 1.17.0.110", + "S1656": "sonar-ruby 1.17.0.110", + "S1763": "sonar-ruby 1.17.0.110", + "S1764": "sonar-ruby 1.17.0.110", + "S1821": "sonar-ruby 1.17.0.110", + "S1862": "sonar-ruby 1.17.0.110", + "S1871": "sonar-ruby 1.17.0.110", + "S1940": "sonar-ruby 1.17.0.110", + "S2068": "sonar-ruby 1.17.0.110", + "S2260": "sonar-ruby 1.17.0.110", + "S2757": "sonar-ruby 1.17.0.110", + "S3776": "sonar-ruby 1.17.0.110", + "S3923": "sonar-ruby 1.17.0.110", + "S4144": "sonar-ruby 1.17.0.110", + "S4663": "sonar-ruby 1.17.0.110" }, "SCALA": { - "S100": "slang-enterprise 1.4.0.155", - "S101": "slang-enterprise 1.4.0.155", - "S103": "slang-enterprise 1.4.0.155", - "S104": "slang-enterprise 1.4.0.155", - "S105": "slang-enterprise 1.4.0.155", - "S1066": "slang-enterprise 1.4.0.155", - "S1067": "slang-enterprise 1.4.0.155", - "S107": "slang-enterprise 1.4.0.155", - "S108": "slang-enterprise 1.4.0.155", - "S1125": "slang-enterprise 1.4.0.155", - "S1134": "slang-enterprise 1.4.0.155", - "S1135": "slang-enterprise 1.4.0.155", - "S1144": "slang-enterprise 1.4.0.155", - "S1145": "slang-enterprise 1.4.0.155", - "S1151": "slang-enterprise 1.4.0.155", - "S117": "slang-enterprise 1.4.0.155", - "S1172": "slang-enterprise 1.4.0.155", - "S1186": "slang-enterprise 1.4.0.155", - "S1192": "slang-enterprise 1.4.0.155", - "S122": "slang-enterprise 1.4.0.155", - "S125": "slang-enterprise 1.4.0.155", - "S126": "slang-enterprise 1.4.0.155", - "S1313": "slang-enterprise 1.4.0.155", - "S134": "slang-enterprise 1.4.0.155", - "S138": "slang-enterprise 1.4.0.155", - "S1451": "slang-enterprise 1.4.0.155", - "S1479": "slang-enterprise 1.4.0.155", - "S1481": "slang-enterprise 1.4.0.155", - "S1656": "slang-enterprise 1.4.0.155", - "S1763": "slang-enterprise 1.4.0.155", - "S1764": "slang-enterprise 1.4.0.155", - "S1821": "slang-enterprise 1.4.0.155", - "S1862": "slang-enterprise 1.4.0.155", - "S1871": "slang-enterprise 1.4.0.155", - "S1940": "slang-enterprise 1.4.0.155", - "S2068": "slang-enterprise 1.4.0.155", - "S2260": "slang-enterprise 1.4.0.155", - "S3776": "slang-enterprise 1.4.0.155", - "S3923": "slang-enterprise 1.4.0.155", - "S4144": "slang-enterprise 1.4.0.155", - "S4663": "slang-enterprise 1.4.0.155" + "S100": "sonar-scala 1.17.0.146", + "S101": "sonar-scala 1.17.0.146", + "S103": "sonar-scala 1.17.0.146", + "S104": "sonar-scala 1.17.0.146", + "S105": "sonar-scala 1.17.0.146", + "S1066": "sonar-scala 1.17.0.146", + "S1067": "sonar-scala 1.17.0.146", + "S107": "sonar-scala 1.17.0.146", + "S108": "sonar-scala 1.17.0.146", + "S1125": "sonar-scala 1.17.0.146", + "S1134": "sonar-scala 1.17.0.146", + "S1135": "sonar-scala 1.17.0.146", + "S1144": "sonar-scala 1.17.0.146", + "S1145": "sonar-scala 1.17.0.146", + "S1151": "sonar-scala 1.17.0.146", + "S117": "sonar-scala 1.17.0.146", + "S1172": "sonar-scala 1.17.0.146", + "S1186": "sonar-scala 1.17.0.146", + "S1192": "sonar-scala 1.17.0.146", + "S122": "sonar-scala 1.17.0.146", + "S125": "sonar-scala 1.17.0.146", + "S126": "sonar-scala 1.17.0.146", + "S1313": "sonar-scala 1.17.0.146", + "S134": "sonar-scala 1.17.0.146", + "S138": "sonar-scala 1.17.0.146", + "S1451": "sonar-scala 1.17.0.146", + "S1479": "sonar-scala 1.17.0.146", + "S1481": "sonar-scala 1.17.0.146", + "S1656": "sonar-scala 1.17.0.146", + "S1763": "sonar-scala 1.17.0.146", + "S1764": "sonar-scala 1.17.0.146", + "S1821": "sonar-scala 1.17.0.146", + "S1862": "sonar-scala 1.17.0.146", + "S1871": "sonar-scala 1.17.0.146", + "S1940": "sonar-scala 1.17.0.146", + "S2068": "sonar-scala 1.17.0.146", + "S2260": "sonar-scala 1.17.0.146", + "S3776": "sonar-scala 1.17.0.146", + "S3923": "sonar-scala 1.17.0.146", + "S4144": "sonar-scala 1.17.0.146", + "S4663": "sonar-scala 1.17.0.146" }, "SECRETS": { - "S6290": "sonar-text 2.0.0.604", - "S6292": "sonar-text 2.0.0.604", - "S6334": "sonar-text 2.0.0.604", - "S6335": "sonar-text 2.0.0.604", - "S6336": "sonar-text 2.0.0.604", - "S6337": "sonar-text 2.0.0.604", - "S6338": "sonar-text 2.0.0.604", - "S6652": { - "since": "sonar-text 2.2.0.1571", - "until": "sonar-text 2.2.0.1571" - }, - "S6684": "sonar-text 2.3.0.1632", - "S6686": "sonar-text 2.3.0.1632", - "S6687": "sonar-text 2.3.0.1632", - "S6688": "sonar-text 2.3.0.1632", - "S6689": "sonar-text 2.3.0.1632", - "S6690": "sonar-text 2.3.0.1632", - "S6691": "sonar-text 2.3.0.1632", - "S6692": "sonar-text 2.3.0.1632", - "S6693": "sonar-text 2.3.0.1632", - "S6694": "sonar-text 2.3.0.1632", - "S6695": "sonar-text 2.3.0.1632", - "S6696": "sonar-text 2.3.0.1632", - "S6697": "sonar-text 2.3.0.1632", - "S6698": "sonar-text 2.3.0.1632", - "S6699": "sonar-text 2.3.0.1632", - "S6700": "sonar-text 2.3.0.1632", - "S6701": "sonar-text 2.3.0.1632", - "S6702": "sonar-text 2.3.0.1632", - "S6703": "sonar-text 2.3.0.1632", - "S6704": "sonar-text 2.3.0.1632", - "S6705": "sonar-text 2.3.0.1632", - "S6706": "sonar-text 2.3.0.1632", - "S6708": "sonar-text 2.4.0.2120", - "S6710": "sonar-text 2.4.0.2120", - "S6713": "sonar-text 2.4.0.2120", - "S6717": "sonar-text 2.4.0.2120", - "S6718": "sonar-text 2.4.0.2120", - "S6719": "sonar-text 2.4.0.2120", - "S6720": "sonar-text 2.4.0.2120", - "S6721": "sonar-text 2.4.0.2120", - "S6722": "sonar-text 2.4.0.2120", - "S6723": "sonar-text 2.4.0.2120", - "S6731": "sonar-text 2.4.0.2120", - "S6732": "sonar-text 2.4.0.2120", - "S6733": "sonar-text 2.4.0.2120", - "S6736": "sonar-text 2.4.0.2120", - "S6739": "sonar-text 2.4.0.2120", - "S6751": "sonar-text 2.4.0.2120", - "S6752": "sonar-text 2.4.0.2120", - "S6753": "sonar-text 2.4.0.2120", - "S6755": "sonar-text 2.4.0.2120", - "S6758": "sonar-text 2.4.0.2120", - "S6760": "sonar-text 2.4.0.2120", - "S6762": "sonar-text 2.4.0.2120", - "S6764": "sonar-text 2.4.0.2120", - "S6765": "sonar-text 2.4.0.2120", - "S6768": "sonar-text 2.4.0.2120", - "S6769": "sonar-text 2.4.0.2120", - "S6771": "sonar-text 2.4.0.2120", - "S6773": "sonar-text 2.4.0.2120", - "S6777": "sonar-text 2.4.0.2120", - "S6782": "sonar-text 2.4.0.2120", - "S6783": "sonar-text 2.4.0.2120" + "S6292": "sonar-text-enterprise 2.6.1.1316", + "S6334": "sonar-text-enterprise 2.6.1.1316", + "S6335": "sonar-text-enterprise 2.6.1.1316", + "S6336": "sonar-text-enterprise 2.6.1.1316", + "S6337": "sonar-text-enterprise 2.6.1.1316", + "S6338": "sonar-text-enterprise 2.6.1.1316", + "S6684": "sonar-text-enterprise 2.6.1.1316", + "S6686": "sonar-text-enterprise 2.6.1.1316", + "S6687": "sonar-text-enterprise 2.6.1.1316", + "S6688": "sonar-text-enterprise 2.6.1.1316", + "S6689": "sonar-text-enterprise 2.6.1.1316", + "S6690": "sonar-text-enterprise 2.6.1.1316", + "S6691": "sonar-text-enterprise 2.6.1.1316", + "S6692": "sonar-text-enterprise 2.6.1.1316", + "S6693": "sonar-text-enterprise 2.6.1.1316", + "S6694": "sonar-text-enterprise 2.6.1.1316", + "S6695": "sonar-text-enterprise 2.6.1.1316", + "S6696": "sonar-text-enterprise 2.6.1.1316", + "S6697": "sonar-text-enterprise 2.6.1.1316", + "S6698": "sonar-text-enterprise 2.6.1.1316", + "S6699": "sonar-text-enterprise 2.6.1.1316", + "S6700": "sonar-text-enterprise 2.6.1.1316", + "S6701": "sonar-text-enterprise 2.6.1.1316", + "S6702": "sonar-text-enterprise 2.6.1.1316", + "S6703": "sonar-text-enterprise 2.6.1.1316", + "S6704": "sonar-text-enterprise 2.6.1.1316", + "S6705": "sonar-text-enterprise 2.6.1.1316", + "S6706": "sonar-text-enterprise 2.6.1.1316", + "S6708": "sonar-text-enterprise 2.6.1.1316", + "S6710": "sonar-text-enterprise 2.6.1.1316", + "S6713": "sonar-text-enterprise 2.6.1.1316", + "S6717": "sonar-text-enterprise 2.6.1.1316", + "S6718": "sonar-text-enterprise 2.6.1.1316", + "S6719": "sonar-text-enterprise 2.6.1.1316", + "S6720": "sonar-text-enterprise 2.6.1.1316", + "S6721": "sonar-text-enterprise 2.6.1.1316", + "S6722": "sonar-text-enterprise 2.6.1.1316", + "S6723": "sonar-text-enterprise 2.6.1.1316", + "S6731": "sonar-text-enterprise 2.6.1.1316", + "S6732": "sonar-text-enterprise 2.6.1.1316", + "S6733": "sonar-text-enterprise 2.6.1.1316", + "S6736": "sonar-text-enterprise 2.6.1.1316", + "S6739": "sonar-text-enterprise 2.6.1.1316", + "S6751": "sonar-text-enterprise 2.6.1.1316", + "S6752": "sonar-text-enterprise 2.6.1.1316", + "S6753": "sonar-text-enterprise 2.6.1.1316", + "S6755": "sonar-text-enterprise 2.6.1.1316", + "S6758": "sonar-text-enterprise 2.6.1.1316", + "S6760": "sonar-text-enterprise 2.6.1.1316", + "S6762": "sonar-text-enterprise 2.6.1.1316", + "S6764": "sonar-text-enterprise 2.6.1.1316", + "S6765": "sonar-text-enterprise 2.6.1.1316", + "S6768": "sonar-text-enterprise 2.6.1.1316", + "S6769": "sonar-text-enterprise 2.6.1.1316", + "S6771": "sonar-text-enterprise 2.6.1.1316", + "S6773": "sonar-text-enterprise 2.6.1.1316", + "S6777": "sonar-text-enterprise 2.6.1.1316", + "S6782": "sonar-text-enterprise 2.6.1.1316", + "S6783": "sonar-text-enterprise 2.6.1.1316", + "S6784": "sonar-text-enterprise 2.6.1.1316", + "S6910": "sonar-text-enterprise 2.9.0.2100", + "S6987": "sonar-text-enterprise 2.6.1.1316", + "S6988": "sonar-text-enterprise 2.13.0.3515", + "S6989": "sonar-text-enterprise 2.13.0.3515", + "S6990": "sonar-text-enterprise 2.13.0.3515", + "S6992": "sonar-text-enterprise 2.13.0.3515", + "S6993": "sonar-text-enterprise 2.13.0.3515", + "S6995": "sonar-text-enterprise 2.13.0.3515", + "S6997": "sonar-text-enterprise 2.13.0.3515", + "S6998": "sonar-text-enterprise 2.13.0.3515", + "S6999": "sonar-text-enterprise 2.13.0.3515", + "S7000": "sonar-text-enterprise 2.13.0.3515", + "S7001": "sonar-text-enterprise 2.13.0.3515", + "S7002": "sonar-text-enterprise 2.13.0.3515", + "S7003": "sonar-text-enterprise 2.13.0.3515", + "S7004": "sonar-text-enterprise 2.13.0.3515", + "S7006": "sonar-text-enterprise 2.13.0.3515", + "S7007": "sonar-text-enterprise 2.13.0.3515", + "S7008": "sonar-text-enterprise 2.13.0.3515", + "S7009": "sonar-text-enterprise 2.13.0.3515", + "S7010": "sonar-text-enterprise 2.13.0.3515", + "S7011": "sonar-text-enterprise 2.13.0.3515", + "S7013": "sonar-text-enterprise 2.13.0.3515", + "S7014": "sonar-text-enterprise 2.13.0.3515", + "S7015": "sonar-text-enterprise 2.13.0.3515", + "S7016": "sonar-text-enterprise 2.13.0.3515", + "S7017": "sonar-text-enterprise 2.13.0.3515", + "S7022": "sonar-text-enterprise 2.13.0.3515", + "S7024": "sonar-text-enterprise 2.13.0.3515", + "S7025": "sonar-text-enterprise 2.13.0.3515", + "S7136": "sonar-text-enterprise 2.18.0.4866", + "S7137": "sonar-text-enterprise 2.18.0.4866", + "S7138": "sonar-text-enterprise 2.18.0.4866", + "S7139": "sonar-text-enterprise 2.18.0.4866", + "S7140": "sonar-text-enterprise 2.18.0.4866", + "S7141": "sonar-text-enterprise 2.18.0.4866", + "S7142": "sonar-text-enterprise 2.18.0.4866", + "S7143": "sonar-text-enterprise 2.18.0.4866", + "S7144": "sonar-text-enterprise 2.18.0.4866", + "S7145": "sonar-text-enterprise 2.18.0.4866", + "S7146": "sonar-text-enterprise 2.18.0.4866", + "S7147": "sonar-text-enterprise 2.18.0.4866", + "S7148": "sonar-text-enterprise 2.18.0.4866", + "S7149": "sonar-text-enterprise 2.18.0.4866", + "S7150": "sonar-text-enterprise 2.18.0.4866", + "S7151": "sonar-text-enterprise 2.18.0.4866", + "S7152": "sonar-text-enterprise 2.18.0.4866", + "S7153": "sonar-text-enterprise 2.18.0.4866", + "S7154": "sonar-text-enterprise 2.18.0.4866", + "S7155": "sonar-text-enterprise 2.18.0.4866", + "S7159": "sonar-text-enterprise 2.18.0.4866", + "S7161": "sonar-text-enterprise 2.18.0.4866", + "S7162": "sonar-text-enterprise 2.18.0.4866", + "S7163": "sonar-text-enterprise 2.18.0.4866", + "S7164": "sonar-text-enterprise 2.18.0.4866", + "S7165": "sonar-text-enterprise 2.18.0.4866", + "S7166": "sonar-text-enterprise 2.18.0.4866", + "S7167": "sonar-text-enterprise 2.18.0.4866", + "S7169": "sonar-text-enterprise 2.18.0.4866", + "S7170": "sonar-text-enterprise 2.18.0.4866", + "S7171": "sonar-text-enterprise 2.18.0.4866", + "S7174": "sonar-text-enterprise master", + "S7175": "sonar-text-enterprise master" }, "SWIFT": { "S100": "sonar-swift 3.1.0.2067", @@ -5217,60 +5665,61 @@ "S881": "sonar-swift 3.1.0.2067" }, "TERRAFORM": { - "S1135": "sonar-iac 1.13.0.3464", - "S2260": "sonar-iac 1.0.0.746", - "S4423": "sonar-iac 1.4.0.1288", - "S5332": "sonar-iac 1.4.0.1288", - "S6245": "sonar-iac 1.0.0.746", - "S6249": "sonar-iac 1.0.0.746", - "S6252": "sonar-iac 1.0.0.746", - "S6255": "sonar-iac 1.0.0.746", - "S6258": "sonar-iac 1.0.0.746", - "S6265": "sonar-iac 1.0.0.746", - "S6270": "sonar-iac 1.0.0.746", - "S6273": "sonar-iac 1.0.0.746", - "S6275": "sonar-iac 1.1.0.861", - "S6281": "sonar-iac 1.0.0.746", - "S6302": "sonar-iac 1.2.0.976", - "S6303": "sonar-iac 1.1.0.861", - "S6304": "sonar-iac 1.2.0.976", - "S6308": "sonar-iac 1.1.0.861", - "S6317": "sonar-iac 1.2.0.976", - "S6319": "sonar-iac 1.1.0.861", - "S6321": "sonar-iac 1.2.0.976", - "S6327": "sonar-iac 1.1.0.861", - "S6329": "sonar-iac 1.2.0.976", - "S6330": "sonar-iac 1.1.0.861", - "S6332": "sonar-iac 1.1.0.861", - "S6333": "sonar-iac 1.2.0.976", - "S6364": "sonar-iac 1.4.0.1288", - "S6375": "sonar-iac 1.5.0.1600", - "S6378": "sonar-iac 1.5.0.1600", - "S6379": "sonar-iac 1.5.0.1600", - "S6380": "sonar-iac 1.5.0.1600", - "S6381": "sonar-iac 1.5.0.1600", - "S6382": "sonar-iac 1.5.0.1600", - "S6383": "sonar-iac 1.5.0.1600", - "S6385": "sonar-iac 1.5.0.1600", - "S6387": "sonar-iac 1.5.0.1600", - "S6388": "sonar-iac 1.5.0.1600", - "S6400": "sonar-iac 1.6.0.1852", - "S6401": "sonar-iac 1.6.0.1852", - "S6402": "sonar-iac 1.6.0.1852", - "S6403": "sonar-iac 1.6.0.1852", - "S6404": "sonar-iac 1.6.0.1852", - "S6405": "sonar-iac 1.6.0.1852", - "S6406": "sonar-iac 1.6.0.1852", - "S6407": "sonar-iac 1.6.0.1852", - "S6408": "sonar-iac 1.6.0.1852", - "S6409": "sonar-iac 1.6.0.1852", - "S6410": "sonar-iac 1.6.0.1852", - "S6412": "sonar-iac 1.7.0.2012", - "S6413": "sonar-iac 1.7.0.2012", - "S6414": "sonar-iac 1.7.0.2012" + "S1135": "sonar-iac-enterprise 1.13.0.3464", + "S2260": "sonar-iac-enterprise 1.0.0.746", + "S4423": "sonar-iac-enterprise 1.4.0.1288", + "S5332": "sonar-iac-enterprise 1.4.0.1288", + "S6245": "sonar-iac-enterprise 1.0.0.746", + "S6249": "sonar-iac-enterprise 1.0.0.746", + "S6252": "sonar-iac-enterprise 1.0.0.746", + "S6255": "sonar-iac-enterprise 1.0.0.746", + "S6258": "sonar-iac-enterprise 1.0.0.746", + "S6265": "sonar-iac-enterprise 1.0.0.746", + "S6270": "sonar-iac-enterprise 1.0.0.746", + "S6273": "sonar-iac-enterprise 1.0.0.746", + "S6275": "sonar-iac-enterprise 1.1.0.861", + "S6281": "sonar-iac-enterprise 1.0.0.746", + "S6302": "sonar-iac-enterprise 1.2.0.976", + "S6303": "sonar-iac-enterprise 1.1.0.861", + "S6304": "sonar-iac-enterprise 1.2.0.976", + "S6308": "sonar-iac-enterprise 1.1.0.861", + "S6317": "sonar-iac-enterprise 1.2.0.976", + "S6319": "sonar-iac-enterprise 1.1.0.861", + "S6321": "sonar-iac-enterprise 1.2.0.976", + "S6327": "sonar-iac-enterprise 1.1.0.861", + "S6329": "sonar-iac-enterprise 1.2.0.976", + "S6330": "sonar-iac-enterprise 1.1.0.861", + "S6332": "sonar-iac-enterprise 1.1.0.861", + "S6333": "sonar-iac-enterprise 1.2.0.976", + "S6364": "sonar-iac-enterprise 1.4.0.1288", + "S6375": "sonar-iac-enterprise 1.5.0.1600", + "S6378": "sonar-iac-enterprise 1.5.0.1600", + "S6379": "sonar-iac-enterprise 1.5.0.1600", + "S6380": "sonar-iac-enterprise 1.5.0.1600", + "S6381": "sonar-iac-enterprise 1.5.0.1600", + "S6382": "sonar-iac-enterprise 1.5.0.1600", + "S6383": "sonar-iac-enterprise 1.5.0.1600", + "S6385": "sonar-iac-enterprise 1.5.0.1600", + "S6387": "sonar-iac-enterprise 1.5.0.1600", + "S6388": "sonar-iac-enterprise 1.5.0.1600", + "S6400": "sonar-iac-enterprise 1.6.0.1852", + "S6401": "sonar-iac-enterprise 1.6.0.1852", + "S6402": "sonar-iac-enterprise 1.6.0.1852", + "S6403": "sonar-iac-enterprise 1.6.0.1852", + "S6404": "sonar-iac-enterprise 1.6.0.1852", + "S6405": "sonar-iac-enterprise 1.6.0.1852", + "S6406": "sonar-iac-enterprise 1.6.0.1852", + "S6407": "sonar-iac-enterprise 1.6.0.1852", + "S6408": "sonar-iac-enterprise 1.6.0.1852", + "S6409": "sonar-iac-enterprise 1.6.0.1852", + "S6410": "sonar-iac-enterprise 1.6.0.1852", + "S6412": "sonar-iac-enterprise 1.7.0.2012", + "S6413": "sonar-iac-enterprise 1.7.0.2012", + "S6414": "sonar-iac-enterprise 1.7.0.2012" }, "TEXT": { - "S6389": "sonar-text 1.0.0.120" + "S6389": "sonar-text-enterprise 2.6.1.1316", + "S7036": "sonar-text-enterprise 2.17.0.4070" }, "TSQL": { "S103": "sonar-tsql 1.2.0.2539", @@ -5367,9 +5816,11 @@ "S1067": "SonarJS 6.2.0.12043", "S1068": "SonarJS 10.4.0.22160", "S107": "SonarJS 6.0.0.9595", + "S1077": "SonarJS 10.10.0.24774", "S108": "SonarJS 6.0.0.9595", "S1082": "SonarJS 10.8.0.24207", "S109": "SonarJS 6.0.0.9595", + "S1090": "SonarJS 10.14.0.26080", "S1105": "SonarJS 6.0.0.9595", "S1110": "SonarJS 6.1.0.11503", "S1116": "SonarJS 6.0.0.9595", @@ -5398,6 +5849,7 @@ "S126": "SonarJS 6.2.0.12043", "S1264": "SonarJS 6.0.0.9595", "S128": "SonarJS 6.2.0.12043", + "S1291": "SonarJS 10.18.0.28572", "S1301": "SonarJS 6.0.0.9595", "S131": "SonarJS 6.5.0.13383", "S1313": "SonarJS 7.1.0.14721", @@ -5410,6 +5862,7 @@ "S1439": "SonarJS 6.1.0.11503", "S1440": "SonarJS 6.0.0.9595", "S1441": "SonarJS 6.0.0.9595", + "S1444": "SonarJS 10.11.0.25043", "S1451": "SonarJS 6.1.0.11503", "S1472": "SonarJS 6.2.0.12043", "S1479": "SonarJS 6.0.0.9595", @@ -5428,6 +5881,7 @@ "S1537": "SonarJS 6.7.0.14237", "S1539": "SonarJS 6.2.0.12043", "S1541": "SonarJS 6.1.0.11503", + "S1607": "SonarJS 10.15.0.27423", "S1656": "SonarJS 6.0.0.9595", "S1736": { "since": "SonarJS 6.5.0.13383", @@ -5446,6 +5900,7 @@ "S1874": "SonarJS 6.1.0.11503", "S1940": "SonarJS 6.0.0.9595", "S1994": "SonarJS 6.2.0.12043", + "S2004": "SonarJS 10.12.0.25537", "S2068": "SonarJS 6.1.0.11503", "S2076": "sonar-security 8.8.0.10287", "S2077": "SonarJS 6.0.0.9595", @@ -5455,6 +5910,7 @@ "S2123": "SonarJS 6.1.0.11503", "S2137": "SonarJS 6.2.0.12043", "S2138": "SonarJS 6.5.0.13383", + "S2187": "SonarJS 10.11.0.25043", "S2201": "SonarJS 6.1.0.11503", "S2208": "SonarJS 6.2.0.12043", "S2234": "SonarJS 6.1.0.11503", @@ -5462,6 +5918,7 @@ "S2251": "SonarJS 6.5.0.13383", "S2255": "SonarJS 6.0.0.9595", "S2260": "SonarJS 6.0.0.9595", + "S2301": "SonarJS 10.15.0.27423", "S2310": "SonarJS 6.2.0.12043", "S2376": "SonarJS 6.5.0.13383", "S2392": "SonarJS 6.2.0.12043", @@ -5539,6 +5996,7 @@ "S4030": "SonarJS 6.1.0.11503", "S4036": "SonarJS 9.3.0.18033", "S4043": "SonarJS 6.1.0.11503", + "S4084": "SonarJS 10.14.0.26080", "S4123": "SonarJS 6.1.0.11503", "S4124": "SonarJS 6.0.0.9595", "S4136": "SonarJS 6.0.0.9595", @@ -5593,6 +6051,11 @@ "S5147": "sonar-security 8.7.0.7826", "S5148": "SonarJS 9.4.0.18205", "S5247": "SonarJS 6.7.0.14237", + "S5254": "SonarJS 10.14.0.26080", + "S5256": "SonarJS 10.14.0.26080", + "S5257": "SonarJS 10.14.0.26080", + "S5260": "SonarJS 10.14.0.26080", + "S5264": "SonarJS 10.14.0.26080", "S5332": "SonarJS 7.1.0.14721", "S5334": "sonar-security 8.7.0.7826", "S5443": "SonarJS 7.1.0.14721", @@ -5629,6 +6092,7 @@ "S5876": "SonarJS 7.1.0.14721", "S5883": "sonar-security 8.8.0.10287", "S5958": "SonarJS 8.5.0.16762", + "S5973": "SonarJS 10.11.0.25043", "S6019": "SonarJS 8.4.0.16431", "S6035": "SonarJS 8.2.0.16042", "S6079": "SonarJS 8.5.0.16762", @@ -5668,6 +6132,7 @@ "S6351": "SonarJS 8.4.0.16431", "S6353": "SonarJS 8.4.0.16431", "S6397": "SonarJS 9.4.0.18205", + "S6418": "SonarJS 10.18.0.28572", "S6426": "SonarJS 9.3.0.18033", "S6435": "SonarJS 9.5.0.18531", "S6438": "SonarJS 9.5.0.18531", @@ -5704,6 +6169,7 @@ "S6594": "SonarJS 10.2.0.21568", "S6598": "SonarJS 10.2.0.21568", "S6606": "SonarJS 10.2.0.21568", + "S6627": "SonarJS 10.15.0.27423", "S6635": "SonarJS 10.3.0.21893", "S6637": "SonarJS 10.3.0.21893", "S6638": "SonarJS 10.3.0.21893", @@ -5736,6 +6202,10 @@ "S6770": "SonarJS 10.7.0.22914", "S6772": "SonarJS 10.7.0.22914", "S6775": "SonarJS 10.7.0.22914", + "S6788": "SonarJS 10.10.0.24774", + "S6789": "SonarJS 10.10.0.24774", + "S6790": "SonarJS 10.10.0.24774", + "S6791": "SonarJS 10.10.0.24774", "S6793": "SonarJS 10.8.0.24207", "S6807": "SonarJS 10.8.0.24207", "S6811": "SonarJS 10.8.0.24207", @@ -5747,6 +6217,38 @@ "S6825": "SonarJS 10.8.0.24207", "S6827": "SonarJS 10.8.0.24207", "S6836": "SonarJS 10.9.0.24449", + "S6840": "SonarJS 10.10.0.24774", + "S6841": "SonarJS 10.10.0.24774", + "S6842": "SonarJS 10.10.0.24774", + "S6843": "SonarJS 10.10.0.24774", + "S6844": "SonarJS 10.10.0.24774", + "S6845": "SonarJS 10.10.0.24774", + "S6846": "SonarJS 10.10.0.24774", + "S6847": "SonarJS 10.10.0.24774", + "S6848": "SonarJS 10.10.0.24774", + "S6849": { + "since": "SonarJS 10.10.0.24774", + "until": "SonarJS 10.13.2.25981" + }, + "S6850": "SonarJS 10.10.0.24774", + "S6851": "SonarJS 10.10.0.24774", + "S6852": "SonarJS 10.10.0.24774", + "S6853": "SonarJS 10.10.0.24774", + "S6854": { + "since": "SonarJS 10.10.0.24774", + "until": "SonarJS 10.13.2.25981" + }, + "S6855": { + "since": "SonarJS 10.10.0.24774", + "until": "SonarJS 10.13.2.25981" + }, + "S6859": "SonarJS 10.11.0.25043", + "S6861": "SonarJS 10.11.0.25043", + "S6957": "SonarJS 10.13.0.25911", + "S6958": "SonarJS 10.13.0.25911", + "S6959": "SonarJS 10.13.0.25911", + "S7059": "SonarJS 10.15.0.27423", + "S7060": "SonarJS 10.15.0.27423", "S878": "SonarJS 6.0.0.9595", "S881": "SonarJS 6.1.0.11503", "S888": "SonarJS 6.2.0.12043", @@ -5796,281 +6298,223 @@ "S1702": "sonar-vb 2.4.0.1305", "S1821": "sonar-vb 2.7.0.2492", "S2260": "sonar-vb 2.4.0.1305", + "S6146": "sonar-vb 2.14.0.5475", + "S7173": "sonar-vb 2.14.0.5475", "S907": "sonar-vb 2.4.0.1305" }, "VBNET": { - "S101": "sonar-dotnet 7.6.0.7024", - "S103": "sonar-dotnet 7.6.0.7024", - "S104": "sonar-dotnet 7.6.0.7024", - "S1048": "sonar-dotnet 7.7.0.7192", - "S105": "sonar-dotnet 7.6.0.7024", - "S1066": "sonar-dotnet 7.11.0.8083", - "S1067": "sonar-dotnet 7.6.0.7024", - "S107": "sonar-dotnet 7.11.0.8083", - "S1075": "sonar-dotnet 7.6.0.7024", - "S108": "sonar-dotnet 7.11.0.8083", - "S1110": "sonar-dotnet 7.11.0.8083", - "S112": "sonar-dotnet 7.6.0.7024", - "S1123": "sonar-dotnet 8.50.0.58025", - "S1125": "sonar-dotnet 7.11.0.8083", - "S1133": "sonar-dotnet 8.53.0.62665", - "S1134": "sonar-dotnet 7.11.0.8083", - "S1135": "sonar-dotnet 7.11.0.8083", - "S114": "sonar-dotnet 7.6.0.7024", - "S1145": { - "since": "sonar-dotnet 7.11.0.8083", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S1147": "sonar-dotnet 7.6.0.7024", - "S1151": "sonar-dotnet 7.11.0.8083", - "S1155": "sonar-dotnet 8.35.0.42613", - "S1163": "sonar-dotnet 8.18.0.27296", - "S117": "sonar-dotnet 7.6.0.7024", - "S1172": "sonar-dotnet 7.11.0.8083", - "S1186": "sonar-dotnet 7.7.0.7192", - "S119": "sonar-dotnet 9.6.0.74858", - "S1192": "sonar-dotnet 8.18.0.27296", - "S1197": "sonar-dotnet 7.6.0.7024", - "S122": "sonar-dotnet 7.6.0.7024", - "S1226": "sonar-dotnet 7.6.0.7024", - "S126": "sonar-dotnet 7.11.0.8083", - "S1301": "sonar-dotnet 7.7.0.7192", - "S131": "sonar-dotnet 7.6.0.7024", - "S1313": "sonar-dotnet 7.7.0.7192", - "S134": "sonar-dotnet 7.6.0.7024", - "S138": "sonar-dotnet 7.11.0.8083", - "S139": "sonar-dotnet 7.6.0.7024", - "S1451": "sonar-dotnet 7.7.0.7192", - "S1479": "sonar-dotnet 7.7.0.7192", - "S1481": "sonar-dotnet 7.7.0.7192", - "S1523": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S1541": "sonar-dotnet 7.6.0.7024", - "S1542": "sonar-dotnet 7.6.0.7024", - "S1643": "sonar-dotnet 7.6.0.7024", - "S1645": "sonar-dotnet 7.6.0.7024", - "S1654": "sonar-dotnet 7.6.0.7024", - "S1656": "sonar-dotnet 7.6.0.7024", - "S1659": "sonar-dotnet 7.6.0.7024", - "S1751": "sonar-dotnet 7.6.0.7024", - "S1764": "sonar-dotnet 7.6.0.7024", - "S1821": "sonar-dotnet 7.7.0.7192", - "S1862": "sonar-dotnet 7.6.0.7024", - "S1871": "sonar-dotnet 7.6.0.7024", - "S1940": "sonar-dotnet 7.7.0.7192", - "S1944": "sonar-dotnet 9.4.0.72892", - "S2053": "sonar-dotnet 9.6.0.74858", - "S2068": "sonar-dotnet 7.7.0.7192", - "S2077": "sonar-dotnet 7.9.0.7583", - "S2094": "sonar-dotnet 8.54.0.64047", - "S2166": "sonar-dotnet 8.53.0.62665", - "S2178": "sonar-dotnet 7.6.0.7024", - "S2222": "sonar-dotnet 8.36.0.43782", - "S2225": "sonar-dotnet 8.47.0.55603", - "S2234": "sonar-dotnet 7.11.0.8083", - "S2255": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.8.0.76515" - }, - "S2257": "sonar-dotnet 8.16.0.25740", - "S2259": "sonar-dotnet 8.45.0.54064", - "S2302": "sonar-dotnet 7.17.0.9346", - "S2304": "sonar-dotnet 7.6.0.7024", - "S2339": "sonar-dotnet 7.6.0.7024", - "S2340": "sonar-dotnet 7.6.0.7024", - "S2342": "sonar-dotnet 7.6.0.7024", - "S2343": "sonar-dotnet 7.6.0.7024", - "S2344": "sonar-dotnet 7.6.0.7024", - "S2345": "sonar-dotnet 7.6.0.7024", - "S2346": "sonar-dotnet 7.6.0.7024", - "S2347": "sonar-dotnet 7.6.0.7024", - "S2348": "sonar-dotnet 7.6.0.7024", - "S2349": "sonar-dotnet 7.6.0.7024", - "S2352": "sonar-dotnet 7.6.0.7024", - "S2353": "sonar-dotnet 7.6.0.7024", - "S2354": "sonar-dotnet 7.6.0.7024", - "S2355": "sonar-dotnet 7.6.0.7024", - "S2357": "sonar-dotnet 7.6.0.7024", - "S2358": "sonar-dotnet 7.6.0.7024", - "S2359": "sonar-dotnet 7.6.0.7024", - "S2360": "sonar-dotnet 7.6.0.7024", - "S2362": "sonar-dotnet 7.6.0.7024", - "S2363": "sonar-dotnet 7.6.0.7024", - "S2364": "sonar-dotnet 7.6.0.7024", - "S2365": "sonar-dotnet 7.6.0.7024", - "S2366": "sonar-dotnet 7.6.0.7024", - "S2367": "sonar-dotnet 7.6.0.7024", - "S2368": "sonar-dotnet 7.6.0.7024", - "S2369": "sonar-dotnet 7.6.0.7024", - "S2370": "sonar-dotnet 7.6.0.7024", - "S2372": "sonar-dotnet 7.6.0.7024", - "S2373": "sonar-dotnet 7.6.0.7024", - "S2374": "sonar-dotnet 7.6.0.7024", - "S2375": "sonar-dotnet 7.6.0.7024", - "S2376": "sonar-dotnet 7.6.0.7024", - "S2387": "sonar-dotnet 8.18.0.27296", - "S2429": "sonar-dotnet 7.6.0.7024", - "S2437": "sonar-dotnet 8.18.0.27296", - "S2551": "sonar-dotnet 7.7.0.7192", - "S2583": "sonar-dotnet 9.8.0.76515", - "S2589": "sonar-dotnet 9.8.0.76515", - "S2612": "sonar-dotnet 8.19.0.28253", - "S2692": "sonar-dotnet 8.18.0.27296", - "S2737": "sonar-dotnet 7.7.0.7192", - "S2757": "sonar-dotnet 7.7.0.7192", - "S2761": "sonar-dotnet 7.7.0.7192", - "S2925": "sonar-dotnet 9.4.0.72892", - "S2951": "sonar-dotnet 7.6.0.7024", - "S3011": "sonar-dotnet 7.9.0.7583", - "S3063": "sonar-dotnet 8.53.0.62665", - "S3329": "sonar-dotnet 9.6.0.74858", - "S3358": "sonar-dotnet 7.7.0.7192", - "S3363": "sonar-dotnet 9.5.0.73987", - "S3385": "sonar-dotnet 7.6.0.7024", - "S3431": "sonar-dotnet 8.28.0.36354", - "S3449": "sonar-dotnet 7.7.0.7192", - "S3453": "sonar-dotnet 7.7.0.7192", - "S3464": "sonar-dotnet 7.7.0.7192", - "S3466": "sonar-dotnet 7.7.0.7192", - "S3598": "sonar-dotnet 7.7.0.7192", - "S3603": "sonar-dotnet 7.7.0.7192", - "S3655": "sonar-dotnet 8.56.0.67649", - "S3693": { - "since": "sonar-dotnet 7.7.0.7192", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S3776": "sonar-dotnet 7.7.0.7192", - "S3860": "sonar-dotnet 7.6.0.7024", - "S3866": "sonar-dotnet 7.6.0.7024", - "S3869": "sonar-dotnet 7.7.0.7192", - "S3871": "sonar-dotnet 8.49.0.57237", - "S3878": "sonar-dotnet 8.53.0.62665", - "S3884": "sonar-dotnet 8.18.0.27296", - "S3889": "sonar-dotnet 7.7.0.7192", - "S3898": "sonar-dotnet 8.52.0.60940", - "S3900": "sonar-dotnet 8.56.0.67649", - "S3903": "sonar-dotnet 7.7.0.7192", - "S3904": "sonar-dotnet 8.18.0.27296", - "S3923": "sonar-dotnet 7.7.0.7192", - "S3926": "sonar-dotnet 7.7.0.7192", - "S3927": "sonar-dotnet 7.7.0.7192", - "S3949": "sonar-dotnet 9.2.0.71021", - "S3966": "sonar-dotnet 9.4.0.72892", - "S3981": "sonar-dotnet 7.6.0.7024", - "S3990": "sonar-dotnet 8.18.0.27296", - "S3992": "sonar-dotnet 8.18.0.27296", - "S3998": "sonar-dotnet 8.18.0.27296", - "S4025": "sonar-dotnet 8.18.0.27296", - "S4036": "sonar-dotnet 8.17.0.26580", - "S4060": "sonar-dotnet 8.43.0.51858", - "S4136": "sonar-dotnet 7.17.0.9346", - "S4142": { - "since": "sonar-dotnet 7.6.0.7024", - "until": "sonar-dotnet 8.25.0.33663" - }, - "S4143": "sonar-dotnet 7.7.0.7192", - "S4144": "sonar-dotnet 7.6.0.7024", - "S4158": "sonar-dotnet 9.4.0.72892", - "S4159": "sonar-dotnet 7.7.0.7192", - "S4201": "sonar-dotnet 7.17.0.9346", - "S4210": "sonar-dotnet 7.7.0.7192", - "S4225": "sonar-dotnet 8.43.0.51858", - "S4260": "sonar-dotnet 7.7.0.7192", - "S4275": "sonar-dotnet 7.7.0.7192", - "S4277": "sonar-dotnet 7.7.0.7192", - "S4423": "sonar-dotnet 8.16.0.25740", - "S4428": "sonar-dotnet 7.7.0.7192", - "S4507": "sonar-dotnet 7.9.0.7583", - "S4529": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4545": "sonar-dotnet 8.54.0.64047", - "S4581": "sonar-dotnet 8.40.0.48530", - "S4583": "sonar-dotnet 8.18.0.27296", - "S4586": "sonar-dotnet 7.7.0.7192", - "S4663": "sonar-dotnet 8.53.0.62665", - "S4721": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4784": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S4787": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.9.0.77355" - }, - "S4790": "sonar-dotnet 7.9.0.7583", - "S4792": "sonar-dotnet 7.9.0.7583", - "S4797": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4817": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4818": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.9.0.77355" - }, - "S4823": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S4825": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 7.13.0.8313" - }, - "S4829": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S4830": "sonar-dotnet 8.1.0.13383", - "S4834": { - "since": "sonar-dotnet 7.9.0.7583", - "until": "sonar-dotnet 9.10.0.77988" - }, - "S5042": "sonar-dotnet 7.9.1.7622", - "S5443": "sonar-dotnet 8.19.0.28253", - "S5445": "sonar-dotnet 8.19.0.28253", - "S5542": "sonar-dotnet 8.1.0.13383", - "S5547": "sonar-dotnet 8.18.0.27296", - "S5659": "sonar-dotnet 8.5.0.15942", - "S5693": "sonar-dotnet 8.19.0.28253", - "S5753": "sonar-dotnet 8.17.0.26580", - "S5773": "sonar-dotnet 9.6.0.74858", - "S5856": "sonar-dotnet 8.56.0.67649", - "S5944": "sonar-dotnet 8.18.0.27296", - "S6145": "sonar-dotnet 8.18.0.27296", - "S6146": "sonar-dotnet 8.18.0.27296", - "S6354": "sonar-dotnet 8.35.0.42613", - "S6444": "sonar-dotnet 8.51.0.59060", - "S6513": "sonar-dotnet 8.55.0.65544", - "S6561": "sonar-dotnet 9.5.0.73987", - "S6562": "sonar-dotnet 9.5.0.73987", - "S6563": "sonar-dotnet 9.5.0.73987", - "S6566": "sonar-dotnet 9.5.0.73987", - "S6575": "sonar-dotnet 9.5.0.73987", - "S6580": "sonar-dotnet 9.5.0.73987", - "S6585": "sonar-dotnet 9.5.0.73987", - "S6588": "sonar-dotnet 9.5.0.73987", - "S6602": "sonar-dotnet 9.1.0.70676", - "S6603": "sonar-dotnet 9.1.0.70676", - "S6605": "sonar-dotnet 9.1.0.70676", - "S6607": "sonar-dotnet 9.1.0.70676", - "S6608": "sonar-dotnet 9.1.0.70676", - "S6609": "sonar-dotnet 9.1.0.70676", - "S6610": "sonar-dotnet 9.1.0.70676", - "S6612": "sonar-dotnet 9.1.0.70676", - "S6613": "sonar-dotnet 9.1.0.70676", - "S6617": "sonar-dotnet 9.1.0.70676", - "S907": "sonar-dotnet 8.11.0.20529", - "S927": "sonar-dotnet 8.18.0.27296" + "S101": "sonar-dotnet-enterprise 10.0.0.102753", + "S103": "sonar-dotnet-enterprise 10.0.0.102753", + "S104": "sonar-dotnet-enterprise 10.0.0.102753", + "S1048": "sonar-dotnet-enterprise 10.0.0.102753", + "S105": "sonar-dotnet-enterprise 10.0.0.102753", + "S1066": "sonar-dotnet-enterprise 10.0.0.102753", + "S1067": "sonar-dotnet-enterprise 10.0.0.102753", + "S107": "sonar-dotnet-enterprise 10.0.0.102753", + "S1075": "sonar-dotnet-enterprise 10.0.0.102753", + "S108": "sonar-dotnet-enterprise 10.0.0.102753", + "S1110": "sonar-dotnet-enterprise 10.0.0.102753", + "S112": "sonar-dotnet-enterprise 10.0.0.102753", + "S1123": "sonar-dotnet-enterprise 10.0.0.102753", + "S1125": "sonar-dotnet-enterprise 10.0.0.102753", + "S1133": "sonar-dotnet-enterprise 10.0.0.102753", + "S1134": "sonar-dotnet-enterprise 10.0.0.102753", + "S1135": "sonar-dotnet-enterprise 10.0.0.102753", + "S114": "sonar-dotnet-enterprise 10.0.0.102753", + "S1147": "sonar-dotnet-enterprise 10.0.0.102753", + "S1151": "sonar-dotnet-enterprise 10.0.0.102753", + "S1155": "sonar-dotnet-enterprise 10.0.0.102753", + "S1163": "sonar-dotnet-enterprise 10.0.0.102753", + "S117": "sonar-dotnet-enterprise 10.0.0.102753", + "S1172": "sonar-dotnet-enterprise 10.0.0.102753", + "S1186": "sonar-dotnet-enterprise 10.0.0.102753", + "S119": "sonar-dotnet-enterprise 10.0.0.102753", + "S1192": "sonar-dotnet-enterprise 10.0.0.102753", + "S1197": "sonar-dotnet-enterprise 10.0.0.102753", + "S122": "sonar-dotnet-enterprise 10.0.0.102753", + "S1226": "sonar-dotnet-enterprise 10.0.0.102753", + "S126": "sonar-dotnet-enterprise 10.0.0.102753", + "S1301": "sonar-dotnet-enterprise 10.0.0.102753", + "S131": "sonar-dotnet-enterprise 10.0.0.102753", + "S1313": "sonar-dotnet-enterprise 10.0.0.102753", + "S134": "sonar-dotnet-enterprise 10.0.0.102753", + "S138": "sonar-dotnet-enterprise 10.0.0.102753", + "S139": "sonar-dotnet-enterprise 10.0.0.102753", + "S1451": "sonar-dotnet-enterprise 10.0.0.102753", + "S1479": "sonar-dotnet-enterprise 10.0.0.102753", + "S1481": "sonar-dotnet-enterprise 10.0.0.102753", + "S1541": "sonar-dotnet-enterprise 10.0.0.102753", + "S1542": "sonar-dotnet-enterprise 10.0.0.102753", + "S1643": "sonar-dotnet-enterprise 10.0.0.102753", + "S1645": "sonar-dotnet-enterprise 10.0.0.102753", + "S1654": "sonar-dotnet-enterprise 10.0.0.102753", + "S1656": "sonar-dotnet-enterprise 10.0.0.102753", + "S1659": "sonar-dotnet-enterprise 10.0.0.102753", + "S1751": "sonar-dotnet-enterprise 10.0.0.102753", + "S1764": "sonar-dotnet-enterprise 10.0.0.102753", + "S1821": "sonar-dotnet-enterprise 10.0.0.102753", + "S1862": "sonar-dotnet-enterprise 10.0.0.102753", + "S1871": "sonar-dotnet-enterprise 10.0.0.102753", + "S1940": "sonar-dotnet-enterprise 10.0.0.102753", + "S1944": "sonar-dotnet-enterprise 10.0.0.102753", + "S2053": "sonar-dotnet-enterprise 10.0.0.102753", + "S2068": "sonar-dotnet-enterprise 10.0.0.102753", + "S2077": "sonar-dotnet-enterprise 10.0.0.102753", + "S2094": "sonar-dotnet-enterprise 10.0.0.102753", + "S2166": "sonar-dotnet-enterprise 10.0.0.102753", + "S2178": "sonar-dotnet-enterprise 10.0.0.102753", + "S2222": "sonar-dotnet-enterprise 10.0.0.102753", + "S2225": "sonar-dotnet-enterprise 10.0.0.102753", + "S2234": "sonar-dotnet-enterprise 10.0.0.102753", + "S2257": "sonar-dotnet-enterprise 10.0.0.102753", + "S2259": "sonar-dotnet-enterprise 10.0.0.102753", + "S2302": "sonar-dotnet-enterprise 10.0.0.102753", + "S2304": "sonar-dotnet-enterprise 10.0.0.102753", + "S2339": "sonar-dotnet-enterprise 10.0.0.102753", + "S2340": "sonar-dotnet-enterprise 10.0.0.102753", + "S2342": "sonar-dotnet-enterprise 10.0.0.102753", + "S2343": "sonar-dotnet-enterprise 10.0.0.102753", + "S2344": "sonar-dotnet-enterprise 10.0.0.102753", + "S2345": "sonar-dotnet-enterprise 10.0.0.102753", + "S2346": "sonar-dotnet-enterprise 10.0.0.102753", + "S2347": "sonar-dotnet-enterprise 10.0.0.102753", + "S2348": "sonar-dotnet-enterprise 10.0.0.102753", + "S2349": "sonar-dotnet-enterprise 10.0.0.102753", + "S2352": "sonar-dotnet-enterprise 10.0.0.102753", + "S2354": "sonar-dotnet-enterprise 10.0.0.102753", + "S2355": "sonar-dotnet-enterprise 10.0.0.102753", + "S2357": "sonar-dotnet-enterprise 10.0.0.102753", + "S2358": "sonar-dotnet-enterprise 10.0.0.102753", + "S2359": "sonar-dotnet-enterprise 10.0.0.102753", + "S2360": "sonar-dotnet-enterprise 10.0.0.102753", + "S2362": "sonar-dotnet-enterprise 10.0.0.102753", + "S2363": "sonar-dotnet-enterprise 10.0.0.102753", + "S2364": "sonar-dotnet-enterprise 10.0.0.102753", + "S2365": "sonar-dotnet-enterprise 10.0.0.102753", + "S2366": "sonar-dotnet-enterprise 10.0.0.102753", + "S2367": "sonar-dotnet-enterprise 10.0.0.102753", + "S2368": "sonar-dotnet-enterprise 10.0.0.102753", + "S2369": "sonar-dotnet-enterprise 10.0.0.102753", + "S2370": "sonar-dotnet-enterprise 10.0.0.102753", + "S2372": "sonar-dotnet-enterprise 10.0.0.102753", + "S2373": "sonar-dotnet-enterprise 10.0.0.102753", + "S2374": "sonar-dotnet-enterprise 10.0.0.102753", + "S2375": "sonar-dotnet-enterprise 10.0.0.102753", + "S2376": "sonar-dotnet-enterprise 10.0.0.102753", + "S2387": "sonar-dotnet-enterprise 10.0.0.102753", + "S2429": "sonar-dotnet-enterprise 10.0.0.102753", + "S2437": "sonar-dotnet-enterprise 10.0.0.102753", + "S2551": "sonar-dotnet-enterprise 10.0.0.102753", + "S2583": "sonar-dotnet-enterprise 10.0.0.102753", + "S2589": "sonar-dotnet-enterprise 10.0.0.102753", + "S2612": "sonar-dotnet-enterprise 10.0.0.102753", + "S2692": "sonar-dotnet-enterprise 10.0.0.102753", + "S2737": "sonar-dotnet-enterprise 10.0.0.102753", + "S2757": "sonar-dotnet-enterprise 10.0.0.102753", + "S2761": "sonar-dotnet-enterprise 10.0.0.102753", + "S2925": "sonar-dotnet-enterprise 10.0.0.102753", + "S2951": "sonar-dotnet-enterprise 10.0.0.102753", + "S3011": "sonar-dotnet-enterprise 10.0.0.102753", + "S3063": "sonar-dotnet-enterprise 10.0.0.102753", + "S3329": "sonar-dotnet-enterprise 10.0.0.102753", + "S3358": "sonar-dotnet-enterprise 10.0.0.102753", + "S3363": "sonar-dotnet-enterprise 10.0.0.102753", + "S3385": "sonar-dotnet-enterprise 10.0.0.102753", + "S3431": "sonar-dotnet-enterprise 10.0.0.102753", + "S3449": "sonar-dotnet-enterprise 10.0.0.102753", + "S3453": "sonar-dotnet-enterprise 10.0.0.102753", + "S3464": "sonar-dotnet-enterprise 10.0.0.102753", + "S3466": "sonar-dotnet-enterprise 10.0.0.102753", + "S3598": "sonar-dotnet-enterprise 10.0.0.102753", + "S3603": "sonar-dotnet-enterprise 10.0.0.102753", + "S3655": "sonar-dotnet-enterprise 10.0.0.102753", + "S3776": "sonar-dotnet-enterprise 10.0.0.102753", + "S3860": "sonar-dotnet-enterprise 10.0.0.102753", + "S3866": "sonar-dotnet-enterprise 10.0.0.102753", + "S3869": "sonar-dotnet-enterprise 10.0.0.102753", + "S3871": "sonar-dotnet-enterprise 10.0.0.102753", + "S3878": "sonar-dotnet-enterprise 10.0.0.102753", + "S3884": "sonar-dotnet-enterprise 10.0.0.102753", + "S3889": "sonar-dotnet-enterprise 10.0.0.102753", + "S3898": "sonar-dotnet-enterprise 10.0.0.102753", + "S3900": "sonar-dotnet-enterprise 10.0.0.102753", + "S3903": "sonar-dotnet-enterprise 10.0.0.102753", + "S3904": "sonar-dotnet-enterprise 10.0.0.102753", + "S3923": "sonar-dotnet-enterprise 10.0.0.102753", + "S3926": "sonar-dotnet-enterprise 10.0.0.102753", + "S3927": "sonar-dotnet-enterprise 10.0.0.102753", + "S3949": "sonar-dotnet-enterprise 10.0.0.102753", + "S3966": "sonar-dotnet-enterprise 10.0.0.102753", + "S3981": "sonar-dotnet-enterprise 10.0.0.102753", + "S3990": "sonar-dotnet-enterprise 10.0.0.102753", + "S3992": "sonar-dotnet-enterprise 10.0.0.102753", + "S3998": "sonar-dotnet-enterprise 10.0.0.102753", + "S4025": "sonar-dotnet-enterprise 10.0.0.102753", + "S4036": "sonar-dotnet-enterprise 10.0.0.102753", + "S4060": "sonar-dotnet-enterprise 10.0.0.102753", + "S4136": "sonar-dotnet-enterprise 10.0.0.102753", + "S4143": "sonar-dotnet-enterprise 10.0.0.102753", + "S4144": "sonar-dotnet-enterprise 10.0.0.102753", + "S4158": "sonar-dotnet-enterprise 10.0.0.102753", + "S4159": "sonar-dotnet-enterprise 10.0.0.102753", + "S4201": "sonar-dotnet-enterprise 10.0.0.102753", + "S4210": "sonar-dotnet-enterprise 10.0.0.102753", + "S4225": "sonar-dotnet-enterprise 10.0.0.102753", + "S4260": "sonar-dotnet-enterprise 10.0.0.102753", + "S4275": "sonar-dotnet-enterprise 10.0.0.102753", + "S4277": "sonar-dotnet-enterprise 10.0.0.102753", + "S4423": "sonar-dotnet-enterprise 10.0.0.102753", + "S4428": "sonar-dotnet-enterprise 10.0.0.102753", + "S4507": "sonar-dotnet-enterprise 10.0.0.102753", + "S4545": "sonar-dotnet-enterprise 10.0.0.102753", + "S4581": "sonar-dotnet-enterprise 10.0.0.102753", + "S4583": "sonar-dotnet-enterprise 10.0.0.102753", + "S4586": "sonar-dotnet-enterprise 10.0.0.102753", + "S4663": "sonar-dotnet-enterprise 10.0.0.102753", + "S4790": "sonar-dotnet-enterprise 10.0.0.102753", + "S4792": "sonar-dotnet-enterprise 10.0.0.102753", + "S4830": "sonar-dotnet-enterprise 10.0.0.102753", + "S5042": "sonar-dotnet-enterprise 10.0.0.102753", + "S5443": "sonar-dotnet-enterprise 10.0.0.102753", + "S5445": "sonar-dotnet-enterprise 10.0.0.102753", + "S5542": "sonar-dotnet-enterprise 10.0.0.102753", + "S5547": "sonar-dotnet-enterprise 10.0.0.102753", + "S5659": "sonar-dotnet-enterprise 10.0.0.102753", + "S5693": "sonar-dotnet-enterprise 10.0.0.102753", + "S5753": "sonar-dotnet-enterprise 10.0.0.102753", + "S5773": "sonar-dotnet-enterprise 10.0.0.102753", + "S5856": "sonar-dotnet-enterprise 10.0.0.102753", + "S5944": "sonar-dotnet-enterprise 10.0.0.102753", + "S6145": "sonar-dotnet-enterprise 10.0.0.102753", + "S6146": "sonar-dotnet-enterprise 10.0.0.102753", + "S6354": "sonar-dotnet-enterprise 10.0.0.102753", + "S6444": "sonar-dotnet-enterprise 10.0.0.102753", + "S6513": "sonar-dotnet-enterprise 10.0.0.102753", + "S6561": "sonar-dotnet-enterprise 10.0.0.102753", + "S6562": "sonar-dotnet-enterprise 10.0.0.102753", + "S6563": "sonar-dotnet-enterprise 10.0.0.102753", + "S6566": "sonar-dotnet-enterprise 10.0.0.102753", + "S6575": "sonar-dotnet-enterprise 10.0.0.102753", + "S6580": "sonar-dotnet-enterprise 10.0.0.102753", + "S6585": "sonar-dotnet-enterprise 10.0.0.102753", + "S6588": "sonar-dotnet-enterprise 10.0.0.102753", + "S6602": "sonar-dotnet-enterprise 10.0.0.102753", + "S6603": "sonar-dotnet-enterprise 10.0.0.102753", + "S6605": "sonar-dotnet-enterprise 10.0.0.102753", + "S6607": "sonar-dotnet-enterprise 10.0.0.102753", + "S6608": "sonar-dotnet-enterprise 10.0.0.102753", + "S6609": "sonar-dotnet-enterprise 10.0.0.102753", + "S6610": "sonar-dotnet-enterprise 10.0.0.102753", + "S6612": "sonar-dotnet-enterprise 10.0.0.102753", + "S6613": "sonar-dotnet-enterprise 10.0.0.102753", + "S6617": "sonar-dotnet-enterprise 10.0.0.102753", + "S6930": "sonar-dotnet-enterprise 10.0.0.102753", + "S6931": "sonar-dotnet-enterprise 10.0.0.102753", + "S7130": "sonar-dotnet-enterprise 10.2.0.105762", + "S7131": "sonar-dotnet-enterprise 10.2.0.105762", + "S7133": "sonar-dotnet-enterprise 10.2.0.105762", + "S907": "sonar-dotnet-enterprise 10.0.0.102753", + "S927": "sonar-dotnet-enterprise 10.0.0.102753" }, "XML": { "S103": "sonar-xml 2.0.0.2003", diff --git a/frontend/src/RulePage.tsx b/frontend/src/RulePage.tsx index eeff64b3e0a..67b0ce6451f 100644 --- a/frontend/src/RulePage.tsx +++ b/frontend/src/RulePage.tsx @@ -6,6 +6,7 @@ import Typography from '@material-ui/core/Typography'; import Tabs from '@material-ui/core/Tabs'; import Tab from '@material-ui/core/Tab'; import Box from '@material-ui/core/Box'; +import Tooltip from '@material-ui/core/Tooltip'; import { createTheme, Link, ThemeProvider } from '@material-ui/core'; import Highlight from 'react-highlight'; import { Link as RouterLink, useHistory } from 'react-router-dom'; @@ -13,6 +14,7 @@ import { RULE_STATE, useRuleCoverage } from './utils/useRuleCoverage'; import { useFetch } from './utils/useFetch'; import RuleMetadata, { Version, Coverage } from './types/RuleMetadata'; import parse, { attributesToProps, domToReact, DOMNode, Element } from 'html-react-parser'; +import VisibilityOffOutlinedIcon from '@material-ui/icons/VisibilityOffOutlined'; import './hljs-humanoid-light.css'; @@ -145,10 +147,12 @@ type UsedStyles = ReturnType; const languageToJiraProject = new Map(Object.entries({ 'PYTHON': 'SONARPY', 'ABAP': 'SONARABAP', - 'AZURERESOURCEMANAGER': 'SONARIAC', + 'AZURE_RESOURCE_MANAGER': 'SONARIAC', 'CFAMILY': 'CPP', + 'DART': 'DART', 'DOCKER': 'SONARIAC', 'JAVA': 'SONARJAVA', + 'JCL': 'SONARJCL', 'COBOL': 'SONARCOBOL', 'FLEX': 'SONARFLEX', 'HTML': 'SONARHTML', @@ -156,12 +160,12 @@ const languageToJiraProject = new Map(Object.entries({ 'PLI': 'SONARPLI', 'PLSQL': 'SONARPLSQL', 'RPG': 'SONARRPG', - 'APEX': 'SONARSLANG', - 'RUBY': 'SONARSLANG', + 'APEX': 'SONARAPEX', + 'RUBY': 'SONARRUBY', 'KOTLIN': 'SONARKT', - 'SCALA': 'SONARSLANG', - 'GO': 'SONARSLANG', - 'SECRETS': 'SECRETS', + 'SCALA': 'SONARSCALA', + 'GO': 'SONARGO', + 'SECRETS': 'SONARTEXT', 'SWIFT': 'SONARSWIFT', 'TSQL': 'SONARTSQL', 'VB6': 'SONARVBSIX', @@ -170,26 +174,29 @@ const languageToJiraProject = new Map(Object.entries({ 'TERRAFORM': 'SONARIAC', 'KUBERNETES': 'SONARIAC', 'TEXT': 'SONARTEXT', + 'ANSIBLE': 'SONARIAC', })); const languageToGithubProject = new Map(Object.entries({ 'ABAP': 'sonar-abap', - 'AZURERESOURCEMANAGER': 'sonar-iac', + 'AZURE_RESOURCE_MANAGER': 'sonar-iac', 'CSHARP': 'sonar-dotnet', + 'DART': 'sonar-dart', 'DOCKER': 'sonar-iac', 'VBNET': 'sonar-dotnet', 'JAVASCRIPT': 'SonarJS', 'TYPESCRIPT': 'SonarJS', 'SWIFT': 'sonar-swift', 'KOTLIN': 'sonar-kotlin', - 'GO': 'slang-enterprise', - 'SCALA': 'slang-enterprise', - 'RUBY': 'slang-enterprise', - 'APEX': 'slang-enterprise', + 'GO': 'sonar-go', + 'SCALA': 'sonar-scala', + 'RUBY': 'sonar-ruby', + 'APEX': 'sonar-apex', 'HTML': 'sonar-html', 'COBOL': 'sonar-cobol', 'VB6': 'sonar-vb', 'JAVA': 'sonar-java', + 'JCL': 'sonar-jcl', 'PLI': 'sonar-pli', 'CFAMILY': 'sonar-cpp', 'CSS': 'sonar-css', @@ -203,8 +210,9 @@ const languageToGithubProject = new Map(Object.entries({ 'CLOUDFORMATION': 'sonar-iac', 'TERRAFORM': 'sonar-iac', 'KUBERNETES': 'sonar-iac', - 'SECRETS': 'sonar-secrets', + 'SECRETS': 'sonar-text', 'TEXT': 'sonar-text', + 'ANSIBLE': 'sonar-iac-enterprise', })); function ticketsAndImplementationPRsLinks(ruleNumber: string, title: string, language?: string) { @@ -254,6 +262,7 @@ interface PageMetadata { prUrl: string | undefined; branch: string; coverage: Coverage; + isInQualityProfile: boolean; jsonString: string | undefined; } @@ -264,6 +273,7 @@ function usePageMetadata(ruleid: string, language: string, classes: UsedStyles): let coverage: Coverage = 'Loading...'; let title = 'Loading...'; let avoid = false; + let isInQualityProfile = false; let metadataJSONString; let languagesTabs = null; let prUrl: string | undefined = undefined; @@ -303,6 +313,7 @@ function usePageMetadata(ruleid: string, language: string, classes: UsedStyles): } else { coverage = allLangsRuleCoverage(metadataJSON.allKeys, coverageMapper); } + isInQualityProfile = metadataJSON.defaultQualityProfiles.length > 0; } if (coverage !== 'Not Covered') { @@ -317,6 +328,7 @@ function usePageMetadata(ruleid: string, language: string, classes: UsedStyles): prUrl, branch, coverage, + isInQualityProfile, jsonString: metadataJSONString }; } @@ -330,14 +342,14 @@ function useDescription(metadata: PageMetadata, ruleid: string, language?: strin `https://github.com/SonarSource/rspec/blob/${metadata.branch}/rules/${ruleid}${language ? '/' + language : ''}`; function htmlReplacement(domNode: Element) { - if (domNode.name === 'a' && domNode.attribs && domNode.attribs['data-rspec-id']) { + if (domNode.name === 'a' && domNode.attribs?.['data-rspec-id']) { const props = attributesToProps(domNode.attribs); return {domToReact(domNode.children)} ; } - if (domNode.name === 'code' && domNode.attribs && domNode.attribs['data-lang']) { + if (domNode.name === 'code' && domNode.attribs?.['data-lang']) { return {domToReact(domNode.children)} ; @@ -419,7 +431,10 @@ export function RulePage(props: any) { -

{metadata.title}

+

+ {metadata.isInQualityProfile ? <> : <> } + {metadata.title} +

Covered Since

diff --git a/frontend/src/__tests__/__snapshots__/RulePage.test.tsx.snap b/frontend/src/__tests__/__snapshots__/RulePage.test.tsx.snap index b8f34734953..fbf9efc5c13 100644 --- a/frontend/src/__tests__/__snapshots__/RulePage.test.tsx.snap +++ b/frontend/src/__tests__/__snapshots__/RulePage.test.tsx.snap @@ -2217,7 +2217,18 @@ exports[`renders closed rule S1007 1`] = ` class="MuiContainer-root MuiContainer-maxWidthMd" >

- When the absolute positioning of bits representing a bit-field is required, then the behaviour and packing of bit-fields shall be documented + + When the absolute positioning of bits representing a bit-field is required, then the behaviour and packing of bit-fields shall be documented

= 3 ? 'error' : 'warning'; + if (typeof message === "string") { + this.logger.log({ + level, + message, + source: path.basename(__filename) + }); + return; + } const location = message.getSourceLocation(); this.logger.log({ - level: level, + level, message: message.getText(), source: path.basename(__filename), file: location.getFile(), diff --git a/frontend/src/deployment/pullRequestIndexing.ts b/frontend/src/deployment/pullRequestIndexing.ts index 756baa3ef63..12b4e9fe8b9 100644 --- a/frontend/src/deployment/pullRequestIndexing.ts +++ b/frontend/src/deployment/pullRequestIndexing.ts @@ -31,7 +31,7 @@ export async function process_incomplete_rspecs(tmpRepoDir: string, const repo = await (() => { if (!fs.existsSync(path.join(tmpRepoDir, '.git'))) { if (process.env.GITHUB_TOKEN) { - return Git.Clone.clone('https://' + process.env.GITHUB_TOKEN + '@github.com/SonarSource/rspec/', tmpRepoDir); + return Git.Clone.clone(`https://${process.env.GITHUB_TOKEN}@github.com/SonarSource/rspec/`, tmpRepoDir); } else { return Git.Clone.clone('https://github.com/SonarSource/rspec/', tmpRepoDir); } diff --git a/frontend/src/types/RuleMetadata.ts b/frontend/src/types/RuleMetadata.ts index 90064d44f32..1972ad94a40 100644 --- a/frontend/src/types/RuleMetadata.ts +++ b/frontend/src/types/RuleMetadata.ts @@ -16,5 +16,6 @@ export default interface RuleMetadata { languagesSupport: LanguageSupport[], allKeys: string[], branch: string, + defaultQualityProfiles: string[], prUrl?: string } diff --git a/frontend/src/utils/useRuleCoverage.ts b/frontend/src/utils/useRuleCoverage.ts index dcdb6248614..ccf53627bac 100644 --- a/frontend/src/utils/useRuleCoverage.ts +++ b/frontend/src/utils/useRuleCoverage.ts @@ -6,10 +6,11 @@ type RuleCoverage = Record>; const languageToSonarpedia = new Map(Object.entries({ 'abap': ['ABAP'], 'apex': ['APEX'], - 'azureresourcemanager': ['AZURERESOURCEMANAGER'], + 'azureresourcemanager': ['AZURE_RESOURCE_MANAGER'], 'cfamily': ['CPP', 'C', 'OBJC'], 'cobol': ['COBOL'], 'csharp': ['CSH'], + 'dart': ['DART'], 'docker': ['DOCKER'], 'vbnet': ['VBNET'], 'css': ['CSS'], @@ -20,6 +21,7 @@ const languageToSonarpedia = new Map(Object.entries({ 'go': ['GO'], 'java': ['JAVA'], 'javascript': ['JAVASCRIPT', 'JS', 'TYPESCRIPT'], + 'jcl': ['JCL'], 'php': ['PHP'], 'pli': ['PLI'], 'plsql': ['PLSQL'], @@ -35,7 +37,8 @@ const languageToSonarpedia = new Map(Object.entries({ 'cloudformation': ['CLOUDFORMATION'], 'terraform': ['TERRAFORM'], 'kubernetes': ['KUBERNETES'], - 'text': ['TEXT'] + 'text': ['TEXT'], + 'ansible': ['ANSIBLE'] })); export function useRuleCoverage() { diff --git a/rspec-tools/Pipfile b/rspec-tools/Pipfile index d40c75b8257..c5cf3882816 100644 --- a/rspec-tools/Pipfile +++ b/rspec-tools/Pipfile @@ -17,8 +17,8 @@ slackclient = "*" [dev-packages] pytest = ">=6.2.2" mypy = ">=0.800" -rspec-tools = {file = ".", editable = true} pytest-snapshot = "*" +rspec-tools = {file = ".", editable = true} [requires] python_version = "3.9" diff --git a/rspec-tools/README.adoc b/rspec-tools/README.adoc index ea46a5793bf..3e961e4d404 100644 --- a/rspec-tools/README.adoc +++ b/rspec-tools/README.adoc @@ -55,5 +55,5 @@ In order to generate an HTML file from the ASCIIdoc, you can use [asciidoctor](h [source,sh] ---- -$ asciidoctor -e rule.adoc +$ asciidoctor rule.adoc ---- diff --git a/rspec-tools/rspec_template/single_language/secrets/metadata.json b/rspec-tools/rspec_template/single_language/secrets/metadata.json new file mode 100644 index 00000000000..8635b7d61ca --- /dev/null +++ b/rspec-tools/rspec_template/single_language/secrets/metadata.json @@ -0,0 +1,56 @@ +{ + "title": "SECRET_TYPE should not be disclosed", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "HIGH" + }, + "attribute": "TRUSTWORTHY" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe", + "cert" + ], + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-${RSPEC_ID}", + "sqKey": "S${RSPEC_ID}", + "scope": "All", + "securityStandards": { + "CWE": [ + 798, + 259 + ], + "OWASP": [ + "A3" + ], + "CERT": [ + "MSC03-J." + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rspec-tools/rspec_template/single_language/secrets/rule.adoc b/rspec-tools/rspec_template/single_language/secrets/rule.adoc new file mode 100644 index 00000000000..28f3a64def8 --- /dev/null +++ b/rspec-tools/rspec_template/single_language/secrets/rule.adoc @@ -0,0 +1,50 @@ + +include::../../../shared_content/secrets/description.adoc[] + +== Why is this an issue? + +include::../../../shared_content/secrets/rationale.adoc[] + +=== What is the potential impact? + +// Optional: Give a general description of the secret and what it's used for. + +Below are some real-world scenarios that illustrate some impacts of an attacker +exploiting the secret. + +// Set value that can be used to refer to the type of secret in, for example: +// "An attacker can use this {secret_type} to ..." +:secret_type: secret + +// Where possible, use predefined content for common impacts. This content can +// be found in the folder "shared_content/secrets/impact". +// When using predefined content, search for any required variables to be set and include them in this file. +// Not adding them will not trigger warnings. + +//include::../../../shared_content/secrets/impact/some_impact.adoc[] + +== How to fix it + +include::../../../shared_content/secrets/fix/revoke.adoc[] + +include::../../../shared_content/secrets/fix/vault.adoc[] + +=== Code examples + +:example_secret: example_secret_value +:example_name: java-property-name +:example_env: ENV_VAR_NAME + +include::../../../shared_content/secrets/examples.adoc[] + +//=== How does this work? + +//=== Pitfalls + +//=== Going the extra mile + +== Resources + +include::../../../shared_content/secrets/resources/standards.adoc[] + +//=== Benchmarks diff --git a/rspec-tools/rspec_tools/checklinks.py b/rspec-tools/rspec_tools/checklinks.py index ec422268386..39a4da39f6f 100644 --- a/rspec-tools/rspec_tools/checklinks.py +++ b/rspec-tools/rspec_tools/checklinks.py @@ -1,21 +1,28 @@ -import os,io -import re -import requests +import datetime import json +import pathlib import random -import datetime +import socket + +import requests from bs4 import BeautifulSoup -from socket import timeout -import pathlib TOLERABLE_LINK_DOWNTIME = datetime.timedelta(days=7) LINK_PROBES_HISTORY_FILE = './link_probes.history' -PROBING_COOLDOWN = datetime.timedelta(days=1) -PROBING_SPREAD = 100 # minutes +PROBING_COOLDOWN = datetime.timedelta(days=2) +PROBING_SPREAD = 60 * 24 # in minutes, 1 day link_probes_history = {} # These links consistently fail in CI, but work-on-my-machine -EXCEPTIONS = [ +EXCEPTION_PREFIXES = [ + # It seems the server certificate was renewed on 2nd of August 2024. + # The server is sending only its certificate, without including the + # Intermediate certificate used to issue the server cert. Because of that + # some application are not able to verify the complete chain of trust. + "https://wiki.sei.cmu.edu/", + # The CI reports 403 on drupal.org while it works locally. + # Maybe the CI's IP is blocklisted... + "https://www.drupal.org/", ] def show_files(filenames): @@ -65,7 +72,7 @@ def live_url(url: str, timeout=5): req = requests.Request('GET', url, headers = {'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="90"', 'sec-ch-ua-mobile': '?0', 'Upgrade-Insecure-Requests': '1', - 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36', + 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 GLS/100.10.9939.100', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Sec-Fetch-Site':'none', 'Sec-Fetch-Mode':'navigate', @@ -94,13 +101,13 @@ def live_url(url: str, timeout=5): print(f"ERROR: Too many redirects: {rr}") return False except requests.Timeout as t: - print(f"ERROR: timeout ", t) + print(f"ERROR: Request timeout {t}") return False - except timeout as t: - print(f"ERROR: timeout ", t) + except socket.timeout as t: + print(f"ERROR: Socket timeout {t}") return False except Exception as e: - print(f"ERROR: ", e) + print(f"ERROR: {e}") return False def findurl_in_html(filename,urls): @@ -145,20 +152,51 @@ def get_all_links_from_htmls(dir): print("All html files crawled") return urls -def probe_links(urls): +def url_is_exception(url: str) -> bool: + return any( + url.startswith(e) for e in EXCEPTION_PREFIXES + ) + +def probe_links(urls: dict) -> bool: errors = [] + link_cache_exception = 0 + link_cache_hit = 0 + link_cache_miss = 0 print("Testing links") - for url in urls: - print(f"{url} in {len(urls[url])} files") - if url in EXCEPTIONS: + link_count = len(urls) + for idx, url in enumerate(urls): + print(f"[{idx+1}/{link_count}] {url} in {len(urls[url])} files") + if url_is_exception(url): + link_cache_exception += 1 print("skip as an exception") elif url_was_reached_recently(url): + link_cache_hit += 1 print("skip probing because it was reached recently") elif live_url(url, timeout=5): + link_cache_miss += 1 rejuvenate_url(url) elif url_is_long_dead(url): + link_cache_miss += 1 errors.append(url) - return errors + else: + link_cache_miss += 1 + + confirmed_errors = confirm_errors(errors, urls) + + print(f"\n\n\n{'=' * 80}\n\n\n") + if confirmed_errors: + report_errors(confirmed_errors, urls) + print(f"{len(confirmed_errors)}/{len(urls)} links are dead, see above ^^ the list and the related files\n\n") + print("Cache statistics:") + print(f"\t{link_cache_hit=}") + print(f"\t{link_cache_miss=}") + link_cache_hit_ratio = (link_cache_hit) / (link_cache_hit + link_cache_miss) + print(f"\t{link_cache_hit_ratio:03.2%} hits") + print(f"\t{link_cache_exception=}") + print(f"\n\n\n{'=' * 80}\n\n\n") + + success = len(confirmed_errors) == 0 + return success def confirm_errors(presumed_errors, urls): confirmed_errors = [] @@ -180,16 +218,9 @@ def report_errors(errors, urls): def check_html_links(dir): load_url_probing_history() urls = get_all_links_from_htmls(dir) - errors = probe_links(urls) - exit_code = 0 - if errors: - confirmed_errors = confirm_errors(errors, urls) - if confirmed_errors: - report_errors(confirmed_errors, urls) - print(f"{len(confirmed_errors)}/{len(urls)} links are dead, see above ^^ the list and the related files") - exit_code = 1 - if exit_code == 0: + success = probe_links(urls) + if success: print(f"All {len(urls)} links are good") save_url_probing_history() - exit(exit_code) + exit(0 if success else 1) diff --git a/rspec-tools/rspec_tools/cli.py b/rspec-tools/rspec_tools/cli.py index 0b1e85e44bb..71abb95b6d4 100644 --- a/rspec-tools/rspec_tools/cli.py +++ b/rspec-tools/rspec_tools/cli.py @@ -17,7 +17,8 @@ validate_parameters, validate_section_levels, validate_section_names, - validate_source_language) + validate_source_language, + validate_security_standard_links) from rspec_tools.validation.sanitize_asciidoc import sanitize_asciidoc from rspec_tools.validation.metadata import validate_rule_metadata @@ -104,6 +105,7 @@ def check_asciidoc(files): validate_section_levels, validate_parameters, validate_source_language, + validate_security_standard_links, ] def _validate_rule_specialization(lang_spec_rule: LanguageSpecificRule): error_counter = 0 diff --git a/rspec-tools/rspec_tools/coverage.py b/rspec-tools/rspec_tools/coverage.py index 909b49793d5..48e4e5cae92 100644 --- a/rspec-tools/rspec_tools/coverage.py +++ b/rspec-tools/rspec_tools/coverage.py @@ -1,13 +1,43 @@ +import collections +import json import os +import re import sys -import json -from git import Repo -from git import Git from pathlib import Path -from rspec_tools.utils import (load_json, pushd) - -REPOS = ['sonar-abap','sonar-cpp','sonar-cobol','sonar-dotnet','sonar-css','sonar-flex','slang-enterprise','sonar-java','SonarJS','sonar-php','sonar-pli','sonar-plsql','sonar-python','sonar-rpg','sonar-swift','sonar-text','sonar-tsql','sonar-vb','sonar-html','sonar-xml','sonar-kotlin', 'sonar-secrets', 'sonar-security', 'sonar-iac'] +from git import Git, Repo +from rspec_tools.utils import load_json, pushd + +REPOS = [ + 'sonar-abap', + 'sonar-apex', + 'sonar-architecture', + 'sonar-cobol', + 'sonar-cpp', + 'sonar-dart', + 'sonar-dataflow-bug-detection', + 'sonar-dotnet-enterprise', + 'sonar-flex', + 'sonar-go-enterprise', + 'sonar-html', + 'sonar-iac-enterprise', + 'sonar-java', + 'SonarJS', + 'sonar-kotlin', + 'sonar-php', + 'sonar-pli', + 'sonar-plsql', + 'sonar-python', + 'sonar-rpg', + 'sonar-ruby', + 'sonar-scala', + 'sonar-security', + 'sonar-swift', + 'sonar-text-enterprise', + 'sonar-tsql', + 'sonar-vb', + 'sonar-xml' +] CANONICAL_NAMES = { 'CLOUD_FORMATION': 'CLOUDFORMATION', @@ -16,14 +46,14 @@ 'WEB': 'HTML' } + RULES_FILENAME = 'covered_rules.json' + def get_rule_id(filename): rule_id = filename[:-5] - if '_' in rule_id: - return rule_id[:rule_id.find('_')] - else: - return rule_id + return rule_id.removesuffix('_abap').removesuffix('_java') + def compatible_languages(rule, languages_from_sonarpedia): ''' @@ -42,7 +72,7 @@ def get_implemented_rules(path, languages_from_sonarpedia): for lang in languages_from_sonarpedia: implemented_rules[lang] = [] for filename in os.listdir(path): - if filename.endswith(".json") and not filename.startswith("Sonar_way"): + if filename.endswith(".json") and 'profile' not in filename: rule = load_json(os.path.join(path, filename)) rule_id = get_rule_id(filename) for language in compatible_languages(rule, languages_from_sonarpedia): @@ -133,7 +163,7 @@ def add_analyzer_version(self, analyzer, version, implemented_rules_per_language self.rule_implemented(rule_id, language, analyzer, version) def all_implemented_rules(): - implemented_rules = {} + implemented_rules = collections.defaultdict(list) for sp_file in Path('.').rglob('sonarpedia.json'): print(sp_file) sonarpedia_path=sp_file.parents[0] @@ -141,7 +171,10 @@ def all_implemented_rules(): sonarpedia = load_json(sp_file) path = str(sonarpedia_path) + '/' + sonarpedia['rules-metadata-path'].replace('\\', '/') languages = sonarpedia['languages'] - implemented_rules.update(get_implemented_rules(path, languages)) + + implemented_rules_in_path = get_implemented_rules(path, languages) + for lang, rules in implemented_rules_in_path.items(): + implemented_rules[lang] += rules except Exception as e: print(f"failed to collect implemented rules for {sp_file}: {e}") continue @@ -151,17 +184,29 @@ def checkout_repo(repo): git_url=f"https://github.com/SonarSource/{repo}" token=os.getenv('GITHUB_TOKEN') if token: - git_url=f"https://{token}@github.com/SonarSource/{repo}" + git_url=f"https://oauth2:{token}@github.com/SonarSource/{repo}" if not os.path.exists(repo): return Repo.clone_from(git_url, repo) else: return Repo(repo) + +VERSION_RE = re.compile(r'\d[\d\.]+') +def is_version_tag(name): + return bool(re.fullmatch(VERSION_RE, name)) + + +def comparable_version(key): + if not is_version_tag(key): + return [0] + return list(map(int, key.split('.'))) + + def collect_coverage_for_all_versions(repo, coverage): git_repo = checkout_repo(repo) tags = git_repo.tags - tags.sort(key = lambda t: t.commit.committed_date) - versions = [tag.name for tag in tags if '-' not in tag.name] + versions = [tag.name for tag in tags if is_version_tag(tag.name)] + versions.sort(key = comparable_version) for version in versions: collect_coverage_for_version(repo, git_repo, version, coverage) collect_coverage_for_version(repo, git_repo, 'master', coverage) diff --git a/rspec-tools/rspec_tools/create_rule.py b/rspec-tools/rspec_tools/create_rule.py index c9f57af1535..c247730ca2e 100644 --- a/rspec-tools/rspec_tools/create_rule.py +++ b/rspec-tools/rspec_tools/create_rule.py @@ -95,7 +95,7 @@ def _fill_language_name_in_the_template(self, lang_dir: Path, language: str): if rule_item.is_file(): template_content = rule_item.read_text() lang = LANG_TO_SOURCE[language] - final_content = template_content.replace('[source,text]', f'[source,{lang}]') + final_content = template_content.replace('[source,text', f'[source,{lang}') rule_item.write_text(final_content) def _fill_multi_lang_template_files(self, rule_dir: Path, rule_number: int, languages: Iterable[str]): @@ -113,7 +113,9 @@ def _fill_multi_lang_template_files(self, rule_dir: Path, rule_number: int, lang def _fill_single_lang_template_files(self, rule_dir: Path, rule_number: int, language: str): common_template = self.TEMPLATE_PATH / 'single_language' / 'common' - lang_specific_template = self.TEMPLATE_PATH / 'single_language' / 'language_specific' + lang_specific_template = self.TEMPLATE_PATH / 'single_language' / language + if not Path(lang_specific_template).exists(): + lang_specific_template = self.TEMPLATE_PATH / 'single_language' / 'language_specific' copy_directory_content(common_template, rule_dir) lang_dir = rule_dir /language diff --git a/rspec-tools/rspec_tools/utils.py b/rspec-tools/rspec_tools/utils.py index 885a4dad030..a80caac0db9 100644 --- a/rspec-tools/rspec_tools/utils.py +++ b/rspec-tools/rspec_tools/utils.py @@ -16,12 +16,14 @@ 'cobol': 'cobol', 'csharp': 'dotnet', 'css': 'css', + 'dart': 'dart', 'docker': 'iac', 'flex': 'flex', 'go': 'slang', 'html': 'html', 'java': 'java', 'javascript': 'jsts', + 'jcl': 'jcl', 'kotlin': 'kotlin', 'php': 'php', 'pli': 'pli', @@ -38,6 +40,7 @@ 'tsql': 'tsql', 'vb6': 'vb6', 'vbnet': 'dotnet', + 'ansible': 'iac', 'cloudformation': 'iac', 'terraform': 'iac', 'kubernetes': 'iac', @@ -51,10 +54,12 @@ 'cloudformation': 'yaml', 'csharp': 'csharp', 'css': 'css', + 'dart': 'dart', 'docker': 'docker', 'go': 'go', 'html': 'html', 'java': 'java', + 'jcl': 'jcl', 'javascript': 'javascript', 'json': 'json', 'kotlin': 'kotlin', @@ -72,6 +77,7 @@ 'c': 'c', 'objectivec': 'objectivec', 'vb': 'vb', + 'ansible': 'yaml', # these languages are not supported by highlight.js as the moment: 'apex': 'apex', 'azureresourcemanager': 'bicep', diff --git a/rspec-tools/rspec_tools/validation/description.py b/rspec-tools/rspec_tools/validation/description.py index f566bc95a5a..96271728293 100644 --- a/rspec-tools/rspec_tools/validation/description.py +++ b/rspec-tools/rspec_tools/validation/description.py @@ -1,12 +1,12 @@ -from bs4 import BeautifulSoup +import re from pathlib import Path -from typing import Final +from typing import Dict, Final, List, Union +from bs4 import BeautifulSoup from rspec_tools.errors import RuleValidationError from rspec_tools.rules import LanguageSpecificRule from rspec_tools.utils import LANG_TO_SOURCE -import re def read_file(path): section_names_path = Path(__file__).parent.parent.parent.parent.joinpath(path) @@ -16,8 +16,35 @@ def parse_names(path): section_names_path = read_file(path) return [s.replace('* ', '').strip() for s in section_names_path if s.strip()] +def parse_security_standard_links(descr): + link_nodes = descr.find_all('a') + security_standards_links: Dict[str, List] = {} + for node in link_nodes: + href = node.attrs['href'] + for standard_key in SECURITY_STANDARD_URL: + standard = SECURITY_STANDARD_URL[standard_key] + url_pattern = standard["url_pattern"] + result = re.match(url_pattern, href) + if result is not None: + convert = standard["convert_id"] + category = convert(result[1]) + if standard_key not in security_standards_links.keys(): + security_standards_links[standard_key] = [] + security_standards_links[standard_key].append(category) + return security_standards_links + HOW_TO_FIX_IT = 'How to fix it' HOW_TO_FIX_IT_REGEX = re.compile(HOW_TO_FIX_IT) +SECURITY_STANDARD_URL = { + "OWASP": { + "url_pattern": r"https://(?:www\.)?owasp\.org/www-project-top-ten/2017/A(10|[1-9])_2017-", + "convert_id": lambda value: f"A{value.lstrip('0')}", + }, + "OWASP Top 10 2021": { + "url_pattern": r"https://(?:www\.)?owasp\.org/Top10/A(10|0[1-9])_2021-", + "convert_id": lambda value: f"A{value.lstrip('0')}", + }, +} # The list of all the sections currently accepted by the script. # The list includes multiple variants for each title because they all occur @@ -33,7 +60,7 @@ def parse_names(path): CODE_EXAMPLES='Code examples' OPTIONAL_SECTIONS = { # Also covers 'How to fix it in {Framework Display Name}' - 'How to fix it': [CODE_EXAMPLES, 'How does this work?', 'Pitfalls', 'Going the extra mile'], + HOW_TO_FIX_IT: [], # Empty list because we now accept anything as sub-section 'Resources': ['Documentation', 'Articles & blog posts', 'Conference presentations', 'Standards', 'External coding guidelines', 'Benchmarks', 'Related rules'] } SUBSECTIONS = { @@ -51,15 +78,26 @@ def intersection(list1, list2): def difference(list1, list2): return list(set(list1) - set(list2)) +def validate_titles_are_not_misclassified_as_subtitles(rule_language: LanguageSpecificRule, subtitles: list[str], allowed_h2_sections: list[str]): + # TODO This does not validate "How to fix it" section for frameworks as the section names are a bit special. + misclassified = intersection(subtitles, allowed_h2_sections) + if misclassified: + misclassified.sort() + misclassified_str = ', '.join(misclassified) + raise RuleValidationError(f'Rule {rule_language.id} has some sections misclassified. Ensure there are not too many `=` in the asciidoc file for: {misclassified_str}') + def validate_section_names(rule_language: LanguageSpecificRule): """Validates all h2-level section names""" + def get_titles(level: Union[str, list[str]]) -> list[str]: + return list(map(lambda x: x.text.strip(), rule_language.description.find_all(level))) - descr = rule_language.description - h2_titles = list(map(lambda x: x.text.strip(), descr.find_all('h2'))) - + h2_titles = get_titles('h2') + subtitles = get_titles(['h3', 'h4', 'h5', 'h6']) + allowed_h2_sections = list(MANDATORY_SECTIONS) + list(OPTIONAL_SECTIONS.keys()) + validate_titles_are_not_misclassified_as_subtitles(rule_language, subtitles, allowed_h2_sections) validate_duplications(h2_titles, rule_language) - education_titles = intersection(h2_titles, list(MANDATORY_SECTIONS) + list(OPTIONAL_SECTIONS.keys())) + education_titles = intersection(h2_titles, allowed_h2_sections) if education_titles: # Using the education format. validate_how_to_fix_it_sections_names(rule_language, h2_titles) @@ -192,8 +230,32 @@ def validate_subsections_for_section(rule_language: LanguageSpecificRule, sectio subsections_seen = set() for title in titles: name = title.text.strip() - if name not in allowed_subsections: + if allowed_subsections and name not in allowed_subsections: raise RuleValidationError(f'Rule {rule_language.id} has a "{section_name}" subsection with an unallowed name: "{name}"') if name in subsections_seen and not is_duplicate_allowed: raise RuleValidationError(f'Rule {rule_language.id} has duplicate "{section_name}" subsections. There are 2 occurences of "{name}"') subsections_seen.add(name) + + +def validate_security_standard_links(rule_language: LanguageSpecificRule): + descr = rule_language.description + security_standards_links = parse_security_standard_links(descr) + metadata = rule_language.metadata + + # Avoid raising mismatch issues on deprecated or closed rules + if metadata.get('status') != 'ready': + return + + security_standards_metadata = metadata.get('securityStandards', {}) + for standard in SECURITY_STANDARD_URL.keys(): + + metadata_mapping = security_standards_metadata[standard] if standard in security_standards_metadata.keys() else [] + links_mapping = security_standards_links[standard] if standard in security_standards_links.keys() else [] + + extra_links = difference(links_mapping, metadata_mapping) + if len(extra_links) > 0: + raise RuleValidationError(f'Rule {rule_language.id} has a mismatch for the {standard} security standards. Remove links from the Resources/See section ({extra_links}) or fix the rule metadata') + + missing_links = difference(metadata_mapping, links_mapping) + if len(missing_links) > 0: + raise RuleValidationError(f'Rule {rule_language.id} has a mismatch for the {standard} security standards. Add links to the Resources/See section ({missing_links}) or fix the rule metadata') diff --git a/rspec-tools/rspec_tools/validation/rule-metadata-schema.json b/rspec-tools/rspec_tools/validation/rule-metadata-schema.json index 7dd0ac04e2b..18fceff5ee8 100644 --- a/rspec-tools/rspec_tools/validation/rule-metadata-schema.json +++ b/rspec-tools/rspec_tools/validation/rule-metadata-schema.json @@ -218,6 +218,15 @@ "pattern": "^\\d+\\.\\d+\\.\\d+$" }, "uniqueItems": true + }, + "STIG ASD_V5R3": { + "type": "array", + "minItems": 0, + "items": { + "type": "string", + "pattern": "^V-\\d+$" + }, + "uniqueItems": true } } }, @@ -258,15 +267,15 @@ "properties": { "MAINTAINABILITY": { "type": "string", - "enum": ["LOW", "MEDIUM", "HIGH"] + "enum": ["INFO", "LOW", "MEDIUM", "HIGH", "BLOCKER"] }, "RELIABILITY": { "type": "string", - "enum": ["LOW", "MEDIUM", "HIGH"] + "enum": ["INFO", "LOW", "MEDIUM", "HIGH", "BLOCKER"] }, "SECURITY": { "type": "string", - "enum": ["LOW", "MEDIUM", "HIGH"] + "enum": ["INFO", "LOW", "MEDIUM", "HIGH", "BLOCKER"] } } }, diff --git a/rspec-tools/rspec_tools/validation/sanitize_asciidoc.py b/rspec-tools/rspec_tools/validation/sanitize_asciidoc.py index 9f0e3fd52b3..8732be852d9 100644 --- a/rspec-tools/rspec_tools/validation/sanitize_asciidoc.py +++ b/rspec-tools/rspec_tools/validation/sanitize_asciidoc.py @@ -4,71 +4,82 @@ * "ifdef"/"endif" blocks should be well-formed for RSPEC * Inline code with backquotes is correctly escaped and balanced * Include commands are not appended to other code +* "C++" is referred to using the {cpp} attribute +* rules.sonarsource.com is not linked directly """ -from pathlib import Path -import re +import re +from pathlib import Path VALID_IFDEF = "ifdef::env-github,rspecator-view[]" VALID_ENDIF = "endif::env-github,rspecator-view[]" -VARIABLE_DECL = re.compile(r':\w+: ') +VARIABLE_DECL = re.compile(r":\w+: ") -INCLUDE = re.compile(r'include::') +INCLUDE = re.compile(r"include::") -FORMATTING_CHARS = ['_', r'\*', r'\#'] -WORD_FORMATTING_CHARS = [r'\~', r'\^'] +FORMATTING_CHARS = ["_", r"\*", r"\#"] +WORD_FORMATTING_CHARS = [r"\~", r"\^"] # If the formatting char is repeated twice, it can go anywhere -UNCONSTRAINED_FORMATTING = '|'.join(x + x for x in FORMATTING_CHARS) +UNCONSTRAINED_FORMATTING = "|".join(x + x for x in FORMATTING_CHARS) # Single formatting char are dangerous at the beginning of a word -FORMATTING_OPENING = '|'.join(r'(\W|^)' + x + r'\w' for x in FORMATTING_CHARS) +FORMATTING_OPENING = "|".join(r"(\W|^)" + x + r"\w" for x in FORMATTING_CHARS) # Single formatting char are dangerous at the end of a word -FORMATTING_CLOSING = '|'.join(r'\w' + x + r'(\W|$)' for x in FORMATTING_CHARS) +FORMATTING_CLOSING = "|".join(r"\w" + x + r"(\W|$)" for x in FORMATTING_CHARS) # Word formatting is broken by spaces so we look for things like `#word#` -WORD_FORMATTING = "|".join(x + r'\S+' + x for x in WORD_FORMATTING_CHARS) +WORD_FORMATTING = "|".join(x + r"\S+" + x for x in WORD_FORMATTING_CHARS) # We combine all the matchers -NEED_PROTECTION = re.compile('(' - f'{UNCONSTRAINED_FORMATTING}|' - f'{FORMATTING_OPENING}|' - f'{FORMATTING_CLOSING}|' - f'{WORD_FORMATTING}' - ')') +NEED_PROTECTION = re.compile( + "(" + f"{UNCONSTRAINED_FORMATTING}|" + f"{FORMATTING_OPENING}|" + f"{FORMATTING_CLOSING}|" + f"{WORD_FORMATTING}" + ")" +) # There is a regex trick here: # We want to stop the search if there is a backquote # We do that by matching backquote OR the closing passthrough # Then we'll ignore any match of backquote -CLOSE_CONSTRAINED_PASSTHROUGH = re.compile(r'`|((?(``+)|(?(``+)|(? 0: # `+++a++` will display '+a' in case of inbalance, we try to find the biggest closing block if count == 1: - if not line[pos + count].isspace() and line[pos - 1] == '`': - #constrained '+'. It is a passthrough only if it is directly around text and surrounded by backquotes: `+Some Content+` + if not line[pos + count].isspace() and line[pos - 1] == "`": + # constrained '+'. It is a passthrough only if it is directly around text and surrounded by backquotes: `+Some Content+` close_pattern = CLOSE_CONSTRAINED_PASSTHROUGH else: return pos else: - close_pattern = re.compile('(' + r'\+' * count + ')') + close_pattern = re.compile("(" + r"\+" * count + ")") end = close_pattern.search(line, pos + count) if end and end.group(1): return end.end() @@ -77,8 +88,8 @@ def close_passthrough(count, pos, line): def skip_passthrough_macro(line, pos): - '''If this is a passthrough macro, skip to the end''' - if line[pos] == 'p': + """If this is a passthrough macro, skip to the end""" + if line[pos] == "p": pm = PASSTHROUGH_MACRO.match(line, pos) if pm: return pm.end() @@ -86,10 +97,10 @@ def skip_passthrough_macro(line, pos): def skip_passthrough_plus(line, pos): - '''If this is a passthrough +, skip to the end''' - if line[pos] == '+': + """If this is a passthrough +, skip to the end""" + if line[pos] == "+": count = 1 - while pos + count < len(line) and line[pos + count] == '+': + while pos + count < len(line) and line[pos + count] == "+": count += 1 return close_passthrough(count, pos, line) return pos @@ -126,10 +137,10 @@ def process(self) -> bool: lines = content.splitlines(keepends=False) for line_index, line in enumerate(lines): if self._is_inside_code: - if line == '----': + if line == "----": self._is_inside_code = False continue - if line == '----': + if line == "----": self._is_inside_code = True continue line_number = line_index + 1 @@ -185,33 +196,65 @@ def _process_close_ifdef(self, line_number: int, line: str): f'Incorrect endif command. "{VALID_ENDIF}" should be used instead.', ) + def _advance_to_next_backquote(self, line: str, pos: int, line_number: int): + next_pos = BACKQUOTE.search(line, pos) + if next_pos: + cpp = CPP.search(line, pos, endpos=next_pos.pos) + else: + cpp = CPP.search(line, pos) + if cpp: + self._on_error( + line_number, + 'To avoid rendering issues, always use the "{cpp}" attribute to refer to the language C++.', + ) + return next_pos + def _process_description(self, line_number: int, line: str): if VARIABLE_DECL.match(line): return if self._previous_line_was_include and not self._empty_line: - self._on_error(line_number - 1, '''An empty line is missing after the include. + self._on_error( + line_number - 1, + """An empty line is missing after the include. This may result in broken tags and other display issues. -Make sure there are always empty lines before and after each include''') +Make sure there are always empty lines before and after each include.""", + ) if INCLUDE.match(line): self._previous_line_was_include = True if not self._empty_line: - self._on_error(line_number, '''An empty line is missing before the include. + self._on_error( + line_number, + """An empty line is missing before the include. This may result in broken tags and other display issues. -Make sure there are always empty lines before and after each include''') +Make sure there are always empty lines before and after each include.""", + ) return else: self._previous_line_was_include = False + if RULES_SONARSOURCE.search(line) and not self._is_env_open: + self._on_error( + line_number, + """Do not put direct links to https://rules.sonarsource.com/. +Just use the rule ID and let cross-reference substitution do its job.""", + ) pos = 0 - res = BACKQUOTE.search(line, pos) + res = self._advance_to_next_backquote(line, pos, line_number) # We filter out matches for passthrough. See comment near the BACKQUOTE declaration - while res and res.group('backquote'): - pos = self._check_inlined_code(line_number, res.end(), line, res.group('backquote')) - res = BACKQUOTE.search(line, pos) + while res and res.group("backquote"): + pos = self._check_inlined_code( + line_number, res.end(), line, res.group("backquote") + ) + res = self._advance_to_next_backquote(line, pos, line_number) - def _check_inlined_code(self, line_number: int, pos: int, line: str, opening_pattern: str): + def _check_inlined_code( + self, line_number: int, pos: int, line: str, opening_pattern: str + ): if len(opening_pattern) > 2: # Part of the backquotes are displayed as backquotes. - self._on_error(line_number, 'Use "++" to isolate the backquotes you want to display from the ones that should be interpreted by AsciiDoc.') + self._on_error( + line_number, + 'Use "++" to isolate the backquotes you want to display from the ones that should be interpreted by AsciiDoc.', + ) return pos elif len(opening_pattern) == 2: closing_pattern = CLOSE_UNCONSTRAINED_BACKQUOTE @@ -220,27 +263,30 @@ def _check_inlined_code(self, line_number: int, pos: int, line: str, opening_pat content_end, content = close_inline_block(line, pos, closing_pattern) if content_end < 0: - message='Unbalanced code inlining tags.' + message = "Unbalanced code inlining tags." if len(opening_pattern) == 1: - message += ''' + message += """ If you are trying to write inline code that is glued to text without a space, you need to use double backquotes: > Replace all `reference`s. Will not display correctly. You need to write: > Replace all ``reference``s. -''' +""" self._on_error(line_number, message) return len(line) pos = content_end + len(opening_pattern) if NEED_PROTECTION.search(content): - self._on_error (line_number, f''' + self._on_error( + line_number, + f""" Using backquotes does not protect against asciidoc interpretation. Starting or ending a word with '*', '#', '_' or having two of them consecutively will trigger unintended behavior with the rest of the text. Use ``++{content}++`` to avoid that. If you really want to have formatting inside your code, you can write ``pass:n[{content}]`` -''') +""", + ) return pos return pos diff --git a/rspec-tools/tests/resources/asciidoc/valid.adoc b/rspec-tools/tests/resources/asciidoc/valid.adoc index 70bdc8ded4d..dc272cffe9a 100644 --- a/rspec-tools/tests/resources/asciidoc/valid.adoc +++ b/rspec-tools/tests/resources/asciidoc/valid.adoc @@ -24,8 +24,13 @@ The pass:[``++Can have __ [escaped brackets\] __ ++``] [source,python] ---- # We don't care about `in the code + +We also don't care about writing C++ or c++ + ---- +Inside descriptions, we only use {cpp} to refer to the language + We can have a sole ` surrounded by spaces This file does not exist but we only check that the include is well placed: diff --git a/rspec-tools/tests/resources/invalid-asciidoc/link_rule_sonarsource_com.adoc b/rspec-tools/tests/resources/invalid-asciidoc/link_rule_sonarsource_com.adoc new file mode 100644 index 00000000000..60368548401 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-asciidoc/link_rule_sonarsource_com.adoc @@ -0,0 +1,16 @@ +== Title + +In this case, there is also an impact on reliability and so it is handled by the rule https://rules.sonarsource.com/java/RSPEC-5810/[S5810]. + +=== Documentation + +* https://rules.sonarsource.com/csharp/RSPEC-6420/[S6420 - Client instances should not be recreated on each Azure Function invocation] + + +ifdef::env-github,rspecator-view[] + +https://rules.sonarsource.com/csharp/RSPEC-6420/[We ignore rspecator view] + +endif::env-github,rspecator-view[] + +http://rules.sonarsource.com/csharp/RSPEC-6420/[We detect http too] \ No newline at end of file diff --git a/rspec-tools/tests/resources/invalid-asciidoc/snapshots/include_stuck_after.txt b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/include_stuck_after.txt index 69927bfa99a..07be556778b 100644 --- a/rspec-tools/tests/resources/invalid-asciidoc/snapshots/include_stuck_after.txt +++ b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/include_stuck_after.txt @@ -1,3 +1,3 @@ $PATH/include_stuck_after.adoc:3 An empty line is missing after the include. This may result in broken tags and other display issues. -Make sure there are always empty lines before and after each include +Make sure there are always empty lines before and after each include. diff --git a/rspec-tools/tests/resources/invalid-asciidoc/snapshots/include_stuck_before.txt b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/include_stuck_before.txt index 77d256f177f..98c4a3ee2ee 100644 --- a/rspec-tools/tests/resources/invalid-asciidoc/snapshots/include_stuck_before.txt +++ b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/include_stuck_before.txt @@ -1,3 +1,3 @@ $PATH/include_stuck_before.adoc:2 An empty line is missing before the include. This may result in broken tags and other display issues. -Make sure there are always empty lines before and after each include +Make sure there are always empty lines before and after each include. diff --git a/rspec-tools/tests/resources/invalid-asciidoc/snapshots/link_rule_sonarsource_com.txt b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/link_rule_sonarsource_com.txt new file mode 100644 index 00000000000..2ddadb4def8 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/link_rule_sonarsource_com.txt @@ -0,0 +1,6 @@ +$PATH/link_rule_sonarsource_com.adoc:3 Do not put direct links to https://rules.sonarsource.com/. +Just use the rule ID and let cross-reference substitution do its job. +$PATH/link_rule_sonarsource_com.adoc:7 Do not put direct links to https://rules.sonarsource.com/. +Just use the rule ID and let cross-reference substitution do its job. +$PATH/link_rule_sonarsource_com.adoc:16 Do not put direct links to https://rules.sonarsource.com/. +Just use the rule ID and let cross-reference substitution do its job. diff --git a/rspec-tools/tests/resources/invalid-asciidoc/snapshots/two_stuck_includes.txt b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/two_stuck_includes.txt index 10bf28381bb..340e4acdfe5 100644 --- a/rspec-tools/tests/resources/invalid-asciidoc/snapshots/two_stuck_includes.txt +++ b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/two_stuck_includes.txt @@ -1,6 +1,6 @@ $PATH/two_stuck_includes.adoc:3 An empty line is missing after the include. This may result in broken tags and other display issues. -Make sure there are always empty lines before and after each include +Make sure there are always empty lines before and after each include. $PATH/two_stuck_includes.adoc:4 An empty line is missing before the include. This may result in broken tags and other display issues. -Make sure there are always empty lines before and after each include +Make sure there are always empty lines before and after each include. diff --git a/rspec-tools/tests/resources/invalid-asciidoc/snapshots/unnamed_language.txt b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/unnamed_language.txt new file mode 100644 index 00000000000..19e273406d6 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-asciidoc/snapshots/unnamed_language.txt @@ -0,0 +1,2 @@ +$PATH/unnamed_language.adoc:1 To avoid rendering issues, always use the "{cpp}" attribute to refer to the language C++. +$PATH/unnamed_language.adoc:3 To avoid rendering issues, always use the "{cpp}" attribute to refer to the language C++. diff --git a/rspec-tools/tests/resources/invalid-asciidoc/unnamed_language.adoc b/rspec-tools/tests/resources/invalid-asciidoc/unnamed_language.adoc new file mode 100644 index 00000000000..40c0898e715 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-asciidoc/unnamed_language.adoc @@ -0,0 +1,5 @@ +We shouldn't mention the language C++ by its name. + +Nor by c++ for what it's worth. + +We should use the built-in attribute {cpp} instead. \ No newline at end of file diff --git a/rspec-tools/tests/resources/invalid-rules/S100/metadata.json b/rspec-tools/tests/resources/invalid-rules/S100/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-rules/S100/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rspec-tools/tests/resources/invalid-rules/S100/php/metadata.json b/rspec-tools/tests/resources/invalid-rules/S100/php/metadata.json new file mode 100644 index 00000000000..68702a9782c --- /dev/null +++ b/rspec-tools/tests/resources/invalid-rules/S100/php/metadata.json @@ -0,0 +1,6 @@ +{ + "title": "Function names should comply with a naming convention", + "defaultQualityProfiles": [ + + ] +} diff --git a/rspec-tools/tests/resources/invalid-rules/S100/php/rule.adoc b/rspec-tools/tests/resources/invalid-rules/S100/php/rule.adoc new file mode 100644 index 00000000000..63f64743211 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-rules/S100/php/rule.adoc @@ -0,0 +1,5 @@ +== Why is this an issue? + +=== How to fix it + +=== Resources \ No newline at end of file diff --git a/rspec-tools/tests/resources/invalid-rules/S100/php/rule.html b/rspec-tools/tests/resources/invalid-rules/S100/php/rule.html new file mode 100644 index 00000000000..d7afbf83140 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-rules/S100/php/rule.html @@ -0,0 +1,457 @@ + + + + + + + +Why is this an issue? + + + + + +
+
+

Why is this an issue?

+
+
+

How to fix it

+ +
+
+

Resources

+ +
+
+
+
+ + + \ No newline at end of file diff --git a/rspec-tools/tests/resources/invalid-rules/S101/metadata.json b/rspec-tools/tests/resources/invalid-rules/S101/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-rules/S101/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rspec-tools/tests/resources/invalid-rules/S200/cobol/rule.adoc b/rspec-tools/tests/resources/invalid-rules/S200/cobol/rule.adoc deleted file mode 100644 index 96c98479cae..00000000000 --- a/rspec-tools/tests/resources/invalid-rules/S200/cobol/rule.adoc +++ /dev/null @@ -1,5 +0,0 @@ -== Why is this an issue? -== How to fix it -// there's a typo, it's "Code examples" -=== Coding examples -== Resources diff --git a/rspec-tools/tests/resources/invalid-rules/S200/cobol/rule.html b/rspec-tools/tests/resources/invalid-rules/S200/cobol/rule.html deleted file mode 100644 index 230f82fa43e..00000000000 --- a/rspec-tools/tests/resources/invalid-rules/S200/cobol/rule.html +++ /dev/null @@ -1,21 +0,0 @@ -
-

Why is this an issue?

-
- -
-
-
-

How to fix it

-
-
-

Coding examples

- -
-
-
-
-

Resources

-
- -
-
\ No newline at end of file diff --git a/rspec-tools/tests/resources/invalid-rules/S200/java/rule.adoc b/rspec-tools/tests/resources/invalid-rules/S200/java/rule.adoc deleted file mode 100644 index 0f89d78f435..00000000000 --- a/rspec-tools/tests/resources/invalid-rules/S200/java/rule.adoc +++ /dev/null @@ -1,5 +0,0 @@ -== Why is this an issue? -== How to fix it in Razor -=== Yolo (invalid section name) - - diff --git a/rspec-tools/tests/resources/invalid-rules/S200/java/rule.html b/rspec-tools/tests/resources/invalid-rules/S200/java/rule.html deleted file mode 100644 index adf59b4a8da..00000000000 --- a/rspec-tools/tests/resources/invalid-rules/S200/java/rule.html +++ /dev/null @@ -1,15 +0,0 @@ -
-

Why is this an issue?

-
- -
-
-
-

How to fix it in Razor

-
-
-

Yolo (invalid section name)

- -
-
-
\ No newline at end of file diff --git a/rspec-tools/tests/resources/invalid-rules/S200/metadata.json b/rspec-tools/tests/resources/invalid-rules/S200/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rspec-tools/tests/resources/invalid-rules/S200/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rspec-tools/tests/resources/rules/S200/docker/metadata.json b/rspec-tools/tests/resources/rules/S200/docker/metadata.json new file mode 100644 index 00000000000..6692ce5d21c --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/docker/metadata.json @@ -0,0 +1,10 @@ +{ + "securityStandards": { + "OWASP": [ + "A1","A10" + ], + "OWASP Top 10 2021": [ + + ] + } +} diff --git a/rspec-tools/tests/resources/rules/S200/docker/rule.adoc b/rspec-tools/tests/resources/rules/S200/docker/rule.adoc new file mode 100644 index 00000000000..f7e4c4ee409 --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/docker/rule.adoc @@ -0,0 +1,12 @@ +== Why is this an issue? +== How to fix it +== Resources +=== Documentation + +* OWASP - https://www.owasp.org/index.php/HTTP_Response_Splitting[HTTP Response Splitting] + +=== Standards + +* OWASP - https://www.owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/113[CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')] diff --git a/rspec-tools/tests/resources/rules/S200/docker/rule.html b/rspec-tools/tests/resources/rules/S200/docker/rule.html new file mode 100644 index 00000000000..c2ee5cdb3b3 --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/docker/rule.html @@ -0,0 +1,43 @@ +
+

Why is this an issue?

+
+ +
+
+
+

How to fix it

+
+ +
+
+
+

Resources

+
+
+

Documentation

+
+ +
+
+
+

Standards

+
+ +
+
+
+
\ No newline at end of file diff --git a/rspec-tools/tests/resources/rules/S200/python/metadata.json b/rspec-tools/tests/resources/rules/S200/python/metadata.json new file mode 100644 index 00000000000..3c10dc2e77f --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/python/metadata.json @@ -0,0 +1,13 @@ +{ + "securityStandards": { + "ASVS 4.0": [ + "1.23.4" + ], + "OWASP": [ + "A1","A10" + ], + "OWASP Top 10 2021": [ + "A3" + ] + } +} diff --git a/rspec-tools/tests/resources/rules/S200/python/rule.adoc b/rspec-tools/tests/resources/rules/S200/python/rule.adoc new file mode 100644 index 00000000000..d4b7cb15421 --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/python/rule.adoc @@ -0,0 +1,14 @@ +== Why is this an issue? +== How to fix it +== Resources +=== Documentation + +* OWASP - https://www.owasp.org/index.php/HTTP_Response_Splitting[HTTP Response Splitting] + +=== Standards + +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[Top 10 2017 Category A10 - Insufficient Logging & Monitoring] +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/113[CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')] diff --git a/rspec-tools/tests/resources/rules/S200/python/rule.html b/rspec-tools/tests/resources/rules/S200/python/rule.html new file mode 100644 index 00000000000..fd2c3db56aa --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/python/rule.html @@ -0,0 +1,49 @@ +
+

Why is this an issue?

+
+ +
+
+
+

How to fix it

+
+ +
+
+
+

Resources

+
+
+

Documentation

+
+ +
+
+
+

Standards

+
+ +
+
+
+
\ No newline at end of file diff --git a/rspec-tools/tests/resources/rules/S200/terraform/metadata.json b/rspec-tools/tests/resources/rules/S200/terraform/metadata.json new file mode 100644 index 00000000000..9daf4a8d319 --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/terraform/metadata.json @@ -0,0 +1,10 @@ +{ + "securityStandards": { + "OWASP": [ + "A1" + ], + "OWASP Top 10 2021": [ + "A3" + ] + } +} diff --git a/rspec-tools/tests/resources/rules/S200/terraform/rule.adoc b/rspec-tools/tests/resources/rules/S200/terraform/rule.adoc new file mode 100644 index 00000000000..ecb0a7f9261 --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/terraform/rule.adoc @@ -0,0 +1,14 @@ +== Why is this an issue? +== How to fix it +== Resources +=== Documentation + +* OWASP - https://www.owasp.org/index.php/HTTP_Response_Splitting[HTTP Response Splitting] + +=== Standards + +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[Top 10 2017 Category A10 - Insufficient Logging & Monitoring] +* OWASP - https://www.owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/113[CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')] diff --git a/rspec-tools/tests/resources/rules/S200/terraform/rule.html b/rspec-tools/tests/resources/rules/S200/terraform/rule.html new file mode 100644 index 00000000000..8941ef5b719 --- /dev/null +++ b/rspec-tools/tests/resources/rules/S200/terraform/rule.html @@ -0,0 +1,49 @@ +
+

Why is this an issue?

+
+ +
+
+
+

How to fix it

+
+ +
+
+
+

Resources

+
+
+

Documentation

+
+ +
+
+
+

Standards

+
+ +
+
+
+
\ No newline at end of file diff --git a/rspec-tools/tests/test_coverage.py b/rspec-tools/tests/test_coverage.py index 6246a1eaf19..fcf99ca647e 100644 --- a/rspec-tools/tests/test_coverage.py +++ b/rspec-tools/tests/test_coverage.py @@ -65,6 +65,17 @@ def rules_dir(): ['sonarpedia.json', '{"rules-metadata-path": "rules", "languages":["XML"]}'], ['rules/S103.json', '{}']]} ]}, + {'name':'sonar-java', + 'versions': [ + {'name': '1.2.0.123', + 'date': '2020-01-02 10:00:00', + 'files': [['module1/rules/Sonar_way_profile.json', '{}'], + ['module1/sonarpedia.json', '{"rules-metadata-path": "rules", "languages":["JAVA"]}'], + ['module1/rules/S100.json', '{}'], + ['module2/rules/Sonar_way_profile.json', '{}'], + ['module2/sonarpedia.json', '{"rules-metadata-path": "rules", "languages":["JAVA"]}'], + ['module2/rules/S101.json', '{}']]} + ]}, {'name':'broken', 'versions': [ {'name': 'v1', @@ -159,19 +170,20 @@ def test_update_coverage_for_repo(tmpdir, rules_dir: Path, mock_git_analyzer_rep assert cov['JAVASCRIPT']['S1145'] == {'since': REPO + ' 3.3.0.5702', 'until': REPO + ' 6.7.0.14237'} -@patch('rspec_tools.coverage.REPOS', ['SonarJS', 'sonar-xml']) +@patch('rspec_tools.coverage.REPOS', ['SonarJS', 'sonar-xml', 'sonar-java']) def test_update_coverage_for_all_repos(tmpdir, rules_dir: Path, mock_git_analyzer_repos): with pushd(tmpdir), patch('rspec_tools.coverage.Repo', mock_git_analyzer_repos): update_coverage_for_all_repos(rules_dir) coverage = tmpdir.join('covered_rules.json') assert coverage.exists() cov = load_json(coverage) - assert {'JAVASCRIPT', 'TYPESCRIPT', 'XML', 'CSS'} == set(cov.keys()) + assert {'JAVASCRIPT', 'TYPESCRIPT', 'XML', 'CSS', 'JAVA'} == set(cov.keys()) assert 'S100' in cov['JAVASCRIPT'] assert 'MethodName' not in cov['JAVASCRIPT'] # MethodName is a legacy key for S100 assert {'S100'} == set(cov['CSS'].keys()) assert {'S103', 'S1000'} == set(cov['XML'].keys()) assert cov['XML']['S1000'] == 'SonarJS 7.0.0.14528' + assert {'S100', 'S101'} == set(cov['JAVA'].keys()) def test_update_coverage_no_sonarpedia(tmpdir, rules_dir: Path, mock_git_analyzer_repos, capsys): with pushd(tmpdir), patch('rspec_tools.coverage.Repo', mock_git_analyzer_repos): diff --git a/rspec-tools/tests/test_create_rule.py b/rspec-tools/tests/test_create_rule.py index adcb65e269a..a0deb0ebbb2 100644 --- a/rspec-tools/tests/test_create_rule.py +++ b/rspec-tools/tests/test_create_rule.py @@ -43,10 +43,13 @@ def test_create_new_multi_lang_rule_branch(rule_creator: RuleCreator, mock_git_r for lang_item in lang_root.glob('**/*'): if lang_item.is_file(): expected_content = lang_item.read_text().replace('${RSPEC_ID}', str(rule_number)) - expected_content = expected_content.replace('[source,text]', f'[source,{LANG_TO_SOURCE[os.path.basename(lang)]}]') + expected_content = expected_content.replace('[source,text', f'[source,{LANG_TO_SOURCE[os.path.basename(lang)]}') relative_path = lang_item.relative_to(lang_root) actual_content = rule_dir.joinpath(lang, relative_path).read_text() assert actual_content == expected_content + if lang_item.suffix == '.adoc': + assert 'source,text' not in actual_content + assert LANG_TO_SOURCE[os.path.basename(lang)] in actual_content def test_create_new_single_lang_rule_branch(rule_creator: RuleCreator, mock_git_rspec_repo: Repo): @@ -75,10 +78,13 @@ def test_create_new_single_lang_rule_branch(rule_creator: RuleCreator, mock_git_ if lang_item.is_file(): expected_content = lang_item.read_text().replace('${RSPEC_ID}', str(rule_number)) dir_name = os.path.basename(lang) - expected_content = expected_content.replace('[source,text]', f'[source,{LANG_TO_SOURCE[dir_name]}]') + expected_content = expected_content.replace('[source,text', f'[source,{LANG_TO_SOURCE[dir_name]}') relative_path = lang_item.relative_to(lang_root) actual_content = rule_dir.joinpath(lang, relative_path).read_text() assert actual_content == expected_content + if lang_item.suffix == '.adoc': + assert 'source,text' not in actual_content + assert LANG_TO_SOURCE[dir_name] in actual_content def test_create_new_rule_pull_request(rule_creator: RuleCreator): @@ -138,10 +144,13 @@ def test_add_lang_singlelang_nonconventional_rule_create_branch(rule_creator: Ru for lang_item in lang_root.glob('**/*'): if lang_item.is_file(): expected_content = lang_item.read_text().replace('${RSPEC_ID}', str(rule_number)) - expected_content = expected_content.replace('[source,text]', f'[source,{LANG_TO_SOURCE[language]}]') + expected_content = expected_content.replace('[source,text', f'[source,{LANG_TO_SOURCE[language]}') relative_path = lang_item.relative_to(lang_root) actual_content = rule_dir.joinpath(language, relative_path).read_text() assert actual_content == expected_content + if lang_item.suffix == '.adoc': + assert 'source,text' not in actual_content + assert LANG_TO_SOURCE[language] in actual_content def test_add_lang_singlelang_conventional_rule_create_branch(rule_creator: RuleCreator, mock_git_rspec_repo: Repo): @@ -186,10 +195,13 @@ def test_add_lang_multilang_rule_create_branch(rule_creator: RuleCreator, mock_g for lang_item in lang_root.glob('**/*'): if lang_item.is_file(): expected_content = lang_item.read_text().replace('${RSPEC_ID}', str(rule_number)) - expected_content = expected_content.replace('[source,text]', f'[source,{LANG_TO_SOURCE[language]}]') + expected_content = expected_content.replace('[source,text', f'[source,{LANG_TO_SOURCE[language]}') relative_path = lang_item.relative_to(lang_root) actual_content = rule_dir.joinpath(language, relative_path).read_text() assert actual_content == expected_content + if lang_item.suffix == '.adoc': + assert 'source,text' not in actual_content + assert LANG_TO_SOURCE[language] in actual_content @patch('rspec_tools.create_rule.RuleCreator') diff --git a/rspec-tools/tests/validation/test_asciidoc_sanitization.py b/rspec-tools/tests/validation/test_asciidoc_sanitization.py index 43512b2df7e..45c235ff13e 100644 --- a/rspec-tools/tests/validation/test_asciidoc_sanitization.py +++ b/rspec-tools/tests/validation/test_asciidoc_sanitization.py @@ -6,38 +6,46 @@ def relative_output(capsys, path: Path): - return capsys.readouterr().out.replace(str(path), '$PATH') + return capsys.readouterr().out.replace(str(path), "$PATH") -@pytest.mark.parametrize('invalid_file,expected_count', [('unbalanced_single_backquotes', 1), - ('unbalanced_double_backquotes', 1), - ('triple_backquotes', 1), - ('unprotected_formatting', 4), - ('unprotected_formatting_with_plusses', 1), - ('wrong_constrained_passthrough', 1), - ('unclosed_ifdef', 1), - ('close_unopened_ifdef', 1), - ('two_ifdef', 1), - ('two_ifdef_unclosed', 1), - ('vscode_ifdef', 2), - ('wrong_ifdef', 1), - ('wrong_endif', 1), - ('include_stuck_before', 1), - ('include_stuck_after', 1), - ('two_stuck_includes', 2) - ]) -def test_need_sanitation(mockinvalidasciidoc: Path, invalid_file, expected_count, capsys, snapshot): - '''Check that we detect needs for sanitation.''' +@pytest.mark.parametrize( + "invalid_file,expected_count", + [ + ("unbalanced_single_backquotes", 1), + ("unbalanced_double_backquotes", 1), + ("triple_backquotes", 1), + ("unprotected_formatting", 4), + ("unprotected_formatting_with_plusses", 1), + ("wrong_constrained_passthrough", 1), + ("unclosed_ifdef", 1), + ("close_unopened_ifdef", 1), + ("two_ifdef", 1), + ("two_ifdef_unclosed", 1), + ("vscode_ifdef", 2), + ("wrong_ifdef", 1), + ("wrong_endif", 1), + ("include_stuck_before", 1), + ("include_stuck_after", 1), + ("two_stuck_includes", 2), + ("unnamed_language", 2), + ("link_rule_sonarsource_com", 3), + ], +) +def test_need_sanitation( + mockinvalidasciidoc: Path, invalid_file, expected_count, capsys, snapshot +): + """Check that we detect needs for sanitation.""" name_path = Path(invalid_file) - adoc = mockinvalidasciidoc / name_path.with_suffix('.adoc') - expected = mockinvalidasciidoc / 'snapshots' / name_path.with_suffix('.txt') + adoc = mockinvalidasciidoc / name_path.with_suffix(".adoc") + expected = mockinvalidasciidoc / "snapshots" / name_path.with_suffix(".txt") assert sanitize_asciidoc(adoc) == expected_count - snapshot.snapshot_dir = mockinvalidasciidoc / 'snapshots' + snapshot.snapshot_dir = mockinvalidasciidoc / "snapshots" snapshot.assert_match(relative_output(capsys, mockinvalidasciidoc), expected) def test_correctly_sanitized(mockasciidoc: Path): - '''Check that we raise no issue on correctly sanitized asciidoc''' - name_path = Path('valid') - adoc = mockasciidoc / name_path.with_suffix('.adoc') + """Check that we raise no issue on correctly sanitized asciidoc""" + name_path = Path("valid") + adoc = mockasciidoc / name_path.with_suffix(".adoc") assert sanitize_asciidoc(adoc) == 0 diff --git a/rspec-tools/tests/validation/test_description_validation.py b/rspec-tools/tests/validation/test_description_validation.py index 9b4cf03bab5..f92772f84ce 100644 --- a/rspec-tools/tests/validation/test_description_validation.py +++ b/rspec-tools/tests/validation/test_description_validation.py @@ -4,8 +4,14 @@ import pytest from rspec_tools.errors import RuleValidationError from rspec_tools.rules import RulesRepository -from rspec_tools.validation.description import validate_section_names, \ - validate_section_levels, validate_parameters, validate_source_language, validate_subsections +from rspec_tools.validation.description import ( + validate_parameters, + validate_section_levels, + validate_section_names, + validate_security_standard_links, + validate_source_language, + validate_subsections, +) @pytest.fixture @@ -33,6 +39,11 @@ def test_unexpected_section_fails_validation(invalid_rule): with pytest.raises(RuleValidationError, match=fr'^Rule {rule.id} has an unconventional header "Invalid header"'): validate_section_names(rule) +def test_sections_with_wrong_level_fails_validation(invalid_rule): + rule = invalid_rule('S100', 'php') + with pytest.raises(RuleValidationError, match=fr'^Rule {rule.id} has some sections misclassified. Ensure there are not too many `=` in the asciidoc file for: How to fix it, Resources'): + validate_section_names(rule) + def test_valid_section_levels_passes_validation(rule_language): '''Check that description with correct formatting is considered valid.''' validate_section_levels(rule_language('S100', 'cfamily')) @@ -119,12 +130,6 @@ def test_wrong_format_how_to_fix_it_section_validation(invalid_rule): with pytest.raises(RuleValidationError, match=f'Rule typescript:S200 has a "How to fix it" section with an unsupported format: "How to fix it wrong format". Either use "How to fix it" or "How to fix it in FRAMEWORK NAME"'): validate_section_names(rule) -def test_unallowed_subsections_in_how_to_fix_it_validation(invalid_rule): - '''Check that having "How to fix it" subsections with unallowed names breaks validation''' - rule = invalid_rule('S200', 'java') - with pytest.raises(RuleValidationError, match=f'Rule java:S200 has a "How to fix it" subsection with an unallowed name: "Yolo \\(invalid section name\\)"'): - validate_subsections(rule) - def test_duplicate_subsections_in_how_to_fix_it_validation(invalid_rule): '''Check that having duplicate "How to fix it" subsections breaks validation''' rule = invalid_rule('S200', 'csharp') @@ -149,12 +154,6 @@ def test_education_format_missing_mandatory_sections_validation(invalid_rule): with pytest.raises(RuleValidationError, match=f'Rule common:S200 is missing the "Why is this an issue\\?" section'): validate_section_names(rule) -def test_code_examples_with_typo_validation(invalid_rule): - '''Check that the "Code examples" subsection with a typo in the education format breaks validation''' - rule = invalid_rule('S200', 'cobol') - with pytest.raises(RuleValidationError, match=f'Rule cobol:S200 has a "How to fix it" subsection with an unallowed name: "Coding examples"'): - validate_subsections(rule) - def test_noncompliant_examples_with_typo_validation(invalid_rule): '''Check that the "Non-compliant examples" sub-subsection with a typo in the education format breaks validation''' rule = invalid_rule('S200', 'apex') @@ -186,3 +185,20 @@ def test_valid_why_is_this_an_issue_subsections_validation(rule_language): '''Check that any substitle is considered valid in the "why is this an issue?" section''' rule = rule_language('S200', 'java') validate_subsections(rule) + +def test_valid_security_standard_links(rule_language): + '''Check that the security standards links match what is define in th rule metadata''' + rule = rule_language('S200', 'python') + validate_security_standard_links(rule) + +def test_missing_security_standard_links_fails_validation(rule_language): + '''Check that the security standards links match what is define in th rule metadata''' + rule = rule_language('S200', 'docker') + with pytest.raises(RuleValidationError, match=re.escape('Rule docker:S200 has a mismatch for the OWASP security standards. Add links to the Resources/See section ([\'A10\']) or fix the rule metadata')): + validate_security_standard_links(rule) + +def test_extra_security_standard_links_fails_validation(rule_language): + '''Check that the security standards links match what is define in th rule metadata''' + rule = rule_language('S200', 'terraform') + with pytest.raises(RuleValidationError, match=re.escape('Rule terraform:S200 has a mismatch for the OWASP security standards. Remove links from the Resources/See section ([\'A10\']) or fix the rule metadata')): + validate_security_standard_links(rule) diff --git a/rspec-tools/tests/validation/test_metadata_validation.py b/rspec-tools/tests/validation/test_metadata_validation.py index 87d25427d5a..e525b39d677 100644 --- a/rspec-tools/tests/validation/test_metadata_validation.py +++ b/rspec-tools/tests/validation/test_metadata_validation.py @@ -82,7 +82,7 @@ def test_rule_with_invalid_impacts(invalid_rules: RulesRepository): def test_rule_with_invalid_impact_level(invalid_rules: RulesRepository): s506 = invalid_rules.get_rule('S506') - with pytest.raises(RuleValidationError, match=re.escape("Rule S506 failed validation for these reasons:\n - Rule scala:S506 has invalid metadata in MAINTAINABILITY: 'INVALID' is not one of ['LOW', 'MEDIUM', 'HIGH']")): + with pytest.raises(RuleValidationError, match=re.escape("Rule S506 failed validation for these reasons:\n - Rule scala:S506 has invalid metadata in MAINTAINABILITY: 'INVALID' is not one of ['INFO', 'LOW', 'MEDIUM', 'HIGH', 'BLOCKER']")): validate_rule_metadata(s506) diff --git a/rules/S100/java/metadata.json b/rules/S100/java/metadata.json index 706bf8d862e..518fbf86811 100644 --- a/rules/S100/java/metadata.json +++ b/rules/S100/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Method names should comply with a naming convention" + "title": "Method names should comply with a naming convention", + "scope": "Main" } diff --git a/rules/S100/jcl/metadata.json b/rules/S100/jcl/metadata.json new file mode 100644 index 00000000000..76bc286efd4 --- /dev/null +++ b/rules/S100/jcl/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Procedure names should comply with a naming convention" +} \ No newline at end of file diff --git a/rules/S100/jcl/rule.adoc b/rules/S100/jcl/rule.adoc new file mode 100644 index 00000000000..c81f51b090a --- /dev/null +++ b/rules/S100/jcl/rule.adoc @@ -0,0 +1,36 @@ +== Why is this an issue? + +Shared naming conventions allow teams to collaborate efficiently. + +This rule raises an issue when a procedure name does not match a provided regular expression. + +For example, with the default provided regular expression ``++^[A-Z][A-Z0-9]*$++``, the procedure: + +[source,jcl] +---- +//* Noncompliant +//$PROC1 PROC +---- + +should be renamed to + +[source,jcl] +---- +//PROC1 PROC +---- + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S100/message.adoc b/rules/S100/message.adoc index c1006b34f32..2f3efe0a4b3 100644 --- a/rules/S100/message.adoc +++ b/rules/S100/message.adoc @@ -1,4 +1,4 @@ === Message -Rename [method|function|subroutine] "XXXX" to match the regular expression ${format}. +Rename [method|function|subroutine|procedure] "XXXX" to match the regular expression ${format}. diff --git a/rules/S100/php/rule.adoc b/rules/S100/php/rule.adoc index e3dd0b48e9f..db24c191d25 100644 --- a/rules/S100/php/rule.adoc +++ b/rules/S100/php/rule.adoc @@ -2,7 +2,7 @@ include::../rule.adoc[] For example, with the default provided regular expression ``++^[a-z][a-zA-Z0-9]*$++``, the function: -[source,php] +[source,php,diff-id=1,diff-type=noncompliant] ---- function DoSomething(){ // Noncompliant // ... @@ -11,13 +11,31 @@ function DoSomething(){ // Noncompliant should be renamed to -[source,php] +[source,php,diff-id=1,diff-type=compliant] ---- function doSomething(){ // ... } ---- +In case the Drupal framework is detected and the default regex is not replaced, it will follow the PHP coding standards for Drupal. + +[source,php,diff-id=2,diff-type=noncompliant] +---- +function doSomething(){ // Noncompliant + // ... +} +---- + +should be renamed to + +[source,php,diff-id=2,diff-type=compliant] +---- +function do_something(){ + // ... +} +---- + === Exceptions Methods with an ``++@inheritdoc++`` annotation, as well as magic methods (``++__construct()++``, ``++__destruct()++``, ``++__call()++``, ``++__callStatic()++``, ``++__get()++``, ``++__set()++``, ``++__isset()++``, ``++__unset()++``, ``++__sleep()++``, ``++__wakeup()++``, ``++__toString()++``, ``++__invoke()++``, ``++__set_state()++``, ``++__clone()++``, ``++__debugInfo()++``) are ignored. @@ -34,6 +52,10 @@ function __destruct(){...} // Compliant by exception function myFunc(){...} // Compliant by exception ---- +== References + +* https://www.drupal.org/docs/develop/standards/php/php-coding-standards#s-functions-and-variables[Drupal - Naming Conventions - Functions and variables] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1001/cfamily/rule.adoc b/rules/S1001/cfamily/rule.adoc index 7d7a9bac8e4..df2079bc164 100644 --- a/rules/S1001/cfamily/rule.adoc +++ b/rules/S1001/cfamily/rule.adoc @@ -2,8 +2,11 @@ `using` directives add additional scopes to the set of scopes searched during name lookup. All identifiers in these scopes become visible, increasing the possibility that the identifier found by the compiler does not meet developer expectations. -Using-declarations or fully-qualified names restricts the set of names considered to only the name explicitly specified, and so these are safer options. +_Using-declarations_ or fully-qualified names restricts the set of names considered to only the name explicitly specified, and so these are safer options. +=== Exceptions + +It is not easy to fully qualify the content of the `std::literals` and `std::placeholders` namespaces. Therefore, this rule does not raise violations for `using` directives that target these namespaces or their sub-namespaces. === Noncompliant code example diff --git a/rules/S1003/cfamily/rule.adoc b/rules/S1003/cfamily/rule.adoc index 8fff8267062..dba448e95af 100644 --- a/rules/S1003/cfamily/rule.adoc +++ b/rules/S1003/cfamily/rule.adoc @@ -1,13 +1,12 @@ == Why is this an issue? -A using directive makes names from another namespace available in the current scope. It should only be used when those names do not create an ambiguity with other names, otherwise, it is better to fully qualify the names you want to use. +A using-directive (e.g., `using namespace std;`) makes names from another namespace available in the current scope. It should only be used when those names do not create an ambiguity with other names. Otherwise, it is better to fully qualify the names you want to use. +The effect of using-directives inside a function body ceases at the end of the current scope. However, when the using-directives are at the global or namespace scope, their effects propagate to the rest of the scope. -When you write a header file, you don't know from which context it will be included. Therefore, if this header contains using directives, you cannot be sure that they will not create ambiguities in that context. Those ambiguities could lead to compilation failures or, worse, to a different function being selected by overload resolution depending on the order of inclusion of headers. - - -A using declaration behaves in the same way but only for one name. Because of their much narrower scope, this rule does not apply to using declarations. +When you write a header file, you don't know from which contexts it will be included. Therefore, if this header contains using-directives at the global or namespace scope, you cannot be sure that they will not create ambiguities in some of the including contexts. Those ambiguities could lead to compilation failures or, worse, to a different function being selected by overload resolution depending on the order of inclusion of headers. +This rule will raise an issue on using-directives in header files. === Noncompliant code example @@ -52,13 +51,22 @@ void m2 ( ) === Exceptions -The issue only happens if the using directive is at global scope or at namespace scope. If is is inside a function body, it will cease to be in effect at the end of the current scope, and will not propagate to the users of the header file. +Using-declarations (e.g., `using std::cout;`) behave in the same way but only for one name. This rule does not apply to them because their scope is much narrower. +Additionally, since it isn't easy to fully qualify the content of the `std::literals` and `std::placeholders` namespaces, this rule doesn't raise violations for using-directives that target these namespaces or their sub-namespaces, such as ``++std::literals::chrono_literals++``. == Resources +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/language/namespace#Using-directives[using-directives] + + +=== External coding guidelines + * MISRA {cpp}:2008, 7-3-6 - using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files. -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#sf7-dont-write-using-namespace-at-global-scope-in-a-header-file[{cpp} Core Guidelines SF.7] - Don’t write ``++using namespace++`` at global scope in a header file + +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#sf7-dont-write-using-namespace-at-global-scope-in-a-header-file[SF.7: Don't write `using namespace` at global scope in a header file] ifdef::env-github,rspecator-view[] diff --git a/rules/S101/dart/metadata.json b/rules/S101/dart/metadata.json new file mode 100644 index 00000000000..17971333806 --- /dev/null +++ b/rules/S101/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S101/dart/rule.adoc b/rules/S101/dart/rule.adoc new file mode 100644 index 00000000000..234ca3cc8d4 --- /dev/null +++ b/rules/S101/dart/rule.adoc @@ -0,0 +1,56 @@ +== Why is this an issue? + +Shared naming conventions allow teams to collaborate efficiently. In Dart, the convention is that all type names should be in camel-case starting with a capital letter (aka Pascal case). + +This rule raises an issue when a class name does not comply with this convention. + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,dart] +---- +class My_Class { } // Noncompliant: contains a dash +class myClass { } // Noncompliant: starts with a lowercase +class myclass { } // Noncompliant: all in lowercase +---- + +==== Compliant solution + +[source,dart] +---- +class MyClass { } +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/camel_case_types[Dart Linter rule - camel_case_types] + +=== Related rules + +* S7046 - Extension identifiers should comply with a naming convention +* S7075 - Non-constant names should comply with a naming convention + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* The type name '' isn't an UpperCamelCase identifier. + +=== Highlighting + +The type name (without generic parameters, or representation type declaration). + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S101/java/metadata.json b/rules/S101/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S101/java/metadata.json +++ b/rules/S101/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S103/java/metadata.json b/rules/S103/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S103/java/metadata.json +++ b/rules/S103/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S103/php/metadata.json b/rules/S103/php/metadata.json index d860fd4691d..0db3279e44b 100644 --- a/rules/S103/php/metadata.json +++ b/rules/S103/php/metadata.json @@ -1,5 +1,3 @@ { - "defaultQualityProfiles": [ - "Sonar way" - ] + } diff --git a/rules/S1032/cfamily/metadata.json b/rules/S1032/cfamily/metadata.json index 336c9a190f8..9730fd0059b 100644 --- a/rules/S1032/cfamily/metadata.json +++ b/rules/S1032/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -17,19 +17,13 @@ "based-on-misra" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1032", "sqKey": "S1032", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1032/cfamily/rule.adoc b/rules/S1032/cfamily/rule.adoc index 8051d38152e..24a17f2b59f 100644 --- a/rules/S1032/cfamily/rule.adoc +++ b/rules/S1032/cfamily/rule.adoc @@ -44,7 +44,7 @@ bool isMax(T t){ == Resources * MISRA {cpp}:2008, 14-8-1 -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#t144-dont-specialize-function-templates[{cpp} Core Guidelines T.144] - Don’t specialize function templates +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#t144-dont-specialize-function-templates[T.144: Don't specialize function templates] ifdef::env-github,rspecator-view[] diff --git a/rules/S1036/cfamily/metadata.json b/rules/S1036/cfamily/metadata.json index 1b1a972b491..c5de7df80b0 100644 --- a/rules/S1036/cfamily/metadata.json +++ b/rules/S1036/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -19,12 +19,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1036", diff --git a/rules/S104/java/metadata.json b/rules/S104/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S104/java/metadata.json +++ b/rules/S104/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S104/rpg/metadata.json b/rules/S104/rpg/metadata.json index c6f2fc9c713..17971333806 100644 --- a/rules/S104/rpg/metadata.json +++ b/rules/S104/rpg/metadata.json @@ -1,3 +1,3 @@ { - "title": "Files should not have too many lines" + } diff --git a/rules/S104/rpg/rule.adoc b/rules/S104/rpg/rule.adoc index 9987aa501a9..a73deaa3f69 100644 --- a/rules/S104/rpg/rule.adoc +++ b/rules/S104/rpg/rule.adoc @@ -6,7 +6,9 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -include::../message.adoc[] +=== Message + +File "XXXX" has {0} lines of code, which is greater than {1} authorized. Split it into smaller files. include::../parameters.adoc[] diff --git a/rules/S1041/plsql/rule.adoc b/rules/S1041/plsql/rule.adoc index 223a082d54b..0e5c7c51b98 100644 --- a/rules/S1041/plsql/rule.adoc +++ b/rules/S1041/plsql/rule.adoc @@ -46,7 +46,7 @@ END; == Resources -* https://cwe.mitre.org/data/definitions/391[MITRE, CWE-391] - Unchecked Error Condition +* CWE - https://cwe.mitre.org/data/definitions/391[CWE-391 - Unchecked Error Condition] ifdef::env-github,rspecator-view[] diff --git a/rules/S1044/cfamily/rule.adoc b/rules/S1044/cfamily/rule.adoc index 89fc1511a49..5bd62777161 100644 --- a/rules/S1044/cfamily/rule.adoc +++ b/rules/S1044/cfamily/rule.adoc @@ -47,7 +47,7 @@ try { * CERT - https://wiki.sei.cmu.edu/confluence/x/SXs-BQ[ERR61-CPP. Catch exceptions by lvalue reference] === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#e15-catch-exceptions-from-a-hierarchy-by-reference[E.15 Catch exceptions from a hierarchy by reference] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#e15-throw-by-value-catch-exceptions-from-a-hierarchy-by-reference[E.15: Throw by value, catch exceptions from a hierarchy by reference] * MISRA {cpp}:2008, 15-3-5 - A class type exception shall always be caught by reference === Related rules diff --git a/rules/S1045/python/metadata.json b/rules/S1045/python/metadata.json index 89d10e37816..2a1561a45ff 100644 --- a/rules/S1045/python/metadata.json +++ b/rules/S1045/python/metadata.json @@ -1,3 +1,6 @@ { - "title": "All \"except\" blocks should be able to catch exceptions" + "title": "All \"except\" blocks should be able to catch exceptions", + "tags": [ + "suspicious" + ] } diff --git a/rules/S1048/csharp/metadata.json b/rules/S1048/csharp/metadata.json index 1a385910efb..7f94eb8fb1e 100644 --- a/rules/S1048/csharp/metadata.json +++ b/rules/S1048/csharp/metadata.json @@ -2,7 +2,7 @@ "title": "Finalizers should not throw exceptions", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, diff --git a/rules/S1048/vbnet/metadata.json b/rules/S1048/vbnet/metadata.json index 61023668772..e9440f22ce0 100644 --- a/rules/S1048/vbnet/metadata.json +++ b/rules/S1048/vbnet/metadata.json @@ -2,7 +2,7 @@ "title": "Finalize method should not throw exceptions", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, diff --git a/rules/S1049/cfamily/rule.adoc b/rules/S1049/cfamily/rule.adoc index b533f75cd83..98b5819893b 100644 --- a/rules/S1049/cfamily/rule.adoc +++ b/rules/S1049/cfamily/rule.adoc @@ -18,8 +18,8 @@ void foo () // no exceptions specified throw ( 21 ); // anything can be thrown } -void goo ( ) throw ( Exception ) -{ +void goo ( ) throw ( Exception ) +{ foo ( ); // Noncompliant; an int could be thrown } ---- @@ -34,8 +34,8 @@ void foo () // no exceptions specified throw ( 21 ); // this is legal; anything can be thrown } -void goo ( ) throw ( Exception, int ) -{ +void goo ( ) throw ( Exception, int ) +{ foo ( ); } ---- @@ -44,8 +44,7 @@ void goo ( ) throw ( Exception, int ) == Resources * MISRA {cpp}:2008, 15-5-2 -* https://cwe.mitre.org/data/definitions/391[MITRE, CWE-391] - Unchecked Error Condition -* https://www.securecoding.cert.org/confluence/x/EADTAQ[CERT, ERR55-CPP.] - Honor exception specifications +* CWE - https://cwe.mitre.org/data/definitions/391[CWE-391 - Unchecked Error Condition] ifdef::env-github,rspecator-view[] diff --git a/rules/S105/java/metadata.json b/rules/S105/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S105/java/metadata.json +++ b/rules/S105/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1053/cfamily/rule.adoc b/rules/S1053/cfamily/rule.adoc index d057c5499a7..6335330c635 100644 --- a/rules/S1053/cfamily/rule.adoc +++ b/rules/S1053/cfamily/rule.adoc @@ -38,7 +38,7 @@ void fn ( std::string str ) == Resources * MISRA {cpp}:2008, 18-0-5 -* https://cwe.mitre.org/data/definitions/120[MITRE, CWE-120] - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') +* CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] ifdef::env-github,rspecator-view[] diff --git a/rules/S1057/plsql/rule.adoc b/rules/S1057/plsql/rule.adoc index 594d1a0dbfd..a7830fcabd0 100644 --- a/rules/S1057/plsql/rule.adoc +++ b/rules/S1057/plsql/rule.adoc @@ -27,9 +27,9 @@ END; == Resources -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://cwe.mitre.org/data/definitions/269[MITRE, CWE-269] - Improper Privilege Management -* https://cwe.mitre.org/data/definitions/270[MITRE, CWE-270] - Privilege Context Switching Error +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* CWE - https://cwe.mitre.org/data/definitions/269[CWE-269 - Improper Privilege Management] +* CWE - https://cwe.mitre.org/data/definitions/270[CWE-270 - Privilege Context Switching Error] ifdef::env-github,rspecator-view[] diff --git a/rules/S1058/plsql/metadata.json b/rules/S1058/plsql/metadata.json index 613fd0eb4e4..4e0b9a53f6a 100644 --- a/rules/S1058/plsql/metadata.json +++ b/rules/S1058/plsql/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,13 +12,9 @@ "func": "Constant\/Issue", "constantCost": "30min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "PipelinedFunctionsWithoutPipeRow" ] diff --git a/rules/S106/cfamily/rule.adoc b/rules/S106/cfamily/rule.adoc index 2201acb8fe4..44b3db57d38 100644 --- a/rules/S106/cfamily/rule.adoc +++ b/rules/S106/cfamily/rule.adoc @@ -1,4 +1,4 @@ -:language_std_outputs: std::cout, std::cerr, printf +:language_std_outputs: std::cout, std::cerr, printf, std::print == Why is this an issue? @@ -32,8 +32,8 @@ void doSomething() == Resources -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] ifdef::env-github,rspecator-view[] diff --git a/rules/S106/csharp/rule.adoc b/rules/S106/csharp/rule.adoc index f40656a6432..b9acb4b61c0 100644 --- a/rules/S106/csharp/rule.adoc +++ b/rules/S106/csharp/rule.adoc @@ -52,7 +52,8 @@ public class MyClass == Resources -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] ifdef::env-github,rspecator-view[] diff --git a/rules/S106/dart/metadata.json b/rules/S106/dart/metadata.json new file mode 100644 index 00000000000..e54ab34bfd4 --- /dev/null +++ b/rules/S106/dart/metadata.json @@ -0,0 +1,5 @@ +{ + "defaultQualityProfiles": [ + + ] +} diff --git a/rules/S106/dart/rule.adoc b/rules/S106/dart/rule.adoc new file mode 100644 index 00000000000..72091558ab3 --- /dev/null +++ b/rules/S106/dart/rule.adoc @@ -0,0 +1,84 @@ +:language_std_outputs: print + +== Why is this an issue? + +include::../description.adoc[] + +If you are using Flutter, you can use `debugPrint` or surround print calls with a check for `kDebugMode`. + +=== Code examples + +==== Noncompliant code example + +[source,dart] +---- +void doSomething(int x) { + // ... + print('debug: $x'); + // ... +} +---- + +==== Compliant solution + +[source,dart] +---- +void doSomething(int x) { + // ... + debugPrint('debug: $x'); + // ... +} +---- + +or + +[source,dart] +---- +void doSomething(int x) { + // ... + if (kDebugMode) { + print('debug: $x'); + } + // ... +} +---- + +or + +[source,dart] +---- +void doSomething(int x) { + // ... + log('log: $x'); + // ... +} +---- + +== Resources + +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* Dart Docs - https://dart.dev/tools/linter-rules/avoid_print[Dart Linter rule - avoid_print] +* Flutter API Docs - https://api.flutter.dev/flutter/foundation/kDebugMode-constant.html[kDebugMode top-level constant] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Don't invoke 'print' in production code. + +=== Highlighting + +The identifier of the `print` method, without argument list. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S106/java/rule.adoc b/rules/S106/java/rule.adoc index 58d8a6e2969..051e651e07a 100644 --- a/rules/S106/java/rule.adoc +++ b/rules/S106/java/rule.adoc @@ -40,8 +40,8 @@ class MyClass { === Documentation * https://docs.oracle.com/javase/7/docs/api/java/util/logging/Logger.html[Java SE 7 API Specification: java.util.logging.Logger] -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://wiki.sei.cmu.edu/confluence/x/nzdGBQ[CERT, ERR02-J.] - Prevent exceptions while logging data ifdef::env-github,rspecator-view[] diff --git a/rules/S106/javascript/rule.adoc b/rules/S106/javascript/rule.adoc index f98542da721..effdd0772a5 100644 --- a/rules/S106/javascript/rule.adoc +++ b/rules/S106/javascript/rule.adoc @@ -39,8 +39,8 @@ function doSomething() { == Resources -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] ifdef::env-github,rspecator-view[] diff --git a/rules/S1065/dart/metadata.json b/rules/S1065/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1065/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1065/dart/rule.adoc b/rules/S1065/dart/rule.adoc new file mode 100644 index 00000000000..6f84c12c53b --- /dev/null +++ b/rules/S1065/dart/rule.adoc @@ -0,0 +1,57 @@ +== Why is this an issue? + +include::../description.adoc[] + +=== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void foo() { + outer: //label is not used. + for(int i = 0; i < 10; i++) { + break; + } +} +---- + +=== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +void foo() { + for(int i = 0; i < 10; i++) { + break; + } +} +---- + +== Resources + +=== Documentation + +* CERT - https://wiki.sei.cmu.edu/confluence/x/5dUxBQ[CERT, MSC12-C.] - Detect and remove code that has no effect or is never executed +* Dart Docs - https://dart.dev/tools/diagnostic-messages?utm_source=dartdev&utm_medium=redir&utm_id=diagcode&utm_content=unnecessary_cast#unused_label[Dart Linter rule - unused_label] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* The label '' isn't used. + +`` doesn't include the semicolon. + +=== Highlighting + +The label name, including the semicolon. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1065/java/metadata.json b/rules/S1065/java/metadata.json index 8033d8a15a8..59ddee43052 100644 --- a/rules/S1065/java/metadata.json +++ b/rules/S1065/java/metadata.json @@ -7,5 +7,6 @@ "CERT": [ "MSC12-C." ] - } + }, + "scope": "Main" } diff --git a/rules/S1067/java/metadata.json b/rules/S1067/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1067/java/metadata.json +++ b/rules/S1067/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1068/dart/metadata.json b/rules/S1068/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1068/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1068/dart/rule.adoc b/rules/S1068/dart/rule.adoc new file mode 100644 index 00000000000..ecde6b6dc2f --- /dev/null +++ b/rules/S1068/dart/rule.adoc @@ -0,0 +1,22 @@ +== Why is this an issue? + +include::../description.adoc[] + +[source,dart] +---- +class MyClass { + final String _str; // Noncompliant, _str private field is never read + + C(this._str); +} +---- + +== How to fix it + +If the field isn't needed, then remove it. + +If the field was intended to be used, then add the missing code. + +== Resources + +* https://dart.dev/tools/diagnostic-messages?utm_source=dartdev&utm_medium=redir&utm_id=diagcode&utm_content=unnecessary_cast#unused_field[Dart compiler diagnostic - unused field] diff --git a/rules/S1068/java/rule.adoc b/rules/S1068/java/rule.adoc index 5fedb1fb43f..4dd96f4907a 100644 --- a/rules/S1068/java/rule.adoc +++ b/rules/S1068/java/rule.adoc @@ -34,9 +34,10 @@ public class MyClass implements java.io.Serializable { } ---- -* Annotated fields +* Annotated fields and classes annotated with Lombok annotations -The unused field in this class will not be reported by the rule as it is annotated. +The unused field in this class will not be reported by the rule as it is annotated, +except if annotation class `SomeAnnotation` is listed in the `ignoreAnnotations` parameter (see Parameters). [source,java] ---- public class MyClass { @@ -62,6 +63,18 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) +=== Parameters + +.ignoreAnnotations +**** + +---- +"" +---- + +A comma separated list of fully qualified annotation class names that do not prevent a private field from being reported. +**** + include::../message.adoc[] ''' diff --git a/rules/S1069/metadata.json b/rules/S1069/metadata.json index 7522076aed1..6a30b9dc6b8 100644 --- a/rules/S1069/metadata.json +++ b/rules/S1069/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "sql" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1069", diff --git a/rules/S107/cfamily/rule.adoc b/rules/S107/cfamily/rule.adoc index 3f12ddad2de..b6538823d05 100644 --- a/rules/S107/cfamily/rule.adoc +++ b/rules/S107/cfamily/rule.adoc @@ -4,7 +4,7 @@ include::../rule.adoc[] == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#i23-keep-the-number-of-function-arguments-low[{cpp} Core Guidelines I.23]: Keep the number of function arguments low +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#i23-keep-the-number-of-function-arguments-low[I.23: Keep the number of function arguments low] ifdef::env-github,rspecator-view[] diff --git a/rules/S107/dart/metadata.json b/rules/S107/dart/metadata.json new file mode 100644 index 00000000000..17971333806 --- /dev/null +++ b/rules/S107/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S107/dart/noncompliant.adoc b/rules/S107/dart/noncompliant.adoc new file mode 100644 index 00000000000..4cfbe840119 --- /dev/null +++ b/rules/S107/dart/noncompliant.adoc @@ -0,0 +1,6 @@ +[source,dart] +---- +void setCoordinates(int x1, int y1, int z1, int x2, int y2, int z2) { // Noncompliant + // ... +} +---- diff --git a/rules/S107/dart/rule.adoc b/rules/S107/dart/rule.adoc new file mode 100644 index 00000000000..358c7676b0c --- /dev/null +++ b/rules/S107/dart/rule.adoc @@ -0,0 +1,21 @@ +:language: dart + +include::../rule.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S107/dart/split-example.adoc b/rules/S107/dart/split-example.adoc new file mode 100644 index 00000000000..10b5cfd1aba --- /dev/null +++ b/rules/S107/dart/split-example.adoc @@ -0,0 +1,11 @@ +[source,dart] +---- +// Each function does a part of what the original setCoordinates function was doing, so confusion risks are lower +void setOrigin(int x, int y, int z) { + // ... +} + +void setSize(int width, int height, int depth) { + // ... +} +---- diff --git a/rules/S107/dart/struct-example.adoc b/rules/S107/dart/struct-example.adoc new file mode 100644 index 00000000000..0437a69ad68 --- /dev/null +++ b/rules/S107/dart/struct-example.adoc @@ -0,0 +1,13 @@ +[source,dart] +---- +class Point { // In geometry, Point is a logical structure to group data + int x; + int y; + + Point(this.x, this.y); +} + +void setCoordinates(Point p1, Point p2) { + // ... +} +---- diff --git a/rules/S107/description.adoc b/rules/S107/description.adoc index 41b94db1674..46dbd0516cd 100644 --- a/rules/S107/description.adoc +++ b/rules/S107/description.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -{upper_function}s with a long parameter list are difficult to use, as maintainers must figure out the role of each parameter and keep track of their position. +{upper_function}s with a long parameter list are difficult to use because maintainers must figure out the role of each parameter and keep track of their position. include::{language}/noncompliant.adoc[] diff --git a/rules/S107/java/metadata.json b/rules/S107/java/metadata.json index 76308d08f10..883315ce156 100644 --- a/rules/S107/java/metadata.json +++ b/rules/S107/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Methods should not have too many parameters" + "title": "Methods should not have too many parameters", + "scope": "Main" } diff --git a/rules/S1074/plsql/metadata.json b/rules/S1074/plsql/metadata.json index 80e0ed55d7a..54b0c65f9d4 100644 --- a/rules/S1074/plsql/metadata.json +++ b/rules/S1074/plsql/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -12,13 +12,9 @@ "func": "Constant\/Issue", "constantCost": "1h" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "ForallStatementShouldUseSaveExceptionsClause" ] diff --git a/rules/S1075/java/rule.adoc b/rules/S1075/java/rule.adoc index 35c761c2566..8a6b7dd22cc 100644 --- a/rules/S1075/java/rule.adoc +++ b/rules/S1075/java/rule.adoc @@ -1,5 +1,13 @@ include::../description.adoc[] +=== Exceptions + +This rule does not raise an issue when: + +* A constant path is relative and contains at most two parts. +* A constant path is used in an annotation +* A path is annotated + == How to fix it === Code examples @@ -9,6 +17,8 @@ include::../description.adoc[] [source,java,diff-id=1,diff-type=noncompliant] ---- public class Foo { + public static final String FRIENDS_ENDPOINT = "/user/friends"; // Compliant path is relative and has only two parts + public Collection listUsers() { File userList = new File("/home/mylogin/Dev/users.txt"); // Noncompliant Collection users = parse(userList); @@ -38,6 +48,24 @@ public class Foo { } ---- +Exceptions examples: + +[source,java] +---- +public class Foo { + public static final String FRIENDS_ENDPOINT = "/user/friends"; // Compliant path is relative and has only two parts + + public static final String ACCOUNT = "/account/group/list.html"; // Compliant path is used in an annotation + + @Value("${base.url}" + ACCOUNT) + private String groupUrl; + + @MyAnnotation() + String path = "/default/url/for/site"; // Compliant path is annotated + +} +---- + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1077/html/metadata.json b/rules/S1077/html/metadata.json index 860e6eb5623..791b63f2443 100644 --- a/rules/S1077/html/metadata.json +++ b/rules/S1077/html/metadata.json @@ -1,35 +1,4 @@ { - "title": "Image, area and button with image tags should have an \"alt\" attribute", - "type": "BUG", - "code": { - "impacts": { - "RELIABILITY": "LOW" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "accessibility", - "wcag2-a" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - "ImgWithoutAltCheck" - ] - }, - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-1077", - "sqKey": "ImgWithoutAltCheck", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" + "title": "Image, area and button with image elements should have an \"alt\" attribute", + "sqKey": "ImgWithoutAltCheck" } diff --git a/rules/S1077/html/rule.adoc b/rules/S1077/html/rule.adoc index d226704870f..36c28bb5e98 100644 --- a/rules/S1077/html/rule.adoc +++ b/rules/S1077/html/rule.adoc @@ -8,57 +8,19 @@ Common reasons for that include: * The image can no longer be found * Visually impaired users using a screen reader software -* Images loading is disabled, to reduce data consumption on mobile phones +* Image loading is disabled, to reduce data consumption on mobile phones -It is also very important to not set an ``++alt++`` attribute to a non-informative value. For example ``++logo++`` is useless as it doesn't give any information to the user. In this case, as for any other decorative image, it is better to use a CSS background image instead of an ``++++`` tag. If using CSS background-image is not possible, an empty ``++alt=""++`` is tolerated. See Exceptions bellow. +It is also very important not to set an ``++alt++`` attribute to a non-informative value. For example, ``++logo++`` is useless as it doesn't give any information to the user. In this case, as for any other decorative image, it is better to use a CSS background image instead of an ``++++`` tag. If using CSS ``++background-image++`` is not possible, an empty ``++alt=""++`` is tolerated. See Exceptions below. -This rule raises an issue when - -* an ``++++`` tag or an ``++++`` tag have no ``++alt++`` attribute or their ``++alt++`` attribute has an empty string value. -* an ``++++`` tag has no ``++alt++`` attribute. - - -=== Noncompliant code example - -[source,html] ----- - - - - -rooms of the house. - - - - ----- - - -=== Compliant solution - -[source,html] ----- -Some textual description of foo.png - - -rooms of the house. - - Bedroom - Lounge - ----- +This rule raises an issue when: +* An ``++++`` or ``++++`` element has no ``++alt++`` attribute or it holds an empty string value. +* An ``++++`` element has no ``++alt++`` attribute. === Exceptions -``++++`` tags with empty string ``++alt=""++`` attributes won't raise any issue. However this technic should be used in two cases only: +``++++`` elements with an empty string ``++alt=""++`` attribute won't raise any issue. However, this way should be used in two cases only: When the image is decorative and it is not possible to use a CSS background image. For example, when the decorative ``++++`` is generated via javascript with a source image coming from a database, it is better to use an ``++++`` tag rather than generate CSS code. @@ -69,7 +31,7 @@ When the image is decorative and it is not possible to use a CSS background imag ---- -When the image is not decorative but it's ``++alt++`` text would repeat a nearby text. For example, images contained in links should not duplicate the link's text in their ``++alt++`` attribute, as it would make the screen reader repeat the text twice. +When the image is not decorative but its ``++alt++`` text would repeat a nearby text. For example, images contained in links should not duplicate the link's text in their ``++alt++`` attribute, as it would make the screen reader repeat the text twice. [source,html] ---- @@ -80,20 +42,59 @@ When the image is not decorative but it's ``++alt++`` text would repeat a nearby ---- In all other cases you should use CSS background images. +== How to fix it -See https://www.w3.org/WAI/tutorials/images/decision-tree/[W3C WAI Web Accessibility Tutorials] for more information. +Add an alternative text to the HTML element. +=== Code examples -== Resources +==== Noncompliant code example -* https://www.w3.org/TR/WCAG20-TECHS/H24.html[WCAG2, H24] - Providing text alternatives for the area elements of image maps -* https://www.w3.org/TR/WCAG20-TECHS/H36.html[WCAG2, H36] - Using alt attributes on images used as submit buttons -* https://www.w3.org/TR/WCAG20-TECHS/H37.html[WCAG2, H37] - Using alt attributes on img elements -* https://www.w3.org/TR/WCAG20-TECHS/H67.html[WCAG2, H67] - Using null alt text and no title attribute on img elements for images that AT should ignore -* https://www.w3.org/TR/WCAG20-TECHS/H2.html[WCAG2, H2] - Combining adjacent image and text links for the same resource -* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-text-equiv-all[WCAG2, 1.1.1] - Non-text Content -* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-navigation-mechanisms-refs[WCAG2, 2.4.4] - Link Purpose (In Context) -* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-navigation-mechanisms-link[WCAG2, 2.4.9] - Link Purpose (Link Only) +[source,html,diff-id=1,diff-type=noncompliant] +---- + + + + +rooms of the house. + + + + +---- + +==== Compliant solution + +[source,html,diff-id=1,diff-type=compliant] +---- +Some textual description of foo.png + + +rooms of the house. + + Bedroom + Lounge + +---- + +== Resources +=== Documentation + +* W3C - https://www.w3.org/WAI/tutorials/images/decision-tree/[W3C WAI Web Accessibility Tutorials] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H24.html[Providing text alternatives for the area elements of image maps] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H36.html[Using alt attributes on images used as submit buttons] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H37.html[Using alt attributes on img elements] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H67.html[Using null alt text and no title attribute on img elements for images that AT should ignore] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H2.html[Combining adjacent image and text links for the same resource] +* W3C - https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-text-equiv-all[Non-text Content] +* W3C - https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-navigation-mechanisms-refs[Link Purpose (In Context)] +* W3C - https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-navigation-mechanisms-link[Link Purpose (Link Only)] ifdef::env-github,rspecator-view[] diff --git a/rules/S1077/javascript/metadata.json b/rules/S1077/javascript/metadata.json new file mode 100644 index 00000000000..d1b8102e318 --- /dev/null +++ b/rules/S1077/javascript/metadata.json @@ -0,0 +1,7 @@ +{ + "tags": [ + "accessibility", + "wcag2-a", + "react" + ] +} diff --git a/rules/S1077/javascript/rule.adoc b/rules/S1077/javascript/rule.adoc new file mode 100644 index 00000000000..847e0b6eac9 --- /dev/null +++ b/rules/S1077/javascript/rule.adoc @@ -0,0 +1,103 @@ +== Why is this an issue? + +The ``++alt++``, ``++aria-label++`` and ``++aria-labelledby++`` attributes provide a textual alternative to an image. + +It is used whenever the actual image cannot be rendered. + +Common reasons for that include: + +* The image can no longer be found +* Visually impaired users using a screen reader software +* Image loading is disabled, to reduce data consumption on mobile phones + +It is also very important not to set an alternative text attribute to a non-informative value. For example, ``++logo++`` is useless as it doesn't give any information to the user. In this case, as for any other decorative image, it is better to use a CSS background image instead of an ``++++`` tag. If using CSS ``++background-image++`` is not possible, an empty ``++alt=""++`` is tolerated. See Exceptions below. + + +This rule raises an issue when: + +* An ``++++`` element has no ``++alt++`` attribute. +* An ``++++`` element has no ``++alt++``, ``++aria-label++`` or ``++aria-labelledby++`` attribute or they hold an empty string. +* An ``++++`` element within an image map has no ``++alt++``, ``++aria-label++`` or ``++aria-labelledby++`` attribute. +* An ``++++`` element has no inner text, ``++title++``, ``++aria-label++`` or ``++aria-labelledby++`` attribute. + +=== Exceptions + +``++++`` elements with an empty string ``++alt=""++`` attribute won't raise any issue. However, this way should be used in two cases only: + + +When the image is decorative and it is not possible to use a CSS background image. For example, when the decorative ``++++`` is generated via javascript with a source image coming from a database, it is better to use an ``++++`` tag rather than generate CSS code. + +[source,html] +---- +
  • + +
    • +---- +When the image is not decorative but its ``++alt++`` text would repeat a nearby text. For example, images contained in links should not duplicate the link's text in their ``++alt++`` attribute, as it would make the screen reader repeat the text twice. + +[source,html] +---- + + + A blooming tulip + +---- +In all other cases you should use CSS background images. + +== How to fix it + +Add an alternative text to the HTML element. + +=== Code examples + +==== Noncompliant code example + +[source,html,diff-id=1,diff-type=noncompliant] +---- + + + + +rooms of the house. + + + + + + +---- + +==== Compliant solution + +[source,html,diff-id=1,diff-type=compliant] +---- +Some textual description of foo.png + + +rooms of the house. + + Bedroom + + + +My welcoming Bar +---- + +== Resources +=== Documentation + +* W3C - https://www.w3.org/WAI/tutorials/images/decision-tree/[W3C WAI Web Accessibility Tutorials] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H24.html[Providing text alternatives for the area elements of image maps] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H36.html[Using alt attributes on images used as submit buttons] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H37.html[Using alt attributes on img elements] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H67.html[Using null alt text and no title attribute on img elements for images that AT should ignore] +* W3C - https://www.w3.org/TR/WCAG20-TECHS/H2.html[Combining adjacent image and text links for the same resource] +* W3C - https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-text-equiv-all[Non-text Content] +* W3C - https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-navigation-mechanisms-refs[Link Purpose (In Context)] +* W3C - https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-navigation-mechanisms-link[Link Purpose (Link Only)] diff --git a/rules/S1077/metadata.json b/rules/S1077/metadata.json index 2c63c085104..a8f71e41eea 100644 --- a/rules/S1077/metadata.json +++ b/rules/S1077/metadata.json @@ -1,2 +1,35 @@ { + "title": "Image, area, button with image and object elements should have an alternative text", + "type": "CODE_SMELL", + "code": { + "impacts": { + "RELIABILITY": "LOW" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility", + "wcag2-a" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + "ImgWithoutAltCheck" + ] + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-1077", + "sqKey": "S1077", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "infeasible" } diff --git a/rules/S1079/cfamily/metadata.json b/rules/S1079/cfamily/metadata.json index d62a90d4149..58cbd443dad 100644 --- a/rules/S1079/cfamily/metadata.json +++ b/rules/S1079/cfamily/metadata.json @@ -45,6 +45,9 @@ "ASVS 4.0": [ "14.1.2", "5.4.1" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S1079/cfamily/rule.adoc b/rules/S1079/cfamily/rule.adoc index 74c1b4a903d..6d36c0756cc 100644 --- a/rules/S1079/cfamily/rule.adoc +++ b/rules/S1079/cfamily/rule.adoc @@ -20,7 +20,7 @@ Note that the ``++%s++`` format specifier always null-terminates the string in t ==== Noncompliant code example -[source,C++,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=1,diff-type=noncompliant] ---- char buffer[10]; scanf("%s", buffer); // Noncompliant @@ -30,7 +30,7 @@ If this code is given the word ``noncompliant`` as an input, ``noncomplia`` will ==== Compliant solution -[source,C++,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=1,diff-type=compliant] ---- char buffer[10]; scanf("%9s", buffer); @@ -48,8 +48,9 @@ If this code is given the word ``noncompliant`` as an input, ``noncompli␀`` wi === Standards * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] -* MITRE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input] ('Classic Buffer Overflow') -* MITRE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] +* CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input] ('Classic Buffer Overflow') +* CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S1081/cfamily/how-to-fix-it/buffer-overflow.adoc b/rules/S1081/cfamily/how-to-fix-it/buffer-overflow.adoc index c22ffb40d16..8e602cc53ed 100644 --- a/rules/S1081/cfamily/how-to-fix-it/buffer-overflow.adoc +++ b/rules/S1081/cfamily/how-to-fix-it/buffer-overflow.adoc @@ -45,7 +45,7 @@ strcpy_s(buffer, sizeof buffer, input); === How does this work? -C and C++ have a number of functions that are considered insecure because they do not perform bounds checking. Functions like ``gets`` are known to be risky. Replace these with safer alternatives that include bounds checking. For example, instead of ``gets``, use ``gets_s``. +C and {cpp} have a number of functions that are considered insecure because they do not perform bounds checking. Functions like ``gets`` are known to be risky. Replace these with safer alternatives that include bounds checking. For example, instead of ``gets``, use ``gets_s``. The code can also checks if the size of input data is less than or equal to the size of a buffer (including the terminating null byte when dealing with strings). diff --git a/rules/S1081/cfamily/metadata.json b/rules/S1081/cfamily/metadata.json index 68b9c708b0d..823bcc9e93c 100644 --- a/rules/S1081/cfamily/metadata.json +++ b/rules/S1081/cfamily/metadata.json @@ -33,11 +33,17 @@ 676, 119 ], + "OWASP Top 10 2021": [ + "A6" + ], "OWASP": [ "A9" ], "CERT": [ "STR07-C." + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S1081/common/resources/standards.adoc b/rules/S1081/common/resources/standards.adoc index fb1af91d6fd..3ed57bf2bdb 100644 --- a/rules/S1081/common/resources/standards.adoc +++ b/rules/S1081/common/resources/standards.adoc @@ -5,3 +5,5 @@ * OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. + diff --git a/rules/S1081/rationale.adoc b/rules/S1081/rationale.adoc index ce690aae7b7..70eacd79645 100644 --- a/rules/S1081/rationale.adoc +++ b/rules/S1081/rationale.adoc @@ -1,5 +1,5 @@ An attacker typically provides input that exceeds the expected size. This could be through a text field in a user interface, a file that the program reads, or data sent over a network. The insecure function processes this input and places the result into a provided buffer. - + If the input is larger than the buffer can handle, the insecure function will overwrite the memory following the buffer. This situation is known as a buffer overflow vulnerability. -When using typical C or C++ functions, it's up to the developer to make sure the size of the buffer to be written to is large enough to avoid buffer overflows. +When using typical C or {cpp} functions, it's up to the developer to make sure the size of the buffer to be written to is large enough to avoid buffer overflows. diff --git a/rules/S1082/html/metadata.json b/rules/S1082/html/metadata.json index a88ae9afe2c..b4d41cfc32d 100644 --- a/rules/S1082/html/metadata.json +++ b/rules/S1082/html/metadata.json @@ -28,7 +28,7 @@ "sqKey": "MouseEventWithoutKeyboardEquivalentCheck", "scope": "Main", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } \ No newline at end of file diff --git a/rules/S1085/html/metadata.json b/rules/S1085/html/metadata.json index 91cf406d452..d7faf190525 100644 --- a/rules/S1085/html/metadata.json +++ b/rules/S1085/html/metadata.json @@ -1,7 +1,7 @@ { "title": "\"\" tags should have a description", "type": "BUG", - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "5min" @@ -22,8 +22,6 @@ "ruleSpecification": "RSPEC-1085", "sqKey": "TableWithoutCaptionCheck", "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1086/html/metadata.json b/rules/S1086/html/metadata.json index 1402acbb0dd..2f47955c9bc 100644 --- a/rules/S1086/html/metadata.json +++ b/rules/S1086/html/metadata.json @@ -1,7 +1,7 @@ { "title": "Heading tags should be used consecutively from \"H1\" to \"H6\"", "type": "CODE_SMELL", - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "5min" @@ -21,8 +21,6 @@ "ruleSpecification": "RSPEC-1086", "sqKey": "NonConsecutiveHeadingCheck", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1089/html/metadata.json b/rules/S1089/html/metadata.json index d6e0db2577d..c6f52318024 100644 --- a/rules/S1089/html/metadata.json +++ b/rules/S1089/html/metadata.json @@ -1,7 +1,7 @@ { "title": "\"
    \" tags should contain a \"\"", "type": "BUG", - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "5min" @@ -21,8 +21,6 @@ "ruleSpecification": "RSPEC-1089", "sqKey": "FieldsetWithoutLegendCheck", "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1090/javascript/metadata.json b/rules/S1090/javascript/metadata.json new file mode 100644 index 00000000000..18e967a10a1 --- /dev/null +++ b/rules/S1090/javascript/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "iFrames must have a title", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility", + "react" + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-1090", + "sqKey": "S1090", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "RELIABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } +} diff --git a/rules/S1090/javascript/rule.adoc b/rules/S1090/javascript/rule.adoc new file mode 100644 index 00000000000..9de2043c38d --- /dev/null +++ b/rules/S1090/javascript/rule.adoc @@ -0,0 +1,42 @@ +== Why is this an issue? + +An iframe, or inline frame, is an HTML document embedded inside another HTML document on a website. The iframe HTML element is often used to insert content from another source, such as an advertisement, into a web page. + +In the context of web accessibility, ``++ // Noncompliant + ); +} +---- + +==== Compliant solution + +[source,javascript,diff-id=1,diff-type=compliant] +---- +function iframe() { + return ( + + ); +} +---- + +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe[iframe element] +* WCAG - https://www.w3.org/WAI/WCAG21/Understanding/bypass-blocks[Bypass Blocks] +* WCAG - https://www.w3.org/WAI/WCAG21/Understanding/name-role-value[Name, Role, Value] diff --git a/rules/S1091/html/metadata.json b/rules/S1091/html/metadata.json index ec3aaad321b..713568bb3a9 100644 --- a/rules/S1091/html/metadata.json +++ b/rules/S1091/html/metadata.json @@ -1,7 +1,7 @@ { "title": "Server-side image maps (\"ismap\" attribute) should not be used", "type": "BUG", - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "1h" @@ -21,8 +21,6 @@ "ruleSpecification": "RSPEC-1091", "sqKey": "ServerSideImageMapsCheck", "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1092/html/metadata.json b/rules/S1092/html/metadata.json index 9a18b00d957..ecf8a14cd73 100644 --- a/rules/S1092/html/metadata.json +++ b/rules/S1092/html/metadata.json @@ -1,7 +1,7 @@ { "title": "Links should not directly target images", "type": "CODE_SMELL", - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "15min" @@ -22,8 +22,6 @@ "ruleSpecification": "RSPEC-1092", "sqKey": "LinkToImageCheck", "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1093/html/rule.adoc b/rules/S1093/html/rule.adoc index 78b26c40e05..c98fda1e49d 100644 --- a/rules/S1093/html/rule.adoc +++ b/rules/S1093/html/rule.adoc @@ -1,44 +1,41 @@ == Why is this an issue? -Using a ``++
  • ++`` or ``++
    ++`` item tag outside of a ``++
      ++``, ``++
        ++`` or ``++
        ++`` one does not make sense and indicates a bug. +The ``++
        ++`` HTML element specifies a term in a description or definition list, and as such must be used inside a ``++
        ++`` element, which represents a description list. Common uses for this element are to implement a glossary or to display metadata. +The ``++
      1. ++`` HTML element is used to represent an item in a list. It must be contained in a parent element: an ordered list (``++
          ++``), an unordered list (``++
            ++``), or a menu (``++++``). -=== Noncompliant code example +Using a ``++
          • ++`` or ``++
            ++`` item tag outside of the aforementioned parent elements does not follow the HTML specification. -[source,html] +[source,html,diff-id=1,diff-type=noncompliant] ----
          • Apple
          • Strawberry
            • -
          • Apple
            • -
          • Strawberry
            • -
            Apple
            Strawberry
            ---- +To fix this issue, enclose ``++
          • ++`` and ``++
            ++`` with their respective allowed parent tags. -=== Compliant solution - -[source,html] +[source,html,diff-id=1,diff-type=compliant] ---- -
              +
              • Apple
              • Strawberry
              -
                -
              1. Apple
                2. -
              2. Strawberry
                3. -
              -
              Apple
              Strawberry
              ---- +== Resources + +=== Documentation +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/HTML/Element/li[``++
            • ++``: The List Item element] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/HTML/Element/dt[``++
              ++``: The Description Term element] ifdef::env-github,rspecator-view[] diff --git a/rules/S110/java/metadata.json b/rules/S110/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S110/java/metadata.json +++ b/rules/S110/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1104/csharp/rule.adoc b/rules/S1104/csharp/rule.adoc index 5e102d80943..7f2e5b76947 100644 --- a/rules/S1104/csharp/rule.adoc +++ b/rules/S1104/csharp/rule.adoc @@ -10,7 +10,9 @@ include::../impacts.adoc[] Fields marked as `readonly` or `const` are ignored by this rule. -Fields inside classes or structs annotated with the `StructLayoutAttribute` are ignored by this rule. +Fields inside classes or structs annotated with `[StructLayout]` are ignored by this rule. + +Fields inside classes or structs annotated with `[Serializable]` are ignored by this rule unless they are annotated with `[NonSerialized]`. == How to fix it diff --git a/rules/S1104/see.adoc b/rules/S1104/see.adoc index 075bfd5c1b3..092992df5a6 100644 --- a/rules/S1104/see.adoc +++ b/rules/S1104/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/493[MITRE, CWE-493] - Critical Public Variable Without Final Modifier \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/493[CWE-493 - Critical Public Variable Without Final Modifier] \ No newline at end of file diff --git a/rules/S1105/java/metadata.json b/rules/S1105/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1105/java/metadata.json +++ b/rules/S1105/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1106/java/metadata.json b/rules/S1106/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S1106/java/metadata.json +++ b/rules/S1106/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S1107/java/metadata.json b/rules/S1107/java/metadata.json index 9b623610df8..e8fd53c77a6 100644 --- a/rules/S1107/java/metadata.json +++ b/rules/S1107/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "covered" + "quickfix": "covered", + "scope": "Main" } diff --git a/rules/S1108/java/metadata.json b/rules/S1108/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1108/java/metadata.json +++ b/rules/S1108/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1109/java/metadata.json b/rules/S1109/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1109/java/metadata.json +++ b/rules/S1109/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1110/description.adoc b/rules/S1110/description.adoc index 85f16a98c91..36aae8f9fc6 100644 --- a/rules/S1110/description.adoc +++ b/rules/S1110/description.adoc @@ -1 +1 @@ -The use of parentheses, even those not required to enforce a desired order of operations, can clarify the intent behind a piece of code. But redundant pairs of parentheses could be misleading, and should be removed. +The use of parentheses, even those not required to enforce a desired order of operations, can clarify the intent behind a piece of code. However, redundant pairs of parentheses could be misleading and should be removed. diff --git a/rules/S1111/java/rule.adoc b/rules/S1111/java/rule.adoc index 82ee87627bf..6b6c3fca5c0 100644 --- a/rules/S1111/java/rule.adoc +++ b/rules/S1111/java/rule.adoc @@ -26,7 +26,7 @@ public void dispose() throws Throwable { == Resources * https://docs.oracle.com/javase/specs/jls/se17/html/jls-12.html#jls-12.6[docs.oracle.com] - Finalization of Class Instances -* https://cwe.mitre.org/data/definitions/586[MITRE, CWE-586] - Explicit Call to Finalize() +* CWE - https://cwe.mitre.org/data/definitions/586[CWE-586 - Explicit Call to Finalize()] * https://wiki.sei.cmu.edu/confluence/x/4jZGBQ[CERT, MET12-J.] - Do not use finalizers diff --git a/rules/S1113/java/rule.adoc b/rules/S1113/java/rule.adoc index 9c20924ecb6..42b72a2c543 100644 --- a/rules/S1113/java/rule.adoc +++ b/rules/S1113/java/rule.adoc @@ -23,13 +23,16 @@ More unexpected issues can be caused by relying on the `finalize()` method to pe public class MyClass { @Override - protected void finalize() { - releaseSomeResources(); // Noncompliant + protected void finalize() { // Noncompliant + releaseSomeResources(); } } ---- +=== Exceptions + +It is allowed to override the `finalize()` method as `final` method with an empty body, to prevent the _finalizer attack_ as described in _MET12-J-EX1_. == Resources diff --git a/rules/S1114/java/metadata.json b/rules/S1114/java/metadata.json index e9c876c5ffa..81643dceacb 100644 --- a/rules/S1114/java/metadata.json +++ b/rules/S1114/java/metadata.json @@ -8,9 +8,7 @@ }, "tags": [], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "ObjectFinalizeOverridenCallsSuperFinalizeCheck" ] @@ -18,7 +16,7 @@ "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-1114", "sqKey": "S1114", - "scope": "All", + "scope": "Main", "securityStandards": { "CWE": [ 568 diff --git a/rules/S1114/java/rule.adoc b/rules/S1114/java/rule.adoc index bf1db4e184e..e63dbc20ff7 100644 --- a/rules/S1114/java/rule.adoc +++ b/rules/S1114/java/rule.adoc @@ -33,7 +33,7 @@ protected void finalize() { == Resources -* https://cwe.mitre.org/data/definitions/568[MITRE, CWE-568] - finalize() Method Without super.finalize() +* CWE - https://cwe.mitre.org/data/definitions/568[CWE-568 - finalize() Method Without super.finalize()] * https://wiki.sei.cmu.edu/confluence/x/4jZGBQ[CERT, MET12-J.] - Do not use finalizers diff --git a/rules/S1116/dart/metadata.json b/rules/S1116/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1116/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1116/dart/rule.adoc b/rules/S1116/dart/rule.adoc new file mode 100644 index 00000000000..32335f9d698 --- /dev/null +++ b/rules/S1116/dart/rule.adoc @@ -0,0 +1,85 @@ +== Why is this an issue? + +include::../description.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void doSomething() { + ; // Noncompliant - was used as a kind of TODO marker +} +---- + +[source,dart,diff-id=2,diff-type=noncompliant] +---- +void f() { + if (complicated.expression.foo()); // Noncompliant - the condition doesn't apply to bar + bar(); +} +---- + +[source,dart,diff-id=3,diff-type=noncompliant] +---- +void f() { + if (complicated.expression.foo()) + bar(); + else ; // Noncompliant else is empty + buzz(); +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +void doSomething() { +} +---- + +[source,dart,diff-id=2,diff-type=compliant] +---- +void f() { + if (complicated.expression.foo()) { + bar(); + } +} +---- + +[source,dart,diff-id=3,diff-type=compliant] +---- +void f() { + if (complicated.expression.foo()) + bar(); + else + buzz(); +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/empty_statements[Dart Linter rule - empty_statements] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Unnecessary empty statement. + +=== Highlighting + +The `;` character. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1118/dart/metadata.json b/rules/S1118/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1118/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1118/dart/rule.adoc b/rules/S1118/dart/rule.adoc new file mode 100644 index 00000000000..7e192e9a0e2 --- /dev/null +++ b/rules/S1118/dart/rule.adoc @@ -0,0 +1,53 @@ +== Why is this an issue? + +include::../description.adoc[] + +include::../howtofix.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class StringUtils { // Noncompliant + + static String concatenate(String s1, String s2) { + return s1 + s2; + } + +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class StringUtils { // Compliant + + StringUtils._() { + throw Exception('Utility class'); + } + + static String concatenate(String s1, String s2) { + return s1 + s2; + } + +} +---- + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Hide this public constructor. + +Add a private constructor to hide the implicit public one. + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S1118/java/metadata.json b/rules/S1118/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1118/java/metadata.json +++ b/rules/S1118/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1119/java/metadata.json b/rules/S1119/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S1119/java/metadata.json +++ b/rules/S1119/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S112/cfamily/rule.adoc b/rules/S112/cfamily/rule.adoc index aef3dbaa1e2..818ba1fd0f6 100644 --- a/rules/S112/cfamily/rule.adoc +++ b/rules/S112/cfamily/rule.adoc @@ -99,11 +99,11 @@ void checkState(S state) { === Standards -* CWE - https://cwe.mitre.org/data/definitions/397[397 Declaration of Throws for Generic Exception] +* CWE - https://cwe.mitre.org/data/definitions/397[CWE-397 Declaration of Throws for Generic Exception] === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#Re-exception-types[E.14: Use purpose-designed user-defined types as exceptions (not built-in types)] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#e14-use-purpose-designed-user-defined-types-as-exceptions-not-built-in-types[E.14: Use purpose-designed user-defined types as exceptions (not built-in types)] === Related rules diff --git a/rules/S112/java/rule.adoc b/rules/S112/java/rule.adoc index 84d832c0e2f..cf5e39294ce 100644 --- a/rules/S112/java/rule.adoc +++ b/rules/S112/java/rule.adoc @@ -67,7 +67,7 @@ void checkValue(int value) { === Standards -* CWE - https://cwe.mitre.org/data/definitions/397[397 Declaration of Throws for Generic Exception] +* CWE - https://cwe.mitre.org/data/definitions/397[CWE-397 Declaration of Throws for Generic Exception] * CERT - https://wiki.sei.cmu.edu/confluence/x/_DdGBQ[ERR07-J. Do not throw RuntimeException, Exception, or Throwable] === Related rules diff --git a/rules/S112/metadata.json b/rules/S112/metadata.json index a58575c8e8d..891f092515f 100644 --- a/rules/S112/metadata.json +++ b/rules/S112/metadata.json @@ -36,5 +36,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S112/see.adoc b/rules/S112/see.adoc index 611ea4f80a0..ace1c6dcb84 100644 --- a/rules/S112/see.adoc +++ b/rules/S112/see.adoc @@ -2,4 +2,4 @@ === Standards -* CWE - https://cwe.mitre.org/data/definitions/397[397 Declaration of Throws for Generic Exception] +* CWE - https://cwe.mitre.org/data/definitions/397[CWE-397 Declaration of Throws for Generic Exception] diff --git a/rules/S1120/java/metadata.json b/rules/S1120/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1120/java/metadata.json +++ b/rules/S1120/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1120/java/rule.adoc b/rules/S1120/java/rule.adoc index 6b190f0d0bd..7ea644e32b1 100644 --- a/rules/S1120/java/rule.adoc +++ b/rules/S1120/java/rule.adoc @@ -4,6 +4,9 @@ include::../introduction.adoc[] include::../why.adoc[] +The rule behaves consistently when the indentation settings of the IDE use _spaces_ instead of _tabs_. +Using _tabs_ can lead to inconsistent indentation because the width of a _tab_ can be configured differently in different environments. + === What is the potential impact? include::../impact.adoc[] diff --git a/rules/S1121/cfamily/rule.adoc b/rules/S1121/cfamily/rule.adoc index 2914061eb05..172384cd54b 100644 --- a/rules/S1121/cfamily/rule.adoc +++ b/rules/S1121/cfamily/rule.adoc @@ -35,7 +35,7 @@ while ((run = keepRunning())) { === Documentation -* CWE - https://cwe.mitre.org/data/definitions/481[481: Assigning instead of Comparing] +* CWE - https://cwe.mitre.org/data/definitions/481[CWE-481: Assigning instead of Comparing] === Standards diff --git a/rules/S1121/java/metadata.json b/rules/S1121/java/metadata.json index 17b461645a4..502b86d5440 100644 --- a/rules/S1121/java/metadata.json +++ b/rules/S1121/java/metadata.json @@ -13,5 +13,6 @@ "CWE": [ 481 ] - } + }, + "scope": "Main" } diff --git a/rules/S1121/see.adoc b/rules/S1121/see.adoc index 192f7097a3c..9ad3e5edd46 100644 --- a/rules/S1121/see.adoc +++ b/rules/S1121/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/481[MITRE, CWE-481] - Assigning instead of Comparing +* CWE - https://cwe.mitre.org/data/definitions/481[CWE-481 - Assigning instead of Comparing] diff --git a/rules/S1123/dart/metadata.json b/rules/S1123/dart/metadata.json new file mode 100644 index 00000000000..b76ad168f27 --- /dev/null +++ b/rules/S1123/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Deprecated elements should include explanation" +} diff --git a/rules/S1123/dart/rule.adoc b/rules/S1123/dart/rule.adoc new file mode 100644 index 00000000000..3d5cb77137b --- /dev/null +++ b/rules/S1123/dart/rule.adoc @@ -0,0 +1,51 @@ +== Why is this an issue? + +Deprecation should be marked with both the ``++@Deprecated++`` annotation. This annotation triggers compiler to produce a warning, when the deprecated element is used. It also enables tools such as IDEs to warn about referencing deprecated elements. When using this annotation, it is important to add a message to the deprecation to explain when it was deprecated, why, and how references should be refactored. + + +=== Noncompliant code example + +[source, dart] +---- +@deprecated +void oldFunction(arg1, arg2) {} +---- + + +=== Compliant solution + +[source, dart] +---- +@Deprecated(""" +[oldFunction] is being deprecated in favor of [newFunction] (with slightly +different parameters; see [newFunction] for more information). [oldFunction] +will be removed on or after the 4.0.0 release. +""") +void oldFunction(arg1, arg2) {} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/provide_deprecation_message[Dart Linter rule - provide_deprecation_message] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Missing a deprecation message. + +=== Highlighting + +The annotation, including the `@` symbol. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1123/java/metadata.json b/rules/S1123/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1123/java/metadata.json +++ b/rules/S1123/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1125/apex/rule.adoc b/rules/S1125/apex/rule.adoc index 5798bf26e2e..7881f5ce16e 100644 --- a/rules/S1125/apex/rule.adoc +++ b/rules/S1125/apex/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1125/csharp/rule.adoc b/rules/S1125/csharp/rule.adoc index 75869b3a48a..1cd53c2c424 100644 --- a/rules/S1125/csharp/rule.adoc +++ b/rules/S1125/csharp/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1125/description.adoc b/rules/S1125/description.adoc index fdbe3806823..dd3d0620a96 100644 --- a/rules/S1125/description.adoc +++ b/rules/S1125/description.adoc @@ -2,7 +2,3 @@ A boolean literal can be represented in two different ways: `{true}` or `{false} They can be combined with logical operators (`{ops}`) to produce logical expressions that represent truth values. However, comparing a boolean literal to a variable or expression that evaluates to a boolean value is unnecessary and can make the code harder to read and understand. The more complex a boolean expression is, the harder it will be for developers to understand its meaning and expected behavior, and it will favour the introduction of new bugs. - -== How to tix it - -Remove redundant boolean literals from expressions to improve readability and make the code more maintainable. diff --git a/rules/S1125/go/rule.adoc b/rules/S1125/go/rule.adoc index 8cd7b886885..ff718c16bf4 100644 --- a/rules/S1125/go/rule.adoc +++ b/rules/S1125/go/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1125/how-to-fix-it.adoc b/rules/S1125/how-to-fix-it.adoc new file mode 100644 index 00000000000..3c0cacabd8d --- /dev/null +++ b/rules/S1125/how-to-fix-it.adoc @@ -0,0 +1 @@ +Remove redundant boolean literals from expressions to improve readability and make the code more maintainable. \ No newline at end of file diff --git a/rules/S1125/java/metadata.json b/rules/S1125/java/metadata.json index 944566a399d..94c2a472087 100644 --- a/rules/S1125/java/metadata.json +++ b/rules/S1125/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "partial" + "quickfix": "partial", + "scope": "Main" } diff --git a/rules/S1125/javascript/rule.adoc b/rules/S1125/javascript/rule.adoc index 576f3da7f05..6773d3bbed3 100644 --- a/rules/S1125/javascript/rule.adoc +++ b/rules/S1125/javascript/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + [source,javascript,diff-id=1,diff-type=noncompliant] ---- if (someValue == true) { /* ... */ } // Noncompliant: Redundant comparison diff --git a/rules/S1125/kotlin/rule.adoc b/rules/S1125/kotlin/rule.adoc index b5449102a75..e3fceda1508 100644 --- a/rules/S1125/kotlin/rule.adoc +++ b/rules/S1125/kotlin/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1125/php/rule.adoc b/rules/S1125/php/rule.adoc index fa87e6375c8..dd4c63e0d96 100644 --- a/rules/S1125/php/rule.adoc +++ b/rules/S1125/php/rule.adoc @@ -5,6 +5,14 @@ include::../description.adoc[] +=== Exceptions + +The use of literal booleans in comparisons which use identity operators (`===` and `!==`) are ignored. + +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example @@ -27,10 +35,6 @@ if ($booleanVariable) { /* ... */ } doSomething(true); ---- -=== Exceptions - -The use of literal booleans in comparisons which use identity operators (``++===++`` and ``++!==++``) are ignored. - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1125/plsql/rule.adoc b/rules/S1125/plsql/rule.adoc index 0ab462268a2..8b06dfcc7c5 100644 --- a/rules/S1125/plsql/rule.adoc +++ b/rules/S1125/plsql/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1125/rule.adoc b/rules/S1125/rule.adoc index d4ff33f801d..6d24e212f00 100644 --- a/rules/S1125/rule.adoc +++ b/rules/S1125/rule.adoc @@ -2,6 +2,10 @@ include::description.adoc[] +== How to fix it + +include::how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1125/scala/rule.adoc b/rules/S1125/scala/rule.adoc index 804df6142f7..e265966e073 100644 --- a/rules/S1125/scala/rule.adoc +++ b/rules/S1125/scala/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1125/vb6/rule.adoc b/rules/S1125/vb6/rule.adoc index ebb8be08d45..85da7a531c4 100644 --- a/rules/S1125/vb6/rule.adoc +++ b/rules/S1125/vb6/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1125/vbnet/rule.adoc b/rules/S1125/vbnet/rule.adoc index cc04c5b1ec7..1243d1a4393 100644 --- a/rules/S1125/vbnet/rule.adoc +++ b/rules/S1125/vbnet/rule.adoc @@ -5,6 +5,10 @@ include::../description.adoc[] +== How to fix it + +include::../how-to-fix-it.adoc[] + === Code examples ==== Noncompliant code example diff --git a/rules/S1126/java/metadata.json b/rules/S1126/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1126/java/metadata.json +++ b/rules/S1126/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1126/javascript/rule.adoc b/rules/S1126/javascript/rule.adoc index 19c72317dca..805627121e7 100644 --- a/rules/S1126/javascript/rule.adoc +++ b/rules/S1126/javascript/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -The ``++if...else++`` statement is used to make decisions based on the truthiness of a boolean expression, and the ``++if++`` block executes when the expression is ``++true++``, while the ``++else++`` block executes when the expression is false. +The ``++if...else++`` statement is used to make decisions based on the truthiness of a boolean expression, and the ``++if++`` block executes when the expression is truthy, while the ``++else++`` block executes when the expression is falsy. Wrapping a boolean expression in an ``++if...else++`` statement and returning ``++true++`` or ``++false++`` in the respective blocks is redundant and unnecessary. It can also make the code harder to maintain, as it adds unnecessary lines of code that need to be read and understood. diff --git a/rules/S1127/rule.adoc b/rules/S1127/rule.adoc index 68a686d58f1..91eac6ddf5a 100644 --- a/rules/S1127/rule.adoc +++ b/rules/S1127/rule.adoc @@ -25,7 +25,7 @@ if (!"foo".equals(variable)) { /* ... */ } == Resources -* https://cwe.mitre.org/data/definitions/597[MITRE, CWE-597] - Use of Wrong Operator in String Comparison +* CWE - https://cwe.mitre.org/data/definitions/597[CWE-597 - Use of Wrong Operator in String Comparison] ifdef::env-github,rspecator-view[] diff --git a/rules/S1128/dart/metadata.json b/rules/S1128/dart/metadata.json new file mode 100644 index 00000000000..17971333806 --- /dev/null +++ b/rules/S1128/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1128/dart/rule.adoc b/rules/S1128/dart/rule.adoc new file mode 100644 index 00000000000..2d73d126282 --- /dev/null +++ b/rules/S1128/dart/rule.adoc @@ -0,0 +1,71 @@ +== Why is this an issue? + +Unnecessary imports refer to importing types that are not used or referenced anywhere in the code. + +include::../description.adoc[] + +== How to fix it + +While it's not difficult to remove these unneeded lines manually, modern code editors support the removal of every unnecessary import with a single click from every file of the project. + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +import 'package:dart_hello_world/dart_hello_world.dart' as dart_hello_world; +import 'package:dart_hello_world/dart_hello_world.dart' as dart_hello_world; // Noncompliant: duplicate +import 'package:dart_hello_world/dart_hello_world.dart2'; // Noncompliant: unused + +void main(List arguments) { + print('Hello world: ${dart_hello_world.calculate()}!'); + return; +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +import 'package:dart_hello_world/dart_hello_world.dart' as dart_hello_world; + +void main(List arguments) { + print('Hello world: ${dart_hello_world.calculate()}!'); + return; +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/diagnostic-messages#duplicate_import[Dart Compiler diagnostic - duplicate_import] +* Dart Docs - https://dart.dev/tools/diagnostic-messages#unnecessary_import[Dart Compiler diagnostic - unnecessary_import] +* Dart Docs - https://dart.dev/tools/diagnostic-messages#unused_import[Dart Compiler diagnostic - unused_import] + +=== Related rules + +* S1481 - Unused local variables should be removed + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Unused import: ''. +* The import of '' is unnecessary because all of the used elements are also provided by the import of ''. +* Duplicate import. + +=== Highlighting + +The string literal of the path of the unused import statement. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1128/python/metadata.json b/rules/S1128/python/metadata.json index c6298edaaf4..260c43901c1 100644 --- a/rules/S1128/python/metadata.json +++ b/rules/S1128/python/metadata.json @@ -1,5 +1,9 @@ { "defaultQualityProfiles": [ + ], + "tags": [ + "convention", + "unused" ] } diff --git a/rules/S1129/python/metadata.json b/rules/S1129/python/metadata.json index 1a9f6151cf0..3a9c7e83a2f 100644 --- a/rules/S1129/python/metadata.json +++ b/rules/S1129/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "2min" }, "tags": [ - + "convention" ], "extra": { "replacementRules": [ diff --git a/rules/S113/dart/metadata.json b/rules/S113/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S113/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S113/dart/rule.adoc b/rules/S113/dart/rule.adoc new file mode 100644 index 00000000000..3c988af182a --- /dev/null +++ b/rules/S113/dart/rule.adoc @@ -0,0 +1 @@ +include::../rule.adoc[] diff --git a/rules/S113/java/metadata.json b/rules/S113/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S113/java/metadata.json +++ b/rules/S113/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1132/java/metadata.json b/rules/S1132/java/metadata.json index 8c4146b045c..bb472709a47 100644 --- a/rules/S1132/java/metadata.json +++ b/rules/S1132/java/metadata.json @@ -22,7 +22,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1132", "sqKey": "S1132", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [], "quickfix": "covered" -} \ No newline at end of file +} diff --git a/rules/S1133/dart/metadata.json b/rules/S1133/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1133/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1133/dart/rule.adoc b/rules/S1133/dart/rule.adoc new file mode 100644 index 00000000000..a05e4a5aff0 --- /dev/null +++ b/rules/S1133/dart/rule.adoc @@ -0,0 +1,22 @@ +== Why is this an issue? + +include::../description.adoc[] + +=== Noncompliant code example + +[source,dart] +---- +class Foo { + + @deprecated // Noncompliant + void foo() { + } + + @Deprecated("Use baz instead") // Noncompliant + void bar() { + } + + void baz() { // Compliant + } +} +---- diff --git a/rules/S1133/java/metadata.json b/rules/S1133/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1133/java/metadata.json +++ b/rules/S1133/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1133/metadata.json b/rules/S1133/metadata.json index 6b24a284a9c..061145f8b78 100644 --- a/rules/S1133/metadata.json +++ b/rules/S1133/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1134/dart/metadata.json b/rules/S1134/dart/metadata.json new file mode 100644 index 00000000000..17971333806 --- /dev/null +++ b/rules/S1134/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1134/dart/non-compliant-example.adoc b/rules/S1134/dart/non-compliant-example.adoc new file mode 100644 index 00000000000..f62ea07a606 --- /dev/null +++ b/rules/S1134/dart/non-compliant-example.adoc @@ -0,0 +1,7 @@ +[source,dart] +---- +// FIXME denominator value might be 0 +int divide(int numerator, int denominator) { + return numerator / denominator; +} +---- \ No newline at end of file diff --git a/rules/S1134/dart/rule.adoc b/rules/S1134/dart/rule.adoc new file mode 100644 index 00000000000..3b32edd47bc --- /dev/null +++ b/rules/S1134/dart/rule.adoc @@ -0,0 +1,3 @@ +:nonCompliantExample: dart/non-compliant-example.adoc + +include::../rule.adoc[] \ No newline at end of file diff --git a/rules/S1134/resources.adoc b/rules/S1134/resources.adoc index 5d080ad6688..1f8e05e3525 100644 --- a/rules/S1134/resources.adoc +++ b/rules/S1134/resources.adoc @@ -2,4 +2,4 @@ === Documentation -* https://cwe.mitre.org/data/definitions/546[MITRE, CWE-546 - Suspicious Comment] \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/546[CWE-546 - Suspicious Comment] \ No newline at end of file diff --git a/rules/S1135/ansible/metadata.json b/rules/S1135/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S1135/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S1135/ansible/rule.adoc b/rules/S1135/ansible/rule.adoc new file mode 100644 index 00000000000..7831adb3b86 --- /dev/null +++ b/rules/S1135/ansible/rule.adoc @@ -0,0 +1,37 @@ +== Why is this an issue? + +include::../description.adoc[] + +==== Noncompliant code example + +[source,yaml] +---- +- name: Ansible playbook + hosts: myhosts + tasks: + - name: Ping my hosts + ansible.builtin.ping: + + - name: Print message + ansible.builtin.debug: + # TODO: Include useful debug info + msg: Hello world +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1135/dart/metadata.json b/rules/S1135/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1135/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1135/dart/rule.adoc b/rules/S1135/dart/rule.adoc new file mode 100644 index 00000000000..5ff98d8d27c --- /dev/null +++ b/rules/S1135/dart/rule.adoc @@ -0,0 +1,41 @@ +== Why is this an issue? + +include::../description.adoc[] + +=== Noncompliant code example + +[source,dart] +---- +void doSomething() { + // TODO +} +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +The text from the `TODO` tag, included, up to: + +* the end of line, for a single-line comment or for a multi-line comment continuing on the next line +* the closing comment tag `*/`, in the case of a multi-line comment + +Whitespace characters before the closing comment tag are not included. + +=== Highlighting + +Same as message. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1135/description.adoc b/rules/S1135/description.adoc index 9c54679395c..50749c87ca1 100644 --- a/rules/S1135/description.adoc +++ b/rules/S1135/description.adoc @@ -1,7 +1,7 @@ Developers often use `TODO` tags to mark areas in the code where additional work or improvements are needed but are not implemented immediately. However, these `TODO` tags sometimes get overlooked or forgotten, leading to incomplete or unfinished code. -This code smell class aims to identify and address such unattended `TODO` tags to ensure a clean and maintainable codebase. -This description will explore why this is a problem and how it can be fixed to improve the overall code quality. +This rule aims to identify and address unattended `TODO` tags to ensure a clean and maintainable codebase. +This description explores why this is a problem and how it can be fixed to improve the overall code quality. === What is the potential impact? @@ -16,7 +16,7 @@ Delayed bug fixes can result in more severe issues and increase the effort requi Impact on Collaboration: In team-based development environments, unattended `TODO` tags can hinder collaboration. Other team members might not be aware of the intended changes, leading to conflicts or redundant efforts in the codebase. -Codebase Bloat: Accumulation of unattended `TODO` tags over time can clutter the codebase and make it difficult to distinguish between work in progress and completed code. +Codebase Bloat: The accumulation of unattended `TODO` tags over time can clutter the codebase and make it difficult to distinguish between work in progress and completed code. This bloat can make it challenging to maintain an organized and efficient codebase. Addressing this code smell is essential to ensure a maintainable, readable, reliable codebase and promote effective collaboration among developers. diff --git a/rules/S1135/java/metadata.json b/rules/S1135/java/metadata.json index f4b27f0bb34..9dbbef5a6c0 100644 --- a/rules/S1135/java/metadata.json +++ b/rules/S1135/java/metadata.json @@ -1,3 +1,3 @@ { - "scope": "Main" + "scope": "All" } diff --git a/rules/S1135/metadata.json b/rules/S1135/metadata.json index cf92ee47928..f940c0f5822 100644 --- a/rules/S1135/metadata.json +++ b/rules/S1135/metadata.json @@ -35,5 +35,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1135/see.adoc b/rules/S1135/see.adoc index 2ae71e780d4..2593a3369ef 100644 --- a/rules/S1135/see.adoc +++ b/rules/S1135/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/546[MITRE, CWE-546] - Suspicious Comment +* CWE - https://cwe.mitre.org/data/definitions/546[CWE-546 - Suspicious Comment] diff --git a/rules/S1139/metadata.json b/rules/S1139/metadata.json index d7b0587d27e..c387ced5596 100644 --- a/rules/S1139/metadata.json +++ b/rules/S1139/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "sql" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1139", diff --git a/rules/S1141/java/metadata.json b/rules/S1141/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1141/java/metadata.json +++ b/rules/S1141/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1143/cfamily/rule.adoc b/rules/S1143/cfamily/rule.adoc index d8eb25cc12f..018abd76766 100644 --- a/rules/S1143/cfamily/rule.adoc +++ b/rules/S1143/cfamily/rule.adoc @@ -41,7 +41,7 @@ void fun() { == Resources -* https://cwe.mitre.org/data/definitions/584[MITRE, CWE-584] - Return Inside Finally Block +* CWE - https://cwe.mitre.org/data/definitions/584[CWE-584 - Return Inside Finally Block] ifdef::env-github,rspecator-view[] diff --git a/rules/S1143/dart/metadata.json b/rules/S1143/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1143/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1143/dart/rule.adoc b/rules/S1143/dart/rule.adoc new file mode 100644 index 00000000000..96ab4458094 --- /dev/null +++ b/rules/S1143/dart/rule.adoc @@ -0,0 +1,112 @@ +== Why is this an issue? + +Using `return`, `break`, or `continue` from a `finally` block suppresses the propagation of any unhandled `Exception` which was thrown in the `try` or `catch` block. + + +This rule raises an issue when a jump statement (`break`, `continue`, `return`) would force control flow to leave a `finally` block. + + +=== Noncompliant code example + +[source,dart] +---- +class ReturnInFinally { + int nonCompliantMethod(int n) { + for (int i = 0; i < n; ++i) { + try { + functionThrowingException(i); + } catch (e) { + print(e); + } finally { + return 1; // Noncompliant + } + } + return 0; + } +} +---- + +[source,dart] +---- +class ContinueInFinally { + int nonCompliantMethod(int n) { + for (int i = 0; i < n; ++i) { + try { + functionThrowingException(i); + } catch (e) { + print(e); + } finally { + continue; // Noncompliant + } + } + return 0; + } +} +---- + +[source,dart] +---- +class BreakInFinally { + int nonCompliantMethod(int n) { + for (int i = 0; i < n; ++i) { + try { + functionThrowingException(i); + } catch (e) { + print(e); + } finally { + break; // Noncompliant + } + } + return 0; + } +} +---- + + +=== Compliant solution + +[source,dart] +---- +class Ok { + int nonCompliantMethod(int n) { + for (int i = 0; i < n; ++i) { + try { + functionThrowingException(i); + } catch (e) { + print(e); + return 1; + } + } + return 0; + } +} +---- + + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/control_flow_in_finally[Dart Linter rule - control_flow_in_finally] +* CWE - https://cwe.mitre.org/data/definitions/584[CWE-584 - Return Inside Finally Block] +* CERT - https://wiki.sei.cmu.edu/confluence/x/BTdGBQ[CERT, ERR04-J.] - Do not complete abruptly from a finally block + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Use of '[return|break|continue]' in a 'finally' clause. + +=== Highlighting + +The [return|break|continue] statement in the 'finally' block, up to and including `;`. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1143/java/metadata.json b/rules/S1143/java/metadata.json index fa9f234be79..6e47c5c6117 100644 --- a/rules/S1143/java/metadata.json +++ b/rules/S1143/java/metadata.json @@ -11,5 +11,6 @@ "CWE": [ 584 ] - } + }, + "scope": "Main" } diff --git a/rules/S1143/java/rule.adoc b/rules/S1143/java/rule.adoc index c0baf2198eb..dea38d0ea09 100644 --- a/rules/S1143/java/rule.adoc +++ b/rules/S1143/java/rule.adoc @@ -69,7 +69,7 @@ public static void doSomethingWhichThrowsException() { == Resources -* https://cwe.mitre.org/data/definitions/584[MITRE, CWE-584] - Return Inside Finally Block +* CWE - https://cwe.mitre.org/data/definitions/584[CWE-584 - Return Inside Finally Block] * https://wiki.sei.cmu.edu/confluence/x/BTdGBQ[CERT, ERR04-J.] - Do not complete abruptly from a finally block ifdef::env-github,rspecator-view[] diff --git a/rules/S1143/python/metadata.json b/rules/S1143/python/metadata.json index f6faacbd763..6e5ccbf02aa 100644 --- a/rules/S1143/python/metadata.json +++ b/rules/S1143/python/metadata.json @@ -1,3 +1,8 @@ { - "title": "Break, continue and return statements should not occur in \"finally\" blocks" + "title": "Break, continue and return statements should not occur in \"finally\" blocks", + "tags": [ + "cwe", + "error-handling", + "pitfall" + ] } diff --git a/rules/S1144/csharp/rule.adoc b/rules/S1144/csharp/rule.adoc index 3fe15658093..7a151e9bccf 100644 --- a/rules/S1144/csharp/rule.adoc +++ b/rules/S1144/csharp/rule.adoc @@ -3,6 +3,19 @@ include::../why.adoc[] +=== Exceptions + +This rule doesn't raise issues on: + +* empty constructors +* members with attributes +* the `Main` method of the application +* `void` methods with two parameters when the second parameter type derives from https://learn.microsoft.com/en-us/dotnet/api/system.eventargs[EventArgs] +* empty serialization constructor on type with https://learn.microsoft.com/en-us/dotnet/api/system.serializableattribute[System.SerializableAttribute] attribute. +* field and property members of types marked with https://learn.microsoft.com/en-us/dotnet/api/system.serializableattribute[System.SerializableAttribute] attribute +* internal members in assemblies that have a https://learn.microsoft.com/en-us/dotnet/api/system.runtime.compilerservices.internalsvisibletoattribute[System.Runtime.CompilerServices.InternalsVisibleToAttribute] attribute. +* types and members decorated with the https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.codeanalysis.dynamicallyaccessedmembersattribute[System.Diagnostics.CodeAnalysis.DynamicallyAccessedMembersAttribute] attribute (available in .NET 5.0+) or a custom attribute named `DynamicallyAccessedMembersAttribute`. + === Code examples ==== Noncompliant code example @@ -37,17 +50,6 @@ public class Foo } ---- -=== Exceptions - -This rule doesn't raise issues on: - -* empty constructors -* members with attributes -* the `Main` method of the application -* methods with event handler signature `void Foo(object, EventArgs)` that are declared in partial class -* empty serialization constructor on type with https://learn.microsoft.com/en-us/dotnet/api/system.serializableattribute[System.SerializableAttribute] attribute. -* internal members in assemblies that have a https://learn.microsoft.com/en-us/dotnet/api/system.runtime.compilerservices.internalsvisibletoattribute[System.Runtime.CompilerServices.InternalsVisibleToAttribute] attribute. - == Resources === Documentation diff --git a/rules/S1144/python/metadata.json b/rules/S1144/python/metadata.json index 6fa17749e25..1e437a80979 100644 --- a/rules/S1144/python/metadata.json +++ b/rules/S1144/python/metadata.json @@ -1,3 +1,6 @@ { - "title": "Unused class-private methods should be removed" + "title": "Unused class-private methods should be removed", + "tags": [ + "suspicious" + ] } diff --git a/rules/S1145/see.adoc b/rules/S1145/see.adoc index 9bdbf250daa..ae6d0c8750e 100644 --- a/rules/S1145/see.adoc +++ b/rules/S1145/see.adoc @@ -1,5 +1,5 @@ == Resources -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code -* https://cwe.mitre.org/data/definitions/570[MITRE, CWE-570] - Expression is Always False -* https://cwe.mitre.org/data/definitions/571[MITRE, CWE-571] - Expression is Always True \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] \ No newline at end of file diff --git a/rules/S1147/java/rule.adoc b/rules/S1147/java/rule.adoc index faf26aa72af..b785aca0665 100644 --- a/rules/S1147/java/rule.adoc +++ b/rules/S1147/java/rule.adoc @@ -20,7 +20,7 @@ These methods are ignored inside ``++main++``. == Resources -* https://cwe.mitre.org/data/definitions/382[MITRE, CWE-382] - Use of System.exit() +* CWE - https://cwe.mitre.org/data/definitions/382[CWE-382 - Use of System.exit()] * https://wiki.sei.cmu.edu/confluence/x/7zZGBQ[CERT, ERR09-J.] - Do not allow untrusted code to terminate the JVM ifdef::env-github,rspecator-view[] diff --git a/rules/S1147/metadata.json b/rules/S1147/metadata.json index 746c4c5d6dc..71677b3ea68 100644 --- a/rules/S1147/metadata.json +++ b/rules/S1147/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1147", @@ -33,8 +29,6 @@ 382 ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1148/java/rule.adoc b/rules/S1148/java/rule.adoc index fe970624454..1f3080b81be 100644 --- a/rules/S1148/java/rule.adoc +++ b/rules/S1148/java/rule.adoc @@ -37,8 +37,8 @@ try { == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] ifdef::env-github,rspecator-view[] diff --git a/rules/S115/dart/metadata.json b/rules/S115/dart/metadata.json new file mode 100644 index 00000000000..e54ab34bfd4 --- /dev/null +++ b/rules/S115/dart/metadata.json @@ -0,0 +1,5 @@ +{ + "defaultQualityProfiles": [ + + ] +} diff --git a/rules/S115/dart/rule.adoc b/rules/S115/dart/rule.adoc new file mode 100644 index 00000000000..f800bf846f7 --- /dev/null +++ b/rules/S115/dart/rule.adoc @@ -0,0 +1,62 @@ +== Why is this an issue? + +include::../common/why-is-this-an-issue.adoc[] + +In Dart, the convention is that constant identifier names should be in camel case and start with a lowercase. + +=== What is the potential impact? + +include::../common/what-is-the-potential-impact.adoc[] + +== How to fix it + +Update the name of the constant to match the convention (lowerCamelCase), as well as all usages of the name. +For many IDEs, you can use built-in renaming and refactoring features to update all usages of a constant at once. + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class MyClass { + const PI = 3.14159; // Noncompliant + const MY_CONSTANT = 42; // Noncompliant +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class MyClass { + const pi = 3.14159; + const myConstant = 42; +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/constant_identifier_names[Dart Linter rule - constant_identifier_names] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* The constant name '' isn't a lowerCamelCase identifier. + +=== Highlighting + +The constant identifier. + +''' +== Comments And Links +(visible only on this page) + +include::../common/comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S115/java/rule.adoc b/rules/S115/java/rule.adoc index 5da90f44be5..3245d887303 100644 --- a/rules/S115/java/rule.adoc +++ b/rules/S115/java/rule.adoc @@ -57,6 +57,23 @@ public enum MyEnum { } ---- +=== Exceptions + +The rule applies to fields of primitive types (for example, ``float``), boxed primitives (``Float``), and Strings. +We do not apply it to other types, which can be mutated, or have methods with side effects. + +[source,java] +---- +public static final Logger log = getLogger(MyClass.class); +public static final List myList = new ArrayList<>(); + +// call with side-effects +log.info("message") + +// mutating an object +myList.add(28); +---- + == Resources === External coding guidelines diff --git a/rules/S1151/rpg/metadata.json b/rules/S1151/rpg/metadata.json index 93f7fdf107b..10e88286197 100644 --- a/rules/S1151/rpg/metadata.json +++ b/rules/S1151/rpg/metadata.json @@ -1,3 +1,3 @@ { - "title": "\"SELECT WHEN\" clauses should not have too many lines" + "title": "\"SELECT WHEN\" clauses should not have too many lines of code" } diff --git a/rules/S1151/rpg/rule.adoc b/rules/S1151/rpg/rule.adoc index dbd43fe9961..61efe89e744 100644 --- a/rules/S1151/rpg/rule.adoc +++ b/rules/S1151/rpg/rule.adoc @@ -4,6 +4,9 @@ The ``++SELECT++`` statement should be used only to clearly define some new bran === Noncompliant code example +With the default threshold of 5: + + [source,rpg] ---- C SELECT @@ -64,7 +67,9 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -include::../message.adoc[] +=== Message + +Reduce this "[WHEN|OTHER]" number of lines of code from {} to at most {}, for example by extracting code into a [method|subroutine|function]. include::../parameters.adoc[] diff --git a/rules/S1153/java/metadata.json b/rules/S1153/java/metadata.json index b50e8e891a2..6b1cd7e0bb4 100644 --- a/rules/S1153/java/metadata.json +++ b/rules/S1153/java/metadata.json @@ -22,9 +22,9 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1153", "sqKey": "S1153", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "targeted" -} \ No newline at end of file + "quickfix": "covered" +} diff --git a/rules/S1155/cfamily/metadata.json b/rules/S1155/cfamily/metadata.json index 05c8ea280cc..c4cb248eb18 100644 --- a/rules/S1155/cfamily/metadata.json +++ b/rules/S1155/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "\"empty()\" or \"is_empty()\" should be used to test for emptiness", + "title": "\"empty()\" should be used to test for emptiness", "tags": [ "cppcoreguidelines", "clumsy" diff --git a/rules/S1155/cfamily/rule.adoc b/rules/S1155/cfamily/rule.adoc index 5c77838f743..19485b47e66 100644 --- a/rules/S1155/cfamily/rule.adoc +++ b/rules/S1155/cfamily/rule.adoc @@ -1,8 +1,8 @@ == Why is this an issue? -When you call `empty()` or `is_empty()`, it clearly communicates the code's intention, which is to check if the collection is empty. Using `size() == 0` for this purpose is less direct and makes the code slightly more complex. +When you call `empty()`, it clearly communicates the code's intention, which is to check if the collection is empty. Using `size() == 0` for this purpose is less direct and makes the code slightly more complex. -Moreover, depending on the implementation, the `size()`, `length()`, or `count()` methods can have a time complexity of `O(n)` where `n` is the number of elements in the collection. On the other hand, `empty()` and `is_empty()` simply check if there is at least one element in the collection, which is a constant time operation, `O(1)`. +Moreover, in the standard library, depending on the implementation, the `size()` method can have a time complexity of `O(n)` where `n` is the number of elements in the collection. On the other hand, `empty()` simply checks if there is at least one element in the collection, which is a constant time operation, `O(1)`. Note that this rule also identifies similar method names in user-defined types, where the semantics and complexity may differ. [source,cpp,diff-id=1,diff-type=noncompliant] ---- @@ -13,7 +13,7 @@ void fun(const std::vector &myVector) { } ---- -Prefer using `empty()` or `is_empty()` to test for emptiness over `size()`, `length()`, or `count()`. +Prefer using `empty()` or to test for emptiness over `size()`. [source,cpp,diff-id=1,diff-type=compliant] ---- @@ -28,7 +28,7 @@ void fun(const std::vector &myVector) { === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#reason-382[T.143 - Don't write unintentionally nongeneric code] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#t143-dont-write-unintentionally-non-generic-code[T.143: Don't write unintentionally non-generic code] ifdef::env-github,rspecator-view[] @@ -38,7 +38,7 @@ ifdef::env-github,rspecator-view[] === Message -Use empty() or is_empty() to check whether the container is empty or not. +Use empty() to check whether the container is empty or not. ''' == Comments And Links diff --git a/rules/S1155/csharp/rule.adoc b/rules/S1155/csharp/rule.adoc index 3a859b8ddf5..8bde8dac4d3 100644 --- a/rules/S1155/csharp/rule.adoc +++ b/rules/S1155/csharp/rule.adoc @@ -5,6 +5,14 @@ When you call `Any()`, it clearly communicates the code's intention, which is to * if the collection is an `EntityFramework` or other ORM query, calling `Count()` will cause executing a potentially massive SQL query and could put a large overhead on the application database. Calling `Any()` will also connect to the database, but will generate much more efficient SQL. * if the collection is part of a LINQ query that contains `Select()` statements that create objects, a large amount of memory could be unnecessarily allocated. Calling `Any()` will be much more efficient because it will execute fewer iterations of the enumerable. +== How to fix it + +Prefer using `Any()` to test for emptiness over `Count()`. + +=== Code examples + +==== Noncompliant code example + [source,csharp,diff-id=1,diff-type=noncompliant] ---- private static bool HasContent(IEnumerable strings) @@ -23,7 +31,7 @@ private static bool IsEmpty(IEnumerable strings) } ---- -Prefer using `Any()` to test for emptiness over `Count()`. +==== Compliant solution [source,csharp,diff-id=1,diff-type=compliant] ---- @@ -43,6 +51,59 @@ private static bool IsEmpty(IEnumerable strings) } ---- +== Resources + +=== Benchmarks + +[options="header"] +|=== +| Method | Runtime | Mean | Standard Deviation +| Count | .NET 9.0 | 2,841.003 ns | 266.0238 ns +| Any | .NET 9.0 | 1.749 ns | 0.1242 ns +| Count | .NET Framework 4.8.1 | 71,125.275 ns | 731.0382 ns +| Any | .NET Framework 4.8.1 | 31.774 ns | 0.3196 ns +|=== + +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] + +The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: + +[source,csharp] +---- +private IEnumerable collection; + +public const int N = 10_000; + +[GlobalSetup] +public void GlobalSetup() +{ + collection = Enumerable.Range(0, N).Select(x => N - x); +} + +[Benchmark(Baseline = true)] +public bool Count() => + collection.Count() > 0; + +[Benchmark] +public bool Any() => + collection.Any(); +---- + +Hardware Configuration: + +[source] +---- +BenchmarkDotNet v0.14.0, Windows 10 (10.0.19045.5247/22H2/2022Update) +12th Gen Intel Core i7-12800H, 1 CPU, 20 logical and 14 physical cores + [Host] : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 + .NET 9.0 : .NET 9.0.0 (9.0.24.52809), X64 RyuJIT AVX2 + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 +---- + + ifdef::env-github,rspecator-view[] ''' @@ -101,7 +162,7 @@ Added the `Count() == 0` to the description and extended the code samples \[~ann.campbell.2] You are right, I removed the comparison to `0`. === on 27 May 2015, 14:04:31 Ann Campbell wrote: -Thanks [~tamas.vajk]. I've merged the code blocks into one block each for Compliant and Noncompliant +Thanks [~tamas.vajk]. I've merged the code blocks into one block each for Compliant and Noncompliant === on 1 Jun 2015, 14:30:42 Ann Campbell wrote: I've updated the examples with `List`. Please double-check me. diff --git a/rules/S1155/dart/metadata.json b/rules/S1155/dart/metadata.json new file mode 100644 index 00000000000..abe9ccd4ce7 --- /dev/null +++ b/rules/S1155/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "\"isEmpty\" or \"isNotEmpty\" should be used to test for emptiness" +} diff --git a/rules/S1155/dart/rule.adoc b/rules/S1155/dart/rule.adoc new file mode 100644 index 00000000000..650c07a1ecc --- /dev/null +++ b/rules/S1155/dart/rule.adoc @@ -0,0 +1,77 @@ +== Why is this an issue? + +When you call `isEmpty` or `isNotEmpty`, it clearly communicates the code's intention, which is to check if the collection is empty. Using `.length == 0` for this purpose is less direct and makes the code slightly more complex. + +The rule also raises issues if the comparisons don't make sense. For example, `length` is always 0 or higher, so you don't need to write the following conditions: + +[source,dart] +---- +void fun(List myList) { + if (myList.length >= 0) { // Noncompliant, the condition is always true + // do something + } + + if (myList.length < 0) { // Noncompliant, the condition is always false + // do something + } + +} +---- + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void fun(List myList) { + if (myList.length == 0) { // Noncompliant + // do something + } + + if (myList.length != 0) { // Noncompliant + // do something + } + +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +void fun(List myList) { + if (myList.isEmpty) { + // do something + } + + if (myList.isNotEmpty) { + // do something + } + +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_is_empty[Dart Linter rule - prefer_is_empty] +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_is_not_empty[Dart Linter rule - prefer_is_not_empty] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Use 'isEmpty'/'isNotEmpty' instead of 'length' to test whether the collection is 'empty'/'not empty'. +* The comparison is always 'true'/'false' because the length is always greater than or equal to 0. + +=== Highlighting + +The condition of the `if` statement. + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S1155/java/metadata.json b/rules/S1155/java/metadata.json index 9b623610df8..e8fd53c77a6 100644 --- a/rules/S1155/java/metadata.json +++ b/rules/S1155/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "covered" + "quickfix": "covered", + "scope": "Main" } diff --git a/rules/S1157/java/metadata.json b/rules/S1157/java/metadata.json index bc325eeb36b..d581bf84489 100644 --- a/rules/S1157/java/metadata.json +++ b/rules/S1157/java/metadata.json @@ -17,17 +17,13 @@ "performance" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1157", "sqKey": "S1157", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1158/java/metadata.json b/rules/S1158/java/metadata.json index 450820c19ef..35b537c493b 100644 --- a/rules/S1158/java/metadata.json +++ b/rules/S1158/java/metadata.json @@ -23,7 +23,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1158", "sqKey": "S1158", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S116/cfamily/rule.adoc b/rules/S116/cfamily/rule.adoc index af2ee3ab266..6114fbd0e6c 100644 --- a/rules/S116/cfamily/rule.adoc +++ b/rules/S116/cfamily/rule.adoc @@ -24,7 +24,7 @@ class MyClass { === Documentation -* Geeksforgeeks - https://www.geeksforgeeks.org/naming-convention-in-c/[Naming convention in C++] +* Geeksforgeeks - https://www.geeksforgeeks.org/naming-convention-in-c/[Naming convention in {cpp}] * Wikipedia - https://en.wikipedia.org/wiki/Naming_convention_(programming)[Naming Convention (programming)] ifdef::env-github,rspecator-view[] diff --git a/rules/S1161/comments-and-links.adoc b/rules/S1161/comments-and-links.adoc new file mode 100644 index 00000000000..fed60bcb6a1 --- /dev/null +++ b/rules/S1161/comments-and-links.adoc @@ -0,0 +1,2 @@ +=== on 29 Jul 2013, 15:51:56 Freddy Mallet wrote: +Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-249 diff --git a/rules/S1161/dart/metadata.json b/rules/S1161/dart/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S1161/dart/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S1161/dart/rule.adoc b/rules/S1161/dart/rule.adoc new file mode 100644 index 00000000000..4d8ff3cfc1b --- /dev/null +++ b/rules/S1161/dart/rule.adoc @@ -0,0 +1,62 @@ +== Why is this an issue? + +While not mandatory, using the https://api.dart.dev/dart-core/override-constant.html[`@override`] annotation on compliant members (methods, properties, operators) improves readability by making it explicit that members are overridden. + +Unlike other languages, all methods in Dart are https://en.wikipedia.org/wiki/Virtual_function[`virtual`] by default. So, using the `@override` annotation prevents accidental overriding of a base class method in a subclass. + +=== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class ParentClass { + bool doSomething(){/*...*/} +} +class FirstChildClass extends ParentClass { + bool doSomething(){/*...*/} // Noncompliant +} +---- + + +=== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class ParentClass { + bool doSomething(){/*...*/} +} +class FirstChildClass extends ParentClass { + @override + bool doSomething(){/*...*/} // Compliant +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/annotate_overrides[Dart Linter rule - annotate_overrides] +* Dart Docs - https://dart.dev/language/extend#overriding-members[Extend a class - Overriding members] +* Dart API Reference - https://api.dart.dev/dart-core/override-constant.html[Override top-level constant] +* Wikipedia - https://en.wikipedia.org/wiki/Virtual_function[Virtual function] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +The member '' overrides an inherited member but isn't annotated with '@override'. + +If the member is a setter, the method name will end with a `=` sign, to distinguish it from the corresponding getter. + +=== Highlighting + +The identifier of the method, property or operator. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1161/java/metadata.json b/rules/S1161/java/metadata.json index 3a060d47fe1..1f332703797 100644 --- a/rules/S1161/java/metadata.json +++ b/rules/S1161/java/metadata.json @@ -1,34 +1,4 @@ { "title": "\"@Override\" should be used on overriding and implementing methods", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "bad-practice" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-1161", - "sqKey": "S1161", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], "quickfix": "covered" } diff --git a/rules/S1161/java/rule.adoc b/rules/S1161/java/rule.adoc index 420ae64681f..3700732b1a5 100644 --- a/rules/S1161/java/rule.adoc +++ b/rules/S1161/java/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -While not mandatory, using the `@Override` annotation on compliant methods improves readability by making it explicit that methods are overriden. +While not mandatory, using the `@Override` annotation on compliant methods improves readability by making it explicit that methods are overridden. A compliant method either overrides a parent method or implements an interface or abstract method. @@ -52,7 +52,6 @@ Add the "@Override" annotation above this method signature == Comments And Links (visible only on this page) -=== on 29 Jul 2013, 15:51:56 Freddy Mallet wrote: -Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-249 +include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1161/metadata.json b/rules/S1161/metadata.json index 2c63c085104..4f324d9948b 100644 --- a/rules/S1161/metadata.json +++ b/rules/S1161/metadata.json @@ -1,2 +1,34 @@ { + "title": "\"@override\" should be used on overriding members", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "bad-practice" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-1161", + "sqKey": "S1161", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S1165/java/metadata.json b/rules/S1165/java/metadata.json index 105f29d8afa..c32511d9234 100644 --- a/rules/S1165/java/metadata.json +++ b/rules/S1165/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1165", "sqKey": "S1165", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1166/java/rule.adoc b/rules/S1166/java/rule.adoc index eb8f1f89b05..11d73e78b47 100644 --- a/rules/S1166/java/rule.adoc +++ b/rules/S1166/java/rule.adoc @@ -10,10 +10,10 @@ include::../exceptions.adoc[] == Resources -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures -* https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[OWASP Top 10 2017 Category A10] - Insufficient Logging & Monitoring +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[Top 10 2017 Category A10 - Insufficient Logging & Monitoring] * https://wiki.sei.cmu.edu/confluence/x/xDdGBQ[CERT, ERR00-J.] - Do not suppress or ignore checked exceptions -* https://cwe.mitre.org/data/definitions/778[MITRE, CWE-778] - Insufficient Logging +* CWE - https://cwe.mitre.org/data/definitions/778[CWE-778 - Insufficient Logging] ifdef::env-github,rspecator-view[] diff --git a/rules/S1166/see.adoc b/rules/S1166/see.adoc index ad80faa5c5f..9014537c1e0 100644 --- a/rules/S1166/see.adoc +++ b/rules/S1166/see.adoc @@ -1,5 +1,5 @@ == Resources -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures -* https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[OWASP Top 10 2017 Category A10] - Insufficient Logging & Monitoring -* https://cwe.mitre.org/data/definitions/778[MITRE, CWE-778] - Insufficient Logging +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[Top 10 2017 Category A10 - Insufficient Logging & Monitoring] +* CWE - https://cwe.mitre.org/data/definitions/778[CWE-778 - Insufficient Logging] diff --git a/rules/S1169/plsql/rule.adoc b/rules/S1169/plsql/rule.adoc index 4f3e3b70658..fbb9cf4f0d5 100644 --- a/rules/S1169/plsql/rule.adoc +++ b/rules/S1169/plsql/rule.adoc @@ -54,7 +54,7 @@ END; == Resources -* https://cwe.mitre.org/data/definitions/391[MITRE, CWE-391] - Unchecked Error Condition +* CWE - https://cwe.mitre.org/data/definitions/391[CWE-391 - Unchecked Error Condition] ifdef::env-github,rspecator-view[] diff --git a/rules/S117/azureresourcemanager/metadata.json b/rules/S117/azureresourcemanager/metadata.json new file mode 100644 index 00000000000..85af50f966f --- /dev/null +++ b/rules/S117/azureresourcemanager/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Parameter and variable names should comply with a naming convention" +} diff --git a/rules/S117/azureresourcemanager/rule.adoc b/rules/S117/azureresourcemanager/rule.adoc new file mode 100644 index 00000000000..6e234a7ebb8 --- /dev/null +++ b/rules/S117/azureresourcemanager/rule.adoc @@ -0,0 +1,104 @@ +:identifier_capital_plural: Parameters and variables +:identifier: parameter and variable +:identifier_plural: parameters and variables +:identifier_or: parameter or variable +:regex: ^[a-z][a-zA-Z0-9]*$ + +include::../introduction.adoc[] + +include::../why-is-this-an-issue.adoc[] + +include::../what-is-the-potential-impact.adoc[] + +== How to fix it in JSON templates + +include::../how-to-fix-it-description.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,json,diff-id=1,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "storage_account_name": { + "type": "string" + } + }, + "variables": { + "string_variable": "example value" + } +} +---- + +==== Compliant solution + +[source,json,diff-id=1,diff-type=compliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "storageAccountName": { + "type": "string" + } + }, + "variables": { + "stringVariable": "example value" + } +} +---- + +== How to fix it in Bicep + +include::../how-to-fix-it-description.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +param storage_account_name string // Noncompliant +var string_variable = 'example val' // Noncompliant +---- + +==== Compliant solution + +[source,bicep,diff-id=2,diff-type=compliant] +---- +param storageAccountName string +var stringVariable = 'example val' +---- + +== Resources + +=== Documentation + +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices#parameters[ARM template best practices] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/best-practices#names[Best practices for Bicep] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/variables[Variables in ARM templates] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/parameters[Parameters in ARM templates] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/variables[Variables in Bicep] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/parameters[Parameters in Bicep] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S117/how-to-fix-it-description.adoc b/rules/S117/how-to-fix-it-description.adoc new file mode 100644 index 00000000000..98194a3cca2 --- /dev/null +++ b/rules/S117/how-to-fix-it-description.adoc @@ -0,0 +1,6 @@ +First, familiarize yourself with the particular naming convention of the project +in question. +Then, update the name to match the convention, as well as all +usages of the name. +For many IDEs, you can use built-in renaming and refactoring features to update +all usages at once. diff --git a/rules/S117/how-to-fix-it.adoc b/rules/S117/how-to-fix-it.adoc index 8f1f4d34fd8..2d9f1db0065 100644 --- a/rules/S117/how-to-fix-it.adoc +++ b/rules/S117/how-to-fix-it.adoc @@ -1,8 +1,3 @@ == How to fix it -First, familiarize yourself with the particular naming convention of the project -in question. -Then, update the name to match the convention, as well as all -usages of the name. -For many IDEs, you can use built-in renaming and refactoring features to update -all usages at once. +include::how-to-fix-it-description.adoc[] diff --git a/rules/S117/kubernetes/metadata.json b/rules/S117/kubernetes/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S117/kubernetes/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S117/kubernetes/rule.adoc b/rules/S117/kubernetes/rule.adoc new file mode 100644 index 00000000000..308bbcb1d22 --- /dev/null +++ b/rules/S117/kubernetes/rule.adoc @@ -0,0 +1,100 @@ +:identifier_capital_plural: Local variables and function parameters +:identifier: local variable and function parameter +:identifier_plural: local variables and function parameters +:identifier_or: local variable or function parameter +:regex: ^\$[a-z][a-zA-Z0-9]*$ + + +include::../introduction.adoc[] + +include::../why-is-this-an-issue.adoc[] + +=== Exceptions + +The rule does not raise an issue on the usages of the blank identifier `$_` or the root context `$`. + +include::../what-is-the-potential-impact.adoc[] + +include::../how-to-fix-it.adoc[] + +As a default, we suggest using the camelCase naming convention, as this is widely adopted for variables in Helm. + + +=== Code examples + +==== Noncompliant code example + +With the default regular expression ``{regex}``: + +[source,text,diff-id=1,diff-type=noncompliant] +---- +{{- $my_Variable := .Values.myVariableValue -}} # Noncompliant +---- + +[source,text,diff-id=2,diff-type=noncompliant] +---- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configmap +data: + myvalue: "Hello World" + {{- range $KeyNc, $VAL_NC := .Values.favorite }} # Noncompliant + {{ $KeyNc }}: {{ $VAL_NC | quote }} + {{- end }} +---- + +==== Compliant solution + +[source,text,diff-id=1,diff-type=compliant] +---- +{{- $myVariable := .Values.myVariableValue -}} +---- + +[source,text,diff-id=2,diff-type=compliant] +---- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configmap +data: + myvalue: "Hello World" + {{- range $keyC, $valC := .Values.favorite }} + {{ $keyC }}: {{ $valC | quote }} + {{- end }} +---- + +[source,text] +---- +# Usage of blank identifier +{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className -}} + +# Usage of root context +{{- $ := . -}} +---- +== Resources + +=== Documentation + +* Helm documentation - https://helm.sh/docs/chart_template_guide/variables/[Helm - Variables] +* Go documentation - https://go.dev/doc/effective_go#names[Effective Go - Names] +* Wikipedia - https://en.wikipedia.org/wiki/Naming_convention_(programming)[Naming Convention (programming)] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S117/what-is-the-potential-impact.adoc b/rules/S117/what-is-the-potential-impact.adoc index 9f91d1a08b5..cf3c5c38139 100644 --- a/rules/S117/what-is-the-potential-impact.adoc +++ b/rules/S117/what-is-the-potential-impact.adoc @@ -2,14 +2,14 @@ Inconsistent naming of {identifier_plural} can lead to several issues in your code: -* Reduced Readability: inconsistent {identifier} names make the code harder to read and understand; consequently, it is more difficult to identify the purpose of each variable, spot errors, or comprehend the logic. +* *Reduced Readability*: Inconsistent {identifier} names make the code harder to read and understand; consequently, it is more difficult to identify the purpose of each variable, spot errors, or comprehend the logic. -* Difficulty in Identifying Variables: {identifier_plural} that don't adhere to a standard naming convention are challenging to identify; thus, the coding process slows down, especially when dealing with a large codebase. +* *Difficulty in Identifying Variables*: The {identifier_plural} that don't adhere to a standard naming convention are challenging to identify; thus, the coding process slows down, especially when dealing with a large codebase. -* Increased Risk of Errors: inconsistent or unclear {identifier} names lead to misunderstandings about what the variable represents. This ambiguity leads to incorrect assumptions and, consequently, bugs in the code. +* *Increased Risk of Errors*: Inconsistent or unclear {identifier} names lead to misunderstandings about what the variable represents. This ambiguity leads to incorrect assumptions and, consequently, bugs in the code. -* Collaboration Difficulties: in a team setting, inconsistent naming conventions lead to confusion and miscommunication among team members. +* *Collaboration Difficulties*: In a team setting, inconsistent naming conventions lead to confusion and miscommunication among team members. -* Difficulty in Code Maintenance: inconsistent naming leads to an inconsistent codebase. The code is difficult to understand, and making changes feels like refactoring constantly, as you face different naming methods. Ultimately, it makes the codebase harder to maintain. +* *Difficulty in Code Maintenance*: Inconsistent naming leads to an inconsistent codebase. The code is difficult to understand, and making changes feels like refactoring constantly, as you face different naming methods. Ultimately, it makes the codebase harder to maintain. In summary, not adhering to a naming convention for {identifier_plural} can lead to confusion, errors, and inefficiencies, making the code harder to read, understand, and maintain. diff --git a/rules/S1170/java/metadata.json b/rules/S1170/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1170/java/metadata.json +++ b/rules/S1170/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1171/java/metadata.json b/rules/S1171/java/metadata.json index 56b39431a88..8f70d415131 100644 --- a/rules/S1171/java/metadata.json +++ b/rules/S1171/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1171", "sqKey": "S1171", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1171/java/rule.adoc b/rules/S1171/java/rule.adoc index 52132f1d3fd..e83c068bc2d 100644 --- a/rules/S1171/java/rule.adoc +++ b/rules/S1171/java/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Non-static initializers, also known as instance initializers, are blocks of code within a class that is executed when an instance of the +Non-static initializers, also known as instance initializers, are blocks of code within a class that are executed when an instance of the class is created. They are executed when an object of the class is created just before the constructor is called. Non-static initializers are useful when you want to perform some common initialization logic for all objects of a class. They allow you to initialize instance variables in a concise and centralized manner, without having to repeat the same initialization code in each constructor. diff --git a/rules/S1172/cfamily/rule.adoc b/rules/S1172/cfamily/rule.adoc index 44b99d401b3..47ee05e00db 100644 --- a/rules/S1172/cfamily/rule.adoc +++ b/rules/S1172/cfamily/rule.adoc @@ -13,7 +13,7 @@ void f([[maybe_unused]] int i) { } ---- -In case of Objective-C, it is acceptable to have unused parameters if the method is supposed to be overridden. +In case of Objective-C, it is acceptable to have unused parameters if the method is supposed to be overridden. Additionally, since Objective-C blocks don't allow unnamed parameters while they are typically used as callbacks, it is acceptable to have unused parameters in blocks. == How to fix it @@ -44,7 +44,7 @@ void doSomething(int a) { * MISRA {cpp}:2008, 0-1-11 - There shall be no unused parameters (named or unnamed) in nonvirtual functions. * MISRA C:2012, 2.7 - There should be no unused parameters in functions * https://wiki.sei.cmu.edu/confluence/x/5dUxBQ[CERT, MSC12-C.] - Detect and remove code that has no effect or is never executed -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#f9-unused-parameters-should-be-unnamed[{cpp} Core Guidelines - F.9] - Unused parameters should be unnamed +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f9-unused-parameters-should-be-unnamed[F.9: Unused parameters should be unnamed] ifdef::env-github,rspecator-view[] diff --git a/rules/S1172/jcl/metadata.json b/rules/S1172/jcl/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S1172/jcl/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S1172/jcl/rule.adoc b/rules/S1172/jcl/rule.adoc new file mode 100644 index 00000000000..562753a04f7 --- /dev/null +++ b/rules/S1172/jcl/rule.adoc @@ -0,0 +1,46 @@ +== Why is this an issue? + +include::../description.adoc[] + +== How to fix it + +include::../how-to-fix-it.adoc[] + +=== Code examples + +[source,jcl,diff-id=1,diff-type=noncompliant] +---- +//MYPROC PROC NAME1=SYS1,NAME2=SYS2,NAME3=SYS3 <--- Noncompliant +//STEP1 EXEC PGM=DOTHING +//THEFILE DD DSN=&N1..INFILE,DISP=SHR +// DD DSN=&N2..INFILE,DISP=SHR +// PEND +---- + +==== Compliant solution + +[source,jcl,diff-id=1,diff-type=compliant] +---- +//MYPROC PROC NAME1=SYS1,NAME2=SYS2 +//STEP1 EXEC PGM=DOTHING +//THEFILE DD DSN=&N1..INFILE,DISP=SHR +// DD DSN=&N2..INFILE,DISP=SHR +// PEND +---- + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] + diff --git a/rules/S1172/python/rule.adoc b/rules/S1172/python/rule.adoc index 8408d815a44..3c3ce777422 100644 --- a/rules/S1172/python/rule.adoc +++ b/rules/S1172/python/rule.adoc @@ -21,6 +21,24 @@ def do_something(a, _): # no issue reported on _ return compute(a) ---- +The rule also won't raise an issue if the parameter is referenced in a docstring or a comment: + +[source,python] +---- +class MyClass: + def do_something(self, my_param): # no issue reported + # Overrides may use my_param to ... + return compute(a) +---- + +[source,python] +---- +class MyClass: + def do_something(self, my_param): # no issue reported + """Overrides may use my_param to ...""" + return compute(a) +---- + == How to fix it include::../how-to-fix-it.adoc[] diff --git a/rules/S1174/java/rule.adoc b/rules/S1174/java/rule.adoc index 4e62d586699..865675b6b8e 100644 --- a/rules/S1174/java/rule.adoc +++ b/rules/S1174/java/rule.adoc @@ -21,7 +21,7 @@ public class MyClass { == Resources -* https://cwe.mitre.org/data/definitions/583[MITRE, CWE-583] - finalize() Method Declared Public +* CWE - https://cwe.mitre.org/data/definitions/583[CWE-583 - finalize() Method Declared Public] * https://wiki.sei.cmu.edu/confluence/x/4jZGBQ[CERT, MET12-J.] - Do not use finalizers diff --git a/rules/S1176/java/metadata.json b/rules/S1176/java/metadata.json index 0a00a5112c5..4b1fdd65672 100644 --- a/rules/S1176/java/metadata.json +++ b/rules/S1176/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Public types, methods and fields (API) should be documented with Javadoc" + "title": "Public types, methods and fields (API) should be documented with Javadoc", + "scope": "Main" } diff --git a/rules/S118/java/metadata.json b/rules/S118/java/metadata.json index 08f34223005..306306057df 100644 --- a/rules/S118/java/metadata.json +++ b/rules/S118/java/metadata.json @@ -16,19 +16,13 @@ "convention" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-118", "sqKey": "S118", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1181/cfamily/rule.adoc b/rules/S1181/cfamily/rule.adoc index 86da35ff78c..e5f5124d58a 100644 --- a/rules/S1181/cfamily/rule.adoc +++ b/rules/S1181/cfamily/rule.adoc @@ -40,8 +40,8 @@ Additionally, if the ``++catch++`` handler is throwing an exception (either the == Resources -* https://cwe.mitre.org/data/definitions/396[MITRE, CWE-396] - Declaration of Catch for Generic Exception -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#Re-exception-types[{cpp} Core Guidelines E.14] - Use purpose-designed user-defined types as exceptions (not built-in types) +* CWE - https://cwe.mitre.org/data/definitions/396[CWE-396 - Declaration of Catch for Generic Exception] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#e14-use-purpose-designed-user-defined-types-as-exceptions-not-built-in-types[E.14: Use purpose-designed user-defined types as exceptions (not built-in types)] ifdef::env-github,rspecator-view[] diff --git a/rules/S1181/java/rule.adoc b/rules/S1181/java/rule.adoc index b176612880c..797a929e8b0 100644 --- a/rules/S1181/java/rule.adoc +++ b/rules/S1181/java/rule.adoc @@ -26,7 +26,7 @@ try { /* ... */ } catch (MyException e) { /* ... */ } == Resources -* https://cwe.mitre.org/data/definitions/396[MITRE, CWE-396] - Declaration of Catch for Generic Exception +* CWE - https://cwe.mitre.org/data/definitions/396[CWE-396 - Declaration of Catch for Generic Exception] * https://wiki.sei.cmu.edu/confluence/display/java/ERR08-J.+Do+not+catch+NullPointerException+or+any+of+its+ancestors[CERT, ERR08-J.] - Do not catch NullPointerException or any of its ancestors diff --git a/rules/S1182/java/rule.adoc b/rules/S1182/java/rule.adoc index a354e1d2463..2f98c470fa1 100644 --- a/rules/S1182/java/rule.adoc +++ b/rules/S1182/java/rule.adoc @@ -80,7 +80,7 @@ class Application { == Resources -* https://cwe.mitre.org/data/definitions/580[MITRE, CWE-580] - clone() Method Without super.clone() +* CWE - https://cwe.mitre.org/data/definitions/580[CWE-580 - clone() Method Without super.clone()] * https://wiki.sei.cmu.edu/confluence/x/FjZGBQ[CERT, MET53-J.] - Ensure that the clone() method calls super.clone() diff --git a/rules/S1185/dart/metadata.json b/rules/S1185/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1185/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1185/dart/rule.adoc b/rules/S1185/dart/rule.adoc new file mode 100644 index 00000000000..9d03ed84a6a --- /dev/null +++ b/rules/S1185/dart/rule.adoc @@ -0,0 +1,60 @@ +== Why is this an issue? + +Overriding a method just to call the overridden function from the base class without performing any other actions can be useless and misleading. + + +There are cases when it is justified because redeclaring the function allows some side effects: + +* if a type (return type or a parameter type) is not exactly the same as the super member +* if the covariant keyword is added to one of the parameters +* if documentation comments are present on the member +* if the member has annotations other than `@override` +* if the member is not annotated with `@protected`, and the super member is + +=== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class Child extends Parent { + @override + void foo() { + super.foo(); + } +} +---- + +=== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class Child extends Parent { + @override + void foo() { + bar(); + } +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/unnecessary_overrides[Dart Linter rule - unnecessary_overrides] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Unnecessary override. + +=== Highlighting + +The identifier of the overridden method. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S1185/java/metadata.json b/rules/S1185/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1185/java/metadata.json +++ b/rules/S1185/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1186/javascript/rule.adoc b/rules/S1186/javascript/rule.adoc index 7946044c6b1..11754b53d7f 100644 --- a/rules/S1186/javascript/rule.adoc +++ b/rules/S1186/javascript/rule.adoc @@ -8,8 +8,10 @@ include::../description.adoc[] This does not raise an issue in the following cases: -* Function expressions and arrow functions as they can denote default values -* Empty functions with a name starting with the prefix `on` like `onClick`. +* Arrow functions as they can denote default values. +* Functions with a name starting with the prefix `on` like `onClick`. +* Functions whose name includes `noop`. +* Constructors as it is already covered by S6647. [source,javascript] ---- @@ -19,6 +21,13 @@ static defaultProps = { function onClick() { } + +function myNoopFunction() { +} + +class C { + constructor() {} +} ---- == How to fix it @@ -62,6 +71,10 @@ function emptyOnPurpose() { * MDN web docs - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Functions[Functions] +=== Related rules + +* S6647 - Unnecessary constructors should be removed + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1186/jcl/metadata.json b/rules/S1186/jcl/metadata.json new file mode 100644 index 00000000000..5cdc6501429 --- /dev/null +++ b/rules/S1186/jcl/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Procedures should not be empty" +} \ No newline at end of file diff --git a/rules/S1186/jcl/rule.adoc b/rules/S1186/jcl/rule.adoc new file mode 100644 index 00000000000..6caab374c77 --- /dev/null +++ b/rules/S1186/jcl/rule.adoc @@ -0,0 +1,44 @@ +== Why is this an issue? + +:operationName: procedure + +include::../description.adoc[] + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,jcl,diff-id=1,diff-type=noncompliant] +---- +//MYPROC PROC +// PEND +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +//MYPROC PROC +//RUN EXEC PGM=MYPROG +// PEND +---- + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Complete the implementation of this procedure. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1186/metadata.json b/rules/S1186/metadata.json index 9c21b6c5fad..20dbbb24788 100644 --- a/rules/S1186/metadata.json +++ b/rules/S1186/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1190/java/metadata.json b/rules/S1190/java/metadata.json index bebab789de1..1ced5968767 100644 --- a/rules/S1190/java/metadata.json +++ b/rules/S1190/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -19,7 +19,7 @@ "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1190", "sqKey": "S1190", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1190/java/rule.adoc b/rules/S1190/java/rule.adoc index f85023795ab..685d7086d7c 100644 --- a/rules/S1190/java/rule.adoc +++ b/rules/S1190/java/rule.adoc @@ -4,22 +4,13 @@ Programming languages evolve over time, and new versions of Java introduce addit If future keywords are used in the current code, it can create compatibility issues when transitioning to newer versions of Java. The code may fail to compile or behave unexpectedly due to conflicts with newly introduced keywords. -The following keywords are marked as invalid identifiers: +The `\_` keyword was deprecated in Java 9 and disallowed since Java 11. Starting from Java 22 the `_` was introduced as `unnamed variable`. -[frame=all] -[cols="^1,^1"] -|=== -|Keyword|Added in version - -|`_`|9 -|`enum`|5.0 -|=== - -`assert` and `strictfp` are another example of valid identifiers which became keywords in later versions, but are not supported by this rule. +This rule reports an issue when `_` is used in versions prior to Java 22. == How to fix it -Rename the identifiers that use Java keywords. +Rename the `_` identifiers. === Code examples @@ -28,7 +19,6 @@ Rename the identifiers that use Java keywords. [source,java,diff-id=1,diff-type=noncompliant] ---- public class MyClass { - int enum = 42; // Noncompliant String _ = ""; // Noncompliant } ---- @@ -39,14 +29,14 @@ public class MyClass { [source,java,diff-id=1,diff-type=compliant] ---- public class MyClass { - int magic = 42; // Noncompliant - String s = ""; // Noncompliant + String s = ""; // Compliant } ---- == Resources === Documentation -* https://docs.oracle.com/javase/tutorial/java/nutsandbolts/_keywords.html[Oracle - Java Language Keywords] +* https://docs.oracle.com/en/java/javase/22/docs/specs/unnamed-jls.html#jls-3.9[Oracle - Unnamed Variables and Patterns Keywords] +* https://docs.oracle.com/en/java/javase/22/language/unnamed-variables-and-patterns.html[Oracle - Unnamed Variables and Patterns] ifdef::env-github,rspecator-view[] diff --git a/rules/S1191/java/metadata.json b/rules/S1191/java/metadata.json index 8f45450d59e..1f18c0214d9 100644 --- a/rules/S1191/java/metadata.json +++ b/rules/S1191/java/metadata.json @@ -20,7 +20,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1191", "sqKey": "S1191", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1192/azureresourcemanager/exceptions-arm.adoc b/rules/S1192/azureresourcemanager/exceptions-arm.adoc new file mode 100644 index 00000000000..4d64578ec6a --- /dev/null +++ b/rules/S1192/azureresourcemanager/exceptions-arm.adoc @@ -0,0 +1,9 @@ +The following are ignored: + +* literals with fewer than 5 characters +* literals with only letters, numbers, underscores, hyphens and periods +* `apiVersion` property of a resource (see rule S6874) +* `type` in nested templates +* `$schema` property +* version numbers like `1.0.0` or `1-0-0` +* escaped template expressions starting with `[[`, like `[[variables('variableName')]` diff --git a/rules/S1192/azureresourcemanager/howtofix-arm.adoc b/rules/S1192/azureresourcemanager/howtofix-arm.adoc new file mode 100644 index 00000000000..5cdf88bbdc9 --- /dev/null +++ b/rules/S1192/azureresourcemanager/howtofix-arm.adoc @@ -0,0 +1,2 @@ +Use variables to replace the duplicated string literals. +Variables can be referenced from many places, but only need to be updated in a single place. diff --git a/rules/S1192/azureresourcemanager/metadata.json b/rules/S1192/azureresourcemanager/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S1192/azureresourcemanager/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S1192/azureresourcemanager/rule.adoc b/rules/S1192/azureresourcemanager/rule.adoc new file mode 100644 index 00000000000..75ea1786a07 --- /dev/null +++ b/rules/S1192/azureresourcemanager/rule.adoc @@ -0,0 +1,132 @@ +== Why is this an issue? + +include::../description.adoc[] + +=== Exceptions + +include::exceptions-arm.adoc[] + +== How to fix it in JSON templates + +include::howtofix-arm.adoc[] + +=== Code examples + +==== Noncompliant code example + +With the default threshold of 5: + +[source,json,diff-id=1,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2021-01-01", + "name": "appSuperStorage", + "tags": { + "displayName": "appSuperStorage", + "shortName" : "appSuperStorage", + "someName": "appSuperStorage", + "yetAnotherName": "appSuperStorage" + } + } + ] +} +---- + +==== Compliant solution + +[source,json,diff-id=1,diff-type=compliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "variables": { + "storageAccountName": "appSuperStorage" + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2021-01-01", + "name": "[variables('storageAccountName')]", + "tags": { + "displayName": "[variables('storageAccountName')]", + "shortName" : "[variables('storageAccountName')]", + "someName": "[variables('storageAccountName')]", + "yetAnotherName": "[variables('storageAccountName')]" + } + } + ] +} +---- + +== How to fix it in Bicep + +include::howtofix-arm.adoc[] + +=== Code examples + +==== Noncompliant code example + +With the default threshold of 5: + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-01-01' = { + name: 'appSuperStorage' // Noncompliant + tags: { + displayName: 'appSuperStorage' // Noncompliant + shortName: 'appSuperStorage' // Noncompliant + someName: 'appSuperStorage' // Noncompliant + yetAnotherName: 'appSuperStorage' // Noncompliant + } +} +---- + +==== Compliant solution + +[source,bicep,diff-id=2,diff-type=compliant] +---- +var storageAccountName = 'appSuperStorage' + +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-01-01' = { + name: storageAccountName + tags: { + displayName: storageAccountName + shortName: storageAccountName + someName: storageAccountName + yetAnotherName: storageAccountName + } +} +---- + +== Resources + +== Documentation + +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices#variables[ARM template best practices] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/best-practices[Best practices for Bicep] + +=== Related rules + +* S6893 - Use a hard-coded value for the apiVersion + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +include::../highlighting.adoc[] + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S1192/csharp/metadata.json b/rules/S1192/csharp/metadata.json index a9d9a64bbd4..3ec1c0a8c24 100644 --- a/rules/S1192/csharp/metadata.json +++ b/rules/S1192/csharp/metadata.json @@ -1,16 +1,9 @@ { - "remediation": { - "func": "Constant\/Issue", - "constantCost": "10min" - }, "code": { "impacts": { "MAINTAINABILITY": "LOW" }, "attribute": "DISTINCT" }, - "defaultSeverity": "Minor", - "defaultQualityProfiles": [ - - ] + "defaultSeverity": "Minor" } diff --git a/rules/S1192/csharp/rule.adoc b/rules/S1192/csharp/rule.adoc index 4fc631f1d49..629854a1ff5 100644 --- a/rules/S1192/csharp/rule.adoc +++ b/rules/S1192/csharp/rule.adoc @@ -4,11 +4,7 @@ include::../description.adoc[] === Exceptions -The following are ignored: - -* literals with fewer than 5 characters -* literals matching one of the parameter names -* literals used in attributes +include::../exceptions-dotnet.adoc[] == How to fix it @@ -52,26 +48,4 @@ public class Foo } ---- -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Define a constant instead of using the literal "{string}" {number} times. - - -include::../parameters.adoc[] - -=== Highlighting - -primary: the class - -secondaries: all instances of the string literal - - -''' - -endif::env-github,rspecator-view[] +include::../rspecator-dotnet.adoc[] diff --git a/rules/S1192/dart/metadata.json b/rules/S1192/dart/metadata.json new file mode 100644 index 00000000000..17971333806 --- /dev/null +++ b/rules/S1192/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1192/dart/rule.adoc b/rules/S1192/dart/rule.adoc new file mode 100644 index 00000000000..52668c6d18e --- /dev/null +++ b/rules/S1192/dart/rule.adoc @@ -0,0 +1,60 @@ +== Why is this an issue? + +include::../description.adoc[] + +=== Exceptions + +To prevent generating some false-positives, literals having 5 or less characters are excluded as well as literals containing only letters, digits and '_'. + +== How to fix it + +include::../howtofix.adoc[] + +=== Code examples + +==== Noncompliant code example + +With the default threshold of 3: + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class A { + void run() { + prepare('string literal'); // Noncompliant - "string literal" is duplicated 3 times + execute('string literal'); + release('string literal'); + } +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class A { + static const _const = 'string literal'; + + void run() { + prepare(_const); // Compliant + execute(_const); + release(_const); + } +} +---- + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +include::../highlighting.adoc[] + +''' + + +endif::env-github,rspecator-view[] diff --git a/rules/S1192/exceptions-dotnet.adoc b/rules/S1192/exceptions-dotnet.adoc new file mode 100644 index 00000000000..e83fed5d7cf --- /dev/null +++ b/rules/S1192/exceptions-dotnet.adoc @@ -0,0 +1,5 @@ +The following are ignored: + +* literals with fewer than 5 characters +* literals matching one of the parameter names +* literals used in attributes \ No newline at end of file diff --git a/rules/S1192/howtofix.adoc b/rules/S1192/howtofix.adoc index e12dfc2ca33..e60d17e33f1 100644 --- a/rules/S1192/howtofix.adoc +++ b/rules/S1192/howtofix.adoc @@ -1,2 +1,2 @@ -Instead, use constants to replace the duplicated string literals. -Constants can be referenced from many places, but only need to be updated in a single place. \ No newline at end of file +Use constants to replace the duplicated string literals. +Constants can be referenced from many places, but only need to be updated in a single place. diff --git a/rules/S1192/rspecator-dotnet.adoc b/rules/S1192/rspecator-dotnet.adoc new file mode 100644 index 00000000000..9b41ecdd7e8 --- /dev/null +++ b/rules/S1192/rspecator-dotnet.adoc @@ -0,0 +1,21 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Define a constant instead of using the literal "{string}" {number} times. + +include::parameters.adoc[] + +=== Highlighting + +primary: the class + +secondaries: all instances of the string literal + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S1192/vbnet/metadata.json b/rules/S1192/vbnet/metadata.json index a9d9a64bbd4..3ec1c0a8c24 100644 --- a/rules/S1192/vbnet/metadata.json +++ b/rules/S1192/vbnet/metadata.json @@ -1,16 +1,9 @@ { - "remediation": { - "func": "Constant\/Issue", - "constantCost": "10min" - }, "code": { "impacts": { "MAINTAINABILITY": "LOW" }, "attribute": "DISTINCT" }, - "defaultSeverity": "Minor", - "defaultQualityProfiles": [ - - ] + "defaultSeverity": "Minor" } diff --git a/rules/S1192/vbnet/rule.adoc b/rules/S1192/vbnet/rule.adoc index 1ff7e109242..06b26d7c2f8 100644 --- a/rules/S1192/vbnet/rule.adoc +++ b/rules/S1192/vbnet/rule.adoc @@ -4,11 +4,7 @@ include::../description.adoc[] === Exceptions -The following are ignored: - -* literals with fewer than 5 characters -* literals matching one of the parameter names -* literals used in attributes +include::../exceptions-dotnet.adoc[] == How to fix it @@ -56,26 +52,4 @@ Public Class Foo End Class ---- -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Define a constant instead of using the literal "{string}" {number} times. - - -include::../parameters.adoc[] - -=== Highlighting - -primary: the class - -secondaries: all instances of the string literal - - -''' - -endif::env-github,rspecator-view[] +include::../rspecator-dotnet.adoc[] diff --git a/rules/S1193/java/metadata.json b/rules/S1193/java/metadata.json index 0e3bb49fd6f..afef3fc4604 100644 --- a/rules/S1193/java/metadata.json +++ b/rules/S1193/java/metadata.json @@ -20,7 +20,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1193", "sqKey": "S1193", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "ERR51-J." diff --git a/rules/S1193/java/rule.adoc b/rules/S1193/java/rule.adoc index f139c5249d2..0b645690b56 100644 --- a/rules/S1193/java/rule.adoc +++ b/rules/S1193/java/rule.adoc @@ -10,7 +10,7 @@ block based on the declared exception type in the catch clauses. == How to fix it -Replace `if` statements that check the exception type using `instaceof` with corresponding `catch` blocks. +Replace `if` statements that check the exception type using `instanceof` with corresponding `catch` blocks. === Code examples diff --git a/rules/S1195/java/metadata.json b/rules/S1195/java/metadata.json index 354d403c1ce..df1659e1ce9 100644 --- a/rules/S1195/java/metadata.json +++ b/rules/S1195/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1195", "sqKey": "S1195", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1197/vbnet/metadata.json b/rules/S1197/vbnet/metadata.json index e45900f8310..6f677f1680a 100644 --- a/rules/S1197/vbnet/metadata.json +++ b/rules/S1197/vbnet/metadata.json @@ -1,4 +1,5 @@ { "title": "Array designators \"()\" should be on the type, not the variable", + "defaultQualityProfiles": [ ], "quickfix": "covered" } diff --git a/rules/S1199/cfamily/metadata.json b/rules/S1199/cfamily/metadata.json index 17971333806..7cdcf719116 100644 --- a/rules/S1199/cfamily/metadata.json +++ b/rules/S1199/cfamily/metadata.json @@ -1,3 +1,6 @@ { - + "status": "deprecated", + "defaultQualityProfiles": [ + ], + "tags": [] } diff --git a/rules/S1199/java/metadata.json b/rules/S1199/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1199/java/metadata.json +++ b/rules/S1199/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S120/dart/metadata.json b/rules/S120/dart/metadata.json new file mode 100644 index 00000000000..17971333806 --- /dev/null +++ b/rules/S120/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S120/dart/rule.adoc b/rules/S120/dart/rule.adoc new file mode 100644 index 00000000000..12fe1f23b50 --- /dev/null +++ b/rules/S120/dart/rule.adoc @@ -0,0 +1,19 @@ +== Why is this an issue? + +Shared naming conventions improve readability and allow teams to collaborate efficiently. +In Dart, the convention is that all package names should be in lowercase, with parts separated by underscores. This rule checks that all package names comply with this convention. + +Noncompliant package names: + +* myPackage +* My_Package + +Compliant package name: + +* my_package + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/package_names[Dart Linter rule - package_names] diff --git a/rules/S120/java/metadata.json b/rules/S120/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S120/java/metadata.json +++ b/rules/S120/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S120/plsql/rspecator.adoc b/rules/S120/plsql/rspecator.adoc new file mode 100644 index 00000000000..2baac2df072 --- /dev/null +++ b/rules/S120/plsql/rspecator.adoc @@ -0,0 +1,23 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +=== Parameters + +.regexp +**** + +---- +[a-zA-Z]([a-zA-Z_]*[a-zA-Z])? +---- + +The regular expression package names should match. +**** + +''' + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S120/plsql/rule.adoc b/rules/S120/plsql/rule.adoc index fec10ab8228..1c74634a71d 100644 --- a/rules/S120/plsql/rule.adoc +++ b/rules/S120/plsql/rule.adoc @@ -6,27 +6,26 @@ include::../description.adoc[] Rename packages with the expected naming convention -ifdef::env-github,rspecator-view[] +=== Code examples -''' -== Implementation Specification -(visible only on this page) +==== Noncompliant code example -include::../message.adoc[] - -=== Parameters - -.regexp -**** +With the default regular expression ``++[a-zA-Z]([a-zA-Z_]*[a-zA-Z])?++``: +[source,plsql,diff-id=1,diff-type=noncompliant] ---- -[a-zA-Z]([a-zA-Z_]*[a-zA-Z])? +CREATE OR REPLACE PACKAGE invalid_package_ AS + PROCEDURE display_message; +END invalid_package_; ---- -The regular expression package names should match. -**** - +==== Compliant solution -''' +[source,plsql,diff-id=1,diff-type=compliant] +---- +CREATE OR REPLACE PACKAGE valid_package AS + PROCEDURE display_message; +END valid_package; +---- -endif::env-github,rspecator-view[] +include::./rspecator.adoc[] diff --git a/rules/S1201/java/metadata.json b/rules/S1201/java/metadata.json index a3c4b5138c6..f5b3c48212a 100644 --- a/rules/S1201/java/metadata.json +++ b/rules/S1201/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1201", "sqKey": "S1201", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1206/csharp/rule.adoc b/rules/S1206/csharp/rule.adoc index efba7739cc9..edae812c385 100644 --- a/rules/S1206/csharp/rule.adoc +++ b/rules/S1206/csharp/rule.adoc @@ -45,7 +45,7 @@ class MyClass === Documentation -* https://cwe.mitre.org/data/definitions/581[MITRE, CWE-581] - Object Model Violation: Just One of Equals and Hashcode Defined +* CWE - https://cwe.mitre.org/data/definitions/581[CWE-581 - Object Model Violation: Just One of Equals and Hashcode Defined] * https://learn.microsoft.com/en-us/dotnet/api/system.object.equals[Object.Equals Method] * https://learn.microsoft.com/en-us/dotnet/api/system.object.gethashcode[Object.GetHashCode Method] * https://learn.microsoft.com/en-us/dotnet/api/system.collections.hashtable[Hashtable class] diff --git a/rules/S1206/dart/metadata.json b/rules/S1206/dart/metadata.json new file mode 100644 index 00000000000..8a3d8b6f0b4 --- /dev/null +++ b/rules/S1206/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "\"==\" operator and \"hashCode()\" should be overridden in pairs" +} diff --git a/rules/S1206/dart/rule.adoc b/rules/S1206/dart/rule.adoc new file mode 100644 index 00000000000..d3ff0e01735 --- /dev/null +++ b/rules/S1206/dart/rule.adoc @@ -0,0 +1,73 @@ +== Why is this an issue? + +In Dart, you must override either both or neither of the operator `==` and the `hashCode()` method. + +That is required to keep the contract between the two: + +* whenever the `hashCode` method is invoked on the same object more than once, it must consistently return the same integer, provided no information used in `==` comparisons on the object is modified +* if two objects are equal according to the `==` operator, then calling the `hashCode` method on each of the two objects must produce the same integer result + +By overriding only one of the two methods with a non-trivial implementation, this contract is almost certainly broken. + +=== Exceptions + +The rule does not raise in mixins, because they are not supposed to be instantiated directly, but rather included in other classes. + +The rule raises, however, on mixin classes, since they can also be used as normal classes, and instantiated directly. + +=== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class A { + final int value; + A(this.value); + + @override + bool operator ==(Object other) => other is A && other.value == value; +} +---- + +=== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class A { + final int value; + A(this.value); + + @override + bool operator ==(Object other) => other is A && other.value == value; + + @override + int get hashCode => value.hashCode; +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/hash_and_equals[Dart Linter rule - hash_and_equals] +* Dart Docs - https://dart.dev/language/mixins[Language - Classes & objects - Mixins] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Missing a corresponding override of 'hashCode'. +* Missing a corresponding override of '=='. + +=== Highlighting + +The identifier of the overridden method: either `==` or `hashCode`. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1206/java/rule.adoc b/rules/S1206/java/rule.adoc index 4ffc5b70dab..708d4a5a3ec 100644 --- a/rules/S1206/java/rule.adoc +++ b/rules/S1206/java/rule.adoc @@ -54,7 +54,7 @@ class MyClass { // Compliant == Resources -* https://cwe.mitre.org/data/definitions/581[MITRE, CWE-581] - Object Model Violation: Just One of Equals and Hashcode Defined +* CWE - https://cwe.mitre.org/data/definitions/581[CWE-581 - Object Model Violation: Just One of Equals and Hashcode Defined] * https://wiki.sei.cmu.edu/confluence/x/7DVGBQ[CERT, MET09-J.] - Classes that define an equals() method must also define a hashCode() method ifdef::env-github,rspecator-view[] diff --git a/rules/S121/dart/metadata.json b/rules/S121/dart/metadata.json new file mode 100644 index 00000000000..d860fd4691d --- /dev/null +++ b/rules/S121/dart/metadata.json @@ -0,0 +1,5 @@ +{ + "defaultQualityProfiles": [ + "Sonar way" + ] +} diff --git a/rules/S121/dart/rule.adoc b/rules/S121/dart/rule.adoc new file mode 100644 index 00000000000..b53b408f8a9 --- /dev/null +++ b/rules/S121/dart/rule.adoc @@ -0,0 +1,34 @@ +include::../rule.adoc[] + +=== Exceptions + +The rule does not apply to single-line `if` statements. It does apply, however, to single-line `for`, `while` and `do while` statements. + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/curly_braces_in_flow_control_structures[Dart Linter rule - curly_braces_in_flow_control_structures] +* Dart Docs - https://dart.dev/language/loops[Dart language - Control flow - Loops] +* Dart Docs - https://dart.dev/language/branches[Dart language - Control flow - Branches] +* Wikipedia - https://en.wikipedia.org/wiki/Dangling_else[Dangling else] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Statements in a [if|for|while|do] should be enclosed in a block. + +=== Highlighting + +The body of the [if|for|while|do] statement, including the statement-ending `;`. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S121/java/metadata.json b/rules/S121/java/metadata.json index e5c3936496a..dcc98cbb920 100644 --- a/rules/S121/java/metadata.json +++ b/rules/S121/java/metadata.json @@ -7,5 +7,6 @@ "CERT": [ "EXP52-J." ] - } + }, + "scope": "Main" } diff --git a/rules/S1213/java/metadata.json b/rules/S1213/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1213/java/metadata.json +++ b/rules/S1213/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1214/java/metadata.json b/rules/S1214/java/metadata.json index a0ac2e78d7e..e2ae21418f7 100644 --- a/rules/S1214/java/metadata.json +++ b/rules/S1214/java/metadata.json @@ -16,17 +16,13 @@ "bad-practice" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-1214", "sqKey": "S1214", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1215/csharp/rule.adoc b/rules/S1215/csharp/rule.adoc index ff4480ba20a..4e749a942db 100644 --- a/rules/S1215/csharp/rule.adoc +++ b/rules/S1215/csharp/rule.adoc @@ -29,4 +29,82 @@ There may be exceptions to this rule: for example, you've just triggered some ev * https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection/latency[Garbage collection latency modes] * https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection/performance#troubleshoot-performance-issues[Garbage collection troubleshoot performance issues] +=== Benchmarks + +Each .NET runtime features distinct implementations, modes, and configurations for its garbage collector. +The benchmark below illustrates how invoking `GC.Collect()` can have opposite effects across different runtimes. + +[options="header"] +|=== +| Runtime | Collect | Mean | Standard Deviation | Allocated +| .NET 9.0 | False | 659.2 ms | 15.69 ms | 205.95 MB +| .NET 9.0 | True | 888.8 ms | 15.34 ms | 205.95 MB +| | | | | +| .NET Framework 4.8.1 | False | 545.7 ms | 19.49 ms | 228.8 MB +| .NET Framework 4.8.1 | True | 484.8 ms | 11.79 ms | 228.8 MB +|=== + +==== Glossary + +* Collect - if `True`, `GC.Collect()` is called in the middle of the allocation heavy `Benchmark()` method +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://github.com/dotnet/BenchmarkDotNet/blob/master/docs/articles/configs/diagnosers.md[Allocated] + +The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: + +[source,csharp] +---- +class Tree +{ + public List Children = new(); +} + +private void AppendToTree(Tree tree, int childsPerTree, int depth) +{ + if (depth == 0) + { + return; + } + for (int i = 0; i < childsPerTree; i++) + { + var child = new Tree(); + tree.Children.Add(child); + AppendToTree(child, childsPerTree, depth - 1); + } +} + +[Benchmark] +[Arguments(true)] +[Arguments(false)] +public void Benchmark(bool collect) +{ + var tree = new Tree(); + AppendToTree(tree, 8, 7); // Create 8^7 Tree objects (2.097.152 objects) linked via List Children + GC.Collect(); + GC.Collect(); // Move the objects to generation 2 + AppendToTree(new Tree(), 8, 6); // Add some more memory preasure (8^6 262.144 objects) which can be collected right after this call + tree = null; // Remove all references to the tree and its content. This freees up 8^7 Tree objects (2.097.152 objects) + if (collect) + { + GC.Collect(); // Force GC to run and block until it finishes + } + AppendToTree(new Tree(), 3, 10); // Do some more allocations (3^10 = 59.049) + AppendToTree(new Tree(), 4, 7); // 4^10 = 1.048.576 + AppendToTree(new Tree(), 5, 7); // 5^7 = 78.125 + GC.Collect(); // Collect all the memory allocated in this method +} +---- + +Hardware configuration: + +[source] +---- +BenchmarkDotNet v0.14.0, Windows 10 (10.0.19045.5247/22H2/2022Update) +Intel Core Ultra 7 165H, 1 CPU, 22 logical and 16 physical cores + [Host] : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 + .NET 9.0 : .NET 9.0.0 (9.0.24.52809), X64 RyuJIT AVX2 + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 +---- + include::rspecator.adoc[] \ No newline at end of file diff --git a/rules/S1215/java/metadata.json b/rules/S1215/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1215/java/metadata.json +++ b/rules/S1215/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1217/java/metadata.json b/rules/S1217/java/metadata.json index d17d1964a1c..681b34591a1 100644 --- a/rules/S1217/java/metadata.json +++ b/rules/S1217/java/metadata.json @@ -18,17 +18,13 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1217", "sqKey": "S1217", - "scope": "All", + "scope": "Main", "securityStandards": { "CWE": [ 572 diff --git a/rules/S1219/java/metadata.json b/rules/S1219/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1219/java/metadata.json +++ b/rules/S1219/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1219/metadata.json b/rules/S1219/metadata.json index 538db302313..35b373a6fad 100644 --- a/rules/S1219/metadata.json +++ b/rules/S1219/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1219", diff --git a/rules/S122/java/metadata.json b/rules/S122/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S122/java/metadata.json +++ b/rules/S122/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1221/java/metadata.json b/rules/S1221/java/metadata.json index 109a743ac8d..caac5de499f 100644 --- a/rules/S1221/java/metadata.json +++ b/rules/S1221/java/metadata.json @@ -16,17 +16,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1221", "sqKey": "S1221", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1226/java/metadata.json b/rules/S1226/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1226/java/metadata.json +++ b/rules/S1226/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1226/python/metadata.json b/rules/S1226/python/metadata.json index 4537182d8e5..28895fbb0f8 100644 --- a/rules/S1226/python/metadata.json +++ b/rules/S1226/python/metadata.json @@ -1,3 +1,6 @@ { - "title": "Function parameters initial values should not be ignored" + "title": "Function parameters initial values should not be ignored", + "tags": [ + "suspicious" + ] } diff --git a/rules/S1231/cfamily/rule.adoc b/rules/S1231/cfamily/rule.adoc index f1c7054fed0..9482820f45b 100644 --- a/rules/S1231/cfamily/rule.adoc +++ b/rules/S1231/cfamily/rule.adoc @@ -27,7 +27,7 @@ auto p2 = std::make_unique("Bjarne"); // Compliant == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#r10-avoid-malloc-and-free[{cpp} Core Guidelines R.10] - Avoid malloc() and free() +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#r10-avoid-malloc-and-free[R.10: Avoid `malloc()` and `free()`] diff --git a/rules/S1232/cfamily/metadata.json b/rules/S1232/cfamily/metadata.json index acac097a8f6..270a9899e94 100644 --- a/rules/S1232/cfamily/metadata.json +++ b/rules/S1232/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -18,12 +18,8 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1232", diff --git a/rules/S1234/cfamily/rule.adoc b/rules/S1234/cfamily/rule.adoc index 784fb3aeca7..b29481ef860 100644 --- a/rules/S1234/cfamily/rule.adoc +++ b/rules/S1234/cfamily/rule.adoc @@ -9,7 +9,7 @@ Any class that has memory to manage should provide all the methods necessary to ---- class MyClass // Noncompliant { - private: + private: char* cpData; public MyClass(const char* value); @@ -25,8 +25,6 @@ b = a; // cpData pointer, not value copied. Also b's old value not deleted: Mem == Resources -* https://www.securecoding.cert.org/confluence/x/SAAV[CERT, OOP-06-CPP.] - Create a private copy constructor and assignment operator for non copyable objects - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1235/cfamily/metadata.json b/rules/S1235/cfamily/metadata.json index 0ca3469f37f..53f19a798b4 100644 --- a/rules/S1235/cfamily/metadata.json +++ b/rules/S1235/cfamily/metadata.json @@ -18,12 +18,8 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1235", @@ -37,5 +33,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S1235/cfamily/rule.adoc b/rules/S1235/cfamily/rule.adoc index 1c04360dfe9..87da4f50993 100644 --- a/rules/S1235/cfamily/rule.adoc +++ b/rules/S1235/cfamily/rule.adoc @@ -42,6 +42,6 @@ public: * https://wiki.sei.cmu.edu/confluence/x/5Xs-BQ[CERT, OOP52-CPP.] - Do not delete a polymorphic object without a virtual destructor * http://www.gotw.ca/publications/mill18.htm[Virtuality article] -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c35-a-base-class-destructor-should-be-either-public-and-virtual-or-protected-and-nonvirtual[{cpp} Core Guidelines C.35] - A base class destructor should be either public and virtual, or protected and nonvirtual -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c127-a-class-with-a-virtual-function-should-have-a-virtual-or-protected-destructor[{cpp} Core Guidelines C.127] - A class with a virtual function should have a virtual or protected destructor +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c35-a-base-class-destructor-should-be-either-public-and-virtual-or-protected-and-non-virtual[C.35: A base class destructor should be either public and virtual, or protected and non-virtual] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c127-a-class-with-a-virtual-function-should-have-a-virtual-or-protected-destructor[C.127: A class with a virtual function should have a virtual or protected destructor] diff --git a/rules/S1236/cfamily/metadata.json b/rules/S1236/cfamily/metadata.json index 522863a342d..c091fd55d2d 100644 --- a/rules/S1236/cfamily/metadata.json +++ b/rules/S1236/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "Assignment operators should return non-\"const\" references", + "title": "Assignment operators should return non-\"const\" reference to the assigned object", "type": "CODE_SMELL", "code": { "impacts": { diff --git a/rules/S1236/cfamily/rule.adoc b/rules/S1236/cfamily/rule.adoc index f8417d7a378..175923704c2 100644 --- a/rules/S1236/cfamily/rule.adoc +++ b/rules/S1236/cfamily/rule.adoc @@ -2,42 +2,205 @@ Copy assignment operators and move assignment operators can return anything, including ``++void++``. +However, if you decide to declare them yourself (don't forget the "Rule-of-Zero" described in S3624), +it is a recommended practice to return a non-const reference to the assigned object (left-operand). +It allows the developer to chain the assignment operations, increasing consistency with what other types do and, in some cases, enabling the writing of concise code. -However, if you decide to declare them yourself (don't forget the "Rule-of-Zero", S4963), it is a recommended practice to return a non-const reference to the left-operand. It allows the developer to chain the assignment operations, increasing consistency with what other types do, and in some cases enabling writing concise code. +This rule will raise for assignment operators that deviate from the above expectation. +=== Using an unconventional return type -=== Noncompliant code example +This rule will raise an issue if the return type of the copy or move assignment operator, +is different from mutable reference to the class type. -[source,cpp] +==== Noncompliant code example + +[source,cpp,diff-id=1,diff-type=noncompliant] +---- +class Clazz { +public: + const Clazz& operator=(const Clazz& other); // Noncompliant, returns const reference + Clazz operator=(Clazz&& other) noexcept; // Noncompliant, returns by value +}; +---- + +==== Compliant solution + +[source,cpp,diff-id=1,diff-type=compliant] +---- +class Clazz { +public: + Clazz& operator=(const Clazz& other); // Compliant + Clazz& operator=(Clazz&& other) noexcept; // Compliant +}; +---- + +=== Returning an object different from ``++*this++`` + +An assignment operator should return a reference to the assigned object. +Conventionally, such return is expressed as ``++return *this++``, and the rule will mark any return statement as deviating from this convention. + +==== Noncompliant code example + +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +class Clazz { +public: + Clazz& set(Clazz& other); + Clazz& operator=(Clazz const& other) { + return set(other); // Noncompliant: depends on return of `set` member function + } + + Clazz&& operator=(Clazz&& other) noexcept { + return other; // Noncompliant, also return type is non-compliant + } +}; +---- + +==== Compliant solution + +[source,cpp,diff-id=2,diff-type=compliant] +---- +class Clazz { +public: + Clazz& set(Clazz& other); + Clazz& operator=(Clazz const& other) { + set(other); + return *this; // Compliant + } + + Clazz& operator=(Clazz&& other) noexcept { + return *this; // Compliant + } +}; +---- + +In {cpp}23, if the assignment operator is declared using an explicit object argument, +the rule will mark any return statement that does not return the object parameter directly. + +==== Noncompliant code example + +[source,cpp,diff-id=3,diff-type=noncompliant] +---- +class Clazz { +public: + Clazz& set(Clazz& other); + Clazz& operator=(this Clazz& self, Clazz const& other) { + return self.set(other); // Noncompliant: depends on the return of `set` member function + } +}; +---- + +==== Compliant solution + +[source,cpp,diff-id=3,diff-type=compliant] +---- +class Clazz { +public: + Clazz& set(Clazz& other); + Clazz& operator=(this Clazz& self, Clazz const& other) { + self.set(other); + return self; // Compliant + } +}; +---- + +=== Declaring assignment operation as non-mutating + +The assignment operation is designed to change the value of the target object, +to the same one as the source. +Such operation is mutating and thus should not be declared with a `const` qualifier. + +==== Noncompliant code example + +[source,cpp,diff-id=4,diff-type=noncompliant] +---- +class Clazz { +public: + Clazz& operator=(Clazz const& other) const { // Noncompliant: also leads to noncompliant return statement + return const_cast(*this); + } + Class& operator=(Clazz&& other) const; // Noncompliant +}; +---- + +==== Compliant solution + +[source,cpp,diff-id=4,diff-type=compliant] +---- +class Clazz { +public: + Clazz& operator=(Clazz const& other) { // Compliant + return *this; + } + Clazz& operator=(Clazz&& other); // Compliant +}; +---- + +When declaring an assignment operator with {cpp}23 explicit object argument, +the object argument should not be passed: + +* by const reference - this is equivalent to declaring the implicit object parameter method as `const`, + as described above; +* by value - in this case a temporary object will be created, and modified by the assignment operator, + instead of the left-hand side of the assignment operator + +==== Noncompliant code example + +[source,cpp,diff-id=5,diff-type=noncompliant] +---- +class Clazz { + int val; +public: + Clazz& operator=(this Clazz const& self, Clazz const& other) const { // Noncompliant: also leads to non-compliant return + return const_cast(self); + } + void operator=(this Clazz self, Clazz&& other) { // Noncompliant + self.val = other.val; // Modifies temporary object + } +}; +---- + +==== Compliant solution + +[source,cpp,diff-id=5,diff-type=compliant] ---- -class A { +class Clazz { + int val; public: - ~A() = default; - A(A const &) = default; - A(A&&) = default; - const A& operator=(const A& other) ; // Noncompliant - A operator=(A&& other) noexcept; // Noncompliant + Clazz& operator=(this Clazz& self, Clazz const& other) { // Compliant + self.val = other.val; + return self; + } + Clazz& operator=(this Clazz& self, Clazz&& other) { // Compliant + self.val = other.val; // Modifies referenced object + return self; + } }; ---- +=== Exceptions -=== Compliant solution +This rule will not raise an issue when the assignment operator's return type is declared `void.` +That syntax is commonly used when assignment operator chaining is not desired. +The issue will still be raised if such an assignment operator is declared as non-mutating. [source,cpp] ---- -class A { +class Clazz { + int val; public: - ~A() = default; - A(A const &) = default; - A(A&&) = default; - A& operator=(const A& other); - A& operator=(A&& other) noexcept; + void operator=(Clazz const& other) { // Compliant + self.val = other.val; + return self; + } + void operator=(Clazz&& other) const; // Noncompliant: declared as const }; ---- == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c60-make-copy-assignment-non-virtual-take-the-parameter-by-const-and-return-by-non-const[{cpp} Core Guidelines C.60] - Make copy assignment non-virtual, take the parameter by const&, and return by non-const& -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c63-make-move-assignment-non-virtual-take-the-parameter-by\--and-return-by-non-const-[{cpp} Core Guidelines C.63] - Make move assignment non-virtual, take the parameter by &&, and return by non-const & +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c60-make-copy-assignment-non-virtual-take-the-parameter-by-const-and-return-by-non-const[C.60: Make copy assignment non-`virtual`, take the parameter by `const&`, and return by non-`const&`] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c63-make-move-assignment-non-virtual-take-the-parameter-by\--and-return-by-non-const[C.63: Make move assignment non-`virtual`, take the parameter by `&&`, and return by non-`const&`] diff --git a/rules/S1238/cfamily/rule.adoc b/rules/S1238/cfamily/rule.adoc index ce949b26f70..0360cf0dac7 100644 --- a/rules/S1238/cfamily/rule.adoc +++ b/rules/S1238/cfamily/rule.adoc @@ -46,7 +46,7 @@ because passing arguments by reference to a coroutine often leads to dangling re == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#f16-for-in-parameters-pass-cheaply-copied-types-by-value-and-others-by-reference-to-const[{cpp} Core Guidelines F.16] - For “in” parameters, pass cheaply-copied types by value and others by reference to ``++const++`` +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f16-for-in-parameters-pass-cheaply-copied-types-by-value-and-others-by-reference-to-const[F.16: For "in" parameters, pass cheaply-copied types by value and others by reference to `const`] ifdef::env-github,rspecator-view[] diff --git a/rules/S124/python/metadata.json b/rules/S124/python/metadata.json index 66353336687..63ec156f556 100644 --- a/rules/S124/python/metadata.json +++ b/rules/S124/python/metadata.json @@ -1,3 +1,6 @@ { - "sqKey": "CommentRegularExpression" + "sqKey": "CommentRegularExpression", + "tags": [ + "convention" + ] } diff --git a/rules/S1242/cfamily/rule.adoc b/rules/S1242/cfamily/rule.adoc index db0c0eebd15..bec5c0789e2 100644 --- a/rules/S1242/cfamily/rule.adoc +++ b/rules/S1242/cfamily/rule.adoc @@ -3,10 +3,10 @@ An inherited member function can be hidden in a derived class and that creates a class that behaves differently depending on which interface is used to manipulate it. -Overriding happens when the inherited method is virtual and a method declared in the derived class uses the same identifier as well as the same signature (the return types can be different, as long as they are covariant). However, if the inherited method is non-virtual or if the two declarations of the method do not share the same signature, the method of the base class will be hidden. +Overriding happens when the inherited method is virtual and a method declared in the derived class uses the same identifier as well as the same signature (the return types can be different, as long as they are https://en.wikipedia.org/wiki/Covariance_and_contravariance_(computer_science)[covariant]). However, if the inherited method is non-virtual or if the two declarations of the method do not share the same signature, the method of the base class will be hidden. -Such a class increases the inheritance complexity, and confuses consumers with its non-polymorphic behavior, which can lead to errors. +Such a class increases the inheritance complexity and confuses consumers with its non-polymorphic behavior, which can lead to errors. === Noncompliant code example @@ -56,10 +56,88 @@ void stopServer(Base *obj) { } ---- +== How to fix it +The first step is to determine what is the expected behavior. Let us see two common situations. + +//// +- You want the derived class function to override a base class function instead of hiding it. In that case, mark the function as `virtual` in the base class and as `override` in the derived class. +- You want the derived class to extend the overload set for the function in the base class. To do so, add a using declaration to import the base class functions in the derived class and avoid hiding. +//// +=== Function that should have been virtual + +In the following example, the intent for the `draw` function was to be virtual, but the keyword was forgotten. +[source,cpp,diff-id=1,diff-type=noncompliant] +---- +class Shape { + void draw(); +} + +class Rectangle : public Shape { + void draw(); // Noncompliant +} +---- + +As a consequence, the following code will not behave as expected: +[source,cpp] +---- +Rectangle r; +Shape &s = r; +s.draw(); // Calls Shape::draw, not Rectangle::draw +---- + +This code can be rewritten: + +[source,cpp,diff-id=1,diff-type=compliant] +---- +class Shape { + virtual void draw(); // Should probably be virtual void draw() = 0 +} + +class Rectangle : public Shape { + void draw() override; +} +---- + +=== Creating an overload set +For the following example, the intent is to add an overload to a nonvirtual function in the derived class: + +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +class Vehicle { + void drive(double targetSpeed); +}; + +class MedicalVehicle { + void drive(double targetSpeed, double maxAcceleration); +} +---- + +Here, the goal is that a user of the derived class should be able to choose between two overloads for `drive`. However, this is not how it works: `MedicalVehicle::drive` hides the base class function `Vehicle::drive`. + +[source,cpp] +---- +MedicalVehicle mv; +mv.drive(50); // Compiler error +---- + +The best way to build the right overload set in this case is to import the base class' functions through a using declaration: +[source,cpp,diff-id=2,diff-type=compliant] +---- +class Vehicle { + void drive(double targetSpeed); +}; + +class MedicalVehicle { + using Vehicle::drive; + void drive(double targetSpeed, double maxAcceleration); +} +---- + +Now, the call `mv.drive(50)` compiles and calls `Vehicle::drive`. == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c138-create-an-overload-set-for-a-derived-class-and-its-bases-with-using[{cpp} Core Guidelines C.138] - Create an overload set for a derived class and its bases with using +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c138-create-an-overload-set-for-a-derived-class-and-its-bases-with-using[C.138: Create an overload set for a derived class and its bases with `using`] ifdef::env-github,rspecator-view[] diff --git a/rules/S1244/csharp/metadata.json b/rules/S1244/csharp/metadata.json index 17971333806..b2323665202 100644 --- a/rules/S1244/csharp/metadata.json +++ b/rules/S1244/csharp/metadata.json @@ -1,3 +1,5 @@ { - + "defaultQualityProfiles": [ + "Sonar way" + ] } diff --git a/rules/S1244/csharp/rule.adoc b/rules/S1244/csharp/rule.adoc index 9ea5f639aa9..97cc4ecf4cb 100644 --- a/rules/S1244/csharp/rule.adoc +++ b/rules/S1244/csharp/rule.adoc @@ -1,59 +1,68 @@ == Why is this an issue? -Floating point math is imprecise because of the challenges of storing such values in a binary representation. Even worse, floating point math is not associative; push a ``++float++`` or a ``++double++`` through a series of simple mathematical operations and the answer will be different based on the order of those operation because of the rounding that takes place at each step. - +Floating point numbers in C# (and in most other programming languages) are not precise. They are a binary approximation of the actual value. This means that even if two floating point numbers appear to be equal, they might not be due to the tiny differences in their binary representation. Even simple floating point assignments are not simple: +[source,csharp] ---- float f = 0.100000001f; // 0.1 double d = 0.10000000000000001; // 0.1 ---- +(Note: Results may vary based on the compiler and its settings) -(Results will vary based on compiler and compiler settings) +This issue is further compounded by the https://en.wikipedia.org/wiki/Associative_property[non-associative] nature of floating point arithmetic. +The order in which operations are performed can affect the outcome due to the rounding that occurs at each step. Consequently, the outcome of a series of mathematical operations can vary based on the order of operations. +As a result, using the equality (`==`) or inequality (`!=`) operators with `float` or `double` values is typically a mistake, as it can lead to unexpected behavior. -Therefore, the use of the equality (``++==++``) and inequality (``++!=++``) operators on ``++float++`` or ``++double++`` values is almost always an error. +== How to fix it +Consider using a small tolerance value to check if the numbers are "close enough" to be considered equal. This tolerance value, often called `epsilon`, should be chosen based on the specifics of your program. -This rule checks for the use of direct and indirect equality/inequality tests on floats and doubles. +=== Code examples -=== Noncompliant code example +==== Noncompliant code example -[source,csharp] +[source,csharp,diff-id=1,diff-type=noncompliant] ---- float myNumber = 3.146f; -if ( myNumber == 3.146f ) //Noncompliant. Because of floating point imprecision, this will be false -{ - // ... -} -if (myNumber <= 3.146f && mNumber >= 3.146f) // Noncompliant indirect equality test +if (myNumber == 3.146f) // Noncompliant: due to floating point imprecision, this will likely be false { // ... } -if (myNumber < 4 || myNumber > 4) // Noncompliant indirect inequality test +if (myNumber < 4 || myNumber > 4) // Noncompliant: indirect inequality test { // ... } ---- -ifdef::env-github,rspecator-view[] +==== Compliant solution -''' -== Implementation Specification -(visible only on this page) +[source,csharp,diff-id=1,diff-type=compliant] +---- +float myNumber = 3.146f; +float epsilon = 0.0001f; // or some other small value -=== Message +if (Math.Abs(myNumber - 3.146f) < epsilon) +{ + // ... +} -Do not check floating point [in]equality with exact values, use [a range | `FloatingPointTypeName.IsXXX()` | `IsXXX()`] instead. +if (myNumber <= 4 - epsilon || myNumber >= 4 + epsilon) +{ + // ... +} +---- +== Resources -''' -== Comments And Links -(visible only on this page) +=== Documentation -include::../comments-and-links.adoc[] +* https://docs.oracle.com/cd/E19957-01/806-3568/ncg_goldberg.html[Floating-Point Arithmetic Complexities] by David Goldberg +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/builtin-types/floating-point-numeric-types#comparing-floating-point-numbers[Floating-point numeric types] +* Wikipedia - https://en.wikipedia.org/wiki/Associative_property[Associative property] -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] diff --git a/rules/S1244/java/metadata.json b/rules/S1244/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1244/java/metadata.json +++ b/rules/S1244/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1244/python/metadata.json b/rules/S1244/python/metadata.json index edda8a250a6..e4b248e4065 100644 --- a/rules/S1244/python/metadata.json +++ b/rules/S1244/python/metadata.json @@ -13,7 +13,10 @@ "constantCost": "5min" }, "tags": [ - + "suspicious", + "numpy", + "pytorch", + "data-science" ], "extra": { "replacementRules": [ diff --git a/rules/S1244/rspecator.adoc b/rules/S1244/rspecator.adoc new file mode 100644 index 00000000000..2c74f054edd --- /dev/null +++ b/rules/S1244/rspecator.adoc @@ -0,0 +1,17 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Do not check floating point [in]equality with exact values, use [a range | `FloatingPointTypeName.IsXXX()` | `IsXXX()`] instead. + +''' +== Comments And Links +(visible only on this page) + +include::comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1248/cfamily/rule.adoc b/rules/S1248/cfamily/rule.adoc index 05cd2d43a59..b1427eb6209 100644 --- a/rules/S1248/cfamily/rule.adoc +++ b/rules/S1248/cfamily/rule.adoc @@ -20,8 +20,6 @@ Syntax verifications are better done by the compiler than by the preprocessor. == Resources -* https://www.securecoding.cert.org/confluence/x/cAAhAQ[CERT, DCL00-CPP.] - Const-qualify immutable objects - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S125/csharp/rule.adoc b/rules/S125/csharp/rule.adoc index fe598e7f71a..96e544d8da2 100644 --- a/rules/S125/csharp/rule.adoc +++ b/rules/S125/csharp/rule.adoc @@ -1,4 +1,40 @@ -include::../rule.adoc[] +== Why is this an issue? + +Commented-out code distracts the focus from the actual executed code. It creates a noise that increases maintenance code. And because it is never executed, it quickly becomes out of date and invalid. + +Commented-out code should be deleted and can be retrieved from source control history if required. + +== How to fix it + +Delete the commented out code. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +void Method(string s) +{ + // if (s.StartsWith('A')) + // { + // s = s.Substring(1); + // } + + // Do something... +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +void Method(string s) +{ + // Do something... +} +---- + ifdef::env-github,rspecator-view[] diff --git a/rules/S1252/cfamily/rule.adoc b/rules/S1252/cfamily/rule.adoc index e724f4c40fb..df7765c3fb6 100644 --- a/rules/S1252/cfamily/rule.adoc +++ b/rules/S1252/cfamily/rule.adoc @@ -14,8 +14,6 @@ It avoid not wished modifications == Resources -* https://www.securecoding.cert.org/confluence/x/mwAV[CERT, STR05-C.] - Use pointers to const when referring to string literals - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1258/java/metadata.json b/rules/S1258/java/metadata.json index 2b731d750b3..650d449254d 100644 --- a/rules/S1258/java/metadata.json +++ b/rules/S1258/java/metadata.json @@ -1,8 +1,7 @@ { "title": "Classes and enums with private members should have a constructor", "extra": { - "legacyKeys": [ - - ] - } + "legacyKeys": [] + }, + "scope": "Main" } diff --git a/rules/S126/java/metadata.json b/rules/S126/java/metadata.json index b5ef58ceb37..4b57c9361f9 100644 --- a/rules/S126/java/metadata.json +++ b/rules/S126/java/metadata.json @@ -7,5 +7,6 @@ "MSC01-C.", "MSC57-J." ] - } + }, + "scope": "Main" } diff --git a/rules/S1260/cfamily/rule.adoc b/rules/S1260/cfamily/rule.adoc index 09a10bc7f0a..d1ccea1601e 100644 --- a/rules/S1260/cfamily/rule.adoc +++ b/rules/S1260/cfamily/rule.adoc @@ -19,9 +19,6 @@ Converting const to non-const can undermine the data integrity by allowing value == Resources -* https://www.securecoding.cert.org/confluence/x/gAU[CERT, EXP40-C.] - Do not modify constant objects -* https://www.securecoding.cert.org/confluence/x/ZYAyAQ[CERT, EXP55-CPP.] - Do not access a cv-qualified object through a cv-unqualified type - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1264/cfamily/metadata.json b/rules/S1264/cfamily/metadata.json index d860fd4691d..b55eb9cee85 100644 --- a/rules/S1264/cfamily/metadata.json +++ b/rules/S1264/cfamily/metadata.json @@ -1,5 +1,6 @@ { "defaultQualityProfiles": [ "Sonar way" - ] -} + ], + "quickfix": "covered" +} \ No newline at end of file diff --git a/rules/S1264/csharp/rule.adoc b/rules/S1264/csharp/rule.adoc index fe598e7f71a..b6c2654bcda 100644 --- a/rules/S1264/csharp/rule.adoc +++ b/rules/S1264/csharp/rule.adoc @@ -1,4 +1,66 @@ -include::../rule.adoc[] +== Why is this an issue? + +Using a `for` loop without its typical structure (initialization, condition, increment) can be confusing. In those cases, it is better to use a `while` loop as it is more readable. + +The initializer section should contain a variable declaration to be considered as a valid initialization. + +== How to fix it + +Replace the `for` loop with a `while` loop. + +=== Code example + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +for (;condition;) // Noncompliant; both the initializer and increment sections are missing +{ + // Do something +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +while (condition) +{ + // Do something +} +---- + +==== Noncompliant code example + +[source,csharp,diff-id=2,diff-type=noncompliant] +---- +int i; + +for (i = 0; i < 10;) // Noncompliant; the initializer section should contain a variable declaration +{ + // Do something + i++; +} +---- + +==== Compliant solution + +[source,csharp,diff-id=2,diff-type=compliant] +---- +int i = 0; + +while (i < 10) +{ + // Do something + i++; +} +---- + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/iteration-statements#the-for-statement[The `for` statement] ifdef::env-github,rspecator-view[] diff --git a/rules/S1264/java/metadata.json b/rules/S1264/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1264/java/metadata.json +++ b/rules/S1264/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1265/cfamily/metadata.json b/rules/S1265/cfamily/metadata.json index ef793bcaad5..4f8782652ef 100644 --- a/rules/S1265/cfamily/metadata.json +++ b/rules/S1265/cfamily/metadata.json @@ -14,7 +14,8 @@ }, "tags": [ "cppcoreguidelines", - "cert" + "cert", + "based-on-misra" ], "extra": { "replacementRules": [ diff --git a/rules/S1265/cfamily/rule.adoc b/rules/S1265/cfamily/rule.adoc index 50bc5f1c584..66641c2e964 100644 --- a/rules/S1265/cfamily/rule.adoc +++ b/rules/S1265/cfamily/rule.adoc @@ -1,26 +1,32 @@ == Why is this an issue? -The `operator new` allocates memory for objects, and the `operator delete` frees the memory allocated by the matching `operator new`. When a class needs to customize memory allocation, it can override the `operator new` to use a custom memory allocation strategy and override the `operator delete` accordingly. +The `operator new` allocates memory for objects, and the `operator delete` frees the memory allocated by the matching `operator new`. It is possible to customize these operations, either for a specific class (by overloading these operators in the class) or globally (by defining them in the global namespace, they will replace the default version). -If the `operator delete` is not overridden alongside the `operator new`, the program will call its default implementation, which may not be suitable for the custom memory allocation strategy used by the overridden `operator new`. +If the `operator delete` is not overloaded alongside the `operator new`, the program will call its default implementation, which may not be suitable for the custom memory allocation strategy used by the overloaded `operator new`. For instance, if the `operator new` draws memory from a preallocated buffer instead of allocating memory, the `operator delete` should not call the `free` function to release the memory. Reciprocally, if the `operator new` allocate memory with `malloc`, the `operator delete` must call `free`. -On the other hand, if the `operator delete` is overridden without overriding the `operator new`, it is suspicious because it may not correctly release the memory allocated by the default `operator new`. +On the other hand, if the `operator delete` is overloaded without overloading the `operator new`, it is suspicious because it may not correctly release the memory allocated by the default `operator new`. By defining the `operator delete` along with the `operator new`, the memory is deallocated in a way consistent with the custom allocation strategy used by the `operator new`. +Up to this point, we mentioned `operator new` and `operator delete`, but it is a simplification. There are many different forms of https://en.cppreference.com/w/cpp/memory/new/operator_new[`operator new`] and https://en.cppreference.com/w/cpp/memory/new/operator_delete[`operator delete`] (for a single object or an array, with an extra alignment parameter... see the links for a full list), and the consistency between new and delete should be enforced for each form. + +For instance, if `++void * operator new[]( std::size_t count, std::align_val_t al );++` is defined (for arrays, with extra alignment), then `++void operator delete[]( void* ptr, std::align_val_t al ) noexcept;++` should be defined too. + +Additionally, since {cpp}17, it is possible to define a version of the delete operator with an additional size argument, alongside the unsized version of `operator delete`. When overloading these operators in a class, defining both a sized and an unsized version of operator delete is useless, since the unsized version will always be preferred. However, for free replacement, it is necessary to specify both versions since the language does not specify which version will be called. + === What is the potential impact? -Overriding only one of the two operators may result in your program consuming more and more memory over time, eventually leading to a crash. +Overloading only one of the two operators may result in your program consuming more and more memory over time, eventually leading to a crash. Deallocating memory that was not allocated with the corresponding strategy results in undefined behavior. == How to fix it -Each override of the `operator new` should have a matching overridden `operator delete` and vice versa. +Each overload of the `operator new` should have a matching overload `operator delete` and vice versa. Since {cpp}17, within a class, define only a sized or an unsized version of `operator delete`, but as a free function, define both. -=== Code examples +=== Example with overloaded operators in a class Imagine a custom allocator `MyAllocator`: @@ -48,7 +54,7 @@ public: ---- class MyClass { public: - // Noncompliant: there is no matching override of the delete operator + // Noncompliant: there is no matching overload of the delete operator void* operator new(size_t size) { return allocator.allocate(size); } @@ -60,7 +66,7 @@ private: void f() { MyClass* obj = new MyClass(); delete obj; // It will call the default implementation of the operator delete - // and this latter will not call the MyAllocator::deallocate function to correctly release the memory + // which will not call the MyAllocator::deallocate function to correctly release the memory } ---- @@ -74,7 +80,7 @@ public: return allocator.allocate(size); } - void operator delete(void* p) { + void operator delete(void* p) noexcept { allocator.deallocate(p); } @@ -88,6 +94,43 @@ void f() { } ---- +=== Example with replacement of global allocators + +In the following example, the intent is to replace allocation functions with system-specific variants. + +==== Noncompliant code example + +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +// Noncompliant: The sized version of delete is not replaced + +void* operator new(std::size_t count) { + return SystemSpecificNew(count); +} + +void operator delete(void* ptr ) noexcept { + return SystemSpecificDelete(ptr); +} +---- +==== Compliant solution + +[source,cpp,diff-id=2,diff-type=compliant] +---- +void* operator new(std::size_t count) { + return SystemSpecificNew(count); +} + +void operator delete(void* ptr) noexcept { + return SystemSpecificDelete(ptr); +} + +// Compliant: Even if it does exactly the same as the unsized version, this sized +// version of delete replaces the default-provided one that probably deallocates +// memory in a different and incompatible way. +void operator delete(void* ptr, std::size_t) noexcept { + return SystemSpecificDelete(ptr); +} +---- == Resources === Documentation @@ -101,7 +144,9 @@ void f() { === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#r15-always-overload-matched-allocationdeallocation-pairs[R.15: Always overload matched allocation/deallocation pairs] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#r15-always-overload-matched-allocationdeallocation-pairs[R.15: Always overload matched allocation/deallocation pairs] +* MISRA {cpp}:2023, 21.6.4 - If a project defines either a sized or unsized version of a global +operator delete, then both shall be defined === Related rules diff --git a/rules/S127/csharp/metadata.json b/rules/S127/csharp/metadata.json index 6fcc9070d35..2c63c085104 100644 --- a/rules/S127/csharp/metadata.json +++ b/rules/S127/csharp/metadata.json @@ -1,5 +1,2 @@ { - "defaultQualityProfiles": [ - - ] } diff --git a/rules/S127/csharp/rule.adoc b/rules/S127/csharp/rule.adoc index fe3ac07f1cd..6ba8d15a863 100644 --- a/rules/S127/csharp/rule.adoc +++ b/rules/S127/csharp/rule.adoc @@ -2,56 +2,43 @@ include::../description.adoc[] -=== Noncompliant code example +== How to fix it -[source,csharp] +It's generally recommended to only update the loop counter in the loop declaration. If skipping elements or iterating at a different pace based on a condition is needed, consider using a while loop or a different structure that better fits the needs. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- -class Foo +for (int i = 1; i <= 5; i++) { - static void Main() + Console.WriteLine(i); + if (condition) { - for (int i = 1; i <= 5; i++) - { - Console.WriteLine(i); - if (condition) - { - i = 20; - } - } + i = 20; } } ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- -class Foo +int i = 1; +while (i <= 5) { - static void Main() + Console.WriteLine(i); + if (condition) { - for (int i = 1; i <= 5; i++) - { - Console.WriteLine(i); - } + i = 20; + } + else + { + i++; } } ---- -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -include::../message.adoc[] - -include::../parameters.adoc[] - -''' -== Comments And Links -(visible only on this page) - -include::../comments-and-links.adoc[] - -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] diff --git a/rules/S127/java/metadata.json b/rules/S127/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S127/java/metadata.json +++ b/rules/S127/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S127/rspecator.adoc b/rules/S127/rspecator.adoc new file mode 100644 index 00000000000..e98837c813a --- /dev/null +++ b/rules/S127/rspecator.adoc @@ -0,0 +1,17 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::message.adoc[] + +include::parameters.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::comments-and-links.adoc[] + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S1270/rule.adoc b/rules/S1270/rule.adoc index 5a449e85d28..2fa28ee0a9a 100644 --- a/rules/S1270/rule.adoc +++ b/rules/S1270/rule.adoc @@ -29,5 +29,5 @@ int fun() { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#Rl-void[{cpp} Core Guidelines NL.25] - Don't use void as an argument type +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#nl25-dont-use-void-as-an-argument-type[NL.25: Don't use `void` as an argument type] diff --git a/rules/S1279/cobol/rule.adoc b/rules/S1279/cobol/rule.adoc index b4d61dfed73..a2f7b17f7b9 100644 --- a/rules/S1279/cobol/rule.adoc +++ b/rules/S1279/cobol/rule.adoc @@ -13,8 +13,8 @@ DISPLAY "hello world" *> Noncompliant == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] ifdef::env-github,rspecator-view[] diff --git a/rules/S128/cfamily/rule.adoc b/rules/S128/cfamily/rule.adoc index 72d0d25e9ab..ab068ff8768 100644 --- a/rules/S128/cfamily/rule.adoc +++ b/rules/S128/cfamily/rule.adoc @@ -54,7 +54,7 @@ switch (myVariable) { * MISRA {cpp}:2008, 6-4-5 - An unconditional throw or break statement shall terminate every non-empty switch-clause * MISRA C:2012, 16.1 - All switch statements shall be well-formed * MISRA C:2012, 16.3 - An unconditional break statement shall terminate every switch-clause -* https://cwe.mitre.org/data/definitions/484[MITRE, CWE-484] - Omitted Break Statement in Switch +* CWE - https://cwe.mitre.org/data/definitions/484[CWE-484 - Omitted Break Statement in Switch] * https://wiki.sei.cmu.edu/confluence/x/ldYxBQ[CERT, MSC17-C.] - Finish every set of statements associated with a case label with a break statement ifdef::env-github,rspecator-view[] diff --git a/rules/S128/java/rule.adoc b/rules/S128/java/rule.adoc index f7cd76258e5..9fd04bf7369 100644 --- a/rules/S128/java/rule.adoc +++ b/rules/S128/java/rule.adoc @@ -32,7 +32,7 @@ switch (myVariable) { == Resources -* https://cwe.mitre.org/data/definitions/484[MITRE, CWE-484] - Omitted Break Statement in Switch +* CWE - https://cwe.mitre.org/data/definitions/484[CWE-484 - Omitted Break Statement in Switch] * https://wiki.sei.cmu.edu/confluence/x/ldYxBQ[CERT, MSC17-C.] - Finish every set of statements associated with a case label with a break statement * https://wiki.sei.cmu.edu/confluence/x/1DdGBQ[CERT, MSC52-J.] - Finish every set of statements associated with a case label with a break statement diff --git a/rules/S128/metadata.json b/rules/S128/metadata.json index 5e471db837e..76d2e2c034e 100644 --- a/rules/S128/metadata.json +++ b/rules/S128/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -17,9 +17,7 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "non-empty-case-without-break", "NonEmptyCaseWithoutBreak" diff --git a/rules/S128/see.adoc b/rules/S128/see.adoc index 1e2fc7884f8..3c581c31058 100644 --- a/rules/S128/see.adoc +++ b/rules/S128/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/484[MITRE, CWE-484] - Omitted Break Statement in Switch +* CWE - https://cwe.mitre.org/data/definitions/484[CWE-484 - Omitted Break Statement in Switch] diff --git a/rules/S1291/javascript/metadata.json b/rules/S1291/javascript/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S1291/javascript/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S1291/javascript/rule.adoc b/rules/S1291/javascript/rule.adoc new file mode 100644 index 00000000000..fe598e7f71a --- /dev/null +++ b/rules/S1291/javascript/rule.adoc @@ -0,0 +1,17 @@ +include::../rule.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1294/rule.adoc b/rules/S1294/rule.adoc index 2e9c71e4446..61d7bd932a5 100644 --- a/rules/S1294/rule.adoc +++ b/rules/S1294/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Since arrays do not override ``++Object.equals()++``, calling equals on two arrays is the same as comparing their addresses. This means that ``++array1.equals(array2)++`` is equivalent to ``++array1==array2++``. +Since arrays do not override ``++Object.equals()++``, calling equals on two arrays is the same as comparing their addresses. This means that ``++array1.equals(array2)++`` is equivalent to ``++array1==array2++``. However, some developers might expect ``++Array.equals(Object obj)++`` to do more than a simple memory address comparison, comparing for instance the size and content of the two arrays. To prevent such a misunderstanding, the '==' operator or ``++Arrays.equals(array1, array2)++`` must always be used in place of the ``++Array.equals(Object obj)++`` method. @@ -32,5 +32,4 @@ if(array1 == array2){...} == Resources -* https://www.securecoding.cert.org/confluence/x/9gEqAQ[CERT, EXP00-J.] - Do not ignore values returned by methods diff --git a/rules/S1301/java/metadata.json b/rules/S1301/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1301/java/metadata.json +++ b/rules/S1301/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1301/javascript/metadata.json b/rules/S1301/javascript/metadata.json index 97ecc882b4d..ef1c89ce3f3 100644 --- a/rules/S1301/javascript/metadata.json +++ b/rules/S1301/javascript/metadata.json @@ -1,4 +1,5 @@ { + "title": "\"if\" statements should be preferred over \"switch\" when simpler", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1309/java/metadata.json b/rules/S1309/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1309/java/metadata.json +++ b/rules/S1309/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1309/metadata.json b/rules/S1309/metadata.json index ae68b1aebda..29a08080ca8 100644 --- a/rules/S1309/metadata.json +++ b/rules/S1309/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "CLEAR" }, @@ -12,23 +12,15 @@ "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Info", "ruleSpecification": "RSPEC-1309", "sqKey": "S1309", "scope": "All", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S131/cfamily/rule.adoc b/rules/S131/cfamily/rule.adoc index 2087f2fc4ad..f4d41b1b128 100644 --- a/rules/S131/cfamily/rule.adoc +++ b/rules/S131/cfamily/rule.adoc @@ -47,7 +47,7 @@ switch (param) { * MISRA C:2012, 16.1 - All switch statements shall be well-formed * MISRA C:2012, 16.4 - Every _switch_ statement shall have a _default_ label * MISRA C:2012, 16.5 - A _default_ label shall appear as either the first or the last _switch label_ of a _switch_ statement -* https://cwe.mitre.org/data/definitions/478[MITRE, CWE-478] - Missing Default Case in Switch Statement +* CWE - https://cwe.mitre.org/data/definitions/478[CWE-478 - Missing Default Case in Switch Statement] * https://wiki.sei.cmu.edu/confluence/x/RtYxBQ[CERT, MSC01-C.] - Strive for logical completeness === Related rules diff --git a/rules/S131/java/rule.adoc b/rules/S131/java/rule.adoc index b73ed733ea4..9f9edec1ae9 100644 --- a/rules/S131/java/rule.adoc +++ b/rules/S131/java/rule.adoc @@ -70,7 +70,7 @@ switch(day) { == Resources -* https://cwe.mitre.org/data/definitions/478[MITRE, CWE-478] - Missing Default Case in Switch Statement +* CWE - https://cwe.mitre.org/data/definitions/478[CWE-478 - Missing Default Case in Switch Statement] * https://wiki.sei.cmu.edu/confluence/x/RtYxBQ[CERT, MSC01-C.] - Strive for logical completeness ifdef::env-github,rspecator-view[] diff --git a/rules/S131/pli/metadata.json b/rules/S131/pli/metadata.json index 026bac6f092..131662a6792 100644 --- a/rules/S131/pli/metadata.json +++ b/rules/S131/pli/metadata.json @@ -2,7 +2,7 @@ "title": "\"SELECT\" statements should end with \"OTHERWISE\" statements", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, diff --git a/rules/S131/see.adoc b/rules/S131/see.adoc index 584cca65ac9..4f1db9725ed 100644 --- a/rules/S131/see.adoc +++ b/rules/S131/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/478[MITRE, CWE-478] - Missing Default Case in Switch Statement +* CWE - https://cwe.mitre.org/data/definitions/478[CWE-478 - Missing Default Case in Switch Statement] diff --git a/rules/S1310/java/metadata.json b/rules/S1310/java/metadata.json index bbc4b336d64..b57f25cb6c9 100644 --- a/rules/S1310/java/metadata.json +++ b/rules/S1310/java/metadata.json @@ -16,19 +16,13 @@ "bad-practice" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1310", "sqKey": "S1310", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1311/metadata.json b/rules/S1311/metadata.json index 7a802202e88..fae1d01ae75 100644 --- a/rules/S1311/metadata.json +++ b/rules/S1311/metadata.json @@ -9,7 +9,7 @@ "linearFactor": "1min" }, "tags": [ - + "brain-overload" ], "extra": { "replacementRules": [ diff --git a/rules/S1312/comments-and-links.adoc b/rules/S1312/comments-and-links.adoc deleted file mode 100644 index 3e368f5f91b..00000000000 --- a/rules/S1312/comments-and-links.adoc +++ /dev/null @@ -1,3 +0,0 @@ -=== on 22 Nov 2013, 12:53:31 Freddy Mallet wrote: -Is implemented by \http://jira.codehaus.org/browse/SONARPLUGINS-3280 for Flex - diff --git a/rules/S1312/csharp/compliant.adoc b/rules/S1312/csharp/compliant.adoc new file mode 100644 index 00000000000..5477f0363dd --- /dev/null +++ b/rules/S1312/csharp/compliant.adoc @@ -0,0 +1,4 @@ +[source,csharp,diff-id=1,diff-type=compliant] +---- +private static readonly Logger logger; +---- \ No newline at end of file diff --git a/rules/S1312/csharp/metadata.json b/rules/S1312/csharp/metadata.json new file mode 100644 index 00000000000..fda3682f3d9 --- /dev/null +++ b/rules/S1312/csharp/metadata.json @@ -0,0 +1,4 @@ +{ + "title": "Logger fields should be \"private static readonly\"", + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S1312/csharp/noncompliant.adoc b/rules/S1312/csharp/noncompliant.adoc new file mode 100644 index 00000000000..079bfce2cfb --- /dev/null +++ b/rules/S1312/csharp/noncompliant.adoc @@ -0,0 +1,4 @@ +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +public Logger logger; +---- \ No newline at end of file diff --git a/rules/S1312/csharp/resources.adoc b/rules/S1312/csharp/resources.adoc new file mode 100644 index 00000000000..df1807ed06a --- /dev/null +++ b/rules/S1312/csharp/resources.adoc @@ -0,0 +1,3 @@ +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/access-modifiers[Access modifiers] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/static-classes-and-static-class-members[`static` class members] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/readonly[`readonly` keyword] \ No newline at end of file diff --git a/rules/S1312/csharp/rule.adoc b/rules/S1312/csharp/rule.adoc new file mode 100644 index 00000000000..5efc9cfa5d7 --- /dev/null +++ b/rules/S1312/csharp/rule.adoc @@ -0,0 +1,6 @@ +:language: csharp +:private: private +:static: static +:readonly: readonly + +include::../rule-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S1312/flex/rule.adoc b/rules/S1312/flex/rule.adoc index d9a3e15797a..deceb75a1b8 100644 --- a/rules/S1312/flex/rule.adoc +++ b/rules/S1312/flex/rule.adoc @@ -22,20 +22,4 @@ public const logger:ILogger = LogUtil.getLogger(MyClass); private static const LOG:ILogger = LogUtil.getLogger(MyClass); ---- -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -include::../message.adoc[] - -include::../parameters.adoc[] - -''' -== Comments And Links -(visible only on this page) - -include::../comments-and-links.adoc[] - -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S1312/java/rule.adoc b/rules/S1312/java/rule.adoc index 04717e81d57..811192c69a2 100644 --- a/rules/S1312/java/rule.adoc +++ b/rules/S1312/java/rule.adoc @@ -27,20 +27,4 @@ private static final Logger LOGGER = LoggerFactory.getLogger(Foo.class); Variables of type ``++org.apache.maven.plugin.logging.Log++`` are ignored. -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -include::../message.adoc[] - -include::../parameters.adoc[] - -''' -== Comments And Links -(visible only on this page) - -include::../comments-and-links.adoc[] - -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S1312/message.adoc b/rules/S1312/message.adoc deleted file mode 100644 index 5dc056e7385..00000000000 --- a/rules/S1312/message.adoc +++ /dev/null @@ -1,8 +0,0 @@ -=== Message - -Make the logger "XXXX" private static [final|const] and rename it to comply with the format "{}". - -Make the logger "XXXX" private static [final|const]. - -Rename the "XXX" logger to comply with the format "{}". - diff --git a/rules/S1312/metadata.json b/rules/S1312/metadata.json index 8148dff97ba..1685b0501ca 100644 --- a/rules/S1312/metadata.json +++ b/rules/S1312/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - "convention" + "convention", + "logging" ], "extra": { "replacementRules": [ diff --git a/rules/S1312/parameters.adoc b/rules/S1312/parameters.adoc deleted file mode 100644 index e22c26c4e12..00000000000 --- a/rules/S1312/parameters.adoc +++ /dev/null @@ -1,12 +0,0 @@ -=== Parameters - -.format -**** -_String_ - ----- -LOG(?:GER)? ----- - -Regular expression used to check the logger names against. -**** diff --git a/rules/S1312/rspecator-dotnet.adoc b/rules/S1312/rspecator-dotnet.adoc new file mode 100644 index 00000000000..db3e54f7f95 --- /dev/null +++ b/rules/S1312/rspecator-dotnet.adoc @@ -0,0 +1,17 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Make the logger "XXXX" {private} {static} {readonly}. + +=== Parameters + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S1312/rspecator.adoc b/rules/S1312/rspecator.adoc new file mode 100644 index 00000000000..737abc7d3be --- /dev/null +++ b/rules/S1312/rspecator.adoc @@ -0,0 +1,35 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Make the logger "XXXX" private static [final|const] and rename it to comply with the format "{}". + +Make the logger "XXXX" private static [final|const]. + +Rename the "XXX" logger to comply with the format "{}". + +=== Parameters + +.format +**** +_String_ + +---- +LOG(?:GER)? +---- + +Regular expression used to check the logger names against. +**** + +''' +== Comments And Links +(visible only on this page) + +=== on 22 Nov 2013, 12:53:31 Freddy Mallet wrote: +Is implemented by \http://jira.codehaus.org/browse/SONARPLUGINS-3280 for Flex + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S1312/rule-dotnet.adoc b/rules/S1312/rule-dotnet.adoc new file mode 100644 index 00000000000..3db65f94875 --- /dev/null +++ b/rules/S1312/rule-dotnet.adoc @@ -0,0 +1,44 @@ +== Why is this an issue? + +Regardless of the logging framework in use (Microsoft.Extension.Logging, Serilog, Log4net, NLog, ...​), logger fields should be: + +* *{private}*: this restricts access to the logger from outside the enclosing type (class, struct, record...). Using any other access modifier would allow other types to use the logger to log messages in the type where it's defined. +* *{static}*: making the logger field `{static}` will ensure that the lifetime of the object doesn't depend on the lifetime of the instance of the enclosing type. +* *{readonly}*: marking the field as `{readonly}` will prevent modifications to the reference of the logger. This ensures that the reference to the logger remains consistent and doesn't get accidentally reassigned during the lifetime of the enclosing type. + +This rule should be activated when https://en.wikipedia.org/wiki/Service_locator_pattern[Service Locator Design pattern] is followed in place of https://en.wikipedia.org/wiki/Dependency_injection[Dependency Injection] for logging. + +The rule supports the most popular logging frameworks: + +* https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] +* https://www.nuget.org/packages/Serilog[Serilog] +* https://www.nuget.org/packages/Castle.Core[Castle.Core] +* https://www.nuget.org/packages/NLog[NLog] +* https://www.nuget.org/packages/log4net[log4net] + +== How to fix it + +Make the logging field `{private static readonly}`. + +=== Noncompliant code example + +include::{language}/noncompliant.adoc[] + +=== Compliant solution + +include::{language}/compliant.adoc[] + +== Resources + +=== Documentation + +include::{language}/resources.adoc[] + +* Wikipedia - https://en.wikipedia.org/wiki/Service_locator_pattern[Service locator pattern] +* Wikipedia - https://en.wikipedia.org/wiki/Dependency_injection[Dependency injection] + +=== Articles & blog posts + +* https://stackoverflow.com/questions/968132/c-sharp-private-static-and-readonly[C# `private`, `static`, and `readonly`] + +include::rspecator-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S1313/cfamily/rule.adoc b/rules/S1313/cfamily/rule.adoc index 5c659794fb6..35630b0060c 100644 --- a/rules/S1313/cfamily/rule.adoc +++ b/rules/S1313/cfamily/rule.adoc @@ -35,8 +35,8 @@ No issue is reported for the following cases because they are not considered sen == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] ifdef::env-github,rspecator-view[] diff --git a/rules/S1313/java/rule.adoc b/rules/S1313/java/rule.adoc index e974236ef85..5249cc65357 100644 --- a/rules/S1313/java/rule.adoc +++ b/rules/S1313/java/rule.adoc @@ -32,8 +32,8 @@ No issue is reported for the following cases because they are not considered sen == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[CERT, MSC03-J.] - Never hard code sensitive information ifdef::env-github,rspecator-view[] diff --git a/rules/S1313/python/metadata.json b/rules/S1313/python/metadata.json index 17971333806..ca3b313ca06 100644 --- a/rules/S1313/python/metadata.json +++ b/rules/S1313/python/metadata.json @@ -1,3 +1,5 @@ { - + "tags": [ + "bad-practice" + ] } diff --git a/rules/S1313/see.adoc b/rules/S1313/see.adoc index 752babd7438..b11fd3dfbe8 100644 --- a/rules/S1313/see.adoc +++ b/rules/S1313/see.adoc @@ -1,4 +1,4 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] diff --git a/rules/S1314/cfamily/rule.adoc b/rules/S1314/cfamily/rule.adoc index 69a02f197db..7c5b50881df 100644 --- a/rules/S1314/cfamily/rule.adoc +++ b/rules/S1314/cfamily/rule.adoc @@ -33,14 +33,21 @@ char myChar = '\n'; // Use the common notation if it exists for the literal * Octal values have traditionally been used for user permissions in Posix file systems, and this rule will ignore octal literals used in this context. * ``'\0'`` is a common notation for a null character, so the rule ignores it. +* Since {cpp}23, an octal escape sequence can also be written `\o{123}`. Since this notation is explicit, the rule ignores it too. See S7040. == Resources -* MISRA C:2004, 7.1 - Octal constants (other than zero) and octal escape sequences shall not be used. -* MISRA {cpp}:2008, 2-13-2 - Octal constants (other than zero) and octal escape sequences (other than "\0") shall not be used +=== External coding guidelines + +* MISRA {cpp}:2023, 5.13.3 - Octal constants shall not be used * MISRA C:2012, 7.1 - Octal constants shall not be used +* MISRA {cpp}:2008, 2-13-2 - Octal constants (other than zero) and octal escape sequences (other than "\0") shall not be used * https://wiki.sei.cmu.edu/confluence/x/atYxBQ[CERT, DCL18-C.] - Do not begin integer constants with 0 when specifying a decimal value +=== Related rules + +* S7040 - Escape sequences should use the delimited form (\u{}, \o{}, \x{}) + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1314/java/metadata.json b/rules/S1314/java/metadata.json index 5a97afff172..ebe5f77e07b 100644 --- a/rules/S1314/java/metadata.json +++ b/rules/S1314/java/metadata.json @@ -8,5 +8,6 @@ "DCL18-C.", "DCL50-J." ] - } + }, + "scope": "Main" } diff --git a/rules/S1314/metadata.json b/rules/S1314/metadata.json index de0921d5728..61c3edfc1a3 100644 --- a/rules/S1314/metadata.json +++ b/rules/S1314/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,9 +16,7 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "OctalConstantAndSequence", "OctalNumber" diff --git a/rules/S1315/java/metadata.json b/rules/S1315/java/metadata.json index 6b593eea8c7..a35d387ba8f 100644 --- a/rules/S1315/java/metadata.json +++ b/rules/S1315/java/metadata.json @@ -16,19 +16,13 @@ "bad-practice" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1315", "sqKey": "S1315", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1317/java/metadata.json b/rules/S1317/java/metadata.json index 6dbedc112f5..b9ee62b8884 100644 --- a/rules/S1317/java/metadata.json +++ b/rules/S1317/java/metadata.json @@ -16,17 +16,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1317", "sqKey": "S1317", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S134/java/metadata.json b/rules/S134/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S134/java/metadata.json +++ b/rules/S134/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S135/java/metadata.json b/rules/S135/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S135/java/metadata.json +++ b/rules/S135/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S138/rpg/metadata.json b/rules/S138/rpg/metadata.json index d6bf9355868..2a555e7c3b4 100644 --- a/rules/S138/rpg/metadata.json +++ b/rules/S138/rpg/metadata.json @@ -1,3 +1,3 @@ { - "title": "Subroutines should not have too manylines" + "title": "Subroutines should not have too many lines of code" } diff --git a/rules/S139/java/metadata.json b/rules/S139/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S139/java/metadata.json +++ b/rules/S139/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1441/javascript/metadata.json b/rules/S1441/javascript/metadata.json index 67f68e6e898..d2f11a40997 100644 --- a/rules/S1441/javascript/metadata.json +++ b/rules/S1441/javascript/metadata.json @@ -13,12 +13,18 @@ "SingleQuote" ] }, - "defaultSeverity": "Minor", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1441", "sqKey": "S1441", "scope": "Main", "quickfix": "covered", "defaultQualityProfiles": [], "status": "deprecated", - "tags": [] + "tags": [], + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "FORMATTED" + } } diff --git a/rules/S1442/see.adoc b/rules/S1442/see.adoc index c9d8d60cc9d..b9d37e2e883 100644 --- a/rules/S1442/see.adoc +++ b/rules/S1442/see.adoc @@ -1,4 +1,4 @@ == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] \ No newline at end of file diff --git a/rules/S1444/flex/rule.adoc b/rules/S1444/flex/rule.adoc index 26a43747723..5879b0dd677 100644 --- a/rules/S1444/flex/rule.adoc +++ b/rules/S1444/flex/rule.adoc @@ -25,7 +25,7 @@ public class Greeter { == Resources -* https://cwe.mitre.org/data/definitions/500[MITRE, CWE-500] - Public Static Field Not Marked Final +* CWE - https://cwe.mitre.org/data/definitions/500[CWE-500 - Public Static Field Not Marked Final] ifdef::env-github,rspecator-view[] diff --git a/rules/S1444/java/rule.adoc b/rules/S1444/java/rule.adoc index 4fb7318e83a..893a2e066f3 100644 --- a/rules/S1444/java/rule.adoc +++ b/rules/S1444/java/rule.adoc @@ -24,7 +24,7 @@ public class Greeter { == Resources -* https://cwe.mitre.org/data/definitions/500[MITRE, CWE-500] - Public Static Field Not Marked Final +* CWE - https://cwe.mitre.org/data/definitions/500[CWE-500 - Public Static Field Not Marked Final] * https://wiki.sei.cmu.edu/confluence/x/WjdGBQ[CERT OBJ10-J.] - Do not use public static nonfinal fields ifdef::env-github,rspecator-view[] diff --git a/rules/S1444/javascript/metadata.json b/rules/S1444/javascript/metadata.json new file mode 100644 index 00000000000..a16c900734f --- /dev/null +++ b/rules/S1444/javascript/metadata.json @@ -0,0 +1,4 @@ +{ + "title": "Public \"static\" fields should be read-only", + "quickfix": "covered" +} diff --git a/rules/S1444/javascript/rule.adoc b/rules/S1444/javascript/rule.adoc new file mode 100644 index 00000000000..7ec981536a8 --- /dev/null +++ b/rules/S1444/javascript/rule.adoc @@ -0,0 +1,24 @@ +== Why is this an issue? + +Public ``++static++`` fields in TypeScript should be declared as ``++readonly++`` to prevent them from being modified after their initial assignment. This is a good practice because it makes the code safer by preventing accidental changes to these fields, which could lead to bugs that are hard to detect. + +[source,typescript,diff-id=1,diff-type=noncompliant] +---- +class MyClass { + static myField = 42; // Noncompliant +} +---- + +To fix this, declare your static field with the ``++readonly++`` qualifier. + +[source,typescript,diff-id=1,diff-type=compliant] +---- +class MyClass { + static readonly myField = 42; +} +---- + +== Resources +== Documentation + +* TypeScript Documentation - https://www.typescriptlang.org/docs/handbook/2/objects.html#readonly-properties[readonly properties] diff --git a/rules/S1446/flex/metadata.json b/rules/S1446/flex/metadata.json index 44c5211a797..1c403858faa 100644 --- a/rules/S1446/flex/metadata.json +++ b/rules/S1446/flex/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, diff --git a/rules/S1448/flex/rule.adoc b/rules/S1448/flex/rule.adoc index 9987aa501a9..f9f1a5478c9 100644 --- a/rules/S1448/flex/rule.adoc +++ b/rules/S1448/flex/rule.adoc @@ -1,3 +1,5 @@ +:default_maximum_threshold: 35 + include::../rule.adoc[] ifdef::env-github,rspecator-view[] diff --git a/rules/S1448/java/rule.adoc b/rules/S1448/java/rule.adoc index 9987aa501a9..f9f1a5478c9 100644 --- a/rules/S1448/java/rule.adoc +++ b/rules/S1448/java/rule.adoc @@ -1,3 +1,5 @@ +:default_maximum_threshold: 35 + include::../rule.adoc[] ifdef::env-github,rspecator-view[] diff --git a/rules/S1448/metadata.json b/rules/S1448/metadata.json index 3fbd76212e4..1e2f5129beb 100644 --- a/rules/S1448/metadata.json +++ b/rules/S1448/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1448/parameters.adoc b/rules/S1448/parameters.adoc index 9a08bc34753..27fa944f036 100644 --- a/rules/S1448/parameters.adoc +++ b/rules/S1448/parameters.adoc @@ -4,7 +4,7 @@ **** ---- -35 +{default_maximum_threshold} ---- The maximum number of methods authorized in a class. diff --git a/rules/S1448/php/rule.adoc b/rules/S1448/php/rule.adoc index 9987aa501a9..790c99bbcb4 100644 --- a/rules/S1448/php/rule.adoc +++ b/rules/S1448/php/rule.adoc @@ -1,3 +1,5 @@ +:default_maximum_threshold: 20 + include::../rule.adoc[] ifdef::env-github,rspecator-view[] diff --git a/rules/S1451/java/metadata.json b/rules/S1451/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1451/java/metadata.json +++ b/rules/S1451/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1451/metadata.json b/rules/S1451/metadata.json index a1ba31b2b8b..5d0787d90de 100644 --- a/rules/S1451/metadata.json +++ b/rules/S1451/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LAWFUL" }, @@ -13,12 +13,10 @@ "constantCost": "5min" }, "tags": [ - + "convention" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "COBOL.HeaderCheck" ] diff --git a/rules/S1452/java/metadata.json b/rules/S1452/java/metadata.json index 81c98815358..fac3a1a3e68 100644 --- a/rules/S1452/java/metadata.json +++ b/rules/S1452/java/metadata.json @@ -16,17 +16,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-1452", "sqKey": "S1452", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1452/java/rule.adoc b/rules/S1452/java/rule.adoc index 741b7a76dbb..6149c4aa311 100644 --- a/rules/S1452/java/rule.adoc +++ b/rules/S1452/java/rule.adoc @@ -62,7 +62,7 @@ List getLifeforms() { ... } // Compliant, using supertype instea === Articles & blog posts * https://medium.com/javarevisited/variance-in-java-and-scala-63af925d21dc[Sinisa Louc - A Complete Guide to Variance in Java and Scala] -* https://kotlinexpertise.com/kotlin-generics-and-variance-vs-java[Kotlin Expertise Blog - Kotlin Generics and Variance (Compared to Java)] +* https://web.archive.org/web/20240206045705/https://kotlinexpertise.com/kotlin-generics-and-variance-vs-java/[Kotlin Expertise Blog - Kotlin Generics and Variance (Compared to Java)] * https://en.wikipedia.org/wiki/Covariance_and_contravariance_(computer_science)[Wikipedia - Covariance and contravariance (computer science)] * https://schneide.blog/2015/05/11/declaration-site-and-use-site-variance-explained/[Schneide Blog - Declaration-site and use-site variance explained] * https://en.wikipedia.org/wiki/Liskov_substitution_principle[Wikipedia - Liskov substitution principle] diff --git a/rules/S1456/html/metadata.json b/rules/S1456/html/metadata.json index 27b359b283a..335395fdf4a 100644 --- a/rules/S1456/html/metadata.json +++ b/rules/S1456/html/metadata.json @@ -1,5 +1,5 @@ { - "title": "Javascript scriptlets should not have too many lines of code", + "title": "JavaScript scriptlets should not have too many lines of code", "type": "CODE_SMELL", "code": { "impacts": { diff --git a/rules/S1466/flex/metadata.json b/rules/S1466/flex/metadata.json index f0aebd50ff9..a2e57dca169 100644 --- a/rules/S1466/flex/metadata.json +++ b/rules/S1466/flex/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, diff --git a/rules/S1468/flex/metadata.json b/rules/S1468/flex/metadata.json index dc431d7f8a7..3e74ade2cfb 100644 --- a/rules/S1468/flex/metadata.json +++ b/rules/S1468/flex/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, diff --git a/rules/S1469/flex/metadata.json b/rules/S1469/flex/metadata.json index eb2a4653f5d..883881886fd 100644 --- a/rules/S1469/flex/metadata.json +++ b/rules/S1469/flex/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, diff --git a/rules/S1479/csharp/metadata.json b/rules/S1479/csharp/metadata.json index 69c47cb7d6f..9ebd1145973 100644 --- a/rules/S1479/csharp/metadata.json +++ b/rules/S1479/csharp/metadata.json @@ -1,3 +1,4 @@ { + "title": "\"switch\" statements with many \"case\" clauses should have only one statement", "quickfix": "infeasible" } \ No newline at end of file diff --git a/rules/S1479/csharp/rule.adoc b/rules/S1479/csharp/rule.adoc index 51de45b5739..8d2bf40b3ff 100644 --- a/rules/S1479/csharp/rule.adoc +++ b/rules/S1479/csharp/rule.adoc @@ -1,44 +1,59 @@ == Why is this an issue? -When https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/selection-statements#the-switch-statement[switch] statements have large sets of case clauses, it is usually an attempt to map two sets of data. A https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.dictionary-2[Dictionary] should be used instead to make the code more readable and maintainable. +When https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/selection-statements#the-switch-statement[switch] statements have large sets of multi-line `case` clauses, the code becomes hard to read and maintain. + +For example, the https://www.sonarsource.com/docs/CognitiveComplexity.pdf[Cognitive Complexity] is going to be particularly high. + +In such scenarios, it's better to refactor the `switch` to only have single-line case clauses. + +When all the `case` clauses of a `switch` statement are single-line, the readability of the code is not affected. +Moreover, `switch` statements with single-line `case` clauses can easily be converted into https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/switch-expression[`switch` expressions], which are more concise for assignment and avoid the need for `break` statements. === Exceptions -This rule ignores `switch` statements over `Enum` arguments and empty, fall-through cases. +This rule ignores: + +* `switch` statements over `Enum` arguments +* fall-through cases +* `return`, `break` and `throw` statements in case clauses == How to fix it -Store all the cases apart from the `default` one in a dictionary and try to get the matching value by calling the https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.dictionary-2.trygetvalue[TryGetValue] method. +Extract the logic of multi-line `case` clauses into separate methods. === Code examples -The example below are using the "Maximum number of case" property set to `4`. +The examples below use the "Maximum number of case" property set to `4`. + +Note that from C# 8, you can use https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/switch-expression[`switch` expression]. ==== Noncompliant code example [source,csharp,diff-id=1,diff-type=noncompliant] ---- -public class TooManyCase +public int MapChar(char ch, int value) { - public int mapValues(char ch) + switch(ch) // Noncompliant { - switch(ch) { // Noncompliant: 5 cases, "default" excluded, more than maximum = 4 - case 'a': - return 1; - case 'b': - case 'c': - return 2; - case 'd': - return 3; - case 'e': - return 4; - case 'f': - case 'g': - case 'h': - return 5; - default: - return 6; - } + case 'a': + return 1; + case 'b': + return 2; + case 'c': + return 3; + // ... + case '-': + if (value > 10) + { + return 42; + } + else if (value < 5 && value > 1) + { + return 21; + } + return 99; + default: + return 1000; } } ---- @@ -47,37 +62,71 @@ public class TooManyCase [source,csharp,diff-id=1,diff-type=compliant] ---- -using System.Collections.Generic; +public int MapChar(char ch, int value) +{ + switch(ch) // Compliant: All 5 cases are single line statements + { + case 'a': + return 1; + case 'b': + return 2; + case 'c': + return 3; + // ... + case '-': + return HandleDash(value); + default: + return 1000; + } +} -public class TooManyCase +private int HandleDash(int value) { - Dictionary matching = new Dictionary() + if (value > 10) + { + return 42; + } + else if (value < 5 && value > 1) { - { 'a', 1 }, - { 'b', 2 }, - { 'c', 2 }, - { 'd', 3 }, - { 'e', 4 }, - { 'f', 5 }, - { 'g', 5 }, - { 'h', 5 } + return 21; + } + return 99; +} +---- + +For this example, a `switch` expression is more concise and clear: + +[source,csharp] +---- +public int MapChar(char ch, int value) => + ch switch // Compliant + { + 'a' => 1, + 'b' => 2, + 'c' => 3, + // ... + '-' => HandleDash(value), + _ => 1000, }; - public int mapValues(char ch) +private int HandleDash(int value) +{ + if (value > 10) + { + return 42; + } + else if (value < 5 && value > 1) { - int value; - if (this.matching.TryGetValue(ch, out value)) { - return value; - } else { - return 6; - } + return 21; } + return 99; } ---- include::../resources-dotnet.adoc[] -* https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/selection-statements#the-switch-statement[The `switch` statement] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/selection-statements#the-switch-statement[The `switch` statement] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/switch-expression[C#: Switch Expression] include::../rspecator-dotnet.adoc[] diff --git a/rules/S1479/java/metadata.json b/rules/S1479/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1479/java/metadata.json +++ b/rules/S1479/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1479/metadata.json b/rules/S1479/metadata.json index 009d2392188..5b05c25e7d8 100644 --- a/rules/S1479/metadata.json +++ b/rules/S1479/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1479/resources-dotnet.adoc b/rules/S1479/resources-dotnet.adoc index a8ee752befa..06b9b3ed381 100644 --- a/rules/S1479/resources-dotnet.adoc +++ b/rules/S1479/resources-dotnet.adoc @@ -2,5 +2,4 @@ === Documentation -* https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.dictionary-2[Dictionary Class] -* https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.dictionary-2.trygetvalue[Dictionary.TryGetValue(TKey, TValue) Method] \ No newline at end of file +* Sonar - https://www.sonarsource.com/docs/CognitiveComplexity.pdf[Cognitive Complexity] diff --git a/rules/S1479/vbnet/metadata.json b/rules/S1479/vbnet/metadata.json index 1d2e85cc78c..fd32c3a2cdf 100644 --- a/rules/S1479/vbnet/metadata.json +++ b/rules/S1479/vbnet/metadata.json @@ -1,4 +1,4 @@ { - "title": "\"Select Case\" statements should not have too many \"Case\" clauses", + "title": "\"Select Case\" statement with many \"Case\" clauses should have only one statement", "quickfix": "infeasible" } diff --git a/rules/S1479/vbnet/rule.adoc b/rules/S1479/vbnet/rule.adoc index f820cc8125c..d20c5fb9b6a 100644 --- a/rules/S1479/vbnet/rule.adoc +++ b/rules/S1479/vbnet/rule.adoc @@ -1,75 +1,88 @@ == Why is this an issue? -When https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/statements/select-case-statement[Select Case] statements have large sets of case clauses, it is usually an attempt to map two sets of data. A https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.dictionary-2[Dictionary] should be used instead to make the code more readable and maintainable. +When https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/statements/select-case-statement[Select Case] statements have large sets of multi-line `Case` clauses, the code becomes hard to read and maintain. + +For example, the https://www.sonarsource.com/docs/CognitiveComplexity.pdf[Cognitive Complexity] is going to be particularly high. + +In such scenarios, it's better to refactor the `Select Case` to only have single-line case clauses. + +When all the `Case` clauses of a `Select Case` statement are single-line, the readability of the code is not affected. === Exceptions -This rule ignores `Select Case` statements over `Enum` arguments and empty, fall-through cases. +This rule ignores: + +* `Select Case` statements over `Enum` arguments +* fall-through cases +* `Return` and `Throw` statements in `Case` clauses == How to fix it -Store all the cases apart from the `Case Else` one in a dictionary and try to get the matching value by calling the https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.dictionary-2.trygetvalue[TryGetValue] method. +Extract the logic of multi-line `Case` clauses into separate methods. === Code examples +The examples below use the "Maximum number of case" property set to `4`. + ==== Noncompliant code example [source,vbnet,diff-id=1,diff-type=noncompliant] ---- -Public Class TooManyCase - - Public Function MapValues(Ch As Char) As Integer - Select Case Ch ' Noncompliant: 5 cases, "Case Else" excluded, more than maximum = 4 - Case "a"c - Return 1 - Case "b"c, "c"c - Return 2 - Case "d"c - Return 3 - Case "e"c - Return 4 - Case "f"c, "g"c, "h"c - Return 5 - Case Else - Return 6 - End Select - End Function - -End Class +Public Function MapChar(ch As Char, value As Integer) As Integer ' Noncompliant + Select Case ch + Case "a"c + Return 1 + Case "b"c + Return 2 + Case "c"c + Return 3 + ' ... + Case "-"c + If value > 10 Then + Return 42 + ElseIf value < 5 AndAlso value > 1 Then + Return 21 + End If + Return 99 + Case Else + Return 1000 + End Select +End Function ---- ==== Compliant solution [source,vbnet,diff-id=1,diff-type=compliant] ---- -Public Class TooManyCase - - Private fMatching As New Dictionary(Of Char, Integer) From { - { "a"c, 1 }, - { "b"c, 2 }, - { "c"c, 2 }, - { "d"c, 3 }, - { "e"c, 4 }, - { "f"c, 5 }, - { "g"c, 5 }, - { "h"c, 5 }, - } - - Public Function MapValues(Ch As Char) As Integer - Dim Value As Integer - If fMatching.TryGetValue(Ch, Value) Then - Return Value - Else - Return 6 - End If - End Function - -End Class +Public Function MapChar(ch As Char, value As Integer) As Integer + Select Case ch + Case "a"c + Return 1 + Case "b"c + Return 2 + Case "c"c + Return 3 + ' ... + Case "-"c + Return HandleDash(value) + Case Else + Return 1000 + End Select +End Function + +Private Function HandleDash(value As Integer) As Integer + If value > 10 Then + Return 42 + ElseIf value < 5 AndAlso value > 1 Then + Return 21 + End If + Return 99 +End Function ---- include::../resources-dotnet.adoc[] -* https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/statements/select-case-statement[Select...Case Statement] - +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/statements/select-case-statement[Select...Case Statement] include::../rspecator-dotnet.adoc[] + diff --git a/rules/S1480/plsql/rule.adoc b/rules/S1480/plsql/rule.adoc index d293d5281a1..f8530d753b1 100644 --- a/rules/S1480/plsql/rule.adoc +++ b/rules/S1480/plsql/rule.adoc @@ -5,4 +5,4 @@ TODO == Resources -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459] - Incomplete Cleanup +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] diff --git a/rules/S1481/azureresourcemanager/metadata.json b/rules/S1481/azureresourcemanager/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1481/azureresourcemanager/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1481/azureresourcemanager/rule.adoc b/rules/S1481/azureresourcemanager/rule.adoc new file mode 100644 index 00000000000..d687b562b79 --- /dev/null +++ b/rules/S1481/azureresourcemanager/rule.adoc @@ -0,0 +1,108 @@ +include::../rationale.adoc[] + +== How to fix it in JSON templates + +The fix for this issue is straightforward. +Once you ensure the unused variable is not part of an incomplete implementation leading to bugs, you just need to remove it. + +=== Code examples + +==== Noncompliant code example + +[source,json,diff-id=1,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "variables": { + "unusedVariable": "unusedValue", + "virtualMachinesName": "[uniqueString(resourceGroup().id)]" + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines", + "name": "[variables('virtualMachinesName')]", + "apiVersion": "2023-09-01", + "location": "[resourceGroup().location]" + } + ] +} +---- + +==== Compliant solution + +[source,json,diff-id=1,diff-type=compliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "variables": { + "virtualMachinesName": "[uniqueString(resourceGroup().id)]" + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines", + "name": "[variables('virtualMachinesName')]", + "apiVersion": "2023-09-01", + "location": "[resourceGroup().location]" + } + ] +} +---- + +== How to fix it in Bicep + +The fix for this issue is straightforward. +Once you ensure the unused variable is not part of an incomplete implementation leading to bugs, you just need to remove it. + +=== Code examples + +==== Noncompliant code example + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +var unusedVariable = 'unusedValue' // Noncompliant +var virtualMachinesName = '${uniqueString(resourceGroup().id)}' + +resource vm 'Microsoft.Compute/virtualMachines@2023-09-01' = { + name: virtualMachinesName + location: resourceGroup().location +} +---- + +==== Compliant solution + +[source,bicep,diff-id=2,diff-type=compliant] +---- +var virtualMachinesName = '${uniqueString(resourceGroup().id)}' + +resource vm 'Microsoft.Compute/virtualMachines@2023-09-01' = { + name: virtualMachinesName + location: resourceGroup().location +} +---- + + + +== Resources + +=== Documentation + +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices#variables[ARM template best practices] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/best-practices#names[Best practices for Bicep] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/variables[Variables in ARM templates] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/variables[Variables in Bicep] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1481/dart/metadata.json b/rules/S1481/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1481/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1481/dart/rule.adoc b/rules/S1481/dart/rule.adoc new file mode 100644 index 00000000000..3169959f2ac --- /dev/null +++ b/rules/S1481/dart/rule.adoc @@ -0,0 +1,50 @@ +include::../rationale.adoc[] + +include::../how-to-fix-it.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +int numberOfMinutes(int hours) { + int seconds = 0; // Noncompliant: seconds is unused + return hours * 60; +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +int numberOfMinutes(int hours) { + return hours * 60; +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/diagnostic-messages#unused_local_variable[Dart Compiler diagnostic - unused_local_variable] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* The value of the local variable '' isn't used. + +=== Highlighting + +The identifier of the unused local variable. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1481/rationale.adoc b/rules/S1481/rationale.adoc index d4fd886be70..1c51e74b962 100644 --- a/rules/S1481/rationale.adoc +++ b/rules/S1481/rationale.adoc @@ -6,14 +6,14 @@ An unused local variable is a variable that has been declared but is not used an Having unused local variables in your code can lead to several issues: -* Decreased Readability: Unused variables can make your code more difficult to read. They add extra lines and complexity, which can distract from the main logic of the code. +* *Decreased Readability*: Unused variables can make your code more difficult to read. They add extra lines and complexity, which can distract from the main logic of the code. -* Misunderstanding: When other developers read your code, they may wonder why a variable is declared but not used. This can lead to confusion and misinterpretation of the code's intent. +* *Misunderstanding*: When other developers read your code, they may wonder why a variable is declared but not used. This can lead to confusion and misinterpretation of the code's intent. -* Potential for Bugs: If a variable is declared but not used, it might indicate a bug or incomplete code. For example, if you declared a variable intending to use it in a calculation, but then forgot to do so, your program might not work as expected. +* *Potential for Bugs*: If a variable is declared but not used, it might indicate a bug or incomplete code. For example, if you declared a variable intending to use it in a calculation, but then forgot to do so, your program might not work as expected. -* Maintenance Issues: Unused variables can make code maintenance more difficult. If a programmer sees an unused variable, they might think it is a mistake and try to 'fix' the code, potentially introducing new bugs. +* *Maintenance Issues*: Unused variables can make code maintenance more difficult. If a programmer sees an unused variable, they might think it is a mistake and try to 'fix' the code, potentially introducing new bugs. -* Memory Usage: Although modern compilers are smart enough to ignore unused variables, not all compilers do this. In such cases, unused variables take up memory space, leading to inefficient use of resources. +* *Memory Usage*: Although modern compilers are smart enough to ignore unused variables, not all compilers do this. In such cases, unused variables take up memory space, leading to inefficient use of resources. In summary, unused local variables can make your code less readable, more confusing, and harder to maintain, and they can potentially lead to bugs or inefficient memory use. Therefore, it is best to remove them. diff --git a/rules/S1486/abap/rule.adoc b/rules/S1486/abap/rule.adoc index 2976aa8d3fe..232ca6ef19f 100644 --- a/rules/S1486/abap/rule.adoc +++ b/rules/S1486/abap/rule.adoc @@ -26,8 +26,8 @@ ENDIF. == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] ifdef::env-github,rspecator-view[] diff --git a/rules/S1493/metadata.json b/rules/S1493/metadata.json index 2bd81fe977a..0c043a0b385 100644 --- a/rules/S1493/metadata.json +++ b/rules/S1493/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "sql" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "SQL.DynamicSqlCheck" ] diff --git a/rules/S1493/see.adoc b/rules/S1493/see.adoc index 815f337daa4..37995976a8b 100644 --- a/rules/S1493/see.adoc +++ b/rules/S1493/see.adoc @@ -1,5 +1,5 @@ == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - SQL Injection +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - SQL Injection] diff --git a/rules/S1496/abap/metadata.json b/rules/S1496/abap/metadata.json index 0d7422bbe3f..6199ef9aa70 100644 --- a/rules/S1496/abap/metadata.json +++ b/rules/S1496/abap/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,12 +16,8 @@ "sql" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1496", diff --git a/rules/S1508/abap/metadata.json b/rules/S1508/abap/metadata.json index 96af3e2cbe5..b362e60e602 100644 --- a/rules/S1508/abap/metadata.json +++ b/rules/S1508/abap/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,12 +16,8 @@ "lock-in" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1508", diff --git a/rules/S1523/python/metadata.json b/rules/S1523/python/metadata.json index 804395cc74d..111f045c527 100644 --- a/rules/S1523/python/metadata.json +++ b/rules/S1523/python/metadata.json @@ -1,4 +1,7 @@ { "status": "deprecated", - "quickfix": "unknown" + "quickfix": "unknown", + "tags": [ + "deprecated" + ] } diff --git a/rules/S1523/see.adoc b/rules/S1523/see.adoc index b63f294524b..1ff693ef48f 100644 --- a/rules/S1523/see.adoc +++ b/rules/S1523/see.adoc @@ -1,5 +1,5 @@ == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/95[MITRE, CWE-95] - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/95[CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')] diff --git a/rules/S1525/javascript/rule.adoc b/rules/S1525/javascript/rule.adoc index 3c1a70500a1..158916ab596 100644 --- a/rules/S1525/javascript/rule.adoc +++ b/rules/S1525/javascript/rule.adoc @@ -29,8 +29,8 @@ for (i = 1; i<5; i++) { == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] ifdef::env-github,rspecator-view[] diff --git a/rules/S1526/javascript/metadata.json b/rules/S1526/javascript/metadata.json index a8ccf5545fb..fda0f7f4b03 100644 --- a/rules/S1526/javascript/metadata.json +++ b/rules/S1526/javascript/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,9 +16,7 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "VariableDeclarationAfterUsage" ] @@ -27,8 +25,6 @@ "ruleSpecification": "RSPEC-1526", "sqKey": "S1526", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1527/metadata.json b/rules/S1527/metadata.json index 21bc64249a1..735bc8a8d8a 100644 --- a/rules/S1527/metadata.json +++ b/rules/S1527/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1527", diff --git a/rules/S1537/metadata.json b/rules/S1537/metadata.json index 705dcd0e4f6..3ffde41e4d9 100644 --- a/rules/S1537/metadata.json +++ b/rules/S1537/metadata.json @@ -24,5 +24,11 @@ "defaultQualityProfiles": [ ], - "quickfix": "unknown" + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "FORMATTED" + } } diff --git a/rules/S1541/dart/metadata.json b/rules/S1541/dart/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S1541/dart/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S1541/dart/rule.adoc b/rules/S1541/dart/rule.adoc new file mode 100644 index 00000000000..c05dfab70df --- /dev/null +++ b/rules/S1541/dart/rule.adoc @@ -0,0 +1,30 @@ +include::../rule.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +=== Parameters + +.threshold +**** + +---- +15 +---- + +The maximum authorized complexity. +**** + + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1542/plsql/parameters.adoc b/rules/S1542/plsql/parameters.adoc new file mode 100644 index 00000000000..a896a63dff5 --- /dev/null +++ b/rules/S1542/plsql/parameters.adoc @@ -0,0 +1,11 @@ +=== Parameters + +.format +**** + +---- +^"?[a-zA-Z]([a-zA-Z0-9_\s]*[a-zA-Z0-9])?"?$ +---- + +Regular expression used to check the function names against +**** diff --git a/rules/S1542/plsql/rule.adoc b/rules/S1542/plsql/rule.adoc index 185afde102c..58451a28eb9 100644 --- a/rules/S1542/plsql/rule.adoc +++ b/rules/S1542/plsql/rule.adoc @@ -32,7 +32,7 @@ ifdef::env-github,rspecator-view[] include::../message.adoc[] -include::../parameters.adoc[] +include::parameters.adoc[] ''' == Comments And Links diff --git a/rules/S1542/python/metadata.json b/rules/S1542/python/metadata.json index 17971333806..59ed4a8efa6 100644 --- a/rules/S1542/python/metadata.json +++ b/rules/S1542/python/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "convention", + "pep" + ] } diff --git a/rules/S1542/vb6/rule.adoc b/rules/S1542/vb6/rule.adoc index 49a3c46ddbf..5d06d21bcb6 100644 --- a/rules/S1542/vb6/rule.adoc +++ b/rules/S1542/vb6/rule.adoc @@ -4,7 +4,7 @@ include::../description.adoc[] === Noncompliant code example -With default provided regular expression: ^[A-Z][a-zA-Z0-9_]*$ +With default provided regular expression: ^([A-Z][a-zA-Z0-9_]\*)|([a-z][a-zA-Z0-9]*_[A-Z][a-zA-Z]*)$ [source,vb6] diff --git a/rules/S1544/jcl/metadata.json b/rules/S1544/jcl/metadata.json new file mode 100644 index 00000000000..2a09997b2d8 --- /dev/null +++ b/rules/S1544/jcl/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Job names should comply with a naming convention" +} \ No newline at end of file diff --git a/rules/S1544/jcl/rule.adoc b/rules/S1544/jcl/rule.adoc new file mode 100644 index 00000000000..4a84230992b --- /dev/null +++ b/rules/S1544/jcl/rule.adoc @@ -0,0 +1,43 @@ +== Why is this an issue? + +Shared naming conventions allow teams to collaborate efficiently. This rule checks that all job names match a provided regular expression. + +=== Noncompliant code example + +With the regular expression ``++^[A-Z][A-Z0-9]*$++``: + +[source,jcl,diff-id=1,diff-type=noncompliant] +---- +//* Noncompliant +//$JOB01 JOB +---- + +=== Compliant solution + +[source,jcl,diff-id=1,diff-type=compliant] +---- +//JOB01 JOB +---- + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +=== Parameters + +.format +**** + +---- +^[A-Z][A-Z0-9]*$ +---- + +Regular expression used to check the job names against. +**** + + +endif::env-github,rspecator-view[] diff --git a/rules/S1544/message.adoc b/rules/S1544/message.adoc index 233184cf886..7e4a6be2852 100644 --- a/rules/S1544/message.adoc +++ b/rules/S1544/message.adoc @@ -1,4 +1,4 @@ === Message -Rename this 'XXXX' report/program to match the regular expression ${format} +Rename this 'XXXX' report/program/job to match the regular expression ${format} diff --git a/rules/S1573/rule.adoc b/rules/S1573/rule.adoc index 47fc1443da8..abbbde325dd 100644 --- a/rules/S1573/rule.adoc +++ b/rules/S1573/rule.adoc @@ -5,5 +5,5 @@ If you do not explicitly close a cursor, it will be closed at the end of the tas == Resources -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459] - Incomplete Cleanup +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] diff --git a/rules/S1578/dart/metadata.json b/rules/S1578/dart/metadata.json new file mode 100644 index 00000000000..d860fd4691d --- /dev/null +++ b/rules/S1578/dart/metadata.json @@ -0,0 +1,5 @@ +{ + "defaultQualityProfiles": [ + "Sonar way" + ] +} diff --git a/rules/S1578/dart/rule.adoc b/rules/S1578/dart/rule.adoc new file mode 100644 index 00000000000..3fdbdb16a3e --- /dev/null +++ b/rules/S1578/dart/rule.adoc @@ -0,0 +1,34 @@ +== Why is this an issue? + +Shared coding conventions allow teams to collaborate effectively. For that reason, file names should conform to a defined standard. +In Dart the convention is to name files using lowercase with underscore.This rule raises an issue when the names of analyzed files don’t match this convention. + +This convention also helps to operate with different file systems, which may be case-insensitive. + +These file names will violate convention: + +* MyFile.dart +* myFile.dart +* my-file.dart +* My_File.dart + +And the proper name in this case will be: + +* my_file.dart + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/file_names[Dart Linter rule - file_names] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +The file name 'xxx' isn't a lower_case_with_underscores identifier. + +endif::env-github,rspecator-view[] + diff --git a/rules/S1590/metadata.json b/rules/S1590/metadata.json index ab07d8cb49b..a2ff14e6f8e 100644 --- a/rules/S1590/metadata.json +++ b/rules/S1590/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,9 +16,7 @@ "sql" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "DeleteOrUpdateWithoutWhereCheck" ] diff --git a/rules/S1596/java/metadata.json b/rules/S1596/java/metadata.json index 4f59b66a886..23989a5c6fc 100644 --- a/rules/S1596/java/metadata.json +++ b/rules/S1596/java/metadata.json @@ -17,17 +17,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1596", "sqKey": "S1596", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1599/php/metadata.json b/rules/S1599/php/metadata.json index 950720be7a8..e0304baf812 100644 --- a/rules/S1599/php/metadata.json +++ b/rules/S1599/php/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "brain-overload" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1599", diff --git a/rules/S1602/java/metadata.json b/rules/S1602/java/metadata.json index 8b680f68e26..43659380366 100644 --- a/rules/S1602/java/metadata.json +++ b/rules/S1602/java/metadata.json @@ -16,17 +16,13 @@ "java8" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1602", "sqKey": "S1602", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1604/java/metadata.json b/rules/S1604/java/metadata.json index f512fe3a13d..657bc6eb369 100644 --- a/rules/S1604/java/metadata.json +++ b/rules/S1604/java/metadata.json @@ -16,17 +16,13 @@ "java8" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1604", "sqKey": "S1604", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1607/javascript/metadata.json b/rules/S1607/javascript/metadata.json new file mode 100644 index 00000000000..049120c72c5 --- /dev/null +++ b/rules/S1607/javascript/metadata.json @@ -0,0 +1,4 @@ +{ + "title": "Tests should not be skipped without providing a reason", + "quickfix": "infeasible" +} diff --git a/rules/S1607/javascript/rule.adoc b/rules/S1607/javascript/rule.adoc new file mode 100644 index 00000000000..0e00c5d2221 --- /dev/null +++ b/rules/S1607/javascript/rule.adoc @@ -0,0 +1,137 @@ +== Why is this an issue? + +Disabling unit tests lead to a lack of visibility into why tests are ignored, a decline in code quality as underlying problems remain unaddressed, and an increased maintenance burden due to the accumulation of disabled tests. It can also create a false sense of security about the stability of the codebase and pose challenges for new developers who may lack the context to understand why tests were disabled. Proper documentation and clear reasons for disabling tests are essential to ensure they are revisited and re-enabled once the issues are resolved. + +This rule raises an issue when a test construct from Jasmine, Jest, Mocha, or Node.js Test Runner is disabled without providing an explanation. It relies on the presence of a +package.json+ file and looks at the dependencies to determine which testing framework is used. + +== How to fix it in Jasmine + +A comment should be added before, on, or after the line of the unit test explaining why the test was disabled. Alternatively, if the test is no longer relevant, it should be removed entirely. + +=== Code examples + +==== Noncompliant code example + +[source,javascript,diff-id=1,diff-type=noncompliant] +---- +describe('foo', function() { + xit('should do something', function(done) { // Noncompliant + done(); + }); +}); +---- + +==== Compliant solution + +[source,javascript,diff-id=1,diff-type=compliant] +---- +describe('foo', function() { + // Reason: There is a bug in the code + xit('should do something', function(done) { // Compliant + done(); + }); +}); +---- + +== How to fix it in Jest + +A comment should be added before, on, or after the line of the unit test explaining why the test was disabled. Alternatively, if the test is no longer relevant, it should be removed entirely. + +=== Code examples + +==== Noncompliant code example + +[source,javascript,diff-id=2,diff-type=noncompliant] +---- +describe('foo', function() { + test.skip('should do something', function(done) { // Noncompliant + done(); + }); +}); +---- + +==== Compliant solution + +[source,javascript,diff-id=2,diff-type=compliant] +---- +describe('foo', function() { + // Reason: There is a bug in the code + test.skip('should do something', function(done) { // Compliant + done(); + }); +}); +---- + +== How to fix it in Mocha + +A comment should be added before, on, or after the line of the unit test explaining why the test was disabled. Alternatively, if the test is no longer relevant, it should be removed entirely. + +=== Code examples + +==== Noncompliant code example + +[source,javascript,diff-id=3,diff-type=noncompliant] +---- +describe('foo', function() { + it.skip('should do something', function(done) { // Noncompliant + done(); + }); +}); +---- + +==== Compliant solution + +[source,javascript,diff-id=3,diff-type=compliant] +---- +describe('foo', function() { + // Reason: There is a bug in the code + it.skip('should do something', function(done) { // Compliant + done(); + }); +}); +---- + +== How to fix it in Node.js + +A non-empty string literal should be passed to the skip options or as an argument to the call to skip (``++{ skip: 'reason' }++``) on the test context (``++t.skip('reason')++``), explaining why the test was disabled. + +=== Code examples + +==== Noncompliant code example + +[source,javascript,diff-id=4,diff-type=noncompliant] +---- +const test = require('node:test'); + +test('should do something', { skip: true }, function(t) { // Noncompliant + t.assert.ok(true); +}); + +test('should do something', function(t) { + t.skip(); // Noncompliant +}); +---- + +==== Compliant solution + +[source,javascript,diff-id=4,diff-type=compliant] +---- +const test = require('node:test'); + +test('should do something', { skip: 'There is a bug in the code' }, function(t) { // Compliant + t.assert.ok(true); +}); + +test('should do something', function(t) { + t.skip('There is a bug in the code'); // Compliant +}); +---- + +== Resources + +=== Documentation + +* Jasmine Documentation - https://jasmine.github.io/api/3.0/global.html#xit[xit] +* Jest Documentation - https://jestjs.io/docs/api#testskipname-fn[test.skip] +* Mocha Documentation - https://mochajs.org/#inclusive-tests[Inclusive tests] +* Node.js Documentation - https://nodejs.org/docs/latest/api/test.html#skipping-tests[Skipping tests] diff --git a/rules/S1610/java/metadata.json b/rules/S1610/java/metadata.json index 8bffe14858e..5c7ae8e428f 100644 --- a/rules/S1610/java/metadata.json +++ b/rules/S1610/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1610", "sqKey": "S1610", - "scope": "All", - "defaultQualityProfiles": [ - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1612/java/metadata.json b/rules/S1612/java/metadata.json index af809d9f59d..6582e86c89d 100644 --- a/rules/S1612/java/metadata.json +++ b/rules/S1612/java/metadata.json @@ -16,12 +16,8 @@ "java8" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1612", diff --git a/rules/S1612/java/rule.adoc b/rules/S1612/java/rule.adoc index 55e442fe390..e5c60ee2693 100644 --- a/rules/S1612/java/rule.adoc +++ b/rules/S1612/java/rule.adoc @@ -82,6 +82,9 @@ Replace this lambda with a method reference. [(sonar.java.source not set. Assumi == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + === is duplicated by: S2212 === on 26 Feb 2014, 12:19:41 Freddy Mallet wrote: diff --git a/rules/S1614/metadata.json b/rules/S1614/metadata.json index 5b1e2f75b4b..79352901f3d 100644 --- a/rules/S1614/metadata.json +++ b/rules/S1614/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,19 +16,13 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1614", "sqKey": "S1614", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1628/rpg/rule.adoc b/rules/S1628/rpg/rule.adoc index e537905402a..83637a094c7 100644 --- a/rules/S1628/rpg/rule.adoc +++ b/rules/S1628/rpg/rule.adoc @@ -32,8 +32,8 @@ The ``++DEBUG(*YES)++`` and ``++DUMP++`` statements are useful during developmen == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] ifdef::env-github,rspecator-view[] diff --git a/rules/S1630/rpg/rule.adoc b/rules/S1630/rpg/rule.adoc index 727d8154d5c..9a16a16b8cc 100644 --- a/rules/S1630/rpg/rule.adoc +++ b/rules/S1630/rpg/rule.adoc @@ -57,7 +57,7 @@ F INFSR(*PSSR) == Resources -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459] - Incomplete Cleanup +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] diff --git a/rules/S1640/java/metadata.json b/rules/S1640/java/metadata.json index c7db1fda083..3e646b99df2 100644 --- a/rules/S1640/java/metadata.json +++ b/rules/S1640/java/metadata.json @@ -16,12 +16,8 @@ "performance" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1640", diff --git a/rules/S1640/java/rule.adoc b/rules/S1640/java/rule.adoc index 1c2d505d0e5..bfeecbb03b2 100644 --- a/rules/S1640/java/rule.adoc +++ b/rules/S1640/java/rule.adoc @@ -40,5 +40,11 @@ ifdef::env-github,rspecator-view[] Convert this Map to an EnumMap. +''' +== Comments And Links +(visible only on this page) + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. Value is limited in test code as it is a performance rule, but the rule helps developers to learn about new cool trick endif::env-github,rspecator-view[] diff --git a/rules/S1641/java/metadata.json b/rules/S1641/java/metadata.json index 68238ed605e..3857bfe0391 100644 --- a/rules/S1641/java/metadata.json +++ b/rules/S1641/java/metadata.json @@ -16,19 +16,13 @@ "performance" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1641", "sqKey": "S1641", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1643/csharp/rule.adoc b/rules/S1643/csharp/rule.adoc index 03f030c0d08..123cdfb61bf 100644 --- a/rules/S1643/csharp/rule.adoc +++ b/rules/S1643/csharp/rule.adoc @@ -1,30 +1,98 @@ == Why is this an issue? -``++StringBuilder++`` is more efficient than string concatenation, especially when the operator is repeated over and over as in loops. +Concatenating multiple string literals or strings using the `+` operator creates a new string object for each concatenation. This can lead to a large number of intermediate string objects and can be inefficient. The `StringBuilder` class is more efficient than string concatenation, especially when the operator is repeated over and over as in loops. -=== Noncompliant code example +== How to fix it -[source,csharp] +Replace string concatenation with `StringBuilder`. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- string str = ""; -for (int i = 0; i < arrayOfStrings.Length ; ++i) +for (int i = 0; i < arrayOfStrings.Length ; ++i) { str = str + arrayOfStrings[i]; } ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- StringBuilder bld = new StringBuilder(); -for (int i = 0; i < arrayOfStrings.Length; ++i) +for (int i = 0; i < arrayOfStrings.Length; ++i) { bld.Append(arrayOfStrings[i]); } string str = bld.ToString(); ---- +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.text.stringbuilder[StringBuilder Class] + +=== Benchmarks + +[options="header"] +|=== +| Method | Runtime | Mean | Standard Deviation | Allocated +| StringConcatenation | .NET 9.0 | 50,530.75 us | 2,699.189 us | 586280.70 KB +| StringBuilder | .NET 9.0 | 82.31 us | 3.387 us | 243.79 KB +| StringConcatenation | .NET Framework 4.8.1 | 37,453.72 us | 1,543.051 us | 586450.38 KB +| StringBuilder | .NET Framework 4.8.1 | 178.32 us | 6.148 us | 244.15 KB +|=== + +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] + +The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: + +[source,csharp] +---- +[Params(10_000)] +public int Iterations; + +[Benchmark] +public void StringConcatenation() +{ + string str = ""; + for (int i = 0; i < Iterations; i++) + { + str = str + "append"; + } +} + +[Benchmark] +public void StringBuilder() +{ + StringBuilder builder = new StringBuilder(); + for (int i = 0; i < Iterations; i++) + { + builder.Append("append"); + } + _ = builder.ToString(); +} +---- + +Hardware Configuration: + +[source] +---- +BenchmarkDotNet v0.14.0, Windows 10 (10.0.19045.5247/22H2/2022Update) +12th Gen Intel Core i7-12800H, 1 CPU, 20 logical and 14 physical cores + [Host] : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 + .NET 9.0 : .NET 9.0.0 (9.0.24.52809), X64 RyuJIT AVX2 + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 +---- + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1643/java/metadata.json b/rules/S1643/java/metadata.json index 17971333806..9dbbef5a6c0 100644 --- a/rules/S1643/java/metadata.json +++ b/rules/S1643/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "All" } diff --git a/rules/S1643/java/rule.adoc b/rules/S1643/java/rule.adoc index 94e73b5b5db..8deafcba613 100644 --- a/rules/S1643/java/rule.adoc +++ b/rules/S1643/java/rule.adoc @@ -38,6 +38,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1656/java/metadata.json b/rules/S1656/java/metadata.json index 676244cb65a..f8901fc8149 100644 --- a/rules/S1656/java/metadata.json +++ b/rules/S1656/java/metadata.json @@ -7,5 +7,6 @@ "MSC12-C." ] }, - "quickfix": "partial" + "quickfix": "partial", + "scope": "All" } diff --git a/rules/S1656/java/rule.adoc b/rules/S1656/java/rule.adoc index 3aebca73320..bb9aa0cfd0a 100644 --- a/rules/S1656/java/rule.adoc +++ b/rules/S1656/java/rule.adoc @@ -22,6 +22,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. FP does not seem to be related to test vs main. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1656/python/metadata.json b/rules/S1656/python/metadata.json index 17971333806..2ff2251a548 100644 --- a/rules/S1656/python/metadata.json +++ b/rules/S1656/python/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "convention", + "confusing" + ] } diff --git a/rules/S1657/vb6/metadata.json b/rules/S1657/vb6/metadata.json index 0b260a72872..991578099ae 100644 --- a/rules/S1657/vb6/metadata.json +++ b/rules/S1657/vb6/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1657", diff --git a/rules/S1659/cfamily/rule.adoc b/rules/S1659/cfamily/rule.adoc index bff48cf06ef..4609715a39f 100644 --- a/rules/S1659/cfamily/rule.adoc +++ b/rules/S1659/cfamily/rule.adoc @@ -34,7 +34,7 @@ int &j3 = i2; * MISRA {cpp}:2008, 8-0-1 - An init-declarator-list or a member-declarator-list shall consist of a single init-declarator or member-declarator respectively -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es10-declare-one-name-only-per-declaration[{cpp} Core Guidelines - ES.10] - Declare one name (only) per declaration +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es10-declare-one-name-only-per-declaration[ES.10: Declare one name (only) per declaration] ifdef::env-github,rspecator-view[] diff --git a/rules/S1659/java/metadata.json b/rules/S1659/java/metadata.json index 78c9baecfd0..f7daeed9617 100644 --- a/rules/S1659/java/metadata.json +++ b/rules/S1659/java/metadata.json @@ -9,5 +9,6 @@ "DCL04-C." ] }, - "quickfix": "covered" + "quickfix": "covered", + "scope": "Main" } diff --git a/rules/S1659/java/rule.adoc b/rules/S1659/java/rule.adoc index c45aa2aaf53..654d97e9f99 100644 --- a/rules/S1659/java/rule.adoc +++ b/rules/S1659/java/rule.adoc @@ -49,6 +49,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Usage exists more on test code. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1669/cfamily/rule.adoc b/rules/S1669/cfamily/rule.adoc index c91a8dd216b..b1699b3ca32 100644 --- a/rules/S1669/cfamily/rule.adoc +++ b/rules/S1669/cfamily/rule.adoc @@ -25,8 +25,8 @@ void precept(int finalValue); // Compliant * {cpp} reference - https://en.cppreference.com/w/cpp/language/final[final specifier] * {cpp} reference - https://en.cppreference.com/w/cpp/language/override[override specifier] -* {cpp} reference - https://en.cppreference.com/w/cpp/keyword/module[C++ keyword: module] -* {cpp} reference - https://en.cppreference.com/w/cpp/keyword/import[C++ keyword: import] +* {cpp} reference - https://en.cppreference.com/w/cpp/keyword/module[{cpp} keyword: module] +* {cpp} reference - https://en.cppreference.com/w/cpp/keyword/import[{cpp} keyword: import] ifdef::env-github,rspecator-view[] diff --git a/rules/S1669/metadata.json b/rules/S1669/metadata.json index ffda43a6be3..ab06b574c65 100644 --- a/rules/S1669/metadata.json +++ b/rules/S1669/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,9 +16,7 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "LanguageKeywordUsage" ] diff --git a/rules/S1674/abap/rule.adoc b/rules/S1674/abap/rule.adoc index 93fcbfabaf0..e0090bfcef2 100644 --- a/rules/S1674/abap/rule.adoc +++ b/rules/S1674/abap/rule.adoc @@ -37,8 +37,8 @@ When a block contains a comment, it is not considered to be empty. == Resources -* https://cwe.mitre.org/data/definitions/391[MITRE, CWE-391] - Unchecked Error Condition -* OWASP Top 10 2017 Category A10 - Insufficient Logging & Monitoring +* CWE - https://cwe.mitre.org/data/definitions/391[CWE-391 - Unchecked Error Condition] +* OWASP - https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[Top 10 2017 Category A10 - Insufficient Logging & Monitoring] ifdef::env-github,rspecator-view[] diff --git a/rules/S1679/cfamily/metadata.json b/rules/S1679/cfamily/metadata.json index 189c1478ad1..0db3279e44b 100644 --- a/rules/S1679/cfamily/metadata.json +++ b/rules/S1679/cfamily/metadata.json @@ -1,34 +1,3 @@ { - "title": "The original exception object should be rethrown", - "type": "BUG", - "code": { - "impacts": { - "RELIABILITY": "MEDIUM" - }, - "attribute": "EFFICIENT" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-1679", - "sqKey": "S1679", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S1679/dart/metadata.json b/rules/S1679/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S1679/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S1679/dart/rule.adoc b/rules/S1679/dart/rule.adoc new file mode 100644 index 00000000000..335182cfd8c --- /dev/null +++ b/rules/S1679/dart/rule.adoc @@ -0,0 +1,70 @@ +== Why is this an issue? + +In dart `throw` is used no initiate an exception. Usually this is enough to just catch it and handle. However, there are cases when the exceptions needs to be propagated further after being caught. This allows a handling of the exception on different levels. +In such case it's recommended to use `rethrow` instead of just `throw`, to preserve the original stacktrace. + +[source,dart] +---- +try { + ... +} catch (ex) { + rethrow; // preserves the original exception with its stacktrace +} +---- + +== How to fix it + +The rule raises an issue when the argument of the `throw` expression is an unmodified copy of the caught exception. + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void foo() { + try { + methodThrowsException(); + } catch (ex) { + // ... + throw ex; // Noncompliant + } +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +void foo() { + try { + methodThrowsException(); + } catch (ex) { + // ... + rethrow; + } +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/use_rethrow_when_possible[Dart Linter rule - use_rethrow_when_possible] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Use 'rethrow' to rethrow a caught exception. + +=== Highlighting + +The `throw` statement with the argument. + +''' + +endif::env-github,rspecator-view[] + diff --git a/rules/S1679/metadata.json b/rules/S1679/metadata.json index 2c63c085104..189c1478ad1 100644 --- a/rules/S1679/metadata.json +++ b/rules/S1679/metadata.json @@ -1,2 +1,34 @@ { + "title": "The original exception object should be rethrown", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "EFFICIENT" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-1679", + "sqKey": "S1679", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S1685/cobol/rule.adoc b/rules/S1685/cobol/rule.adoc index 3dbb7bb8d83..c8c7f6e9cbf 100644 --- a/rules/S1685/cobol/rule.adoc +++ b/rules/S1685/cobol/rule.adoc @@ -21,8 +21,8 @@ SOURCE-COMPUTER. IBM-370. == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] ifdef::env-github,rspecator-view[] diff --git a/rules/S1694/csharp/metadata.json b/rules/S1694/csharp/metadata.json index 17971333806..d860fd4691d 100644 --- a/rules/S1694/csharp/metadata.json +++ b/rules/S1694/csharp/metadata.json @@ -1,3 +1,5 @@ { - + "defaultQualityProfiles": [ + "Sonar way" + ] } diff --git a/rules/S1694/csharp/rule.adoc b/rules/S1694/csharp/rule.adoc index 53c75dc64cc..cace0de9005 100644 --- a/rules/S1694/csharp/rule.adoc +++ b/rules/S1694/csharp/rule.adoc @@ -1,77 +1,86 @@ +A `class` with only `abstract` methods and no inheritable behavior should be converted to an https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/interfaces/[`interface`]. + == Why is this an issue? -The purpose of an abstract class is to provide some heritable behaviors while also defining methods which must be implemented by sub-classes. +The purpose of an https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/abstract-and-sealed-classes-and-class-members[`abstract` class] is to provide some overridable behaviors while also defining methods that are required to be implemented by sub-classes. +A class that contains only `abstract` methods, often called pure abstract class, is effectively an interface, but with the disadvantage of not being able to be implemented by multiple classes. -A ``++class++`` with no abstract methods that was made ``++abstract++`` purely to prevent instantiation should be converted to a concrete ``++class++`` (i.e. remove the ``++abstract++`` keyword) with a ``++protected++`` constructor. +Using interfaces over pure abstract classes presents multiple advantages: +* https://en.wikipedia.org/wiki/Multiple_inheritance[**Multiple Inheritance**]: Unlike classes, an interface doesn't count towards the single inheritance limit in C#. This means a class can implement multiple interfaces, which can be useful when you need to define behavior that can be shared across multiple classes. +* https://en.wikipedia.org/wiki/Loose_coupling#In_programming[**Loose Coupling**]: Interfaces provide a way to achieve loose coupling between classes. This is because an interface only specifies what methods a class must have, but not how they are implemented. This makes it easier to swap out implementations without changing the code that uses them. +* https://en.wikipedia.org/wiki/Polymorphism_(computer_science)[**Polymorphism**]: Interfaces allow you to use polymorphism, which means you can use an interface type to refer to any object that implements that interface. This can be useful when you want to write code that can work with any class that implements a certain interface, _without knowing what the actual class is_. +* https://en.wikipedia.org/wiki/Design_by_contract[**Design by contract**]: Interfaces provide a clear contract of what a class should do, without specifying how it should do it. This makes it easier to understand the intended behavior of a class, and to ensure that different implementations of an interface are consistent with each other. -A ``++class++`` with only ``++abstract++`` methods and no inheritable behavior should be converted to an ``++interface++``. +=== Exceptions -=== Noncompliant code example +`abstract` classes that contain non-abstract methods, in addition to `abstract` ones, cannot easily be converted to interfaces, and are not the subject of this rule: [source,csharp] ---- -public abstract class Animal //Noncompliant; should be an interface +public abstract class Lamp // Compliant: Glow is abstract, but FlipSwitch is not { - abstract void Move(); - abstract void Feed(); -} + private bool switchLamp = false; -public abstract class Color //Noncompliant; should be concrete with a protected constructor -{ - private int red = 0; - private int green = 0; - private int blue = 0; + public abstract void Glow(); - public int GetRed() + public void FlipSwitch() { - return red; + switchLamp = !switchLamp; + if (switchLamp) + { + Glow(); + } } } ---- +Notice that, since C# 8.0, you can also define https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/proposals/csharp-8.0/default-interface-methods[default implementations for interface methods], which is yet another reason to prefer interfaces over abstract classes when you don't need to provide any inheritable behavior. + +However, interfaces cannot have fields (such as `switchLamp` in the example above), and that remains true even in C# 8.0 and upwards. This can be a valid reason to still prefer an abstract class over an interface. + +== How to fix it + +Convert the `abstract` class to an `interface` with the same methods. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +public abstract class Animal // Noncompliant: should be an interface +{ + public abstract void Move(); + public abstract void Feed(); +} +---- + === Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- public interface Animal { void Move(); void Feed(); } +---- -public class Color -{ - private int red = 0; - private int green = 0; - private int blue = 0; - - protected Color() - {} - - public int GetRed() - { - return red; - } -} - -public abstract class Lamp -{ - private bool switchLamp = false; +== Resources - public abstract void Glow(); +=== Documentation - public void FlipSwitch() - { - switchLamp = !switchLamp; - if (switchLamp) - { - Glow(); - } - } -} ----- +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/abstract-and-sealed-classes-and-class-members[Abstract and Sealed Classes and Class Members (C# Programming Guide)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/interfaces/[Interfaces - define behavior for multiple types] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/proposals/csharp-8.0/default-interface-methods[Default Interface Methods] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/advanced-topics/interface-implementation/default-interface-methods-versions[Tutorial: Update interfaces with default interface methods] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/fundamentals/object-oriented/inheritance[Inheritance - derive types to create more specialized behavior] +* Wikipedia - https://en.wikipedia.org/wiki/Multiple_inheritance[Multiple Inheritance] +* Wikipedia - https://en.wikipedia.org/wiki/Loose_coupling#In_programming[Loose Coupling - In programming] +* Wikipedia - https://en.wikipedia.org/wiki/Polymorphism_(computer_science)[Polymorphism (computer science)] +* Wikipedia - https://en.wikipedia.org/wiki/Design_by_contract[Design by contract] ifdef::env-github,rspecator-view[] @@ -81,8 +90,11 @@ ifdef::env-github,rspecator-view[] === Message -Convert this "abstract" (class|record) to (an interface|a concrete type with a private constructor). +Convert this "abstract" (class|record) to an interface. + +=== Highlighting +The identifier of the "abstract" class. ''' == Comments And Links diff --git a/rules/S1696/csharp/rule.adoc b/rules/S1696/csharp/rule.adoc index 30707ec582f..54b4ffe050a 100644 --- a/rules/S1696/csharp/rule.adoc +++ b/rules/S1696/csharp/rule.adoc @@ -1,70 +1,51 @@ == Why is this an issue? -``++NullReferenceException++`` should be avoided, not caught. Any situation in which ``++NullReferenceException++`` is explicitly caught can easily be converted to a ``++null++`` test, and any behavior being carried out in the catch block can easily be moved to the "is null" branch of the conditional. +Catching `NullReferenceException` is generally considered a bad practice because it can hide bugs in your code. Instead of catching this exception, you should aim to prevent it. This makes your code more robust and easier to understand. +In addition, constantly catching and handling `NullReferenceException` can lead to performance issues. Exceptions are expensive in terms of system resources, so they should be used cautiously and only for exceptional conditions, not for regular control flow. -=== Noncompliant code example +== How to fix it -[source,csharp] +Instead of catching NullReferenceException, it's better to prevent it from happening in the first place. You can do this by using null checks or null conditional operators (`?.`) before accessing members of an object. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- -public int GetLengthPlusTwo(string str) +public int GetLengthPlusTwo(string str) { - int length = 2; - try + try { - length += str.Length; + return str.Length + 2; } - catch (NullReferenceException e) + catch (NullReferenceException e) { - log.info("argument was null"); + return 2; } - return length; } ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- -public int GetLengthPlusTwo(string str) +public int GetLengthPlusTwo(string str) { - int length = 2; - - if (str != null) + if (str is null) { - length += str.Length; + return 2; } - else - { - log.info("argument was null"); - } - return length; + return str.Length + 2; } ---- == Resources -* https://cwe.mitre.org/data/definitions/395[MITRE, CWE-395] - Use of NullPointerException Catch to Detect NULL Pointer Dereference - -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Do not catch NullReferenceException; test for null instead. - - -=== Highlighting - -throw new NullReferenceException() - - -''' -== Comments And Links -(visible only on this page) +=== Documentation -include::../comments-and-links.adoc[] +* CWE - https://cwe.mitre.org/data/definitions/395[CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.nullreferenceexception[NullReferenceException class] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/member-access-operators#null-conditional-operators\--and-[Null-conditional operators ?. and ?[\]] -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] diff --git a/rules/S1696/java/metadata.json b/rules/S1696/java/metadata.json index 3019fa8a1c3..e47b0f2f99a 100644 --- a/rules/S1696/java/metadata.json +++ b/rules/S1696/java/metadata.json @@ -11,5 +11,8 @@ "CWE": [ 395 ] - } + }, + "defaultQualityProfiles": [ + + ] } diff --git a/rules/S1696/java/rule.adoc b/rules/S1696/java/rule.adoc index 689f4ffae58..d4b4a6c4d99 100644 --- a/rules/S1696/java/rule.adoc +++ b/rules/S1696/java/rule.adoc @@ -40,8 +40,8 @@ public int lengthPlus(String str) { == Resources -* https://cwe.mitre.org/data/definitions/395[MITRE, CWE-395] - Use of NullPointerException Catch to Detect NULL Pointer Dereference -* https://tinyurl.com/y6r4amg3[CERT, ERR08-J.] - Do not catch NullPointerException or any of its ancestors +* CWE - https://cwe.mitre.org/data/definitions/395[CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference] +* CERT - https://wiki.sei.cmu.edu/confluence/display/java/ERR08-J.+Do+not+catch+NullPointerException+or+any+of+its+ancestors[ERR08-J. Do not catch NullPointerException or any of its ancestors] ifdef::env-github,rspecator-view[] diff --git a/rules/S1696/metadata.json b/rules/S1696/metadata.json index 93fc1ce5ff3..9ae801fb11b 100644 --- a/rules/S1696/metadata.json +++ b/rules/S1696/metadata.json @@ -34,7 +34,7 @@ ] }, "defaultQualityProfiles": [ - + "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1696/rspecator.adoc b/rules/S1696/rspecator.adoc new file mode 100644 index 00000000000..a6a555a918e --- /dev/null +++ b/rules/S1696/rspecator.adoc @@ -0,0 +1,21 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Do not catch NullReferenceException; test for null instead. + +=== Highlighting + +throw new NullReferenceException() + +''' +== Comments And Links +(visible only on this page) + +include::comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1698/java/rule.adoc b/rules/S1698/java/rule.adoc index 3e23d9ddbf9..1ed4c50e284 100644 --- a/rules/S1698/java/rule.adoc +++ b/rules/S1698/java/rule.adoc @@ -78,8 +78,8 @@ Comparing with ``++java.lang.String++`` and boxed types ``++java.lang.Integer++` == Resources * S4973 - Strings and Boxed types should be compared using "equals()" -* https://cwe.mitre.org/data/definitions/595[MITRE, CWE-595] - Comparison of Object References Instead of Object Contents -* https://cwe.mitre.org/data/definitions/597[MITRE, CWE-597] - Use of Wrong Operator in String Comparison +* CWE - https://cwe.mitre.org/data/definitions/595[CWE-595 - Comparison of Object References Instead of Object Contents] +* CWE - https://cwe.mitre.org/data/definitions/597[CWE-597 - Use of Wrong Operator in String Comparison] * https://wiki.sei.cmu.edu/confluence/x/UjdGBQ[CERT, EXP03-J.] - Do not use the equality operators when comparing values of boxed primitives * https://wiki.sei.cmu.edu/confluence/x/yDdGBQ[CERT, EXP50-J.] - Do not confuse abstract object equality with reference equality diff --git a/rules/S1698/see.adoc b/rules/S1698/see.adoc index 10448ec2b71..3d4597a3b82 100644 --- a/rules/S1698/see.adoc +++ b/rules/S1698/see.adoc @@ -1,4 +1,4 @@ == Resources -* https://cwe.mitre.org/data/definitions/595[MITRE, CWE-595] - Comparison of Object References Instead of Object Contents -* https://cwe.mitre.org/data/definitions/597[MITRE, CWE-597] - Use of Wrong Operator in String Comparison +* CWE - https://cwe.mitre.org/data/definitions/595[CWE-595 - Comparison of Object References Instead of Object Contents] +* CWE - https://cwe.mitre.org/data/definitions/597[CWE-597 - Use of Wrong Operator in String Comparison] diff --git a/rules/S1699/cfamily/metadata.json b/rules/S1699/cfamily/metadata.json index 6efda031cc9..fa2316d5d1d 100644 --- a/rules/S1699/cfamily/metadata.json +++ b/rules/S1699/cfamily/metadata.json @@ -9,7 +9,6 @@ ], "securityStandards": { "CERT": [ - "MET05-J.", "OOP50-CPP." ] } diff --git a/rules/S1699/cfamily/rule.adoc b/rules/S1699/cfamily/rule.adoc index bbd0f4b182c..7cd227fbe7f 100644 --- a/rules/S1699/cfamily/rule.adoc +++ b/rules/S1699/cfamily/rule.adoc @@ -1,127 +1,287 @@ == Why is this an issue? -When constructing an object of a derived class, the sub-object of the base class is constructed first, and only then the constructor of the derived class is called. When there are multiple levels of inheritance, the process is the same, from the most base class to the most derived class. Along this construction process, the dynamic type of the object evolves and is the type of the sub-object under construction. - +When constructing an object of a derived class, the sub-object of the base class is constructed first, and only then is the derived class's constructor called. +This process remains the same when there are multiple levels of inheritance, from the most base class to the most derived class. +During construction, the object's dynamic type evolves to become the type of the sub-object under construction. The destruction of the object follows the same process in reverse order. -As a consequence, when calling a virtual function from a constructor or a destructor, the actual function being called is not necessarily the version from the most-derived type, as some developers may believe, but the version that matches the level under construction. +These rules for {cpp} mean that invoking a virtual function from a constructor (or a destructor) selects the override that matches the level under construction (or destruction). +This is not necessarily the override from the most derived type, contrary to what developers familiar with other programming languages might expect. + +Additionally, the behavior is undefined when the selected override is a pure virtual function. + +We illustrate {cpp}'s behavior in the following example. [source,cpp] ---- -struct A { - virtual void f(); - virtual void g(); - virtual void h() = 0; +struct Base { + virtual std::string getPrefix() { return "Default"; } + virtual std::string getClassName() { return "Base"; } }; -struct B : public A { - B() { - f(); - g(); +struct Derived : Base { + std::string getClassName() override { return "Derived"; } + + Derived() { + std::cout << getPrefix() << " - " << getClassName() << '\n'; } - void f() override; }; -struct C : public B { - void f() override; - void g() override; - void h() override; +struct Subderived : Derived { + std::string getPrefix() override { return "Custom"; } + std::string getClassName() final { return "Subderived"; } }; ---- -When constructing an object of type C, the following occurs: +Constructing an object of type `Subderived` prints _Default - Derived_. +In detail, the following occurs: -* The sub-object of type `A` is constructed. -* The sub-object of type `B` is constructed. -** The constructor ``++B::B()++`` is called, during this call, ``++*this++`` is considered as being of type `B`. -** The function `B::f()` is called. -** The function `A::g()` is called. -* The object of type `C` is constructed. +. The sub-object of type `Base` is constructed using the compiler-generated constructor. +. The sub-object of type `Derived` is constructed using the user-provided constructor. +.. This constructor considers ``++*this++`` as being of type `Derived`. +.. The function `Base::getPrefix()` is called. +.. The function `Derived::getClassName()` is called. +. Finally, the object of type `Subderived` is constructed. +The fact that ``Subderived``'s methods are declared with the `override` and `final` keywords does not play any role. -This surprising behavior can be even worse: If there is no implementation for a virtual function (in the example, if the constructor attempted to call `h()` which is still a pure virtual function) the behavior is undefined. +This rule raises an issue when a non-final virtual function is called from a constructor or a destructor. -If you want to perform virtual calls during object construction that will consider the actual type of the object, the best way is probably to defer those calls right after the object is constructed, by using a factory function: +=== What is the potential impact? -[source,cpp] +In the best-case scenario, the selected override is the desired one. +However, this may not be obvious to everyone reading the code and can cause needless confusion. +Secondly, this reduces the software's adaptability: changing the class hierarchy may break the current assumption and lead to bugs if the wrong override is selected. + +Another likely scenario is that the wrong overload is selected. +Since the difference between the program's expected and actual behavior can be very small, you may spend a significant amount of time identifying and fixing the problem. +The problem is even more challenging to identify when virtual functions are called indirectly through another function. + +Finally, since the behavior is undefined if the chosen override is a pure virtual function, the program might crash or produce obvious incorrect results. +Or it might seem to work fine on the surface, yet lead to bigger problems down the line that are not identified by tests. + +== How to fix it + +There are essentially three scenarios: + +1. If subclasses can exist and may customize the program's behavior, there is a bug. + + You should refactor the code to remove reliance on virtual function calls from constructors and destructors. + +2. If subclasses don't exist or shouldn't customize the behavior, the intent is unclear. + + You should redesign the class hierarchy and let the compiler enforce these constraints. + +3. If subclasses can exist but the current behavior is deemed correct, the intent remains unclear. + + You should explicitly reflect your intention in the code. + +We will explore solutions for these cases below with a couple of examples. +Please keep in mind that these examples focus on the problem of virtual dispatch and nothing else. +For simplicity, they are not perfect: for example, they lack proper virtual destructors (S1235), they do not take into account encapsulation, etc... + +=== Defer virtual function calls + +If you want to perform virtual calls during the object construction process that consider the actual type of the object, you should defer those calls after the object constructor has finished with a factory function. + +==== Noncompliant code example + +Let's take a simple example that does not perform the expected action: + +[source,cpp,diff-id=1,diff-type=noncompliant] ---- -std::unique_ptr createObjectOfDerivedType(parameters) { - auto result = ...; - result->callVirtualFunction(); - return result; +struct Base { + virtual std::string getClassName() { return "Base"; } + + void printInfo() { + std::cout << getClassName() << "\n"; + } + + Base() { + printInfo(); // Noncompliant: Base::getClassName() is always selected. + } +}; + +struct Derived : Base { + virtual std::string getClassName() { return "Derived"; } +}; + +std::unique_ptr factory() { + auto ptr = std::make_unique(); + return ptr; } ---- +The `Derived` object created in `factory()` prints _Base_ instead of _Derived_ because `printInfo()` only considers ``Base``'s override of `getClassName`. + +==== Compliant solution -This rule raises an issue when a non-final virtual function is called from a constructor or a destructor, therefore avoiding all surprising behavior. +The following solution prints _Derived_ by moving the virtual dispatch after the constructor of `Base` and `Derived` have finished. +[source,cpp,diff-id=1,diff-type=compliant] +---- +struct Base { + virtual std::string getClassName() { return "Base"; } -=== Noncompliant code example + void printInfo() { + std::cout << getClassName() << "\n"; + } -[source,cpp] + Base() { + // No direct & indirect calls to virtual functions. + } +}; + +struct Derived : Base { + virtual std::string getClassName() { return "Derived"; } +}; + +std::unique_ptr factory() { + auto ptr = std::make_unique(); + ptr->printInfo(); // Virtual function calls happen after the constructor. + return ptr; +} +---- + +==== Pitfalls + +For this solution to properly work, you have to ensure every `Derived` object in your program is created via `factory()` to guarantee that `printInfo()` is systematically called when a new object is created. + +There are multiple ways to enforce this. +For example, you can declare `factory()` as a static member function of `Derived` and mark the relevant constructors as `protected`. +However, you will have to deal with ``++std::make_unique++`` inability to access the protected constructor. +https://seanmiddleditch.github.io/enabling-make-unique-with-private-constructors/[The passkey idiom] is usually a good solution for this. +// https://abseil.io/tips/134 has some nice tips, but not focused enough. + +When done rigorously, the compiler will emit a compilation error if you attempt to construct an object without relying on `factory()`. + +==== Dealing with destructors + +A similar solution can be applied to deal with this issue in destructors: +Instead of calling the virtual functions inside the destructors, you can call them before them. +This also requires to be careful and ensure each object is consistently destroyed. + +For example, with the `factory()` function from above, you could use a custom deleter for ``++std::unique_ptr++``. + +=== Mark functions or classes as final + +Assuming you know that subclasses don't exist or shouldn't customize the behavior, you can use {cpp}11 `final` specifier to ask the compiler to enforce this design decision. + +This solution is applicable for virtual calls from constructors and destructors. + +==== Noncompliant code example + +Consider this example: + +[source,cpp,diff-id=2,diff-type=noncompliant] ---- -class Parent { - public: - Parent() { - f1(); - f2(); // Noncompliant; confusing because Parent::f2() will always be called even if it is overridden - } - virtual ~Parent() { - f3(); // Noncompliant; undefined behavior - } - - private: - int f1(); - virtual void f2(); - virtual void f3() = 0; // pure virtual -}; - -class Child : public Parent { - public: - Child() { // leads to a call to Parent::f2(), not Child::f2() - f3(); // Noncompliant; Child::f3() might be further overridden - } - protected: - void f2() override; - void f3() override; +struct Widget { + virtual void addChild(Widget* child) = 0; +}; + +struct Text : Widget { + // ... +}; + +struct Button : Widget { + void addChild(Widget* child) override; + + Button(std::string text) { + addChild(new Text(text)); // Noncompliant: Button::addChild is always selected. + } }; ---- -=== Compliant solution +==== Compliant solution -[source,cpp] +In your design, if it does not make sense for `Button` to have subclasses, you can mark it as `final`. +Or you can allow subclasses as long as they do not override `addChild` by marking this function as `final`. +You can also combine both to be explicit about each individual design decision. + +[source,cpp,diff-id=2,diff-type=compliant] ---- -class Parent { - public: - Parent() { - f1(); - Parent::f2(); // acceptable but poor design - } - virtual ~Parent() { - // call to pure virtual function removed - } - protected: - void f1(); - virtual void f2(); - virtual void f3() = 0; -}; - -class Child : public Parent { - public: - Child() { - } - virtual ~Child() { - f3(); // // Compliant - Well defined and predictable, a final function cannot be further overridden - } - protected: - void f2() override; - void f3() final; +struct Widget { + virtual void addChild(Widget* child) = 0; +}; + +struct Text : Widget { + // ... +}; + +struct Button final : Widget { + void addChild(Widget* child) final; + + Button(std::string text) { + addChild(new Text(text)); // Compliant: the intent is clear. + } }; ---- +=== Qualify function calls + +On some occasions, you may decide to keep the current class hierarchy without prohibiting the existence of subclasses or further overrides. +Therefore, the `final` specifier is not appropriate. +However, it is still possible to make the intent clear. + +==== Noncompliant code example + +Consider this example: + +[source,cpp,diff-id=3,diff-type=noncompliant] +---- +struct FileStream { + virtual void sync(); +}; + +struct BufferedFileStream : FileStream { + void sync() override; + + ~BufferedFileStream() { + sync(); // Noncompliant: BufferedFileStream::sync() is always selected. + } +}; +---- + +==== Compliant solution + +If you designed your classes to not rely on subclass override of `sync`, you can make the intention explicit by https://en.cppreference.com/w/cpp/language/qualified_lookup[qualifying the call]. + +[source,cpp,diff-id=3,diff-type=compliant] +---- +struct FileStream { + virtual void sync(); +}; + +struct BufferedFileStream : FileStream { + void sync() override; + + ~BufferedFileStream() { + BufferedFileStream::sync(); // Compliant: the intent is clear. + } +}; +---- + +While this solution clarifies the intent, it is often brittle since introducing a new class in the hierarchy may silently break the assumption made in the implementation. +When creating a new class or modifying an existing one, you have to know the details of other classes to be sure not to break their behavior. +In other words, this solution tends to break the encapsulation of your classes. + +=== Going the extra mile + +When facing the problem covered by this rule, you may realize inheritance as used is not the right solution for your design. +Although they usually require larger changes, you can consider alternatives such as preferring composition over inheritance, using the decorator pattern, etc. +A good rule of thumb is to keep the "depth" of class hierarchies small and many design patterns allow you to do that. +Selecting the right one highly depends on your application. + == Resources -* https://wiki.sei.cmu.edu/confluence/x/6ns-BQ[CERT, OOP50-CPP.] - Do not invoke virtual functions from constructors or destructors -* https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#Rc-factory[{cpp} Core Guidelines C.50] - Use a factory function if you need “virtual behavior” during initialization +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/language/qualified_lookup[Qualified name lookup] +* {cpp} reference - https://en.cppreference.com/w/cpp/language/final[`final` specifier] + +=== Standards + +* CERT - https://wiki.sei.cmu.edu/confluence/x/6ns-BQ[OOP50-CPP. Do not invoke virtual functions from constructors or destructors] + +=== External coding guidelines + +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c50-use-a-factory-function-if-you-need-virtual-behavior-during-initialization[C.50: Use a factory function if you need "virtual behavior" during initialization] include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S1699/metadata.json b/rules/S1699/metadata.json index 1279f200415..f2cff1e5aa9 100644 --- a/rules/S1699/metadata.json +++ b/rules/S1699/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1700/java/metadata.json b/rules/S1700/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1700/java/metadata.json +++ b/rules/S1700/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1700/java/rule.adoc b/rules/S1700/java/rule.adoc index 0162e6c6cc5..26450a79305 100644 --- a/rules/S1700/java/rule.adoc +++ b/rules/S1700/java/rule.adoc @@ -32,4 +32,11 @@ ifdef::env-github,rspecator-view[] include::../message.adoc[] +''' +== Comments And Links +(visible only on this page) + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. This affects a lot code used as test source, like class Foo with method foo. It could be annoying for users. + endif::env-github,rspecator-view[] diff --git a/rules/S1706/cfamily/rule.adoc b/rules/S1706/cfamily/rule.adoc index 1df254c4f63..587fbfc392f 100644 --- a/rules/S1706/cfamily/rule.adoc +++ b/rules/S1706/cfamily/rule.adoc @@ -2,31 +2,36 @@ While exceptions are a common feature of modern languages, there are several reasons to potentially avoid them: -* They make the control flow of a program difficult to understand, because they introduce additional exit points. -* The use of exceptions in new code can make that code difficult to integrate with existing, non-exception-safe code. +* They make the control flow of a program more difficult to understand because they introduce additional hidden exit points. +* It is difficult to introduce them gradually in a codebase that was not designed with exceptions in mind. * They add to the size of each binary produced, thereby increasing both compile time and final executable size. * They may incur a small performance penalty. * The time required to handle an exception is not easy to assess, which makes them difficult to use for hard real-time applications. +If a project decides not to use exceptions, some other error-handling mechanisms must be used. One option is to immediately terminate the process when unrecoverable errors are detected. Another one is to use the return value of the functions to convey error information and explicitly check for this value at the call sites. This error information then has to be manually propagated up the call stack until reaching a point where recovery is possible. + +Starting with {cpp}23, the standard library provides the `std::expected` class that allows packing into a single object either the normal return value of a function when the execution succeeded or some error information when it failed. This type also simplifies checking for errors at the call site. + This rule raises an issue when: -* an exception is ``++throw++``n +* an exception is thrown * a ``++try++``-``++catch++`` block is used * an exception specification (``++throw(xxx)++``) is present. +The rule applies both for {cpp} and Objective-C exception mechanisms. === Noncompliant code example -This {cpp} code example also applies to Objective-C. - [source,cpp] ---- -double myfunction(char param) throw (int); // Noncompliant -void f { +enum class MyFunctionErrors{NotALetter, NotUppercase}; +double myfunction(char param) throw(MyFunctionErrors); // Noncompliant + +void f() { try // Noncompliant { - do_something(); - throw 1; // Noncompliant + doSomething(); + throw std::runtime_error{"some error"}; // Noncompliant } catch (...) { @@ -40,9 +45,12 @@ void f { [source,cpp] ---- -double myfunction(char param) noexcept; -bool f { - if (!do_something()); { +enum class MyFunctionErrors{NotALetter, NotUppercase}; +std::expected myfunction(char param); // Compliant +void functionThatShallNotFail() noexcept; // Compliant + +bool f() { + if (!doSomething()); { // Handle the situation return false; } @@ -54,7 +62,7 @@ bool f { === Exceptions -``++noexcept++`` specifications are ignored, because even if you choose not to use exceptions in your code, it's important to decorate as ``++noexcept++`` certain functions (for instance, move constructors that do not ``++throw++``). This decoration can be detected by type traits, and some meta-programming techniques rely on this information. +``++noexcept++`` specifications are ignored because even if you choose not to use exceptions in your code, it's important to decorate as ``++noexcept++`` certain functions (for instance, move constructors that do not ``++throw++``, see S5018). This decoration can be detected by type traits, and some meta-programming techniques rely on this information. ifdef::env-github,rspecator-view[] diff --git a/rules/S1709/cfamily/rule.adoc b/rules/S1709/cfamily/rule.adoc index ac456a7e9c7..e5b8968e521 100644 --- a/rules/S1709/cfamily/rule.adoc +++ b/rules/S1709/cfamily/rule.adoc @@ -61,6 +61,26 @@ int test(Bar& bar, Baz& baz) { === Exceptions +The issue is not raised for constructors that have a single parameter of type `std::initializer_list` - +such constructors have special meaning and allow objects to be constructed from brace delimited list of initializers. + +[source,cpp] +---- +struct Container { + Container(std::initializer_list elems); // Compliant +}; + +void handle(Container const& c); + +int test(Bar& bar, Baz& baz) { + Container c1{1, 2, 3}; // OK whether the constructor is explicit or not + Container c2 = {1, 2, 3}; // Ill-formed if constructor would be explicit + handle({1, 2, 3}); // Ill-formed if constructor would be explicit + handle(Container{1, 2, 3}); // OK whether the constructor is explicit or not +} +---- + + {cpp}20 introduced conditional `explicit(expr)` that allows developers to make a constructor or conversion operator conditionally explicit depending on the value of `expr`. The new syntax allows a constructor or conversion operator declared with an `explicit(expr)` specifier to be implicit when `expr` evaluates to `false`. The issue is not raised in such situation. @@ -70,8 +90,8 @@ Additionally, developers can use `explicit(false)` to mark constructors or conve == Resources * MISRA {cpp}:2008, 12-1-3 - All constructors that are callable with a single argument of fundamental type shall be declared ``++explicit++``. -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c46-by-default-declare-single-argument-constructors-explicit[{cpp} Core Guidelines C.46] - By default, declare single-argument constructors explicit -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c164-avoid-implicit-conversion-operators[{cpp} Core Guidelines C.164] - Avoid implicit conversion operators +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c46-by-default-declare-single-argument-constructors-explicit[C.46: By default, declare single-argument constructors explicit] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c164-avoid-implicit-conversion-operators[C.164: Avoid implicit conversion operators] diff --git a/rules/S1710/java/metadata.json b/rules/S1710/java/metadata.json index a3b543d8099..54a10ac2f48 100644 --- a/rules/S1710/java/metadata.json +++ b/rules/S1710/java/metadata.json @@ -16,12 +16,8 @@ "java8" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1710", diff --git a/rules/S1710/java/rule.adoc b/rules/S1710/java/rule.adoc index 472163be526..5aff845021e 100644 --- a/rules/S1710/java/rule.adoc +++ b/rules/S1710/java/rule.adoc @@ -48,5 +48,11 @@ ifdef::env-github,rspecator-view[] Remove the XXX wrapper from this annotation group. [(sonar.java.source not set. Assuming 8 or greater.)] +''' +== Comments And Links +(visible only on this page) + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. endif::env-github,rspecator-view[] diff --git a/rules/S1716/python/metadata.json b/rules/S1716/python/metadata.json index 797360fc457..6528977e6a0 100644 --- a/rules/S1716/python/metadata.json +++ b/rules/S1716/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "10min" }, "tags": [ - + "pitfall" ], "extra": { "replacementRules": [ diff --git a/rules/S1717/python/metadata.json b/rules/S1717/python/metadata.json index 62a454242c1..0f9acd96dba 100644 --- a/rules/S1717/python/metadata.json +++ b/rules/S1717/python/metadata.json @@ -7,7 +7,7 @@ "constantCost": "2min" }, "tags": [ - + "deprecated" ], "extra": { "replacementRules": [ diff --git a/rules/S1720/python/metadata.json b/rules/S1720/python/metadata.json index c879636d4b8..6a423770c43 100644 --- a/rules/S1720/python/metadata.json +++ b/rules/S1720/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "5min" }, "tags": [ - + "convention" ], "extra": { "replacementRules": [ diff --git a/rules/S1721/python/metadata.json b/rules/S1721/python/metadata.json index b89c8b0826d..9201d93d1fd 100644 --- a/rules/S1721/python/metadata.json +++ b/rules/S1721/python/metadata.json @@ -7,7 +7,7 @@ "constantCost": "1 min" }, "tags": [ - + "deprecated" ], "extra": { "replacementRules": [ diff --git a/rules/S1721/python/rule.adoc b/rules/S1721/python/rule.adoc index 8ad98d51af6..746d3888df1 100644 --- a/rules/S1721/python/rule.adoc +++ b/rules/S1721/python/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Parentheses are not required after the ``++assert++``, ``++del++``, ``++elif++``, ``++except++``, ``++for++``, ``++if++``, ``++in++``, ``++not++``, ``++raise++``, ``++return++``, ``++while++``, and ``++yield++`` keywords, and using them unnecessarily impairs readability. They should therefore be omitted. +Parentheses are not required after the ``++assert++``, ``++del++``, ``++elif++``, ``++except++``, ``++for++``, ``++if++``, ``++not++``, ``++raise++``, ``++return++``, ``++while++``, and ``++yield++`` keywords. Similarly, parentheses are not required after ``++in++`` in a ``++for++`` loop. Using parentheses unnecessarily impairs readability, and therefore, they should be omitted. === Noncompliant code example diff --git a/rules/S1724/rule.adoc b/rules/S1724/rule.adoc index 6075fc5a9de..1ff3f4de2ca 100644 --- a/rules/S1724/rule.adoc +++ b/rules/S1724/rule.adoc @@ -37,7 +37,7 @@ class Bar extends Foo { ... } // compliant Bar is deprecated. == Resources -* https://cwe.mitre.org/data/definitions/477[MITRE, CWE-477] - Use of Obsolete Functions +* CWE - https://cwe.mitre.org/data/definitions/477[CWE-477 - Use of Obsolete Functions] ifdef::env-github,rspecator-view[] diff --git a/rules/S1725/cobol/rule.adoc b/rules/S1725/cobol/rule.adoc index 3af7860aa57..6fe16d1dd39 100644 --- a/rules/S1725/cobol/rule.adoc +++ b/rules/S1725/cobol/rule.adoc @@ -23,7 +23,7 @@ CLOSE my-file == Resources -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459] - Incomplete Cleanup +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] ifdef::env-github,rspecator-view[] diff --git a/rules/S1749/cfamily/rule.adoc b/rules/S1749/cfamily/rule.adoc index 20bce2f54bc..d3d95213527 100644 --- a/rules/S1749/cfamily/rule.adoc +++ b/rules/S1749/cfamily/rule.adoc @@ -40,7 +40,7 @@ signed long int i; == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#Rl-const[{cpp} Core Guidelines NL.26] - Use conventional ``++const++`` notation +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#nl26-use-conventional-const-notation[NL.26: Use conventional `const` notation] ifdef::env-github,rspecator-view[] diff --git a/rules/S1751/java/metadata.json b/rules/S1751/java/metadata.json index 17971333806..9dbbef5a6c0 100644 --- a/rules/S1751/java/metadata.json +++ b/rules/S1751/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "All" } diff --git a/rules/S1751/java/rule.adoc b/rules/S1751/java/rule.adoc index 022eba5199d..f037166c4a6 100644 --- a/rules/S1751/java/rule.adoc +++ b/rules/S1751/java/rule.adoc @@ -84,11 +84,12 @@ include::../message.adoc[] include::../highlighting.adoc[] ''' - == Comments And Links - (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1751/metadata.json b/rules/S1751/metadata.json index f445b0a19ca..8a38f12a96a 100644 --- a/rules/S1751/metadata.json +++ b/rules/S1751/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - + "confusing", + "bad-practice" ], "extra": { "replacementRules": [ diff --git a/rules/S1752/rpg/rule.adoc b/rules/S1752/rpg/rule.adoc index 72b36e9e653..b5c125269eb 100644 --- a/rules/S1752/rpg/rule.adoc +++ b/rules/S1752/rpg/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -``++DO++`` blocks that contain too many lines are difficult to read and understand. +``++DO++`` blocks that contain too many lines of code are difficult to read and understand. Above a specific threshold, it is strongly advised to refactor the contents of the ``++DO++`` block into multiple, well-named subroutines or subfunctions, each of which focuses on a well-defined task. Those smaller subroutines will not only be easier to understand, but probably also easier to test. @@ -13,7 +13,7 @@ ifdef::env-github,rspecator-view[] === Message -Reduce the number of lines in this "DO" block from XX to at most YY +Reduce the number of lines of code in this "DO" block from XX to at most YY === Parameters diff --git a/rules/S1753/rpg/rule.adoc b/rules/S1753/rpg/rule.adoc index 67fe277fc9d..ec2f3db34ac 100644 --- a/rules/S1753/rpg/rule.adoc +++ b/rules/S1753/rpg/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -``++IF++`` blocks that contain too many lines are difficult to read and understand. +``++IF++`` blocks that contain too many lines of code are difficult to read and understand. Above a specific threshold, it is strongly advised to refactor the contents of the ``++IF++`` block into multiple, well-named subroutines or subfunctions, each of which focuses on a well-defined task. Those smaller subroutines will not only be easier to understand, but probably also easier to test. @@ -13,7 +13,7 @@ ifdef::env-github,rspecator-view[] === Message -Reduce the number of lines in this "IF" block from XX to at most YY +Reduce the number of lines of code in this "IF" block from XX to at most YY === Parameters diff --git a/rules/S1760/cfamily/metadata.json b/rules/S1760/cfamily/metadata.json index 9d3f201a4e5..9a83fc009cb 100644 --- a/rules/S1760/cfamily/metadata.json +++ b/rules/S1760/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,12 +16,8 @@ "lock-in" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1760", diff --git a/rules/S1761/cfamily/metadata.json b/rules/S1761/cfamily/metadata.json index c9798b999d5..0eaf6cae035 100644 --- a/rules/S1761/cfamily/metadata.json +++ b/rules/S1761/cfamily/metadata.json @@ -32,5 +32,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1763/cfamily/rule.adoc b/rules/S1763/cfamily/rule.adoc index a426a903d86..25c7436d19a 100644 --- a/rules/S1763/cfamily/rule.adoc +++ b/rules/S1763/cfamily/rule.adoc @@ -80,7 +80,7 @@ int divide(int a, int b) { * MISRA C:2004, 14.1 - There shall be no unreachable code * MISRA {cpp}:2008, 0-1-1 - A project shall not contain unreachable code * MISRA C:2012, 2.1 - A project shall not contain unreachable code -* https://cwe.mitre.org/data/definitions/561[MITRE, CWE-561] - Dead Code +* CWE - https://cwe.mitre.org/data/definitions/561[CWE-561 - Dead Code] * https://wiki.sei.cmu.edu/confluence/x/5dUxBQ[CERT, MSC12-C.] - Detect and remove code that has no effect or is never executed ifdef::env-github,rspecator-view[] diff --git a/rules/S1763/metadata.json b/rules/S1763/metadata.json index e7690f7c92a..4fd67ecf945 100644 --- a/rules/S1763/metadata.json +++ b/rules/S1763/metadata.json @@ -37,5 +37,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1763/see.adoc b/rules/S1763/see.adoc index abf749f4b8f..af11a3ff522 100644 --- a/rules/S1763/see.adoc +++ b/rules/S1763/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/561[MITRE, CWE-561] - Dead Code +* CWE - https://cwe.mitre.org/data/definitions/561[CWE-561 - Dead Code] diff --git a/rules/S1764/cfamily/rule.adoc b/rules/S1764/cfamily/rule.adoc index dd993abfa8e..aa56d7d8148 100644 --- a/rules/S1764/cfamily/rule.adoc +++ b/rules/S1764/cfamily/rule.adoc @@ -6,9 +6,8 @@ Using the same value on both sides of a binary operator is a code defect. In the The following are ignored: -* The expression `1 << 1` * When an increment or decrement operator is used, ex: ``+++*p++ == *p+++++`` -* Bitwise operators `|, &, ^` +* Bitwise operators `|, &, ^, <<` * Arithmetic operators `+, *` * Assignment operators `=, +=, *=` diff --git a/rules/S1764/java/metadata.json b/rules/S1764/java/metadata.json index 4a0c1702e65..fbca7e1d6b6 100644 --- a/rules/S1764/java/metadata.json +++ b/rules/S1764/java/metadata.json @@ -6,5 +6,6 @@ "CERT": [ "MSC12-C." ] - } + }, + "scope": "Main" } diff --git a/rules/S1764/java/rule.adoc b/rules/S1764/java/rule.adoc index c50633964fa..0676fdadd9f 100644 --- a/rules/S1764/java/rule.adoc +++ b/rules/S1764/java/rule.adoc @@ -62,6 +62,9 @@ include::../highlighting.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Tests do this to validate `equals`. + === on 1 Oct 2014, 11:39:51 Nicolas Peru wrote: Sub task for RSPEC-1764 with updated description for Java, please review. diff --git a/rules/S1764/metadata.json b/rules/S1764/metadata.json index 49c428d2ffc..be772979d07 100644 --- a/rules/S1764/metadata.json +++ b/rules/S1764/metadata.json @@ -13,7 +13,7 @@ "constantCost": "2min" }, "tags": [ - + "suspicious" ], "extra": { "replacementRules": [ diff --git a/rules/S1767/cfamily/metadata.json b/rules/S1767/cfamily/metadata.json index 302d5c5df4b..c421d3d849e 100644 --- a/rules/S1767/cfamily/metadata.json +++ b/rules/S1767/cfamily/metadata.json @@ -36,5 +36,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1768/cfamily/metadata.json b/rules/S1768/cfamily/metadata.json index 34bbaeacdff..37afcaf4090 100644 --- a/rules/S1768/cfamily/metadata.json +++ b/rules/S1768/cfamily/metadata.json @@ -29,5 +29,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1772/metadata.json b/rules/S1772/metadata.json index 4bfc2ed4166..6f62574bc34 100644 --- a/rules/S1772/metadata.json +++ b/rules/S1772/metadata.json @@ -7,28 +7,20 @@ }, "attribute": "CONVENTIONAL" }, - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - "convention" - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1772", "sqKey": "S1772", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1774/java/metadata.json b/rules/S1774/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1774/java/metadata.json +++ b/rules/S1774/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1781/php/rule.adoc b/rules/S1781/php/rule.adoc index 1b38f438b4b..e26e6cde201 100644 --- a/rules/S1781/php/rule.adoc +++ b/rules/S1781/php/rule.adoc @@ -6,6 +6,8 @@ This allows for more flexibility and ease of use when writing code. However, it is generally recommended to follow a consistent casing convention for readability and maintainability purposes. Relevant constants are `true`, `false` and `null`. +Note that if the Drupal framework is detected, this rule will enforce Drupal standards instead. Relevant constants are `TRUE`, `FALSE` and `NULL`. + === Noncompliant code example @@ -14,6 +16,13 @@ Relevant constants are `true`, `false` and `null`. ---- +[source,php,diff-id=2,diff-type=noncompliant] +---- + +---- === Compliant solution @@ -22,10 +31,20 @@ Relevant constants are `true`, `false` and `null`. ---- +[source,php,diff-id=2,diff-type=compliant] +---- + +---- + == Resources + === Documentation -* https://www.php.net/manual/en/reserved.constants.php[PHP Manual - Predefined Constants] +* https://www.php.net/manual/en/reserved.constants.php[PHP Manual - Predefined Constants] +* https://www.drupal.org/docs/develop/standards/php/php-coding-standards#s-constants[Drupal - Naming Conventions - Constants] ifdef::env-github,rspecator-view[] diff --git a/rules/S1788/metadata.json b/rules/S1788/metadata.json index ba35385331b..41413323e45 100644 --- a/rules/S1788/metadata.json +++ b/rules/S1788/metadata.json @@ -5,7 +5,7 @@ "impacts": { "MAINTAINABILITY": "MEDIUM" }, - "attribute": "LOGICAL" + "attribute": "FOCUSED" }, "status": "ready", "remediation": { diff --git a/rules/S1799/php/metadata.json b/rules/S1799/php/metadata.json index 2ae347ee8ec..fd81decfae1 100644 --- a/rules/S1799/php/metadata.json +++ b/rules/S1799/php/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -12,23 +12,15 @@ "func": "Constant\/Issue", "constantCost": "20min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1799", "sqKey": "S1799", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1820/cfamily/rule.adoc b/rules/S1820/cfamily/rule.adoc index c40de3dafa9..61aefd1344f 100644 --- a/rules/S1820/cfamily/rule.adoc +++ b/rules/S1820/cfamily/rule.adoc @@ -5,6 +5,8 @@ A structure, such as a ``++struct++``, ``++union++`` or ``++class++`` that grows Above a specific threshold, it is strongly advised to refactor the structure into smaller ones that focus on well defined topics. +When computing the number of fields in a structure, consecutive bit-fields are counted as a single field: Bit-fields are commonly used to map external definitions, and the associated complexity only reflects this external system's intrinsic complexity. + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S1820/metadata.json b/rules/S1820/metadata.json index ffb6cd27d0d..bb93fb67f4c 100644 --- a/rules/S1820/metadata.json +++ b/rules/S1820/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1821/java/metadata.json b/rules/S1821/java/metadata.json index 65d5f3e5f4f..4da93f17836 100644 --- a/rules/S1821/java/metadata.json +++ b/rules/S1821/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "\"switch\" statements and expressions should not be nested" + "title": "\"switch\" statements and expressions should not be nested", + "scope": "Main" } diff --git a/rules/S1844/java/metadata.json b/rules/S1844/java/metadata.json index d0433b29b47..0171698dbf4 100644 --- a/rules/S1844/java/metadata.json +++ b/rules/S1844/java/metadata.json @@ -16,17 +16,13 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1844", "sqKey": "S1844", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1845/java/metadata.json b/rules/S1845/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1845/java/metadata.json +++ b/rules/S1845/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1845/java/rule.adoc b/rules/S1845/java/rule.adoc index fe598e7f71a..33ddc07b283 100644 --- a/rules/S1845/java/rule.adoc +++ b/rules/S1845/java/rule.adoc @@ -12,6 +12,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Wwe should exclude the case where method and variable have same name and we return the name. if this is already the case we have an FP with method defined in interface and then implemented in the class. Other case instead of returning an atomicLong, we return a long (AtomicLong foo=...; long foo(){...}) also may have problem with project that use all capitalized and all lowecase as convention in their projects to mean something specific" + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1845/metadata.json b/rules/S1845/metadata.json index 61897d9d28d..d6f3c9265b8 100644 --- a/rules/S1845/metadata.json +++ b/rules/S1845/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "IDENTIFIABLE" }, @@ -16,12 +16,8 @@ "confusing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1845", diff --git a/rules/S1845/python/metadata.json b/rules/S1845/python/metadata.json index 0a3d7ba3a08..0f2bb53b3a1 100644 --- a/rules/S1845/python/metadata.json +++ b/rules/S1845/python/metadata.json @@ -1,3 +1,7 @@ { - "title": "Methods and field names should not differ only by capitalization" + "title": "Methods and field names should not differ only by capitalization", + "tags": [ + "confusing", + "convention" + ] } diff --git a/rules/S1849/java/metadata.json b/rules/S1849/java/metadata.json index 8142a3d78a4..2c6218f2909 100644 --- a/rules/S1849/java/metadata.json +++ b/rules/S1849/java/metadata.json @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "20min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1849", diff --git a/rules/S1849/java/rule.adoc b/rules/S1849/java/rule.adoc index ca30bc4f52e..b57441cddfc 100644 --- a/rules/S1849/java/rule.adoc +++ b/rules/S1849/java/rule.adoc @@ -75,6 +75,9 @@ Refactor the implementation of this "Iterator.hasNext()" method to not call "Ite == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + === is duplicated by: S2113 endif::env-github,rspecator-view[] diff --git a/rules/S1854/cfamily/rule.adoc b/rules/S1854/cfamily/rule.adoc index 511c381dd72..cf68f21c0a8 100644 --- a/rules/S1854/cfamily/rule.adoc +++ b/rules/S1854/cfamily/rule.adoc @@ -176,15 +176,12 @@ void caller() { === Standards * CERT - https://wiki.sei.cmu.edu/confluence/x/39UxBQ[MSC13-C. Detect and remove unused values] -* CWE - https://cwe.mitre.org/data/definitions/563[563 - Assignment to Variable without Use ('Unused Variable')] +* CWE - https://cwe.mitre.org/data/definitions/563[CWE-563 - Assignment to Variable without Use ('Unused Variable')] === Related rules * S1763 - All code should be reachable * S2583 - Conditionally executed code should be reachable -* S2589 - Boolean expressions should not be gratuitous -* S3516 - Methods returns should not be invariant -* S3626 - Jump statements should not be redundant ifdef::env-github,rspecator-view[] diff --git a/rules/S1854/dart/metadata.json b/rules/S1854/dart/metadata.json new file mode 100644 index 00000000000..e49817108eb --- /dev/null +++ b/rules/S1854/dart/metadata.json @@ -0,0 +1,4 @@ +{ + "defaultQualityProfiles": [ + ] +} diff --git a/rules/S1854/dart/rule.adoc b/rules/S1854/dart/rule.adoc new file mode 100644 index 00000000000..e42a4674f16 --- /dev/null +++ b/rules/S1854/dart/rule.adoc @@ -0,0 +1,53 @@ +include::../why.adoc[] + +=== Exceptions + +This rule ignores initializations to `-1`, `0`, `1`, `null`, `true`, `false` and `""`. + +include::../howtofixit.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +int foo(int y) { + int x = 100; // Noncompliant: dead store + x = 150; // Noncompliant: dead store + x = 200; + return x + y; +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +int foo(int y) { + int x = 200; // Compliant: no unnecessary assignment + return x + y; +} +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +=== Highlighting + +The right-end side of the unnecessary assignment, including the assignment operator: e.g. `= 42`. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1854/see.adoc b/rules/S1854/see.adoc index a57fe8a7454..1e689581ea2 100644 --- a/rules/S1854/see.adoc +++ b/rules/S1854/see.adoc @@ -2,4 +2,4 @@ === Standards -* CWE - https://cwe.mitre.org/data/definitions/563[563 - Assignment to Variable without Use ('Unused Variable')] \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/563[CWE-563 - Assignment to Variable without Use ('Unused Variable')] \ No newline at end of file diff --git a/rules/S1858/java/metadata.json b/rules/S1858/java/metadata.json index 9b623610df8..7b876a278f5 100644 --- a/rules/S1858/java/metadata.json +++ b/rules/S1858/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "covered" + "quickfix": "covered", + "scope": "All" } diff --git a/rules/S1858/java/rule.adoc b/rules/S1858/java/rule.adoc index fe598e7f71a..f2b45d5db41 100644 --- a/rules/S1858/java/rule.adoc +++ b/rules/S1858/java/rule.adoc @@ -12,6 +12,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1860/java/metadata.json b/rules/S1860/java/metadata.json index be3b364962c..2fbe6dfe3ab 100644 --- a/rules/S1860/java/metadata.json +++ b/rules/S1860/java/metadata.json @@ -17,17 +17,13 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-1860", "sqKey": "S1860", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "LCK01-J." diff --git a/rules/S1860/java/rule.adoc b/rules/S1860/java/rule.adoc index b9cef865d20..67c324dc31a 100644 --- a/rules/S1860/java/rule.adoc +++ b/rules/S1860/java/rule.adoc @@ -122,5 +122,10 @@ Synchronize on a new "Object" instead. ''' +== Comments And Links +(visible only on this page) + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Rule could be improved, FP new Integer(0) endif::env-github,rspecator-view[] diff --git a/rules/S1862/java/metadata.json b/rules/S1862/java/metadata.json index 142996b685b..e7aeefe08e7 100644 --- a/rules/S1862/java/metadata.json +++ b/rules/S1862/java/metadata.json @@ -8,5 +8,6 @@ "CERT": [ "MSC12-C." ] - } + }, + "scope": "All" } diff --git a/rules/S1862/java/rule.adoc b/rules/S1862/java/rule.adoc index 1eb85fb612d..d10cfc5b015 100644 --- a/rules/S1862/java/rule.adoc +++ b/rules/S1862/java/rule.adoc @@ -46,6 +46,9 @@ include::../highlighting.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1871/cfamily/exceptions.adoc b/rules/S1871/cfamily/exceptions.adoc new file mode 100644 index 00000000000..1191fab1b60 --- /dev/null +++ b/rules/S1871/cfamily/exceptions.adoc @@ -0,0 +1,14 @@ +=== Exceptions + +Branches in an `if` chain or `switch` statement that have a _simple_ body are ignored. A body is considered simple if it contains a single line of code, possibly followed by a `break` in the case of `switch` statements. + +[source,cpp] +---- +if (a == 1) { + doSomething(); // Compliant, usually this is done on purpose to increase the readability +} else if (a == 2) { + doSomethingElse(); +} else { + doSomething(); +} +---- \ No newline at end of file diff --git a/rules/S1871/cfamily/rule.adoc b/rules/S1871/cfamily/rule.adoc index 85f5a0b0381..4e10c155fff 100644 --- a/rules/S1871/cfamily/rule.adoc +++ b/rules/S1871/cfamily/rule.adoc @@ -2,7 +2,7 @@ :description: common/description.adoc :noncompliant: common/noncompliant.adoc :compliant: common/compliant.adoc -:exceptions: common/exceptions.adoc +:exceptions: cfamily/exceptions.adoc include::../rule.adoc[] @@ -12,7 +12,9 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -include::../message.adoc[] +=== Message + +The code of this ["case"|branch] is a duplicate; [join the "case" blocks|merge the branches] or refactor so that all ["case" blocks|branches] are unique. include::../highlighting.adoc[] diff --git a/rules/S1871/csharp/exceptions.adoc b/rules/S1871/csharp/exceptions.adoc index 6743a2bec8f..5bb335ecd70 100644 --- a/rules/S1871/csharp/exceptions.adoc +++ b/rules/S1871/csharp/exceptions.adoc @@ -1,7 +1,6 @@ === Exceptions -Blocks in an `if` chain that contain a single line of code are ignored, as are blocks in a `switch` statement that contain a single line of code with or without a following `break`. - +The rule does not raise an issue for blocks in an `if` chain that contain a single line of code. The same applies to blocks in a `switch` statement that contain a single line of code with or without a following `break`. [source,csharp] ---- @@ -15,20 +14,20 @@ else if (a >= 10 && a < 20) } else if (a >= 20 && a < 50) //no issue, usually this is done on purpose to increase the readability { - DoTheThing(); + DoTheThing(); } ---- -But this exception does not apply to `if` chains without `else`-s, or to `switch`-es without default clauses when all branches have the same single line of code. In the case of `if` chains with `else`-s, or of `switch`-es with default clauses, rule S3923 raises a bug. +However, this exception does not apply to `if` chains without an `else` statement or to a `switch` statement without a `default` clause. [source,csharp] ---- -if(a == 1) +if (a == 1) { - doSomething(); //Noncompliant, this might have been done on purpose but probably not -} -else if (a == 2) + DoSomething(); // Noncompliant, this might have been done on purpose but probably not +} +else if (a == 2) { - doSomething(); + DoSomething(); } ----- \ No newline at end of file +---- diff --git a/rules/S1871/java/metadata.json b/rules/S1871/java/metadata.json index 17971333806..9dbbef5a6c0 100644 --- a/rules/S1871/java/metadata.json +++ b/rules/S1871/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "All" } diff --git a/rules/S1871/java/rule.adoc b/rules/S1871/java/rule.adoc index a158d4adbff..562cf7b1a16 100644 --- a/rules/S1871/java/rule.adoc +++ b/rules/S1871/java/rule.adoc @@ -20,6 +20,9 @@ include::../highlighting.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1871/metadata.json b/rules/S1871/metadata.json index b6b60e7623e..32947a3b038 100644 --- a/rules/S1871/metadata.json +++ b/rules/S1871/metadata.json @@ -31,5 +31,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1871/rpg/exceptions.adoc b/rules/S1871/rpg/exceptions.adoc index c5deaecc338..e69de29bb2d 100644 --- a/rules/S1871/rpg/exceptions.adoc +++ b/rules/S1871/rpg/exceptions.adoc @@ -1,27 +0,0 @@ -=== Exceptions - -Blocks in an `if` chain or `select` statement that contain a single line of code are ignored. - -[source,rpg] ----- -if (a >= 0 and a < 10); - doTheThing(); -elseif (a >= 10 and a < 20); - doTheOtherThing(); -elseif (a >= 20 and a < 50); - doTheThing(); //no issue, usually this is done on purpose to increase the readability -else; - doTheRest(); -endif; ----- - -But this exception does not apply to `if` chains without `else`-s, or to `select`-s without `other` clauses when all branches have the same single line of code. In the case of `if` chains with `else`-s, or of `select`-s with `other` clauses, rule S3923 raises a bug. - -[source,rpg] ----- -if (a >= 0 and a < 10); - doTheThing(); -elseif (a >= 20 and a < 50); - doTheThing(); //Noncompliant, this might have been done on purpose but probably not -endif; ----- \ No newline at end of file diff --git a/rules/S1871/vbnet/exceptions.adoc b/rules/S1871/vbnet/exceptions.adoc index 61a19be35ff..00253c86a86 100644 --- a/rules/S1871/vbnet/exceptions.adoc +++ b/rules/S1871/vbnet/exceptions.adoc @@ -18,9 +18,9 @@ But this exception does not apply to `If` chains without `Else`-s, or to `Select [source,vbnet] ---- -If a >= 0 AndAlso a < 10 Then +If a == 1 Then + DoTheThing() ' Noncompliant, this might have been done on purpose but probably not +ElseIf a == 2 Then DoTheThing() -ElseIf a >= 10 AndAlso a < 20 Then - DoTheOtherThing() ' Noncompliant, this might have been done on purpose but probably not End If ---- diff --git a/rules/S1872/java/metadata.json b/rules/S1872/java/metadata.json index ef89e604d02..115edb87ac8 100644 --- a/rules/S1872/java/metadata.json +++ b/rules/S1872/java/metadata.json @@ -10,5 +10,6 @@ "CWE": [ 486 ] - } + }, + "scope": "All" } diff --git a/rules/S1872/java/rule.adoc b/rules/S1872/java/rule.adoc index bfadafe4a1b..08b90da8b85 100644 --- a/rules/S1872/java/rule.adoc +++ b/rules/S1872/java/rule.adoc @@ -56,7 +56,7 @@ class Store { == Resources -* https://cwe.mitre.org/data/definitions/486[MITRE, CWE-486] - Comparison of Classes by Name +* CWE - https://cwe.mitre.org/data/definitions/486[CWE-486 - Comparison of Classes by Name] * https://wiki.sei.cmu.edu/confluence/x/eDdGBQ[CERT, OBJ09-J.] - Compare classes and not class names ifdef::env-github,rspecator-view[] @@ -74,6 +74,9 @@ Use an ["instanceof"|"isAssignableFrom()"] comparison instead. == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. May have users that want to test only the name. + === on 30 Jul 2014, 21:14:24 Freddy Mallet wrote: My feedback @Ann: diff --git a/rules/S1873/rule.adoc b/rules/S1873/rule.adoc index cec30d09d02..d4503dcaa2e 100644 --- a/rules/S1873/rule.adoc +++ b/rules/S1873/rule.adoc @@ -46,8 +46,8 @@ public class Estate { == Resources -* https://cwe.mitre.org/data/definitions/582[MITRE, CWE-582] - Array Declared Public, Final, and Static -* https://cwe.mitre.org/data/definitions/607[MITRE, CWE-607] - Public Static Final Field References Mutable Object +* CWE - https://cwe.mitre.org/data/definitions/582[CWE-582 - Array Declared Public, Final, and Static] +* CWE - https://cwe.mitre.org/data/definitions/607[CWE-607 - Public Static Final Field References Mutable Object] * https://wiki.sei.cmu.edu/confluence/x/LjdGBQ[CERT, OBJ01-J.] - Limit accessibility of fields * https://wiki.sei.cmu.edu/confluence/x/VzZGBQ[CERT, OBJ13-J.] - Ensure that references to mutable objects are not exposed diff --git a/rules/S1874/dart/metadata.json b/rules/S1874/dart/metadata.json new file mode 100644 index 00000000000..51ca9f0ca86 --- /dev/null +++ b/rules/S1874/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Code annotated as deprecated should not be used" +} diff --git a/rules/S1874/dart/rule.adoc b/rules/S1874/dart/rule.adoc new file mode 100644 index 00000000000..370b523fdd4 --- /dev/null +++ b/rules/S1874/dart/rule.adoc @@ -0,0 +1,50 @@ +== Why is this an issue? + +include::../description.adoc[] + +[source,dart] +---- +@Deprecated("This function is deprecated, use newFunction instead", ReplaceWith("newFunction()")) +void oldFunction() { + println("This is the old function."); +} + +void newFunction() { + println("This is the new function."); +} + +oldFunction() // Noncompliant: "oldFunction is deprecated" +---- + +=== Exceptions + +The rule does not raise an issue when the deprecated members are used in a deprecated type. + +include::../see.adoc[] + +* Dart Docs - https://dart.dev/tools/diagnostic-messages#deprecated_member_use[Dart Compiler diagnostic - deprecated_member_use] +* Dart Docs - https://dart.dev/tools/diagnostic-messages#deprecated_member_use_from_same_package[Dart Compiler diagnostic - deprecated_member_use_from_same_package] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* '' is deprecated and shouldn't be used. +* '' is deprecated and shouldn't be used. . + +Unlike in other scenarios, if the member is a setter, the method name will NOT end with a `=` sign (generally used to distinguish it from the corresponding getter). +`` is appended only if the deprecated member has a deprecation message (e.g. `@Deprecated("Use X instead")`). + +=== Highlighting + +The identifier of the deprecated member. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S1874/java/metadata.json b/rules/S1874/java/metadata.json index e6ef0d26c42..07ae991cede 100644 --- a/rules/S1874/java/metadata.json +++ b/rules/S1874/java/metadata.json @@ -14,5 +14,6 @@ "ASVS 4.0": [ "1.14.6" ] - } + }, + "scope": "All" } diff --git a/rules/S1874/kubernetes/metadata.json b/rules/S1874/kubernetes/metadata.json new file mode 100644 index 00000000000..18e9491f8fc --- /dev/null +++ b/rules/S1874/kubernetes/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Deprecated code should not be used" +} \ No newline at end of file diff --git a/rules/S1874/kubernetes/rule.adoc b/rules/S1874/kubernetes/rule.adoc new file mode 100644 index 00000000000..4a5b8d62e84 --- /dev/null +++ b/rules/S1874/kubernetes/rule.adoc @@ -0,0 +1,39 @@ +== Why is this an issue? + +include::../description.adoc[] + + +Use `.Capabilities.KubeVersion.Version` instead of the deprecated call to `.Capabilities.KubeVersion.GitVersion` + +[source,text] +---- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configmap +data: + myvalue: "Hello World" + kubeVersionDeprecated: {{ .Capabilities.KubeVersion.GitVersion }} # Noncompliant + kubeVersion: {{ .Capabilities.KubeVersion.Version }} +---- + +include::../see.adoc[] + +* Go Documentation - https://pkg.go.dev/helm.sh/helm/v3/pkg/chartutil#KubeVersion.GitVersion[Deprecated KubeVersion.GitVersion] + +* Helm Documentation - https://helm.sh/docs/intro/using_helm/#helpful-options-for-installupgraderollback/[Helm Charts] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Remove this deprecated use of XXX, use YYY instead. + +=== Highlighting + +* Highlight the code that is deprecated +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S1874/metadata.json b/rules/S1874/metadata.json index 2e05a1b83cd..fe1d28cfe80 100644 --- a/rules/S1874/metadata.json +++ b/rules/S1874/metadata.json @@ -39,5 +39,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1874/see.adoc b/rules/S1874/see.adoc index 94078077a9d..043102872ca 100644 --- a/rules/S1874/see.adoc +++ b/rules/S1874/see.adoc @@ -1,3 +1,3 @@ == Resources === Documentation -* https://cwe.mitre.org/data/definitions/477[MITRE, CWE-477] - Use of Obsolete Functions +* CWE - https://cwe.mitre.org/data/definitions/477[CWE-477 - Use of Obsolete Functions] diff --git a/rules/S1875/see.adoc b/rules/S1875/see.adoc index b762d888aae..f25a1b93b77 100644 --- a/rules/S1875/see.adoc +++ b/rules/S1875/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/482[MITRE, CWE-482] - Comparing instead of Assigning \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/482[CWE-482 - Comparing instead of Assigning] \ No newline at end of file diff --git a/rules/S1876/html/metadata.json b/rules/S1876/html/metadata.json index 1ca75ff4c77..75b15866e7f 100644 --- a/rules/S1876/html/metadata.json +++ b/rules/S1876/html/metadata.json @@ -1,6 +1,6 @@ { - "title": "Using HTML comments is security-sensitive", - "type": "SECURITY_HOTSPOT", + "title": "HTML comments should be removed", + "type": "CODE_SMELL", "status": "ready", "remediation": { "func": "Constant\/Issue", @@ -32,5 +32,6 @@ }, "defaultQualityProfiles": [ - ] + ], + "quickfix": "unknown" } diff --git a/rules/S1876/html/rule.adoc b/rules/S1876/html/rule.adoc index 3afea68d1bf..7bfe5bd01c5 100644 --- a/rules/S1876/html/rule.adoc +++ b/rules/S1876/html/rule.adoc @@ -45,8 +45,8 @@ It is recommended to remove the comment or change its style so that it is not ou == See -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/615[MITRE, CWE-615] - Information Exposure Through Comments +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/615[CWE-615 - Information Exposure Through Comments] diff --git a/rules/S1878/cfamily/rule.adoc b/rules/S1878/cfamily/rule.adoc index 00256567c15..570dabadddb 100644 --- a/rules/S1878/cfamily/rule.adoc +++ b/rules/S1878/cfamily/rule.adoc @@ -1,29 +1,54 @@ == Why is this an issue? -Sharing some naming conventions enables teams to collaborate more efficiently. This rule checks that all ``++union++`` names match a provided regular expression. +Sharing some naming conventions enables teams to collaborate more efficiently. +This rule checks that all `union` names and `union` type alias names match a provided regular expression. === Noncompliant code example -Using the default regular expression ``++^[A-Z][a-zA-Z0-9]*$++``: +Using the default regular expression `^[A-Z][a-zA-Z0-9]*$`: -[source,cpp] +[source,cpp,diff-id=1,diff-type=noncompliant] ---- union my_union { int one; int two; }; + +using my_other_union = union { + int one; + int two; +}; ---- === Compliant solution -[source,cpp] +[source,cpp,diff-id=1,diff-type=compliant] ---- union MyUnion { int one; int two; }; + +using MyOtherUnion = union { + int one; + int two; +}; +---- + + +=== Exceptions + +The rule ignores anonymous unions that are not type aliased. + +[source,cpp] +---- +// Compliant by exception +union { + int a; + bool b; +} u; ---- diff --git a/rules/S1905/java/metadata.json b/rules/S1905/java/metadata.json index 9b623610df8..e8fd53c77a6 100644 --- a/rules/S1905/java/metadata.json +++ b/rules/S1905/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "covered" + "quickfix": "covered", + "scope": "Main" } diff --git a/rules/S1908/python/metadata.json b/rules/S1908/python/metadata.json index 0aad88907db..c11620435c2 100644 --- a/rules/S1908/python/metadata.json +++ b/rules/S1908/python/metadata.json @@ -1,3 +1,4 @@ { - "sqKey": "FileComplexity" + "sqKey": "FileComplexity", + "tags": ["brain-overload"] } diff --git a/rules/S1909/metadata.json b/rules/S1909/metadata.json index 4836f449cad..c761acd2f45 100644 --- a/rules/S1909/metadata.json +++ b/rules/S1909/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -17,9 +17,7 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "GotoLabelInNestedBlock" ] @@ -31,5 +29,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S1912/cfamily/metadata.json b/rules/S1912/cfamily/metadata.json index 53d3d45a91b..6ffb52a6900 100644 --- a/rules/S1912/cfamily/metadata.json +++ b/rules/S1912/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,9 +16,7 @@ "multi-threading" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "NonReentrantFunction" ] diff --git a/rules/S1913/cfamily/metadata.json b/rules/S1913/cfamily/metadata.json index 498aa2fbb76..830c4025bf9 100644 --- a/rules/S1913/cfamily/metadata.json +++ b/rules/S1913/cfamily/metadata.json @@ -24,6 +24,11 @@ "ruleSpecification": "RSPEC-1913", "sqKey": "S1913", "scope": "Main", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222612" + ] + }, "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S1913/cfamily/rule.adoc b/rules/S1913/cfamily/rule.adoc index d0bc9cbf80f..c1fa544df1f 100644 --- a/rules/S1913/cfamily/rule.adoc +++ b/rules/S1913/cfamily/rule.adoc @@ -45,6 +45,10 @@ void function() { * {cpp} reference - https://en.cppreference.com/w/cpp/language/sizeof[`sizeof` operator] +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. + ifdef::env-github,rspecator-view[] diff --git a/rules/S1914/cfamily/metadata.json b/rules/S1914/cfamily/metadata.json index d028eb54ea9..7f05a0ea23a 100644 --- a/rules/S1914/cfamily/metadata.json +++ b/rules/S1914/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "LOGICAL" }, @@ -12,13 +12,9 @@ "func": "Constant\/Issue", "constantCost": "0min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "PPErrorDirectiveReached" ] @@ -27,8 +23,6 @@ "ruleSpecification": "RSPEC-1914", "sqKey": "S1914", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1939/java/metadata.json b/rules/S1939/java/metadata.json index 3887a52c67a..5c9b6209567 100644 --- a/rules/S1939/java/metadata.json +++ b/rules/S1939/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Extensions and implementations should not be redundant" + "title": "Extensions and implementations should not be redundant", + "scope": "Main" } diff --git a/rules/S1940/java/metadata.json b/rules/S1940/java/metadata.json index 17971333806..9dbbef5a6c0 100644 --- a/rules/S1940/java/metadata.json +++ b/rules/S1940/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "All" } diff --git a/rules/S1940/java/rule.adoc b/rules/S1940/java/rule.adoc index fe598e7f71a..f2b45d5db41 100644 --- a/rules/S1940/java/rule.adoc +++ b/rules/S1940/java/rule.adoc @@ -12,6 +12,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1941/java/metadata.json b/rules/S1941/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S1941/java/metadata.json +++ b/rules/S1941/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S1942/java/metadata.json b/rules/S1942/java/metadata.json index 035eed855af..cd0f7f0f416 100644 --- a/rules/S1942/java/metadata.json +++ b/rules/S1942/java/metadata.json @@ -17,19 +17,13 @@ "redundant" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-1942", "sqKey": "S1942", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S1944/csharp/rule.adoc b/rules/S1944/csharp/rule.adoc index a764bb64eab..a19f0e41dc7 100644 --- a/rules/S1944/csharp/rule.adoc +++ b/rules/S1944/csharp/rule.adoc @@ -86,7 +86,7 @@ public static class Program ** https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast#as-operator[`as` operator] * https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/language-specification/conversions#103-explicit-conversions[Conversions - Explicit conversions in C#] ** https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/language-specification/conversions#1035-explicit-reference-conversions[Conversions - Explicit reference conversions in C#] -* https://cwe.mitre.org/data/definitions/588[MITRE, CWE-588 - Attempt to Access Child of a Non-structure Pointer] -* https://cwe.mitre.org/data/definitions/704[MITRE, CWE-704 - Incorrect Type Conversion or Cast] +* CWE - https://cwe.mitre.org/data/definitions/588[CWE-588 - Attempt to Access Child of a Non-structure Pointer] +* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast] include::../rspecator-dotnet.adoc[] diff --git a/rules/S1944/java/rule.adoc b/rules/S1944/java/rule.adoc index e8ae1b8e48b..7a38c9912f6 100644 --- a/rules/S1944/java/rule.adoc +++ b/rules/S1944/java/rule.adoc @@ -45,8 +45,8 @@ public class S1944 { == Resources * https://wiki.sei.cmu.edu/confluence/x/u9UxBQ[CERT, EXP36-C.] - Do not cast pointers into more strictly aligned pointer types -* https://cwe.mitre.org/data/definitions/588[MITRE, CWE-588] - Attempt to Access Child of a Non-structure Pointer -* https://cwe.mitre.org/data/definitions/704[MITRE, CWE-704] - Incorrect Type Conversion or Cast +* CWE - https://cwe.mitre.org/data/definitions/588[CWE-588 - Attempt to Access Child of a Non-structure Pointer] +* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast] ifdef::env-github,rspecator-view[] diff --git a/rules/S1944/vbnet/rule.adoc b/rules/S1944/vbnet/rule.adoc index 6fa317c9b3f..562d052ba64 100644 --- a/rules/S1944/vbnet/rule.adoc +++ b/rules/S1944/vbnet/rule.adoc @@ -85,7 +85,7 @@ End Module * https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/operators/directcast-operator[`DirectCast` operator] * https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/functions/ctype-function[`CType` function] * https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/operators/trycast-operator[`TryCast` operator] -* https://cwe.mitre.org/data/definitions/588[MITRE, CWE-588 - Attempt to Access Child of a Non-structure Pointer] -* https://cwe.mitre.org/data/definitions/704[MITRE, CWE-704 - Incorrect Type Conversion or Cast] +* CWE - https://cwe.mitre.org/data/definitions/588[CWE-588 - Attempt to Access Child of a Non-structure Pointer] +* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast] include::../rspecator-dotnet.adoc[] diff --git a/rules/S1948/java/metadata.json b/rules/S1948/java/metadata.json index 5abc6b35878..a484e474f22 100644 --- a/rules/S1948/java/metadata.json +++ b/rules/S1948/java/metadata.json @@ -17,17 +17,13 @@ "serialization" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-1948", "sqKey": "S1948", - "scope": "All", + "scope": "Main", "securityStandards": { "CWE": [ 594 diff --git a/rules/S1948/java/rule.adoc b/rules/S1948/java/rule.adoc index c5fcb36bff0..69d4722f36b 100644 --- a/rules/S1948/java/rule.adoc +++ b/rules/S1948/java/rule.adoc @@ -2,7 +2,7 @@ This rule raises an issue on a non-transient and non-serializable field within a == Why is this an issue? -By contract, fields in a `Serializable` class must themselves be either `Serializable` or `transient`. +By contract, non-static fields in a `Serializable` class must themselves be either `Serializable` or `transient`. Even if the class is never explicitly serialized or deserialized, it is not safe to assume that this cannot happen. For instance, under load, most J2EE application frameworks flush objects to disk. @@ -11,9 +11,11 @@ In general, a `Serializable` class is expected to fulfil its contract and not ex This rule raises an issue on: -* non-`Serializable` fields, -* collection fields when they are not `private` (because they could be assigned non-`Serializable` values externally), -* when a field is assigned a non-`Serializable` type within the class. +* Non-`Serializable` fields. +* When a field is assigned a non-`Serializable` type within the class. +* Collection fields when they are not `private`. +Values that are not serializable could be added to these collections externally. +Due to type erasure, it cannot be guaranteed that the collection will only contain serializable objects at runtime despite being declared as a collection of serializable types. == How to fix it @@ -92,9 +94,22 @@ public class Person implements Serializable { } ---- +Finally, static fields are out of scope for serialization, so making a field static prevents issues from being raised. + +[source,java] +---- +public class Person implements Serializable { + private static final long serialVersionUID = 1905122041950251207L; + + private String name; + + private static Logger log = getLogger(); // Compliant, static fields are not serialized +} +---- + == Resources -* https://cwe.mitre.org/data/definitions/594[Saving Unserializable Objects to Disk - MITRE, CWE-594] +* CWE - https://cwe.mitre.org/data/definitions/594[CWE-594 - Saving Unserializable Objects to Disk] * https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/Serializable.html[Interface Serializable - Java SE 11 API Documentation] * https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/Serializable.html[Interface Serializable - Java SE 17 API Documentation] diff --git a/rules/S1951/flex/rule.adoc b/rules/S1951/flex/rule.adoc index fbf4c289dce..cd7667c88d5 100644 --- a/rules/S1951/flex/rule.adoc +++ b/rules/S1951/flex/rule.adoc @@ -22,8 +22,8 @@ The ``++trace()++`` function outputs debug statements, which can be read by anyo == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] ifdef::env-github,rspecator-view[] diff --git a/rules/S1966/cobol/rule.adoc b/rules/S1966/cobol/rule.adoc index 480e5f64177..68777e5191e 100644 --- a/rules/S1966/cobol/rule.adoc +++ b/rules/S1966/cobol/rule.adoc @@ -46,7 +46,7 @@ END-IF == Resources -* https://cwe.mitre.org/data/definitions/704[MITRE, CWE-704] - Incorrect Type Conversion or Cast +* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast] ifdef::env-github,rspecator-view[] diff --git a/rules/S1967/cobol/metadata.json b/rules/S1967/cobol/metadata.json index 208df300786..f3e2daab600 100644 --- a/rules/S1967/cobol/metadata.json +++ b/rules/S1967/cobol/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1967", diff --git a/rules/S1967/cobol/rule.adoc b/rules/S1967/cobol/rule.adoc index 58b7319f693..10818dd6c06 100644 --- a/rules/S1967/cobol/rule.adoc +++ b/rules/S1967/cobol/rule.adoc @@ -34,7 +34,7 @@ In any case, data loss is always the result when too-large values are moved to t == Resources -* https://cwe.mitre.org/data/definitions/704[MITRE, CWE-704] - Incorrect Type Conversion or Cast +* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast] === Related rules diff --git a/rules/S1969/cobol/metadata.json b/rules/S1969/cobol/metadata.json index d205a683707..f169590c5ce 100644 --- a/rules/S1969/cobol/metadata.json +++ b/rules/S1969/cobol/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-1969", diff --git a/rules/S1989/java/rule.adoc b/rules/S1989/java/rule.adoc index aae44956b8c..fafae9d3fb4 100644 --- a/rules/S1989/java/rule.adoc +++ b/rules/S1989/java/rule.adoc @@ -64,8 +64,8 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro === Articles & blog posts -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/600[MITRE, CWE-600] - Uncaught Exception in Servlet +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/600[CWE-600 - Uncaught Exception in Servlet] * https://wiki.sei.cmu.edu/confluence/x/-zZGBQ[CERT, ERR01-J.] - Do not allow exceptions to expose sensitive information ifdef::env-github,rspecator-view[] diff --git a/rules/S1990/cfamily/metadata.json b/rules/S1990/cfamily/metadata.json index 8bc80bea3f5..74e466f0430 100644 --- a/rules/S1990/cfamily/metadata.json +++ b/rules/S1990/cfamily/metadata.json @@ -5,5 +5,6 @@ ], "defaultQualityProfiles": [ "Sonar way" - ] -} + ], + "quickfix": "covered" +} \ No newline at end of file diff --git a/rules/S1994/csharp/metadata.json b/rules/S1994/csharp/metadata.json index 6fcc9070d35..2c63c085104 100644 --- a/rules/S1994/csharp/metadata.json +++ b/rules/S1994/csharp/metadata.json @@ -1,5 +1,2 @@ { - "defaultQualityProfiles": [ - - ] } diff --git a/rules/S1994/csharp/rule.adoc b/rules/S1994/csharp/rule.adoc index 93654886a00..549436f6585 100644 --- a/rules/S1994/csharp/rule.adoc +++ b/rules/S1994/csharp/rule.adoc @@ -1,41 +1,63 @@ == Why is this an issue? -include::../description.adoc[] +The `for` loop is designed to iterate over a range using a counter variable, with the counter being updated in the loop's increment section. Misusing this structure can lead to issues such as infinite loops if the counter is not updated correctly. If this is intentional, use a `while` or `do while` loop instead of a `for` loop. -=== Noncompliant code example +Using a for loop for purposes other than its intended use can lead to confusion and potential bugs. If the `for` loop structure does not fit your needs, consider using an alternative https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/iteration-statements[iteration statement]. -[source,csharp] +== How to fix it + +Move the counter variable update to the loop's increment section. +If this is impossible, consider using another iteration statement instead. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- -for (i = 0; i < 10; j++) // Noncompliant -{ +int sum = 0; +for (int i = 0; i < 10; sum++) // Noncompliant: `i` is not updated in the increment section +{ // ... + i++; } ---- -=== Compliant solution - -[source,csharp] +[source,csharp,diff-id=2,diff-type=noncompliant] ---- -for (i = 0; i < 10; i++) +for (int i = 0;; i++) // Noncompliant: the loop condition is empty although incrementing `i` { // ... } ---- -ifdef::env-github,rspecator-view[] +==== Compliant solution -''' -== Implementation Specification -(visible only on this page) +[source,csharp,diff-id=1,diff-type=compliant] +---- +int sum = 0; +for (int i = 0; i < 10; i++) +{ + // ... + sum++; +} +---- -include::../message.adoc[] +[source,csharp,diff-id=2,diff-type=compliant] +---- +int i = 0; +while (true) +{ + // ... + i++; +} +---- -include::../highlighting.adoc[] +== Resources -''' -== Comments And Links -(visible only on this page) +=== Documentation -include::../comments-and-links.adoc[] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/iteration-statements#the-for-statement[The `for` statement] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/iteration-statements[Iteration statements - `for`, `foreach`, `do`, and `while`] -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] diff --git a/rules/S1994/java/metadata.json b/rules/S1994/java/metadata.json index 17971333806..9dbbef5a6c0 100644 --- a/rules/S1994/java/metadata.json +++ b/rules/S1994/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "All" } diff --git a/rules/S1994/java/rule.adoc b/rules/S1994/java/rule.adoc index 9124634b957..798f54e5709 100644 --- a/rules/S1994/java/rule.adoc +++ b/rules/S1994/java/rule.adoc @@ -92,6 +92,9 @@ include::../highlighting.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S1994/rspecator.adoc b/rules/S1994/rspecator.adoc new file mode 100644 index 00000000000..f213e9de87c --- /dev/null +++ b/rules/S1994/rspecator.adoc @@ -0,0 +1,17 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::message.adoc[] + +include::highlighting.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S1996/java/metadata.json b/rules/S1996/java/metadata.json index f1dbd92855e..fc7ba3cbfe0 100644 --- a/rules/S1996/java/metadata.json +++ b/rules/S1996/java/metadata.json @@ -3,5 +3,6 @@ "func": "Linear", "linearDesc": "per extra type", "linearFactor": "10min" - } + }, + "scope": "Main" } diff --git a/rules/S1998/php/rule.adoc b/rules/S1998/php/rule.adoc index b1687653b3d..f5ba0b57042 100644 --- a/rules/S1998/php/rule.adoc +++ b/rules/S1998/php/rule.adoc @@ -39,7 +39,7 @@ myfun($name); === Standards -* https://cwe.mitre.org/data/definitions/374[MITRE, CWE-374] - Weakness Base Passing Mutable Objects to an Untrusted Method +* CWE - https://cwe.mitre.org/data/definitions/374[CWE-374 - Weakness Base Passing Mutable Objects to an Untrusted Method] ifdef::env-github,rspecator-view[] diff --git a/rules/S2004/javascript/metadata.json b/rules/S2004/javascript/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S2004/javascript/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S2004/javascript/rule.adoc b/rules/S2004/javascript/rule.adoc new file mode 100644 index 00000000000..6109b261d1e --- /dev/null +++ b/rules/S2004/javascript/rule.adoc @@ -0,0 +1,31 @@ +== Why is this an issue? + +Nested functions refer to the practice of defining a function within another function. These inner functions have access to the variables and parameters of the outer function, creating a closure. + +While nesting functions is a common practice in JavaScript, deeply nested functions can make the code harder to read and understand, especially if the functions are long or if there are many levels of nesting. + +This can make it difficult for other developers or even yourself to understand and maintain the code. + +=== Noncompliant code example + +With the default threshold of 4 levels: + +[source,javascript] +---- +function f() { + function f_inner() { + function f_inner_inner() { + function f_inner_inner_inner() { + function f_inner_inner_inner_inner() { // Noncompliant + } + } + } + } +} +---- + +== Resources + +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Functions#nested_functions_and_closures[Nested functions and closures] diff --git a/rules/S2004/metadata.json b/rules/S2004/metadata.json index 2c63c085104..1930da0fdbf 100644 --- a/rules/S2004/metadata.json +++ b/rules/S2004/metadata.json @@ -1,2 +1,34 @@ { + "title": "Functions should not be nested too deeply", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "HIGH" + }, + "attribute": "FOCUSED" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "20min" + }, + "tags": [ + "brain-overload" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Critical", + "ruleSpecification": "RSPEC-2004", + "sqKey": "S2004", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S2004/php/metadata.json b/rules/S2004/php/metadata.json index 1930da0fdbf..2c63c085104 100644 --- a/rules/S2004/php/metadata.json +++ b/rules/S2004/php/metadata.json @@ -1,34 +1,2 @@ { - "title": "Functions should not be nested too deeply", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "HIGH" - }, - "attribute": "FOCUSED" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "20min" - }, - "tags": [ - "brain-overload" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Critical", - "ruleSpecification": "RSPEC-2004", - "sqKey": "S2004", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S2007/metadata.json b/rules/S2007/metadata.json index 6ca2bec99e6..086fa023b1d 100644 --- a/rules/S2007/metadata.json +++ b/rules/S2007/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "MODULAR" }, @@ -16,9 +16,7 @@ "design" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "VariableInPackageSpecificationCheck" ] @@ -27,8 +25,6 @@ "ruleSpecification": "RSPEC-2007", "sqKey": "S2007", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2014/php/metadata.json b/rules/S2014/php/metadata.json index 2eb9822fdac..bca5d053ef7 100644 --- a/rules/S2014/php/metadata.json +++ b/rules/S2014/php/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "15min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2014", diff --git a/rules/S2015/php/rule.adoc b/rules/S2015/php/rule.adoc index 9391bf379ca..208c0278096 100644 --- a/rules/S2015/php/rule.adoc +++ b/rules/S2015/php/rule.adoc @@ -31,7 +31,7 @@ if (authenticated($user)) { == Resources -* https://cwe.mitre.org/data/definitions/457[MITRE, CWE-457] - Use of Uninitialized Variable +* CWE - https://cwe.mitre.org/data/definitions/457[CWE-457 - Use of Uninitialized Variable] ifdef::env-github,rspecator-view[] diff --git a/rules/S2047/java/metadata.json b/rules/S2047/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2047/java/metadata.json +++ b/rules/S2047/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2053/common/fix/salt.adoc b/rules/S2053/common/fix/salt.adoc index d3c423fffa3..4211d830870 100644 --- a/rules/S2053/common/fix/salt.adoc +++ b/rules/S2053/common/fix/salt.adoc @@ -1,5 +1,5 @@ This code ensures that each user's password has a unique salt value associated with it. It generates a salt randomly and with a length that provides the required -security level. It uses a salt length of at least 16 bytes (128 bits), as recommended +security level. It uses a salt length of at least 32 bytes (256 bits), as recommended by industry standards. diff --git a/rules/S2053/common/resources/standards.adoc b/rules/S2053/common/resources/standards.adoc index 4b43cbf4670..a69aee6dd6a 100644 --- a/rules/S2053/common/resources/standards.adoc +++ b/rules/S2053/common/resources/standards.adoc @@ -1,7 +1,8 @@ === Standards -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP] Top 10:2021 A02:2021 - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP] - Top 10 2017 - A03:2017 - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/759[CWE] - CWE-759: Use of a One-Way Hash without a Salt -* https://cwe.mitre.org/data/definitions/760[CWE] - CWE-760: Use of a One-Way Hash with a Predictable Salt +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/759[CWE-759 - Use of a One-Way Hash without a Salt] +* CWE - https://cwe.mitre.org/data/definitions/760[CWE-760 - Use of a One-Way Hash with a Predictable Salt] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. diff --git a/rules/S2053/csharp/how-to-fix-it/dot-net.adoc b/rules/S2053/csharp/how-to-fix-it/dot-net.adoc index 2e07a5232db..089ad088618 100644 --- a/rules/S2053/csharp/how-to-fix-it/dot-net.adoc +++ b/rules/S2053/csharp/how-to-fix-it/dot-net.adoc @@ -25,7 +25,9 @@ using System.Security.Cryptography; public static void hash(string password) { - var hashed = new Rfc2898DeriveBytes(password, 16); + var saltSize = 32; + var iterations = 100_000; + var hashed = new Rfc2898DeriveBytes(password, saltSize, iterations, HashAlgorithmName.SHA512); } ---- diff --git a/rules/S2053/csharp/metadata.json b/rules/S2053/csharp/metadata.json index 17971333806..1708b42a84b 100644 --- a/rules/S2053/csharp/metadata.json +++ b/rules/S2053/csharp/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "cwe", + "symbolic-execution" + ] } diff --git a/rules/S2053/csharp/rule.adoc b/rules/S2053/csharp/rule.adoc index 769c1a603e2..c893efdf9cf 100644 --- a/rules/S2053/csharp/rule.adoc +++ b/rules/S2053/csharp/rule.adoc @@ -6,6 +6,8 @@ include::../rationale.adoc[] include::../impact.adoc[] +include::../exceptions.adoc[] + // How to fix it section include::how-to-fix-it/dot-net.adoc[] diff --git a/rules/S2053/exceptions.adoc b/rules/S2053/exceptions.adoc new file mode 100644 index 00000000000..3feb502c7ca --- /dev/null +++ b/rules/S2053/exceptions.adoc @@ -0,0 +1,19 @@ +=== Exceptions + +To securely store password hashes, it is a recommended to rely on +key derivation functions that are computationally intensive. Examples of such +functions are: + +* Argon2 +* PBKDF2 +* Scrypt +* Bcrypt + +When they are used for password storage, using a secure, random salt is +required. + +However, those functions can also be used for other purposes such as master key +derivation or password-based pre-shared key generation. In those cases, the +implemented cryptographic protocol might require using a fixed salt to derive +keys in a deterministic way. In such cases, using a fixed salt is safe and +accepted. \ No newline at end of file diff --git a/rules/S2053/java/how-to-fix-it/java-se.adoc b/rules/S2053/java/how-to-fix-it/java-se.adoc index f16d9c9de97..31881aa6bd2 100644 --- a/rules/S2053/java/how-to-fix-it/java-se.adoc +++ b/rules/S2053/java/how-to-fix-it/java-se.adoc @@ -25,7 +25,7 @@ import javax.crypto.spec.PBEParameterSpec; public void hash() { SecureRandom random = new SecureRandom(); - byte[] salt = new byte[16]; + byte[] salt = new byte[32]; random.nextBytes(salt); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, 10000); diff --git a/rules/S2053/java/rule.adoc b/rules/S2053/java/rule.adoc index fa1017b2869..46dcfeb4624 100644 --- a/rules/S2053/java/rule.adoc +++ b/rules/S2053/java/rule.adoc @@ -6,6 +6,8 @@ include::../rationale.adoc[] include::../impact.adoc[] +include::../exceptions.adoc[] + // How to fix it section include::how-to-fix-it/java-se.adoc[] diff --git a/rules/S2053/kotlin/how-to-fix-it/java-se.adoc b/rules/S2053/kotlin/how-to-fix-it/java-se.adoc index c96b617f088..8c350b9b4a1 100644 --- a/rules/S2053/kotlin/how-to-fix-it/java-se.adoc +++ b/rules/S2053/kotlin/how-to-fix-it/java-se.adoc @@ -25,7 +25,7 @@ import javax.crypto.spec.PBEParameterSpec fun hash() { val random = SecureRandom() - val salt = ByteArray(16) + val salt = ByteArray(32) random.nextBytes(salt) val cipherSpec = PBEParameterSpec(salt, 10000) } diff --git a/rules/S2053/kotlin/rule.adoc b/rules/S2053/kotlin/rule.adoc index ac91b46b17a..942d6e4804a 100644 --- a/rules/S2053/kotlin/rule.adoc +++ b/rules/S2053/kotlin/rule.adoc @@ -6,6 +6,8 @@ include::../rationale.adoc[] include::../impact.adoc[] +include::../exceptions.adoc[] + // How to fix it section include::how-to-fix-it/java-se.adoc[] diff --git a/rules/S2053/metadata.json b/rules/S2053/metadata.json index f9eb8f0a5f6..72b7ae98316 100644 --- a/rules/S2053/metadata.json +++ b/rules/S2053/metadata.json @@ -1,5 +1,5 @@ { - "title": "Hashes should include an unpredictable salt", + "title": "Password hashing functions should use an unpredictable salt", "type": "VULNERABILITY", "code": { "impacts": { @@ -43,6 +43,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222542" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2053/php/how-to-fix-it/core.adoc b/rules/S2053/php/how-to-fix-it/core.adoc index fffee43edff..00f745f869f 100644 --- a/rules/S2053/php/how-to-fix-it/core.adoc +++ b/rules/S2053/php/how-to-fix-it/core.adoc @@ -16,7 +16,7 @@ $hash = hash_pbkdf2('sha256', $password, $salt, 100000); // Noncompliant [source,php,diff-id=1,diff-type=compliant] ---- -$salt = random_bytes(16); +$salt = random_bytes(32); $hash = hash_pbkdf2('sha256', $password, $salt, 100000); ---- diff --git a/rules/S2053/php/rule.adoc b/rules/S2053/php/rule.adoc index 207c7159b1c..9344e53ef72 100644 --- a/rules/S2053/php/rule.adoc +++ b/rules/S2053/php/rule.adoc @@ -6,6 +6,8 @@ include::../rationale.adoc[] include::../impact.adoc[] +include::../exceptions.adoc[] + // How to fix it section include::how-to-fix-it/core.adoc[] diff --git a/rules/S2053/python/how-to-fix-it/cryptodome.adoc b/rules/S2053/python/how-to-fix-it/cryptodome.adoc new file mode 100644 index 00000000000..64252ce0ed1 --- /dev/null +++ b/rules/S2053/python/how-to-fix-it/cryptodome.adoc @@ -0,0 +1,33 @@ +== How to fix it in Cryptodome + +=== Code examples + +include::../../common/fix/code-rationale.adoc[] + +==== Noncompliant code example + +[source,python,diff-id=3,diff-type=noncompliant] +---- +from Crypto.Protocol.KDF import scrypt + +digest = scrypt(password, salt=b"F3MdWpeHeeSjlUxvKBnzzA", key_len=32, N=2**17, r=8, p=1) # Noncompliant +---- + +==== Compliant solution + +[source,python,diff-id=3,diff-type=compliant] +---- +import secrets +from Crypto.Protocol.KDF import scrypt + +salt = secrets.token_bytes(32) +digest = scrypt(password, salt=salt, key_len=32, N=2**17, r=8, p=1) +---- + +=== How does this work? + +include::../../common/fix/salt.adoc[] + +Here, the compliant code example ensures the salt is random and has a sufficient +length by calling the `secrets.token_bytes` function. This function internally +uses a cryptographically secure pseudo-random number generator. diff --git a/rules/S2053/python/how-to-fix-it/cryptography.adoc b/rules/S2053/python/how-to-fix-it/cryptography.adoc new file mode 100644 index 00000000000..4d83741ba3e --- /dev/null +++ b/rules/S2053/python/how-to-fix-it/cryptography.adoc @@ -0,0 +1,35 @@ +== How to fix it in pyca + +=== Code examples + +include::../../common/fix/code-rationale.adoc[] + +==== Noncompliant code example + +[source,python,diff-id=2,diff-type=noncompliant] +---- +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC +from cryptography.hazmat.primitives import hashes + +digest = PBKDF2HMAC(hashes.SHA256(), length=32, salt=b"F3MdWpeHeeSjlUxvKBnzzA", iterations=100000).derive(password) +---- + +==== Compliant solution + +[source,python,diff-id=2,diff-type=compliant] +---- +import secrets +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC +from cryptography.hazmat.primitives import hashes + +salt = secrets.token_bytes(32) +digest = PBKDF2HMAC(hashes.SHA256(), length=32, salt=salt, iterations=100000).derive(password) +---- + +=== How does this work? + +include::../../common/fix/salt.adoc[] + +Here, the compliant code example ensures the salt is random and has a sufficient +length by calling the `secrets.token_bytes` function. This one internally uses a +cryptographically secure pseudo random number generator. diff --git a/rules/S2053/python/how-to-fix-it/std.adoc b/rules/S2053/python/how-to-fix-it/std.adoc index 6d5487bdd94..8b269d486a0 100644 --- a/rules/S2053/python/how-to-fix-it/std.adoc +++ b/rules/S2053/python/how-to-fix-it/std.adoc @@ -8,19 +8,20 @@ include::../../common/fix/code-rationale.adoc[] [source,python,diff-id=1,diff-type=noncompliant] ---- -import crypt +import hashlib -hash = crypt.crypt(password) # Noncompliant +hash = hashlib.scrypt(password, salt=b"F3MdWpeHeeSjlUxvKBnzzA", n=2**17, r=8, p=1) # Noncompliant ---- ==== Compliant solution [source,python,diff-id=1,diff-type=compliant] ---- -import crypt +import hashlib +import secrets -salt = crypt.mksalt(crypt.METHOD_SHA256) -hash = crypt.crypt(password, salt) +salt = secrets.token_bytes(32) +hash = hashlib.scrypt(password, salt=salt, n=2**17, r=8, p=1) ---- === How does this work? @@ -28,5 +29,5 @@ hash = crypt.crypt(password, salt) include::../../common/fix/salt.adoc[] Here, the compliant code example ensures the salt is random and has a sufficient -length by calling the `crypt.mksalt` function. This one internally uses a +length by calling the `secrets.token_bytes` function. This one internally uses a cryptographically secure pseudo random number generator. diff --git a/rules/S2053/python/rule.adoc b/rules/S2053/python/rule.adoc index badfbf38957..0fcfa8d6ffe 100644 --- a/rules/S2053/python/rule.adoc +++ b/rules/S2053/python/rule.adoc @@ -6,10 +6,16 @@ include::../rationale.adoc[] include::../impact.adoc[] +include::../exceptions.adoc[] + // How to fix it section include::how-to-fix-it/std.adoc[] +include::how-to-fix-it/cryptography.adoc[] + +include::how-to-fix-it/cryptodome.adoc[] + == Resources include::../common/resources/standards.adoc[] diff --git a/rules/S2053/vbnet/how-to-fix-it/dot-net.adoc b/rules/S2053/vbnet/how-to-fix-it/dot-net.adoc index 2cfbf7dc612..ddaced760e8 100644 --- a/rules/S2053/vbnet/how-to-fix-it/dot-net.adoc +++ b/rules/S2053/vbnet/how-to-fix-it/dot-net.adoc @@ -23,7 +23,7 @@ End Sub Imports System.Security.Cryptography Public Sub Hash(Password As String) - Dim Hashed As New Rfc2898DeriveBytes(Password, 64) + Dim Hashed As New Rfc2898DeriveBytes(Password, 32, 10000, HashAlgorithmName.SHA256) End Sub ---- diff --git a/rules/S2053/vbnet/metadata.json b/rules/S2053/vbnet/metadata.json index 17971333806..5941afa1af4 100644 --- a/rules/S2053/vbnet/metadata.json +++ b/rules/S2053/vbnet/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "cwe", + "symbolic-execution" + ] } diff --git a/rules/S2053/vbnet/rule.adoc b/rules/S2053/vbnet/rule.adoc index 769c1a603e2..c893efdf9cf 100644 --- a/rules/S2053/vbnet/rule.adoc +++ b/rules/S2053/vbnet/rule.adoc @@ -6,6 +6,8 @@ include::../rationale.adoc[] include::../impact.adoc[] +include::../exceptions.adoc[] + // How to fix it section include::how-to-fix-it/dot-net.adoc[] diff --git a/rules/S2055/java/metadata.json b/rules/S2055/java/metadata.json index 0c349fd1854..5cdb33d0a8d 100644 --- a/rules/S2055/java/metadata.json +++ b/rules/S2055/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2055", "sqKey": "S2055", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2057/java/metadata.json b/rules/S2057/java/metadata.json index 801547b314e..9fab0bc7e71 100644 --- a/rules/S2057/java/metadata.json +++ b/rules/S2057/java/metadata.json @@ -18,24 +18,18 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2057", "sqKey": "S2057", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "SER00-J." ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2060/java/metadata.json b/rules/S2060/java/metadata.json index 5169b9becbb..4e960c3c68c 100644 --- a/rules/S2060/java/metadata.json +++ b/rules/S2060/java/metadata.json @@ -12,13 +12,11 @@ "func": "Constant\/Issue", "constantCost": "20min" }, - "tags": [ - - ], + "tags": [], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2060", "sqKey": "S2060", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2061/java/metadata.json b/rules/S2061/java/metadata.json index eb92adbe17a..6c5b5612b27 100644 --- a/rules/S2061/java/metadata.json +++ b/rules/S2061/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2061", "sqKey": "S2061", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "SER01-J." diff --git a/rules/S2062/java/metadata.json b/rules/S2062/java/metadata.json index 66b0e57b0a4..4a2600fb0c4 100644 --- a/rules/S2062/java/metadata.json +++ b/rules/S2062/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2062", "sqKey": "S2062", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2063/java/metadata.json b/rules/S2063/java/metadata.json index 0e805439b86..230b23ccb7d 100644 --- a/rules/S2063/java/metadata.json +++ b/rules/S2063/java/metadata.json @@ -17,19 +17,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2063", "sqKey": "S2063", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2065/java/metadata.json b/rules/S2065/java/metadata.json index 2989f778830..1e5385faeb6 100644 --- a/rules/S2065/java/metadata.json +++ b/rules/S2065/java/metadata.json @@ -19,7 +19,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2065", "sqKey": "S2065", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2066/java/metadata.json b/rules/S2066/java/metadata.json index 2befe6eefcc..ffcd72334f2 100644 --- a/rules/S2066/java/metadata.json +++ b/rules/S2066/java/metadata.json @@ -19,7 +19,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2066", "sqKey": "S2066", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "SER05-J." diff --git a/rules/S2068/cfamily/metadata.json b/rules/S2068/cfamily/metadata.json index 8b15ed00372..2b1f224f4c5 100644 --- a/rules/S2068/cfamily/metadata.json +++ b/rules/S2068/cfamily/metadata.json @@ -1,4 +1,5 @@ { + "title": "Hard-coded passwords are security-sensitive", "tags": [ "cwe", "cert" @@ -28,5 +29,6 @@ "3.5.2", "6.4.1" ] - } + }, + "quickfix": "infeasible" } diff --git a/rules/S2068/cfamily/rule.adoc b/rules/S2068/cfamily/rule.adoc index bc6091e320c..bf4ae013e8f 100644 --- a/rules/S2068/cfamily/rule.adoc +++ b/rules/S2068/cfamily/rule.adoc @@ -1,4 +1,4 @@ -Because it is easy to extract strings from an application source code or binary, credentials should not be hard-coded. This is particularly true for applications that are distributed or that are open-source. +Because it is easy to extract strings from an application source code or binary, passwords should not be hard-coded. This is particularly true for applications that are distributed or that are open-source. In the past, it has led to the following vulnerabilities: @@ -6,10 +6,10 @@ In the past, it has led to the following vulnerabilities: * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13466[CVE-2019-13466] * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15389[CVE-2018-15389] -Credentials should be stored outside of the code in a configuration file, a database, or a management service for secrets. +Passwords should be stored outside of the code in a configuration file, a database, or a management service for secrets. -This rule looks for hard-coded credentials in variable names that match any of the patterns from the provided list. +This rule looks for hard-coded passwords in variable names that match any of the patterns from the provided list. include::../ask-yourself.adoc[] @@ -34,10 +34,9 @@ dbi_conn_set_option(conn, "password", password.c_str()); // Compliant == See -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/798[MITRE, CWE-798] - Use of Hard-coded Credentials -* https://cwe.mitre.org/data/definitions/259[MITRE, CWE-259] - Use of Hard-coded Password +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/259[CWE-259 - Use of Hard-coded Password] * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD[Hard Coded Password] ifdef::env-github,rspecator-view[] diff --git a/rules/S2068/csharp/rule.adoc b/rules/S2068/csharp/rule.adoc index 5fd79efe18c..38edc455521 100644 --- a/rules/S2068/csharp/rule.adoc +++ b/rules/S2068/csharp/rule.adoc @@ -1,4 +1,4 @@ -include::../description.adoc[] +include::../description-no-recommend.adoc[] include::../ask-yourself.adoc[] diff --git a/rules/S2068/description-no-recommend.adoc b/rules/S2068/description-no-recommend.adoc new file mode 100644 index 00000000000..4319049b750 --- /dev/null +++ b/rules/S2068/description-no-recommend.adoc @@ -0,0 +1,13 @@ +Because it is easy to extract strings from an application source code or binary, credentials should not be hard-coded. This is particularly true for applications that are distributed or that are open-source. + + +In the past, it has led to the following vulnerabilities: + +* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13466[CVE-2019-13466] +* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15389[CVE-2018-15389] + +Credentials should be stored outside of the code in a configuration file, a database, or a management service for secrets. + + +This rule flags instances of hard-coded credentials used in database and LDAP connections. It looks for hard-coded credentials in connection strings, and for variable names that match any of the patterns from the provided list. + diff --git a/rules/S2068/description.adoc b/rules/S2068/description.adoc index 6102d3ec868..8480ed2c0b2 100644 --- a/rules/S2068/description.adoc +++ b/rules/S2068/description.adoc @@ -1,15 +1,3 @@ -Because it is easy to extract strings from an application source code or binary, credentials should not be hard-coded. This is particularly true for applications that are distributed or that are open-source. - - -In the past, it has led to the following vulnerabilities: - -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13466[CVE-2019-13466] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15389[CVE-2018-15389] - -Credentials should be stored outside of the code in a configuration file, a database, or a management service for secrets. - - -This rule flags instances of hard-coded credentials used in database and LDAP connections. It looks for hard-coded credentials in connection strings, and for variable names that match any of the patterns from the provided list. - +include::./description-no-recommend.adoc[] It's recommended to customize the configuration of this rule with additional credential words such as "oauthToken", "secret", ... diff --git a/rules/S2068/java/rule.adoc b/rules/S2068/java/rule.adoc index d4a61f6fa45..1965c9558ca 100644 --- a/rules/S2068/java/rule.adoc +++ b/rules/S2068/java/rule.adoc @@ -45,10 +45,10 @@ Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/test?" + == See -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/798[MITRE, CWE-798] - Use of Hard-coded Credentials -* https://cwe.mitre.org/data/definitions/259[MITRE, CWE-259] - Use of Hard-coded Password +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/798[CWE-798 - Use of Hard-coded Credentials] +* CWE - https://cwe.mitre.org/data/definitions/259[CWE-259 - Use of Hard-coded Password] * https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[CERT, MSC03-J.] - Never hard code sensitive information * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD[Hard Coded Password] diff --git a/rules/S2068/javascript/metadata.json b/rules/S2068/javascript/metadata.json index d860fd4691d..721c5ed7fae 100644 --- a/rules/S2068/javascript/metadata.json +++ b/rules/S2068/javascript/metadata.json @@ -1,4 +1,5 @@ { + "title": "Hard-coded passwords are security-sensitive", "defaultQualityProfiles": [ "Sonar way" ] diff --git a/rules/S2068/javascript/rule.adoc b/rules/S2068/javascript/rule.adoc index 82e8821aa0f..a0e9ffa78e8 100644 --- a/rules/S2068/javascript/rule.adoc +++ b/rules/S2068/javascript/rule.adoc @@ -1,16 +1,37 @@ -include::../description.adoc[] +Because it is easy to extract strings from an application source code or binary, passwords should not be hard-coded. This is particularly true for applications that are distributed or that are open-source. -include::../ask-yourself.adoc[] -include::../recommended.adoc[] +In the past, it has led to the following vulnerabilities: + +* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13466[CVE-2019-13466] +* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15389[CVE-2018-15389] + +Passwords should be stored outside of the code in a configuration file, a database, or a management service for passwords. + + +This rule flags instances of hard-coded passwords used in database and LDAP connections. It looks for hard-coded passwords in connection strings, and for variable names that match any of the patterns from the provided list. + +== Ask Yourself Whether + +* Passwords allow access to a sensitive component like a database, a file storage, an API or a service. +* Passwords are used in production environments. +* Application re-distribution is required before updating the passwords. + +There is a risk if you answered yes to any of those questions. + +== Recommended Secure Coding Practices + +* Store the passwords in a configuration file that is not pushed to the code repository. +* Store the passwords in a database. +* Use your cloud provider's service for managing passwords. +* If a password has been disclosed through the source code: change it. == Sensitive Code Example ---- -var mysql = require('mysql'); +const mysql = require('mysql'); -var connection = mysql.createConnection( -{ +const connection = mysql.createConnection({ host:'localhost', user: "admin", database: "project", @@ -25,9 +46,9 @@ connection.connect(); [source,javascript] ---- -var mysql = require('mysql'); +const mysql = require('mysql'); -var connection = mysql.createConnection({ +const connection = mysql.createConnection({ host: process.env.MYSQL_URL, user: process.env.MYSQL_USERNAME, password: process.env.MYSQL_PASSWORD, @@ -36,7 +57,13 @@ var connection = mysql.createConnection({ connection.connect(); ---- -include::../see.adoc[] +== See + +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/259[CWE-259 - Use of Hard-coded Password] +* Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD[Hard Coded Password] + ifdef::env-github,rspecator-view[] @@ -44,9 +71,23 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -include::../message.adoc[] +=== Message + +Review this potentially hard-coded password. + + +=== Parameters + +.passwordWords +**** + +---- +password, passwd, pwd, passphrase +---- + +Comma separated list of words identifying potential password +**** -include::../parameters.adoc[] ''' == Comments And Links diff --git a/rules/S2068/metadata.json b/rules/S2068/metadata.json index 1be8e925d3d..4674b6d6a6d 100644 --- a/rules/S2068/metadata.json +++ b/rules/S2068/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -16,12 +16,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2068", diff --git a/rules/S2068/php/rule.adoc b/rules/S2068/php/rule.adoc index ae3a8ee3e12..d49be41c3eb 100644 --- a/rules/S2068/php/rule.adoc +++ b/rules/S2068/php/rule.adoc @@ -1,4 +1,4 @@ -include::../description.adoc[] +include::../description-no-recommend.adoc[] include::../ask-yourself.adoc[] diff --git a/rules/S2068/python/metadata.json b/rules/S2068/python/metadata.json index 17971333806..e2efa2dac94 100644 --- a/rules/S2068/python/metadata.json +++ b/rules/S2068/python/metadata.json @@ -1,3 +1,4 @@ { - + "title": "Hard-coded passwords are security-sensitive", + "quickfix": "unknown" } diff --git a/rules/S2068/python/rule.adoc b/rules/S2068/python/rule.adoc index ceb6b152014..1a3d6ec4853 100644 --- a/rules/S2068/python/rule.adoc +++ b/rules/S2068/python/rule.adoc @@ -1,4 +1,4 @@ -include::../description.adoc[] +include::../description-no-recommend.adoc[] include::../ask-yourself.adoc[] @@ -6,6 +6,7 @@ include::../recommended.adoc[] == Sensitive Code Example +[source,python] ---- username = 'admin' password = 'admin' # Sensitive diff --git a/rules/S2068/see.adoc b/rules/S2068/see.adoc index 03e0ce73c0e..ede53321334 100644 --- a/rules/S2068/see.adoc +++ b/rules/S2068/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/798[MITRE, CWE-798] - Use of Hard-coded Credentials -* https://cwe.mitre.org/data/definitions/259[MITRE, CWE-259] - Use of Hard-coded Password +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/798[CWE-798 - Use of Hard-coded Credentials] +* CWE - https://cwe.mitre.org/data/definitions/259[CWE-259 - Use of Hard-coded Password] * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD[Hard Coded Password] diff --git a/rules/S2068/vbnet/rule.adoc b/rules/S2068/vbnet/rule.adoc index 5a6922a9dcc..905e9c6408d 100644 --- a/rules/S2068/vbnet/rule.adoc +++ b/rules/S2068/vbnet/rule.adoc @@ -1,4 +1,4 @@ -include::../description.adoc[] +include::../description-no-recommend.adoc[] include::../ask-yourself.adoc[] diff --git a/rules/S2070/see.adoc b/rules/S2070/see.adoc index a6e6a6aa34f..1322dded6e2 100644 --- a/rules/S2070/see.adoc +++ b/rules/S2070/see.adoc @@ -1,6 +1,6 @@ == Resources -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/328[MITRE, CWE-328] - Reversible One-Way Hash -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/328[CWE-328 - Reversible One-Way Hash] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] * https://shattered.io/[SHAttered] - The first concrete collision attack against SHA-1. \ No newline at end of file diff --git a/rules/S2073/metadata.json b/rules/S2073/metadata.json index ecc8fba3ec5..bccd3cac5a5 100644 --- a/rules/S2073/metadata.json +++ b/rules/S2073/metadata.json @@ -27,7 +27,7 @@ 780 ], "OWASP": [ - "A5" + "A7" ], "OWASP Top 10 2021": [ "A2" diff --git a/rules/S2073/rule.adoc b/rules/S2073/rule.adoc index dd2790a03eb..a5096763172 100644 --- a/rules/S2073/rule.adoc +++ b/rules/S2073/rule.adoc @@ -21,7 +21,7 @@ Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING"); == Resources -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://cwe.mitre.org/data/definitions/780[MITRE, CWE-780] - Use of RSA Algorithm without OAEP -* https://www.owasp.org/index.php/Top_10_2013-A5-Security_Misconfiguration[OWASP Top Ten 2013 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* CWE - https://cwe.mitre.org/data/definitions/780[CWE-780 - Use of RSA Algorithm without OAEP] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A7 - Security Misconfiguration] diff --git a/rules/S2076/common/resources/standards.adoc b/rules/S2076/common/resources/standards.adoc index 8d19ee61fae..8ef32399e57 100644 --- a/rules/S2076/common/resources/standards.adoc +++ b/rules/S2076/common/resources/standards.adoc @@ -1,6 +1,9 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/78[MITRE, CWE-78] - Improper Neutralization of Special Elements used in an OS Command +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/78[CWE-78 - Improper Neutralization of Special Elements used in an OS Command] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222604[Application Security and Development: V-222604] - The application must protect from command injection. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S2076/metadata.json b/rules/S2076/metadata.json index 6685700dc9f..db23a694c79 100644 --- a/rules/S2076/metadata.json +++ b/rules/S2076/metadata.json @@ -49,6 +49,10 @@ "5.1.3", "5.1.4", "5.3.8" + ], + "STIG ASD_V5R3": [ + "V-222604", + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2076/python/how-to-fix-it/paramiko.adoc b/rules/S2076/python/how-to-fix-it/paramiko.adoc index f1bacca0347..d8f257c8cd3 100644 --- a/rules/S2076/python/how-to-fix-it/paramiko.adoc +++ b/rules/S2076/python/how-to-fix-it/paramiko.adoc @@ -11,22 +11,37 @@ shell control characters, the expected `ping` command behavior will be changed. [source,python,diff-id=1,diff-type=noncompliant] ---- -client = SSHClient() -client.connect("example.org", username=USER, password=PASS) -client.exec_command(request.args.get("cmd")) # Noncompliant +from flask import Flask, request +from paramiko.client import SSHClient + +app = Flask(__name__) + +@app.route('/example') +def example(): + client = SSHClient() + client.connect("example.org", username=USER, password=PASS) + + client.exec_command(request.args.get("cmd")) # Noncompliant ---- ==== Compliant solution [source,python,diff-id=1,diff-type=compliant] ---- -client = SSHClient() -client.connect("example.org", username=USER, password=PASS) +from flask import Flask, request +from paramiko.client import SSHClient + +app = Flask(__name__) + +@app.route('/example') +def example(): + client = SSHClient() + client.connect("example.org", username=USER, password=PASS) -DIAG_CMD=["/bin/ping -c 1 -- %s", "/bin/host -- %s"] -cmd = DIAG_CMD[int(request.args.get('cmdId'))] -cmd = cmd % shlex.quote(request.args.get('host')) -client.exec_command(cmd) + DIAG_CMD=["/bin/ping -c 1 -- %s", "/bin/host -- %s"] + cmd = DIAG_CMD[int(request.args.get('cmdId'))] + cmd = cmd % shlex.quote(request.args.get('host')) + client.exec_command(cmd) ---- === How does this work? diff --git a/rules/S2076/python/how-to-fix-it/python.adoc b/rules/S2076/python/how-to-fix-it/python.adoc index 8037b4c30fe..b02490f9df4 100644 --- a/rules/S2076/python/how-to-fix-it/python.adoc +++ b/rules/S2076/python/how-to-fix-it/python.adoc @@ -11,9 +11,16 @@ shell control characters, the expected `ping` command behavior will be changed. [source,python,diff-id=11,diff-type=noncompliant] ---- -def ping(): - cmd = "ping -c 1 %s" % request.args.get("host", "www.google.com") - status = os.system(cmd) # Noncompliant +from flask import Flask, request +import os + +app = Flask(__name__) + +@app.route('/example') +def example(): + host = request.args.get("host", "www.google.com") + + status = os.system("ping -c 1 %s" % host) # Noncompliant return str(status == 0) ---- @@ -21,8 +28,15 @@ def ping(): [source,python,diff-id=11,diff-type=compliant] ---- -def safe_ping(): +from flask import Flask, request +import os + +app = Flask(__name__) + +@app.route('/example') +def example(): host = request.args.get("host", "www.google.com") + status = subprocess.run(["ping", "-c", "1", "--", host]).returncode return str(status == 0) ---- diff --git a/rules/S2077/java/rule.adoc b/rules/S2077/java/rule.adoc index 24a5b9d28f0..78fa8c3ecd7 100644 --- a/rules/S2077/java/rule.adoc +++ b/rules/S2077/java/rule.adoc @@ -68,12 +68,12 @@ public User getUserHibernate(org.hibernate.Session session, String data) { == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command -* https://cwe.mitre.org/data/definitions/564[MITRE, CWE-564] - SQL Injection: Hibernate -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/943[MITRE, CWE-943] - Improper Neutralization of Special Elements in Data Query Logic +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command] +* CWE - https://cwe.mitre.org/data/definitions/564[CWE-564 - SQL Injection: Hibernate] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/943[CWE-943 - Improper Neutralization of Special Elements in Data Query Logic] * https://wiki.sei.cmu.edu/confluence/x/ITdGBQ[CERT, IDS00-J.] - Prevent SQL injection * Derived from FindSecBugs rules https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JPA[Potential SQL/JPQL Injection (JPA)], https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JDO[Potential SQL/JDOQL Injection (JDO)], https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_HIBERNATE[Potential SQL/HQL Injection (Hibernate)] diff --git a/rules/S2077/see.adoc b/rules/S2077/see.adoc index d3111f798aa..4d8636b4692 100644 --- a/rules/S2077/see.adoc +++ b/rules/S2077/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command] * Derived from FindSecBugs rules https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JPA[Potential SQL/JPQL Injection (JPA)], https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JDO[Potential SQL/JDOQL Injection (JDO)], https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_HIBERNATE[Potential SQL/HQL Injection (Hibernate)] diff --git a/rules/S2077/vbnet/rule.adoc b/rules/S2077/vbnet/rule.adoc index da2cc278287..d0d15b7c961 100644 --- a/rules/S2077/vbnet/rule.adoc +++ b/rules/S2077/vbnet/rule.adoc @@ -1,4 +1,4 @@ -include::../description.adoc[] +Formatted SQL queries can be difficult to maintain, debug and can increase the risk of SQL injection when concatenating untrusted values into the query. However, this rule doesn't detect SQL injections, the goal is only to highlight complex/formatted queries. include::../ask-yourself.adoc[] diff --git a/rules/S2078/common/resources/standards.adoc b/rules/S2078/common/resources/standards.adoc index ed337c6224c..4359017f067 100644 --- a/rules/S2078/common/resources/standards.adoc +++ b/rules/S2078/common/resources/standards.adoc @@ -1,8 +1,10 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * https://www.ietf.org/rfc/rfc4514.txt[RFC 4514] - LDAP: String Representation of Distinguished Names * https://www.ietf.org/rfc/rfc4515.txt[RFC 4515] - LDAP: String Representation of Search Filters -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/90[MITRE, CWE-90] - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/90[CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S2078/java/metadata.json b/rules/S2078/java/metadata.json index f0e25b5ee81..a2c276b1d99 100644 --- a/rules/S2078/java/metadata.json +++ b/rules/S2078/java/metadata.json @@ -27,6 +27,9 @@ "5.1.3", "5.1.4", "5.3.7" + ], + "STIG ASD_V5R3": [ + "V-222609" ] } } diff --git a/rules/S2078/metadata.json b/rules/S2078/metadata.json index 0364131ea49..022f5e82e80 100644 --- a/rules/S2078/metadata.json +++ b/rules/S2078/metadata.json @@ -48,6 +48,9 @@ "5.1.3", "5.1.4", "5.3.7" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2083/common/resources/standards.adoc b/rules/S2083/common/resources/standards.adoc index a36bf930771..97a216c1077 100644 --- a/rules/S2083/common/resources/standards.adoc +++ b/rules/S2083/common/resources/standards.adoc @@ -1,8 +1,10 @@ === Standards -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/22[MITRE, CWE-22] - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') \ No newline at end of file +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S2083/java/how-to-fix-it/java-se.adoc b/rules/S2083/java/how-to-fix-it/java-se.adoc index 8efa58f7a37..ac8607bc2b1 100644 --- a/rules/S2083/java/how-to-fix-it/java-se.adoc +++ b/rules/S2083/java/how-to-fix-it/java-se.adoc @@ -31,15 +31,15 @@ public class ExampleController @Controller public class ExampleController { - static private String targetDirectory = "/path/to/target/directory/"; + private static String targetDirectory = "/path/to/target/directory/"; + private static Path targetPath = new File(targetDirectory).toPath().normalize(); @GetMapping(value = "/delete") public void delete(@RequestParam("filename") String filename) throws IOException { - File file = new File(targetDirectory + filename); - String canonicalDestinationPath = file.getCanonicalPath(); + File file = new File(targetPath + filename); - if (!canonicalDestinationPath.startsWith(targetDirectory)) { + if (!file.toPath().normalize().startsWith(targetPath)) { throw new IOException("Entry is outside of the target directory"); } diff --git a/rules/S2083/metadata.json b/rules/S2083/metadata.json index 79bfc729780..c09242a12d2 100644 --- a/rules/S2083/metadata.json +++ b/rules/S2083/metadata.json @@ -50,6 +50,9 @@ "12.3.1", "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2084/java/rule.adoc b/rules/S2084/java/rule.adoc index c51ca8026e9..eceb331c858 100644 --- a/rules/S2084/java/rule.adoc +++ b/rules/S2084/java/rule.adoc @@ -57,8 +57,8 @@ public class MyServlet extends HttpServlet { == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/537[MITRE, CWE-537] - Information Exposure Through Java Runtime Error Message +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/537[CWE-537 - Information Exposure Through Java Runtime Error Message] diff --git a/rules/S2087/see.adoc b/rules/S2087/see.adoc index 821089665cb..af1522f5bfb 100644 --- a/rules/S2087/see.adoc +++ b/rules/S2087/see.adoc @@ -1,5 +1,5 @@ == Resources -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/261[MITRE, CWE-261] - Weak Cryptography for Passwords +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/261[CWE-261 - Weak Cryptography for Passwords] diff --git a/rules/S2089/java/rule.adoc b/rules/S2089/java/rule.adoc index 363832a5c0c..7fdec324efe 100644 --- a/rules/S2089/java/rule.adoc +++ b/rules/S2089/java/rule.adoc @@ -24,9 +24,9 @@ public class MyServlet extends HttpServlet { == Resources -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/807[MITRE, CWE-807] - Reliance on Untrusted Inputs in a Security Decision -* https://cwe.mitre.org/data/definitions/293[MITRE, CWE-293] - Using Referer Field for Authentication +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/807[CWE-807 - Reliance on Untrusted Inputs in a Security Decision] +* CWE - https://cwe.mitre.org/data/definitions/293[CWE-293 - Using Referer Field for Authentication] ifdef::env-github,rspecator-view[] diff --git a/rules/S2091/common/resources/standards.adoc b/rules/S2091/common/resources/standards.adoc index 2d705e8a644..c9f79c9320c 100644 --- a/rules/S2091/common/resources/standards.adoc +++ b/rules/S2091/common/resources/standards.adoc @@ -1,6 +1,9 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/643[MITRE, CWE-643] - Improper Neutralization of Data within XPath Expressions +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/643[CWE-643 - Improper Neutralization of Data within XPath Expressions] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S2091/java/metadata.json b/rules/S2091/java/metadata.json index 10f231dce36..aa62665aeab 100644 --- a/rules/S2091/java/metadata.json +++ b/rules/S2091/java/metadata.json @@ -27,6 +27,10 @@ "5.1.3", "5.1.4", "5.3.10" + ], + "STIG ASD_V5R3": [ + "V-222608", + "V-222609" ] } } diff --git a/rules/S2091/metadata.json b/rules/S2091/metadata.json index bcab2254681..196ead39a31 100644 --- a/rules/S2091/metadata.json +++ b/rules/S2091/metadata.json @@ -48,6 +48,10 @@ "5.1.3", "5.1.4", "5.3.10" + ], + "STIG ASD_V5R3": [ + "V-222608", + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2092/go/metadata.json b/rules/S2092/go/metadata.json new file mode 100644 index 00000000000..6afd55ee1cb --- /dev/null +++ b/rules/S2092/go/metadata.json @@ -0,0 +1,3 @@ +{ + "quickfix": "unknown" +} diff --git a/rules/S2092/go/rule.adoc b/rules/S2092/go/rule.adoc new file mode 100644 index 00000000000..9bb8aa03f1e --- /dev/null +++ b/rules/S2092/go/rule.adoc @@ -0,0 +1,156 @@ +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +For https://pkg.go.dev/std[Go Standard Library]: + +[source,go,diff-id=1,diff-type=noncompliant] +---- +import "net/http" + +func handler(w http.ResponseWriter, req *http.Request) { + cookie := http.Cookie{} + cookie.Name = "cookiename" + cookie.Value = "cookievalue" + http.SetCookie(w, &cookie) // Sensitive: Secure is false by default +} +---- + +For https://pkg.go.dev/github.com/beego/beego/v2/server/web[Beego]: + +[source,go,diff-id=2,diff-type=noncompliant] +---- +import "github.com/beego/beego/v2/server/web" + +func (ctrl *MainController) handler() { + ctrl.Ctx.SetCookie("name1", "value1", 200, "/", "example.com", false, false) // Sensitive +} +---- + +For https://pkg.go.dev/github.com/gofiber/fiber/v2[Fiber]: + +[source,go,diff-id=3,diff-type=noncompliant] +---- +import "github.com/gofiber/fiber/v2" + +func handler(c *fiber.Ctx) error { + cookie := new(fiber.Cookie) + cookie.Name = "name" + cookie.Value = "value" + c.Cookie(cookie) // Sensitive: Secure is false by default + return c.SendString("") +} +---- + +For https://pkg.go.dev/github.com/gin-gonic/gin[Gin]: + +[source,go,diff-id=4,diff-type=noncompliant] +---- +import "github.com/gin-gonic/gin" + +func handler(c *gin.Context) { + c.SetCookie("name", "value", 200, "/", "example.com", false, false) // Sensitive + c.JSON(http.StatusOK, gin.H{"message": ""}) +} +---- + +== Compliant Solution + +For https://pkg.go.dev/std[Go Standard Library]: + +[source,go,diff-id=1,diff-type=compliant] +---- +import "net/http" + +func handler(w http.ResponseWriter, req *http.Request) { + cookie := http.Cookie{} + cookie.Name = "cookiename" + cookie.Value = "cookievalue" + cookie.Secure = true + http.SetCookie(w, &cookie) +} +---- + +For https://pkg.go.dev/github.com/beego/beego/v2/server/web[Beego]: + +[source,go,diff-id=2,diff-type=compliant] +---- +import "github.com/beego/beego/v2/server/web" + +func (ctrl *MainController) handler() { + ctrl.Ctx.SetCookie("name1", "value1", 200, "/", "example.com", true, false) +} +---- + +For https://pkg.go.dev/github.com/gofiber/fiber/v2[Fiber]: + +[source,go,diff-id=3,diff-type=compliant] +---- +import "github.com/gofiber/fiber/v2" + +func handler(c *fiber.Ctx) error { + cookie := new(fiber.Cookie) + cookie.Name = "name" + cookie.Value = "value" + cookie.Secure = true + c.Cookie(cookie) + return c.SendString("") +} +---- + +For https://pkg.go.dev/github.com/gin-gonic/gin[Gin]: + +[source,go,diff-id=4,diff-type=compliant] +---- +import "github.com/gin-gonic/gin" + +func handler(c *gin.Context) { + c.SetCookie("name", "value", 200, "/", "example.com", true, false) + c.JSON(http.StatusOK, gin.H{"message": ""}) +} +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +=== Highlighting + +For Go Standard Library: + +* Highlight `SetCookie` if it is assigned an `http.Cookie` that has not `Secure` field specified. +* Highlight `Secure` field of `http.Cookie` if it is set to `false`. + +For Beego: + +* Highlight the 6th argument of `web.Controller.Context.SetCookie` if it is set to `false`. +* Highlight the 6th argument of `web.Controller.Context.Output.Cookie` if it is set to `false`. +* Highlight the 6th argument of `web.Controller.Context.SetSecureCookie` if it is set to `false`. + +For Fiber: + +* Highlight `Cookie` if it is assigned a `fiber.Cookie` that has not `Secure` field specified. +* Highlight `Secure` field of `fiber.Cookie` if it is set to `false`. + +For Gin: + +* Highlight the 6th argument of `gin.Context.SetCookie` if it is set to `false`. + + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S2092/metadata.json b/rules/S2092/metadata.json index 8336c0d4840..b05cdb4a5af 100644 --- a/rules/S2092/metadata.json +++ b/rules/S2092/metadata.json @@ -52,6 +52,9 @@ "6.1.1", "6.1.2", "6.1.3" + ], + "STIG ASD_V5R3": [ + "V-222576" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2092/python/metadata.json b/rules/S2092/python/metadata.json index 17971333806..e78ff04db13 100644 --- a/rules/S2092/python/metadata.json +++ b/rules/S2092/python/metadata.json @@ -1,3 +1,9 @@ { - + "tags": [ + "cwe", + "privacy", + "fastapi", + "django", + "flask" + ] } diff --git a/rules/S2092/see.adoc b/rules/S2092/see.adoc index 0967678927e..1a0ae5af63f 100644 --- a/rules/S2092/see.adoc +++ b/rules/S2092/see.adoc @@ -1,8 +1,10 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data -* https://cwe.mitre.org/data/definitions/315[MITRE, CWE-315] - Cleartext Storage of Sensitive Information in a Cookie -* https://cwe.mitre.org/data/definitions/614[MITRE, CWE-614] - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* CWE - https://cwe.mitre.org/data/definitions/315[CWE-315 - Cleartext Storage of Sensitive Information in a Cookie] +* CWE - https://cwe.mitre.org/data/definitions/614[CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222576[Application Security and Development: V-222576] - The application must set the secure flag on session cookies. + diff --git a/rules/S2093/java/rule.adoc b/rules/S2093/java/rule.adoc index 937f7c5cdcd..97596a5d823 100644 --- a/rules/S2093/java/rule.adoc +++ b/rules/S2093/java/rule.adoc @@ -101,6 +101,9 @@ Change this "try" to a try-with-resources. == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. It's important to close resources during tests. + === on 12 Oct 2014, 18:26:26 Freddy Mallet wrote: Minor point @Ann but I would associate the tag 'bug' to this rule. diff --git a/rules/S2094/csharp/rule.adoc b/rules/S2094/csharp/rule.adoc index e01bf1734b4..34f7d21cc25 100644 --- a/rules/S2094/csharp/rule.adoc +++ b/rules/S2094/csharp/rule.adoc @@ -22,11 +22,7 @@ public interface IEmpty === Exceptions -Partial classes are ignored entirely, as they are often used with Source Generators. -Subclasses of System.Exception are ignored, as even an empty Exception class can provide useful information by its type name alone. -Subclasses of System.Attribute are ignored, as well as classes which are annotated with attributes. -Subclasses of generic classes are ignored, as even when empty they can be used for type specialization. -Subclasses of certain framework types - like the PageModel class used in ASP.NET Core Razor Pages - are also ignored. +include::../exceptions-dotnet.adoc[] [source,csharp] ---- diff --git a/rules/S2094/exceptions-dotnet.adoc b/rules/S2094/exceptions-dotnet.adoc new file mode 100644 index 00000000000..e19f706a02e --- /dev/null +++ b/rules/S2094/exceptions-dotnet.adoc @@ -0,0 +1,7 @@ +- Partial classes are ignored entirely, as source generators often use them. +- Classes with names ending in `Command`, `Message`, `Event`, or `Query` are ignored as messaging libraries often use them. +- Subclasses of `System.Exception` are ignored; even an empty Exception class can provide helpful information by its type name alone. +- Subclasses of `System.Attribute` and classes annotated with attributes are ignored. +- Subclasses of generic classes are ignored, as they can be used for type specialization even when empty. +- Subclasses of certain framework types — like the `PageModel` class used in ASP.NET Core Razor Pages — are ignored. +- Subclass of a class with non-public default constructors are ignored, as they widen the constructor accessibility. \ No newline at end of file diff --git a/rules/S2094/java/metadata.json b/rules/S2094/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2094/java/metadata.json +++ b/rules/S2094/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2094/vbnet/rule.adoc b/rules/S2094/vbnet/rule.adoc index 1bc34ea4566..4de99520fff 100644 --- a/rules/S2094/vbnet/rule.adoc +++ b/rules/S2094/vbnet/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -There is no good excuse for an empty class. If it's being used simply as a common extension point, it should be replaced with an ``++Interface++``. If it was stubbed in as a placeholder for future development it should be fleshed-out. In any other case, it should be eliminated. +include::../description.adoc[] === Noncompliant code example @@ -22,11 +22,8 @@ End Interface === Exceptions -Partial classes are ignored entirely, as they are often used with Source Generators. -Subclasses of System.Exception are ignored, as even an empty Exception class can provide useful information by its type name alone. -Subclasses of System.Attribute are ignored, as well as classes which are annotated with attributes. -Subclasses of generic classes are ignored, as even when empty they can be used for type specialization. -Subclasses of certain framework types - like the PageModel class used in ASP.NET Core Razor Pages - are also ignored. +include::../exceptions-dotnet.adoc[] + [source,vbnet] ---- Imports Microsoft.AspNetCore.Mvc.RazorPages diff --git a/rules/S2095/cfamily/rule.adoc b/rules/S2095/cfamily/rule.adoc index ace78b2e739..f71a580c91c 100644 --- a/rules/S2095/cfamily/rule.adoc +++ b/rules/S2095/cfamily/rule.adoc @@ -98,8 +98,8 @@ If falling back to low-level file operations is not necessary, one should prefer === Standards * CERT - https://wiki.sei.cmu.edu/confluence/x/QtUxBQ[FIO42-C. Close files when they are no longer needed] -* CWE - https://cwe.mitre.org/data/definitions/459[459 Incomplete Cleanup] -* CWE - https://cwe.mitre.org/data/definitions/772[772 Missing Release of Resource after Effective Lifetime] +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 Incomplete Cleanup] +* CWE - https://cwe.mitre.org/data/definitions/772[CWE-772 Missing Release of Resource after Effective Lifetime] === Related rules diff --git a/rules/S2095/java/rule.adoc b/rules/S2095/java/rule.adoc index 40e99a0217c..e21edc348d7 100644 --- a/rules/S2095/java/rule.adoc +++ b/rules/S2095/java/rule.adoc @@ -92,8 +92,8 @@ catch ( ... ) { == Resources -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459] - Incomplete Cleanup -* https://cwe.mitre.org/data/definitions/772[MITRE, CWE-772] - Missing Release of Resource after Effective Lifetime +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] +* CWE - https://cwe.mitre.org/data/definitions/772[CWE-772 - Missing Release of Resource after Effective Lifetime] * https://wiki.sei.cmu.edu/confluence/x/vjdGBQ[CERT, FIO04-J.] - Release resources when they are no longer needed * https://wiki.sei.cmu.edu/confluence/x/QtUxBQ[CERT, FIO42-C.] - Close files when they are no longer needed * https://docs.oracle.com/javase/tutorial/essential/exceptions/tryResourceClose.html[Try With Resources] diff --git a/rules/S2095/metadata.json b/rules/S2095/metadata.json index 153b128329e..f9011363d15 100644 --- a/rules/S2095/metadata.json +++ b/rules/S2095/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -18,12 +18,8 @@ "denial-of-service" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2095", diff --git a/rules/S2096/metadata.json b/rules/S2096/metadata.json index 803feaab21b..d1ac5e9694a 100644 --- a/rules/S2096/metadata.json +++ b/rules/S2096/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,19 +16,13 @@ "error-handling" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2096", "sqKey": "S2096", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2097/java/metadata.json b/rules/S2097/java/metadata.json index 2ade8904fe2..9c011ddf0da 100644 --- a/rules/S2097/java/metadata.json +++ b/rules/S2097/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "\"equals(Object obj)\" should test the argument's type" + "title": "\"equals(Object obj)\" should test the argument's type", + "scope": "Main" } diff --git a/rules/S2107/cfamily/rule.adoc b/rules/S2107/cfamily/rule.adoc index 3034793168d..22b1df0597f 100644 --- a/rules/S2107/cfamily/rule.adoc +++ b/rules/S2107/cfamily/rule.adoc @@ -1,4 +1,4 @@ -Partially-initialized objects are surprising to the `class` users +Partially initialized objects are surprising to the `class` users and might lead to hard-to-catch bugs. ``class``es with constructors are expected to have all members initialized after their constructor finishes. @@ -27,23 +27,23 @@ struct PartInit { }; ---- -This leads to undefined behavior in benign-looking code like on the example below. +This leads to undefined behavior in benign-looking code, like in the example below. In this particular case, garbage value may be printed, or a compiler may optimize away the print statement completely. [source,cpp] ---- PartInit pi(1); -std::cout < All. + === on 10 Oct 2014, 13:58:53 Freddy Mallet wrote: @Ann, for me this RSPEC fully duplicates RSPEC-2131, what's the difference ? Thanks diff --git a/rules/S2131/java/metadata.json b/rules/S2131/java/metadata.json index 190131bc9a8..ec7c3f1fb6b 100644 --- a/rules/S2131/java/metadata.json +++ b/rules/S2131/java/metadata.json @@ -6,22 +6,17 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { "replacementRules": [ "RSPEC-1158" ], - "legacyKeys": [ - - ] + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2131", "sqKey": "S2131", - "scope": "All", - "defaultQualityProfiles": [ - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2133/java/metadata.json b/rules/S2133/java/metadata.json index 5613f4445e9..5f0ff5695fb 100644 --- a/rules/S2133/java/metadata.json +++ b/rules/S2133/java/metadata.json @@ -27,4 +27,4 @@ "Sonar way" ], "quickfix": "targeted" -} \ No newline at end of file +} diff --git a/rules/S2133/java/rule.adoc b/rules/S2133/java/rule.adoc index e29514043bf..766fbcdf5de 100644 --- a/rules/S2133/java/rule.adoc +++ b/rules/S2133/java/rule.adoc @@ -37,6 +37,9 @@ Remove this object instantiation and use "xxx.class" instead. == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + === on 10 Oct 2014, 11:40:44 Freddy Mallet wrote: Sounds good to me ! diff --git a/rules/S2134/java/metadata.json b/rules/S2134/java/metadata.json index 64a88d2c5d5..75551640839 100644 --- a/rules/S2134/java/metadata.json +++ b/rules/S2134/java/metadata.json @@ -17,17 +17,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2134", "sqKey": "S2134", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2137/javascript/rule.adoc b/rules/S2137/javascript/rule.adoc index aee9b9754fe..2118f8683b4 100644 --- a/rules/S2137/javascript/rule.adoc +++ b/rules/S2137/javascript/rule.adoc @@ -83,6 +83,8 @@ Do not use "xxx" to declare a [variable|parameter|class|function] - use another === is related to: S5806 +=== is duplicated by: S2424 + === on 10 Oct 2014, 17:12:00 Ann Campbell wrote: Assigned to you for review. diff --git a/rules/S2139/comments-and-links.adoc b/rules/S2139/comments-and-links.adoc deleted file mode 100644 index 25a3e64ef9c..00000000000 --- a/rules/S2139/comments-and-links.adoc +++ /dev/null @@ -1,3 +0,0 @@ -=== on 11 Oct 2014, 12:09:59 Freddy Mallet wrote: -Sounds good to me ! - diff --git a/rules/S2139/csharp/compliant.adoc b/rules/S2139/csharp/compliant.adoc new file mode 100644 index 00000000000..e716f20304b --- /dev/null +++ b/rules/S2139/csharp/compliant.adoc @@ -0,0 +1,21 @@ +[source,csharp,diff-id=1,diff-type=compliant] +---- +try {} +catch (Exception ex) +{ + logger.LogError(ex.Message); + // Handle exception +} +---- + +or + +[source,csharp] +---- +try {} +catch (Exception ex) +{ + // ... + throw; +} +---- \ No newline at end of file diff --git a/rules/S2139/csharp/metadata.json b/rules/S2139/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S2139/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S2139/csharp/noncompliant.adoc b/rules/S2139/csharp/noncompliant.adoc new file mode 100644 index 00000000000..0a03d25993f --- /dev/null +++ b/rules/S2139/csharp/noncompliant.adoc @@ -0,0 +1,9 @@ +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +try {} +catch (Exception ex) +{ + logger.LogError(ex.Message); + throw; +} +---- \ No newline at end of file diff --git a/rules/S2139/csharp/rule.adoc b/rules/S2139/csharp/rule.adoc new file mode 100644 index 00000000000..aaccfa20c20 --- /dev/null +++ b/rules/S2139/csharp/rule.adoc @@ -0,0 +1,3 @@ +:language: csharp + +include::../rule-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S2139/highlighting.adoc b/rules/S2139/highlighting.adoc deleted file mode 100644 index 3966f3bc466..00000000000 --- a/rules/S2139/highlighting.adoc +++ /dev/null @@ -1,8 +0,0 @@ -=== Highlighting - -* Primary: The exception caught -* Secondary 1: The logging statement: -** message: 'Logging statement.' -* Secondary 2: The ``++throw++`` statement -** message: 'Thrown exception.' - diff --git a/rules/S2139/java/rule.adoc b/rules/S2139/java/rule.adoc index c45be3615f0..a67a2e27d80 100644 --- a/rules/S2139/java/rule.adoc +++ b/rules/S2139/java/rule.adoc @@ -1,19 +1,3 @@ include::../rule.adoc[] -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -include::../message.adoc[] - -include::../highlighting.adoc[] - -''' -== Comments And Links -(visible only on this page) - -include::../comments-and-links.adoc[] - -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S2139/message.adoc b/rules/S2139/message.adoc deleted file mode 100644 index 50abd130cfc..00000000000 --- a/rules/S2139/message.adoc +++ /dev/null @@ -1,4 +0,0 @@ -=== Message - -Either log this exception and handle it, or rethrow it with some contextual information. - diff --git a/rules/S2139/metadata.json b/rules/S2139/metadata.json index f9cb117a447..550db21df40 100644 --- a/rules/S2139/metadata.json +++ b/rules/S2139/metadata.json @@ -13,8 +13,8 @@ "constantCost": "15min" }, "tags": [ - "error-handling", - "clumsy" + "logging", + "error-handling" ], "extra": { "replacementRules": [ @@ -31,5 +31,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S2139/rspecator.adoc b/rules/S2139/rspecator.adoc new file mode 100644 index 00000000000..24db470ff55 --- /dev/null +++ b/rules/S2139/rspecator.adoc @@ -0,0 +1,29 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Either log this exception and handle it, or rethrow it with some contextual information. + +=== Highlighting + +* Primary: The exception caught +* Secondary 1: The logging statement: +** message: 'Logging statement.' +* Secondary 2: The `throw` statement +** message: 'Thrown exception.' + +''' +== Comments And Links +(visible only on this page) + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Test don't always want to capture the logs, throwing any "Boom!" exception is enough. + +=== on 11 Oct 2014, 12:09:59 Freddy Mallet wrote: +Sounds good to me! + +endif::env-github,rspecator-view[] diff --git a/rules/S2139/rule-dotnet.adoc b/rules/S2139/rule-dotnet.adoc new file mode 100644 index 00000000000..f7428af0934 --- /dev/null +++ b/rules/S2139/rule-dotnet.adoc @@ -0,0 +1,38 @@ +== Why is this an issue? + +When an exception is logged and rethrown, the upstream code may not be aware that the exception has already been logged. +As a result, the same exception gets logged multiple times, making it difficult to identify the root cause of the issue. +This can be particularly problematic in multi-threaded applications where messages from other threads can be interwoven with the repeated log entries. + +=== Exceptions + +This rule will not generate issues if, within the catch block, one of the following conditions are met: + +* The logs generated within the catch block do not contain any references to the exception being caught. +* The exception being thrown from the catch block is not the same exception that is being caught. + +== How to fix it + +To address this issue, it is recommended to modify the code to log exceptions only when they are handled locally. In all other cases, simply rethrow the exception and allow the higher-level layers of the application to handle the logging and appropriate actions. + +=== Code examples + +==== Noncompliant code example + +include::{language}/noncompliant.adoc[] + +==== Compliant solution + +include::{language}/compliant.adoc[] + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/exception-handling-statements[Exception-handling statements] + +=== Articles & blog posts + +* https://rolf-engelhard.de/2013/04/logging-anti-patterns-part-ii/[Rolf Engelhard - Logging anti-patterns] + +include::rspecator.adoc[] \ No newline at end of file diff --git a/rules/S2140/java/metadata.json b/rules/S2140/java/metadata.json index 31ba9670c8e..ad6cb231c78 100644 --- a/rules/S2140/java/metadata.json +++ b/rules/S2140/java/metadata.json @@ -17,12 +17,8 @@ "performance" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2140", diff --git a/rules/S2140/java/rule.adoc b/rules/S2140/java/rule.adoc index a2426e9aa03..03780f638b5 100644 --- a/rules/S2140/java/rule.adoc +++ b/rules/S2140/java/rule.adoc @@ -40,6 +40,9 @@ Use "java.util.Random.nextInt()" instead. == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + === on 11 Oct 2014, 11:58:06 Freddy Mallet wrote: Sounds good for me ! diff --git a/rules/S2142/java/rule.adoc b/rules/S2142/java/rule.adoc index 4c5ae206a0f..03580f26a60 100644 --- a/rules/S2142/java/rule.adoc +++ b/rules/S2142/java/rule.adoc @@ -52,7 +52,7 @@ public void run () { == Resources -* https://cwe.mitre.org/data/definitions/391[MITRE, CWE-391] - Unchecked Error Condition +* CWE - https://cwe.mitre.org/data/definitions/391[CWE-391 - Unchecked Error Condition] ifdef::env-github,rspecator-view[] diff --git a/rules/S2145/cfamily/rule.adoc b/rules/S2145/cfamily/rule.adoc index ccaab5eff90..2369f317742 100644 --- a/rules/S2145/cfamily/rule.adoc +++ b/rules/S2145/cfamily/rule.adoc @@ -54,7 +54,7 @@ public void doSomething(int i) { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es70-prefer-a-switch-statement-to-an-if-statement-when-there-is-a-choice[{cpp} Core Guidelines ES.70]: Prefer a switch-statement to an if-statement when there is a choice +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es70-prefer-a-switch-statement-to-an-if-statement-when-there-is-a-choice[ES.70: Prefer a `switch`-statement to an `if`-statement when there is a choice] ifdef::env-github,rspecator-view[] diff --git a/rules/S2147/java/metadata.json b/rules/S2147/java/metadata.json index d677b51bbd8..7b876a278f5 100644 --- a/rules/S2147/java/metadata.json +++ b/rules/S2147/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "covered" -} \ No newline at end of file + "quickfix": "covered", + "scope": "All" +} diff --git a/rules/S2147/java/rule.adoc b/rules/S2147/java/rule.adoc index fe598e7f71a..f2b45d5db41 100644 --- a/rules/S2147/java/rule.adoc +++ b/rules/S2147/java/rule.adoc @@ -12,6 +12,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S2148/java/metadata.json b/rules/S2148/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2148/java/metadata.json +++ b/rules/S2148/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2151/java/metadata.json b/rules/S2151/java/metadata.json index 2a23d134066..10eaee42cb1 100644 --- a/rules/S2151/java/metadata.json +++ b/rules/S2151/java/metadata.json @@ -3,5 +3,6 @@ "CERT": [ "MET12-J." ] - } + }, + "scope": "Main" } diff --git a/rules/S2153/java/metadata.json b/rules/S2153/java/metadata.json index ac270c587e4..5a5ededcefd 100644 --- a/rules/S2153/java/metadata.json +++ b/rules/S2153/java/metadata.json @@ -16,12 +16,8 @@ "clumsy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2153", diff --git a/rules/S2153/java/rule.adoc b/rules/S2153/java/rule.adoc index cde4e42daa1..6524880b1d5 100644 --- a/rules/S2153/java/rule.adoc +++ b/rules/S2153/java/rule.adoc @@ -74,11 +74,13 @@ ifdef::env-github,rspecator-view[] Remove the [un]boxing of "xxx". - ''' == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. May be problems with earlier versions of java. + === on 15 Oct 2014, 22:14:41 Freddy Mallet wrote: I would remove the tag 'bug' on this rule because this doesn't impact the behavior at execution time. diff --git a/rules/S2154/java/metadata.json b/rules/S2154/java/metadata.json index dd9e2636d40..1e2a7b9a9a9 100644 --- a/rules/S2154/java/metadata.json +++ b/rules/S2154/java/metadata.json @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2154", diff --git a/rules/S2154/java/rule.adoc b/rules/S2154/java/rule.adoc index 1465fa59c9e..93de783ecd6 100644 --- a/rules/S2154/java/rule.adoc +++ b/rules/S2154/java/rule.adoc @@ -78,6 +78,9 @@ Add an explicit cast to match types of operands. == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + === on 16 Feb 2015, 18:02:37 Michael Gumowski wrote: Message changed, as the type of the ternary operation can not be resolved at the moment. Indicating the required cast is not yet possible. diff --git a/rules/S2156/java/metadata.json b/rules/S2156/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2156/java/metadata.json +++ b/rules/S2156/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2159/dart/metadata.json b/rules/S2159/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S2159/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S2159/dart/rule.adoc b/rules/S2159/dart/rule.adoc new file mode 100644 index 00000000000..95e6f2ab25a --- /dev/null +++ b/rules/S2159/dart/rule.adoc @@ -0,0 +1,45 @@ +== Why is this an issue? + +Comparisons of dissimilar types will always return `false`. The comparison and all its dependent code can simply be removed. This includes: + +* comparing an object with `null` +* comparing an object with an unrelated primitive (e.g. a `String` with an `int`) +* comparing unrelated types + +=== Noncompliant code example + +[source,dart] +---- +void f() { + var a = "Hello, World!"; + if (a == 42) { // Noncompliant: comparing a String with an int + print("BOOM!"); + } +} +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/unrelated_type_equality_checks[Dart Linter rule - unrelated_type_equality_checks] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +The type of the right operand ('bool') isn't a subtype or a supertype of the left operand ('int'). + +=== Highlighting + +The `==` operator or `!=` operator. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S2159/java/rule.adoc b/rules/S2159/java/rule.adoc index c62c8104e2d..053015ff929 100644 --- a/rules/S2159/java/rule.adoc +++ b/rules/S2159/java/rule.adoc @@ -76,6 +76,9 @@ ifdef::env-github,rspecator-view[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Silly equality comparisons are useful to fully tests "equals"". + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S2159/metadata.json b/rules/S2159/metadata.json index 115c149d5bc..e670acdb05f 100644 --- a/rules/S2159/metadata.json +++ b/rules/S2159/metadata.json @@ -1,5 +1,5 @@ { - "title": "Silly equality checks should not be made", + "title": "Unnecessary equality checks should not be made", "type": "BUG", "code": { "impacts": { diff --git a/rules/S2159/python/metadata.json b/rules/S2159/python/metadata.json index 40076174a98..325d45931e3 100644 --- a/rules/S2159/python/metadata.json +++ b/rules/S2159/python/metadata.json @@ -5,5 +5,8 @@ }, "attribute": "LOGICAL" }, - "defaultSeverity": "Blocker" + "defaultSeverity": "Blocker", + "tags": [ + "suspicious" + ] } diff --git a/rules/S2160/java/rule.adoc b/rules/S2160/java/rule.adoc index 62ff9c54c74..4366735b41e 100644 --- a/rules/S2160/java/rule.adoc +++ b/rules/S2160/java/rule.adoc @@ -88,5 +88,11 @@ ifdef::env-github,rspecator-view[] Override the "equals" method in this class +''' +== Comments And Links +(visible only on this page) + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Too much FP and we can not fix them easily. endif::env-github,rspecator-view[] diff --git a/rules/S2162/java/metadata.json b/rules/S2162/java/metadata.json index ffd7d69dd55..b55e7275f19 100644 --- a/rules/S2162/java/metadata.json +++ b/rules/S2162/java/metadata.json @@ -16,24 +16,18 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2162", "sqKey": "S2162", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "MET08-J." ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2164/java/metadata.json b/rules/S2164/java/metadata.json index bf8922508d4..f767c8ecd44 100644 --- a/rules/S2164/java/metadata.json +++ b/rules/S2164/java/metadata.json @@ -1,5 +1,6 @@ { "tags": [ "cert" - ] + ], + "scope": "Main" } diff --git a/rules/S2166/java/rule.adoc b/rules/S2166/java/rule.adoc index fe598e7f71a..731d4d9c592 100644 --- a/rules/S2166/java/rule.adoc +++ b/rules/S2166/java/rule.adoc @@ -12,6 +12,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. A lot of test class contains Exception for a good reason. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S2167/java/metadata.json b/rules/S2167/java/metadata.json index 4738559640c..a0639fcdd88 100644 --- a/rules/S2167/java/metadata.json +++ b/rules/S2167/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2167", "sqKey": "S2167", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2167/java/rule.adoc b/rules/S2167/java/rule.adoc index 9f68e55bf32..e334b4a67a1 100644 --- a/rules/S2167/java/rule.adoc +++ b/rules/S2167/java/rule.adoc @@ -98,5 +98,11 @@ ifdef::env-github,rspecator-view[] Simply return -1. +''' +== Comments And Links +(visible only on this page) + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. FP if we want to test "compareTo" limits endif::env-github,rspecator-view[] diff --git a/rules/S2168/java/metadata.json b/rules/S2168/java/metadata.json index 05486aa8d72..ef881767956 100644 --- a/rules/S2168/java/metadata.json +++ b/rules/S2168/java/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -20,12 +20,8 @@ "singleton" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2168", diff --git a/rules/S2168/java/rule.adoc b/rules/S2168/java/rule.adoc index 7d026f8bd7a..73662e96d9e 100644 --- a/rules/S2168/java/rule.adoc +++ b/rules/S2168/java/rule.adoc @@ -75,7 +75,7 @@ public class ResourceFactory { * https://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html[The "Double-Checked Locking is Broken" Declaration] * https://wiki.sei.cmu.edu/confluence/x/6zdGBQ[CERT, LCK10-J.] - Use a correct form of the double-checked locking idiom -* https://cwe.mitre.org/data/definitions/609[MITRE, CWE-609] - Double-checked locking +* CWE - https://cwe.mitre.org/data/definitions/609[CWE-609 - Double-checked locking] * https://docs.oracle.com/javase/specs/jls/se7/html/jls-12.html#jls-12.4[JLS 12.4] - Initialization of Classes and Interfaces * Wikipedia: https://en.wikipedia.org/wiki/Double-checked_locking#Usage_in_Java[Double-checked locking] @@ -95,6 +95,9 @@ Remove this dangerous instance of double-checked locking. == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + === on 20 Jul 2015, 07:45:24 Ann Campbell wrote: Tagged java-top by Ann diff --git a/rules/S2175/dart/metadata.json b/rules/S2175/dart/metadata.json new file mode 100644 index 00000000000..67a637da621 --- /dev/null +++ b/rules/S2175/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Inappropriate collection calls should not be made" +} diff --git a/rules/S2175/dart/rule.adoc b/rules/S2175/dart/rule.adoc new file mode 100644 index 00000000000..e0893ae5978 --- /dev/null +++ b/rules/S2175/dart/rule.adoc @@ -0,0 +1,68 @@ +== Why is this an issue? + +The Dart collections API has methods that allow developers to overcome type-safety restriction of the parameter, such as `Iterable.contains`. + +When the actual type of the object provided to these methods is not consistent with the target collection's actual type, those methods will always return `false` or `null`. This is most likely unintended and hides a design problem. + +This rule raises an issue when the type of the argument of the following APIs is unrelated to the type used for the collection declaration: + +* `Iterable.contains` +* `List.remove` +* `Map.containsKey` +* `Map.containsValue` +* `Map.remove` +* `Map.[]` +* `Queue.remove` +* `Set.lookup` +* `Set.remove` + +=== Noncompliant code example + +[source,dart] +---- +void foo(List list, Map map) { + + list.contains(100); // Noncompliant, list contains only Strings + list.remove(3.14); // Noncompliant + + map.containsKey["a"]; // Noncompliant + map["123"]; // Noncompliant +} +---- + +=== Compliant solution + +[source,dart] +---- +void foo(List list, Map map) { + + list.contains("100"); + list.remove("3.14"); + + map.containsValue["a"]; + map[123]; +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/collection_methods_unrelated_type[Dart Linter rule - collection_methods_unrelated_type] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message +The argument type '' isn't related to ''. + +=== Highlighting +The argument of the call to the method of the collection. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S2175/java/metadata.json b/rules/S2175/java/metadata.json index 67018647fa4..5c48152707f 100644 --- a/rules/S2175/java/metadata.json +++ b/rules/S2175/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Inappropriate \"Collection\" calls should not be made" + "title": "Inappropriate \"Collection\" calls should not be made", + "scope": "Main" } diff --git a/rules/S2175/java/rule.adoc b/rules/S2175/java/rule.adoc index f6da5c32aa7..9726a0c94a8 100644 --- a/rules/S2175/java/rule.adoc +++ b/rules/S2175/java/rule.adoc @@ -72,11 +72,16 @@ ifdef::env-github,rspecator-view[] A "[class]<[type]>" cannot contain a "[ytype]". - ''' == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Erwan Serandour wrote: +[test-code-support-investigation-for-java] Good candidate to move to 'All'. Custom implementation of collections is not the common case, I was not able to reproduce the other FPs. + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. FP on custom implementation of collections + === on 5 Feb 2015, 17:44:14 Michael Gumowski wrote: As I am currently encountering difficulties implementing the rule, I think that expressly mentioning the names of the variables in the issue message does not worth the effort. diff --git a/rules/S2176/java/metadata.json b/rules/S2176/java/metadata.json index 1514046b50f..5fe55b9dc1d 100644 --- a/rules/S2176/java/metadata.json +++ b/rules/S2176/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2176", "sqKey": "S2176", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2176/java/rule.adoc b/rules/S2176/java/rule.adoc index f049cb781a1..7ae25a7a772 100644 --- a/rules/S2176/java/rule.adoc +++ b/rules/S2176/java/rule.adoc @@ -79,6 +79,9 @@ Rename this class. == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Not sure about the value/impact in test. + === on 21 Oct 2014, 14:08:46 Nicolas Peru wrote: LGTM diff --git a/rules/S2177/java/metadata.json b/rules/S2177/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2177/java/metadata.json +++ b/rules/S2177/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2177/java/rule.adoc b/rules/S2177/java/rule.adoc index fe598e7f71a..95ccd9f8919 100644 --- a/rules/S2177/java/rule.adoc +++ b/rules/S2177/java/rule.adoc @@ -12,6 +12,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. Not sure about the value in tests. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S2178/java/metadata.json b/rules/S2178/java/metadata.json index 0bebb3d3055..8fc9b4ad28c 100644 --- a/rules/S2178/java/metadata.json +++ b/rules/S2178/java/metadata.json @@ -6,5 +6,6 @@ "CERT": [ "EXP46-C." ] - } + }, + "scope": "All" } diff --git a/rules/S2178/java/rule.adoc b/rules/S2178/java/rule.adoc index 2856b5b4a8a..d075c1b1192 100644 --- a/rules/S2178/java/rule.adoc +++ b/rules/S2178/java/rule.adoc @@ -22,6 +22,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. There might be cases in test code where users deliberately wanted to avoid short-circuited logic. But we considered that it is a bad practice. + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S2178/metadata.json b/rules/S2178/metadata.json index 56ca8e1bc68..37e5254138f 100644 --- a/rules/S2178/metadata.json +++ b/rules/S2178/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2178", diff --git a/rules/S2178/vbnet/rule.adoc b/rules/S2178/vbnet/rule.adoc index 58f00d29fdf..822d5733e70 100644 --- a/rules/S2178/vbnet/rule.adoc +++ b/rules/S2178/vbnet/rule.adoc @@ -1,14 +1,14 @@ == Why is this an issue? -https://en.wikipedia.org/wiki/Short-circuit_evaluation[Short-circuit evaluation] is an evaluation strategy for https://en.wikipedia.org/wiki/Logical_connective[Boolean operators], that doesn't evaluates the second argument of the operator if it is not needed to determine the result of the operation. +https://en.wikipedia.org/wiki/Short-circuit_evaluation[Short-circuit evaluation] is an evaluation strategy for https://en.wikipedia.org/wiki/Logical_connective[Boolean operators], that doesn't evaluate the second argument of the operator if it is not needed to determine the result of the operation. -VB.NET provides logical operators that implement short-circuit evaluation: `AndAlso` and `OrElse`, as well as non-short-circuit versions: `And` and `Or`. Unlike short-circuit operators, non-short-circuit ones evaluate both operands and afterwards perform the logical operation. +VB.NET provides logical operators that implement short-circuiting evaluations `AndAlso` and `OrElse`, as well as the non-short-circuiting versions `And` and `Or`. Unlike short-circuiting operators, the non-short-circuiting operators evaluate both operands and afterward perform the logical operation. -For example `False AndAlso FunctionCall` always results in `False`, even when `FunctionCall` invocation would raise an exception. Instead, `False & FunctionCall` also evaluates `FunctionCall`, and results in an exception if `FunctionCall` raises an exception. +For example `False AndAlso FunctionCall` always results in `False` even when the `FunctionCall` invocation would raise an exception. In contrast, `False And FunctionCall` also evaluates `FunctionCall`, and results in an exception if `FunctionCall` raises an exception. Similarly, `True OrElse FunctionCall` always results in `True`, no matter what the return value of `FunctionCall` would be. -The use of non-short-circuit logic in a boolean context is likely a mistake - one that could cause serious program errors as conditions are evaluated under the wrong circumstances. +The use of non-short-circuit logic in a boolean context is likely a mistake, one that could cause serious program errors as conditions are evaluated under the wrong circumstances. == How to fix it diff --git a/rules/S2183/java/metadata.json b/rules/S2183/java/metadata.json index 17971333806..9dbbef5a6c0 100644 --- a/rules/S2183/java/metadata.json +++ b/rules/S2183/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "All" } diff --git a/rules/S2183/rspecator.adoc b/rules/S2183/rspecator.adoc index 6624690544f..b672894da7a 100644 --- a/rules/S2183/rspecator.adoc +++ b/rules/S2183/rspecator.adoc @@ -16,6 +16,9 @@ Remove this useless shift (multiple of 32/64). == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. + include::comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S2184/cfamily/metadata.json b/rules/S2184/cfamily/metadata.json index 4f45fdc4f57..2e273644627 100644 --- a/rules/S2184/cfamily/metadata.json +++ b/rules/S2184/cfamily/metadata.json @@ -18,6 +18,9 @@ ], "ASVS 4.0": [ "5.4.3" + ], + "STIG ASD_V5R3": [ + "V-222612" ] } } diff --git a/rules/S2184/cfamily/rule.adoc b/rules/S2184/cfamily/rule.adoc index eeb2d935de0..48a934510cb 100644 --- a/rules/S2184/cfamily/rule.adoc +++ b/rules/S2184/cfamily/rule.adoc @@ -33,9 +33,13 @@ void compliant2() { == Resources +=== Standards + * MISRA {cpp}:2008, 5-0-8 - An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression. -* https://cwe.mitre.org/data/definitions/190[MITRE, CWE-190] - Integer Overflow or Wraparound +* CWE - https://cwe.mitre.org/data/definitions/190[CWE-190 - Integer Overflow or Wraparound] * https://wiki.sei.cmu.edu/confluence/x/I9cxBQ[CERT, INT18-C.] - Evaluate integer expressions in a larger size before comparing or assigning to that size +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. + ifdef::env-github,rspecator-view[] diff --git a/rules/S2184/csharp/rule.adoc b/rules/S2184/csharp/rule.adoc index a5c501470a6..54f1f9921ff 100644 --- a/rules/S2184/csharp/rule.adoc +++ b/rules/S2184/csharp/rule.adoc @@ -30,7 +30,10 @@ static void Method(float f) { } == Resources -* https://cwe.mitre.org/data/definitions/190[MITRE, CWE-190] - Integer Overflow or Wraparound +=== Standards + +* CWE - https://cwe.mitre.org/data/definitions/190[CWE-190 - Integer Overflow or Wraparound] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S2184/java/metadata.json b/rules/S2184/java/metadata.json index feff987871e..c45171fd493 100644 --- a/rules/S2184/java/metadata.json +++ b/rules/S2184/java/metadata.json @@ -14,6 +14,10 @@ ], "ASVS 4.0": [ "5.4.3" + ], + "STIG ASD_V5R3": [ + "V-222612" ] - } + }, + "scope": "Main" } diff --git a/rules/S2184/java/rule.adoc b/rules/S2184/java/rule.adoc index d7778f8c15f..cdf09bbf16a 100644 --- a/rules/S2184/java/rule.adoc +++ b/rules/S2184/java/rule.adoc @@ -62,9 +62,13 @@ public float compute2(float factor){ == Resources -* https://cwe.mitre.org/data/definitions/190[MITRE, CWE-190] - Integer Overflow or Wraparound +=== Standards + +* CWE - https://cwe.mitre.org/data/definitions/190[CWE-190 - Integer Overflow or Wraparound] * https://wiki.sei.cmu.edu/confluence/x/AjdGBQ[CERT, NUM50-J.] - Convert integers to floating point for floating-point operations * https://wiki.sei.cmu.edu/confluence/x/I9cxBQ[CERT, INT18-C.] - Evaluate integer expressions in a larger size before comparing or assigning to that size +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. + ifdef::env-github,rspecator-view[] @@ -78,6 +82,9 @@ include::../message.adoc[] == Comments And Links (visible only on this page) +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Keep 'Main'. FP because of assertEquals supporting (long,long) instead of (int,int). + include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S2184/metadata.json b/rules/S2184/metadata.json index 96c978d2996..55b414c301e 100644 --- a/rules/S2184/metadata.json +++ b/rules/S2184/metadata.json @@ -34,6 +34,9 @@ ], "ASVS 4.0": [ "5.4.3" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2185/java/metadata.json b/rules/S2185/java/metadata.json index 0b20027aa0f..187dfe331ee 100644 --- a/rules/S2185/java/metadata.json +++ b/rules/S2185/java/metadata.json @@ -16,12 +16,8 @@ "clumsy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2185", diff --git a/rules/S2185/java/rule.adoc b/rules/S2185/java/rule.adoc index 72108307ac3..716fe464e7c 100644 --- a/rules/S2185/java/rule.adoc +++ b/rules/S2185/java/rule.adoc @@ -75,5 +75,11 @@ ifdef::env-github,rspecator-view[] Remove this unnecessary call to "Math.xxx". +''' +== Comments And Links +(visible only on this page) + +=== on 21 Nov 2024, 16:48:00 Alban Auzeill wrote: +[test-code-support-investigation-for-java] Decision for scope: Main -> All. endif::env-github,rspecator-view[] diff --git a/rules/S2187/javascript/metadata.json b/rules/S2187/javascript/metadata.json new file mode 100644 index 00000000000..2e7b39577ea --- /dev/null +++ b/rules/S2187/javascript/metadata.json @@ -0,0 +1,14 @@ +{ + "title": "Test files should contain at least one test case", + "tags": [ + "jasmine", + "jest", + "mocha", + "node", + "tests", + "unused", + "confusing" + ], + "quickfix": "infeasible" +} + \ No newline at end of file diff --git a/rules/S2187/javascript/rule.adoc b/rules/S2187/javascript/rule.adoc new file mode 100644 index 00000000000..d1b8fd4fb59 --- /dev/null +++ b/rules/S2187/javascript/rule.adoc @@ -0,0 +1,44 @@ +== Why is this an issue? + +Test files in JavaScript and TypeScript are meant to contain test cases. These test cases are used to verify the functionality of your code and ensure that it behaves as expected. If a test file doesn't contain any test cases, it's not serving its purpose. + +A test file without test cases might indicate: + +* An incomplete test suite: Perhaps the developer started writing tests but didn't finish. +* A mistake: The developer might have accidentally deleted the test cases or moved them to another file. + +This rule flags any file that has ``++.test++`` or ``++.spec++`` as part of its suffix but does not contain any test cases defined using the different forms of the ``++it++`` and ``++test++`` functions from Jasmine, Jest, Mocha, or Node.js testing API. + +== How to fix it + +Add test cases to the file or delete it if it isn't needed anymore. + +=== Code examples + +==== Noncompliant code example + +[source,javascript,diff-id=1,diff-type=noncompliant] +---- +// eval.test.js + +/* no test cases */ +---- + +==== Compliant solution + +[source,javascript,diff-id=1,diff-type=compliant] +---- +// eval.test.js + +it('1 + 2 should give 3', () => { + expect(1 + 2).toBe(3); +}); +---- + +== Resources +=== Documentation + +* Jasmine docs - https://jasmine.github.io/api/edge/global[API] +* Jest docs - https://jestjs.io/docs/api[API] +* Mocha docs - https://mochajs.org/#getting-started[API] +* Node.js docs - https://nodejs.org/api/test.html[API] diff --git a/rules/S2187/metadata.json b/rules/S2187/metadata.json index 015df761401..576beea8775 100644 --- a/rules/S2187/metadata.json +++ b/rules/S2187/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "TESTED" }, @@ -18,12 +18,8 @@ "confusing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2187", diff --git a/rules/S2188/java/metadata.json b/rules/S2188/java/metadata.json index 1b84b09828b..cb9d90d84c5 100644 --- a/rules/S2188/java/metadata.json +++ b/rules/S2188/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -17,12 +17,8 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2188", diff --git a/rules/S2189/metadata.json b/rules/S2189/metadata.json index c572994af46..8abdefac93a 100644 --- a/rules/S2189/metadata.json +++ b/rules/S2189/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "15min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2189", diff --git a/rules/S2190/metadata.json b/rules/S2190/metadata.json index 34d6a3ad41c..a109c757e51 100644 --- a/rules/S2190/metadata.json +++ b/rules/S2190/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2190", diff --git a/rules/S2192/rule.adoc b/rules/S2192/rule.adoc index b0555c1f693..7ade57bd367 100644 --- a/rules/S2192/rule.adoc +++ b/rules/S2192/rule.adoc @@ -26,8 +26,7 @@ void f ( S * s ) == Resources * MISRA {cpp}:2008, 5-2-9 -* https://www.securecoding.cert.org/confluence/x/XAAV[CERT, INT36-C.] - Converting a pointer to integer or integer to pointer -* https://www.securecoding.cert.org/confluence/x/toAyAQ[CERT, INT11-CPP.] - Take care when converting from pointer to integer or integer to pointer + ifdef::env-github,rspecator-view[] diff --git a/rules/S2196/java/metadata.json b/rules/S2196/java/metadata.json index aba295ca297..a3686a939e3 100644 --- a/rules/S2196/java/metadata.json +++ b/rules/S2196/java/metadata.json @@ -16,19 +16,13 @@ "clumsy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2196", "sqKey": "S2196", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2197/java/metadata.json b/rules/S2197/java/metadata.json index f4b06dc7862..848b6bebee2 100644 --- a/rules/S2197/java/metadata.json +++ b/rules/S2197/java/metadata.json @@ -7,5 +7,6 @@ "CERT": [ "NUM51-J." ] - } + }, + "scope": "Main" } diff --git a/rules/S2201/metadata.json b/rules/S2201/metadata.json index 286956198a9..ea4f0b37a67 100644 --- a/rules/S2201/metadata.json +++ b/rules/S2201/metadata.json @@ -13,7 +13,8 @@ "constantCost": "10min" }, "tags": [ - + "suspicious", + "confusing" ], "extra": { "replacementRules": [ diff --git a/rules/S2203/java/metadata.json b/rules/S2203/java/metadata.json index dc2aa638bdc..818727d41d4 100644 --- a/rules/S2203/java/metadata.json +++ b/rules/S2203/java/metadata.json @@ -16,19 +16,13 @@ "java8" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2203", "sqKey": "S2203", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2204/java/metadata.json b/rules/S2204/java/metadata.json index 93742db733c..465352dbe35 100644 --- a/rules/S2204/java/metadata.json +++ b/rules/S2204/java/metadata.json @@ -16,17 +16,13 @@ "multi-threading" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2204", "sqKey": "S2204", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2208/java/metadata.json b/rules/S2208/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2208/java/metadata.json +++ b/rules/S2208/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2208/python/metadata.json b/rules/S2208/python/metadata.json index d860fd4691d..7194c6f0180 100644 --- a/rules/S2208/python/metadata.json +++ b/rules/S2208/python/metadata.json @@ -1,5 +1,9 @@ { "defaultQualityProfiles": [ "Sonar way" + ], + "tags": [ + "pitfall", + "bad-practice" ] } diff --git a/rules/S2210/see.adoc b/rules/S2210/see.adoc index 6099cb688b3..e106f0c528d 100644 --- a/rules/S2210/see.adoc +++ b/rules/S2210/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure[OWASP Top Ten 2013 Category A6] - Sensitive Data Exposure \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] diff --git a/rules/S2211/java/metadata.json b/rules/S2211/java/metadata.json index 7036963bb46..dde5625b53d 100644 --- a/rules/S2211/java/metadata.json +++ b/rules/S2211/java/metadata.json @@ -17,19 +17,13 @@ "java8" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2211", "sqKey": "S2211", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2215/rule.adoc b/rules/S2215/rule.adoc index 5b727e072b2..8d9e0949813 100644 --- a/rules/S2215/rule.adoc +++ b/rules/S2215/rule.adoc @@ -27,9 +27,7 @@ void clear2(short *array, int count) { == Resources -* https://www.securecoding.cert.org/confluence/x/6wE[CERT, ARR01-C] - Do not apply the sizeof operator to a pointer when taking the size of an array -* https://www.securecoding.cert.org/confluence/x/9YAyAQ[CERT, CTR01-CPP] - Do not apply the sizeof operator to a pointer when taking the size of an array -* https://cwe.mitre.org/data/definitions/467[MITRE, CWE-467] - Use of sizeof() on a Pointer Type +* CWE - https://cwe.mitre.org/data/definitions/467[CWE-467 - Use of sizeof() on a Pointer Type] ifdef::env-github,rspecator-view[] diff --git a/rules/S2220/rule.adoc b/rules/S2220/rule.adoc index 53ce62e8b81..5937dc89bc1 100644 --- a/rules/S2220/rule.adoc +++ b/rules/S2220/rule.adoc @@ -28,5 +28,5 @@ public bool Equals (object obj) { == Resources -* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] diff --git a/rules/S2221/csharp/rule.adoc b/rules/S2221/csharp/rule.adoc index f5ea540a117..debd6e2379f 100644 --- a/rules/S2221/csharp/rule.adoc +++ b/rules/S2221/csharp/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Catching `System.Exception` seems like an efficient way to handle multiple possible exceptions. Unfortunately, it traps all exception types, including the ones that were not intended to be caught. To prevent any misunderstandings, the exception filters should be used. Alternatively each exception type should be in a separate `catch` block. +Catching `System.Exception` seems like an efficient way to handle multiple possible exceptions. Unfortunately, it traps all exception types, including the ones that were not intended to be caught. To prevent any misunderstandings, exception filters should be used. Alternatively, each exception type should be in a separate `catch` block. === Noncompliant code example @@ -24,7 +24,7 @@ try { // do something } -catch (Exception e) when (e is FileNotFoundException || e is IOException) +catch (Exception e) when (e is FileNotFoundException or IOException) { // do something } @@ -32,7 +32,7 @@ catch (Exception e) when (e is FileNotFoundException || e is IOException) === Exceptions -The final option is to catch `System.Exception` and `throw` it in the last statement in the `catch` block. This is the least-preferred option, as it is an old-style code, which also suffers from performance penalty compared to exception filters. +The final option is to catch `System.Exception` and `throw` it in the last statement in the `catch` block. This is the least-preferred option, as it is an old-style code, which also suffers from performance penalties compared to exception filters. [source,csharp] ---- @@ -42,7 +42,7 @@ try } catch (Exception e) { - if (e is FileNotFoundException || e is IOException) + if (e is FileNotFoundException or IOException) { // do something } diff --git a/rules/S2221/see.adoc b/rules/S2221/see.adoc index 250052a5944..038d5482b06 100644 --- a/rules/S2221/see.adoc +++ b/rules/S2221/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/396[MITRE, CWE-396] - Declaration of Catch for Generic Exception \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/396[CWE-396 - Declaration of Catch for Generic Exception] \ No newline at end of file diff --git a/rules/S2222/java/metadata.json b/rules/S2222/java/metadata.json index 4bc9bcaa0fd..17971333806 100644 --- a/rules/S2222/java/metadata.json +++ b/rules/S2222/java/metadata.json @@ -1,7 +1,3 @@ { - "tags": [ - "cwe", - "multi-threading", - "symbolic-execution" - ] + } diff --git a/rules/S2222/metadata.json b/rules/S2222/metadata.json index dd2383bd240..e361d8b8bff 100644 --- a/rules/S2222/metadata.json +++ b/rules/S2222/metadata.json @@ -14,7 +14,8 @@ }, "tags": [ "cwe", - "multi-threading" + "multi-threading", + "symbolic-execution" ], "extra": { "replacementRules": [ diff --git a/rules/S2222/resources-dotnet.adoc b/rules/S2222/resources-dotnet.adoc index 2861597b3b3..74f7e6cb9fc 100644 --- a/rules/S2222/resources-dotnet.adoc +++ b/rules/S2222/resources-dotnet.adoc @@ -1,4 +1,4 @@ == Resources * https://docs.microsoft.com/en-us/dotnet/standard/threading/overview-of-synchronization-primitives#synchronization-of-access-to-a-shared-resource[Synchronization of access to a shared resource] -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459 - Incomplete Cleanup] \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] \ No newline at end of file diff --git a/rules/S2222/see.adoc b/rules/S2222/see.adoc index a4cae398512..c6d3caa64fb 100644 --- a/rules/S2222/see.adoc +++ b/rules/S2222/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459] - Incomplete Cleanup \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] \ No newline at end of file diff --git a/rules/S2225/java/rule.adoc b/rules/S2225/java/rule.adoc index 6b5067ca699..cb631cb3bef 100644 --- a/rules/S2225/java/rule.adoc +++ b/rules/S2225/java/rule.adoc @@ -27,7 +27,7 @@ public String toString () { == Resources -* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] * https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[CERT, EXP01-J.] - Do not use a null in a case where an object is required ifdef::env-github,rspecator-view[] diff --git a/rules/S2225/resources-dotnet.adoc b/rules/S2225/resources-dotnet.adoc index d8c365b9ccc..aa3cd0c365e 100644 --- a/rules/S2225/resources-dotnet.adoc +++ b/rules/S2225/resources-dotnet.adoc @@ -2,5 +2,5 @@ === Documentation -* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] * https://learn.microsoft.com/en-us/dotnet/api/system.object.tostring[Object.ToString Method] \ No newline at end of file diff --git a/rules/S2225/vbnet/rule.adoc b/rules/S2225/vbnet/rule.adoc index 8b13f9aa2f0..b4d7a686dcb 100644 --- a/rules/S2225/vbnet/rule.adoc +++ b/rules/S2225/vbnet/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Calling https://learn.microsoft.com/en-us/dotnet/api/system.object.tostring[ToString()] on an object should always return a `string`. Thus, overriding the ToString method should never return `Nothing`, as it breaks the method's implicit contract, and as a result the consumer's expectations. +Calling https://learn.microsoft.com/en-us/dotnet/api/system.object.tostring[ToString()] on an object should always return a `string`. Thus, overriding the ToString method should never return `Nothing` because it breaks the method's implicit contract, and as a result the consumer's expectations. [source,vbnet,diff-id=1,diff-type=noncompliant] ---- diff --git a/rules/S2226/java/metadata.json b/rules/S2226/java/metadata.json index 7c9ab04f3aa..8f9636bd8d5 100644 --- a/rules/S2226/java/metadata.json +++ b/rules/S2226/java/metadata.json @@ -32,6 +32,9 @@ "securityStandards": { "CERT": [ "MSC11-J." + ], + "STIG ASD_V5R3": [ + "V-222567" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2226/java/rule.adoc b/rules/S2226/java/rule.adoc index 42e5d9137dd..302234d6901 100644 --- a/rules/S2226/java/rule.adoc +++ b/rules/S2226/java/rule.adoc @@ -167,7 +167,11 @@ public class MyServlet extends HttpServlet { === Articles & blog posts * https://www.devinline.com/2013/08/how-to-make-thread-safe-servlet.html[Nikhil Ranjan: How to make thread safe servlet ?] -* https://objectcomputing.com/resources/publications/sett/april-2000-tips-for-creating-thread-safe-code-avoiding-race-conditions[Object Computing: Tips for creating thread-safe code] + +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + ifdef::env-github,rspecator-view[] diff --git a/rules/S2228/see.adoc b/rules/S2228/see.adoc index 1609e6e3404..e7372b52c96 100644 --- a/rules/S2228/see.adoc +++ b/rules/S2228/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] \ No newline at end of file diff --git a/rules/S2229/java/metadata.json b/rules/S2229/java/metadata.json index 14917e2916c..3e93ee497ec 100644 --- a/rules/S2229/java/metadata.json +++ b/rules/S2229/java/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,12 +16,8 @@ "spring" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2229", diff --git a/rules/S2230/java/metadata.json b/rules/S2230/java/metadata.json index a3011d6eff7..a13056516af 100644 --- a/rules/S2230/java/metadata.json +++ b/rules/S2230/java/metadata.json @@ -11,7 +11,6 @@ ], "code": { "impacts": { - "MAINTAINABILITY": "HIGH", "RELIABILITY": "MEDIUM" }, "attribute": "CONVENTIONAL" diff --git a/rules/S2234/java/metadata.json b/rules/S2234/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2234/java/metadata.json +++ b/rules/S2234/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2236/java/metadata.json b/rules/S2236/java/metadata.json index 345e3955975..17bec5880ea 100644 --- a/rules/S2236/java/metadata.json +++ b/rules/S2236/java/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -18,7 +18,7 @@ "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2236", "sqKey": "S2236", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2245/ask-yourself.adoc b/rules/S2245/ask-yourself.adoc index 57e9d5bc9ec..8040e53ab88 100644 --- a/rules/S2245/ask-yourself.adoc +++ b/rules/S2245/ask-yourself.adoc @@ -1,7 +1,7 @@ == Ask Yourself Whether * the code using the generated value requires it to be unpredictable. It is the case for all encryption mechanisms or when a secret value, such as a password, is hashed. -* the function you use generates a value which can be predicted (pseudo-random). +* the function you use is a non-cryptographic PRNG. * the generated value is used multiple times. * an attacker can access the generated value. diff --git a/rules/S2245/cfamily/rule.adoc b/rules/S2245/cfamily/rule.adoc index 89948808ffb..fc71c968cd7 100644 --- a/rules/S2245/cfamily/rule.adoc +++ b/rules/S2245/cfamily/rule.adoc @@ -1,18 +1,10 @@ -Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities: - -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386[CVE-2013-6386] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419[CVE-2006-3419] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102[CVE-2008-4102] - -When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information. - -As the functions rely on a pseudorandom number generator, they should not be used for security-critical applications or for protecting sensitive data. +include::../description.adoc[] include::../ask-yourself.adoc[] == Recommended Secure Coding Practices -* Use functions which rely on a strong random number generator such as ``++randombytes_uniform()++`` or ``++randombytes_buf()++`` from ``++libsodium++``, or ``++randomize()++`` from Botan. +* Use functions which rely on a cryptographically secure pseudorandom number generator (CSPRNG) such as ``++randombytes_uniform()++`` or ``++randombytes_buf()++`` from ``++libsodium++``, or ``++randomize()++`` from Botan. * Use the generated random values only once. * You should not expose the generated random value. If you have to store it, make sure that the database or file is secure. @@ -37,25 +29,26 @@ void f() { void f() { char random_chars[10]; - randombytes_buf(random_chars, 10); // Compliant - uint32_t random_int = randombytes_uniform(10); // Compliant + randombytes_buf(random_chars, 10); + uint32_t random_int = randombytes_uniform(10); uint8_t random_chars[10]; Botan::System_RNG system; - system.randomize(random_chars, 10); // Compliant + system.randomize(random_chars, 10); } ---- == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography -* https://cwe.mitre.org/data/definitions/338[MITRE, CWE-338] - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) -* https://cwe.mitre.org/data/definitions/330[MITRE, CWE-330] - Use of Insufficiently Random Values -* https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength -* https://cwe.mitre.org/data/definitions/1241[MITRE, CWE-1241] - Use of Predictable Algorithm in Random Number Generator +* OWASP - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation[Secure Random Number Generation Cheat Sheet] +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] +* CWE - https://cwe.mitre.org/data/definitions/338[CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)] +* CWE - https://cwe.mitre.org/data/definitions/330[CWE-330 - Use of Insufficiently Random Values] +* CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength] +* CWE - https://cwe.mitre.org/data/definitions/1241[CWE-1241 - Use of Predictable Algorithm in Random Number Generator] * https://wiki.sei.cmu.edu/confluence/x/UNcxBQ[CERT, MSC30-C.] - Do not use the rand() function for generating pseudorandom numbers * https://wiki.sei.cmu.edu/confluence/x/2ns-BQ[CERT, MSC50-CPP.] - Do not use std::rand() for generating pseudorandom numbers * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#PREDICTABLE_RANDOM[Predictable Pseudo Random Number Generator] diff --git a/rules/S2245/csharp/rule.adoc b/rules/S2245/csharp/rule.adoc index 1ddea8760c1..38cd69f59b0 100644 --- a/rules/S2245/csharp/rule.adoc +++ b/rules/S2245/csharp/rule.adoc @@ -1,13 +1,6 @@ -Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities: +include::../description.adoc[] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386[CVE-2013-6386] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419[CVE-2006-3419] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102[CVE-2008-4102] - -When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information. - - -As the ``++System.Random++`` class relies on a pseudorandom number generator, it should not be used for security-critical applications or for protecting sensitive data. In such context, the ``++System.Cryptography.RandomNumberGenerator++`` class which relies on a cryptographically strong random number generator (RNG) should be used in place. +As the ``++System.Random++`` class relies on a non-cryptographic pseudorandom number generator, it should not be used for security-critical applications or for protecting sensitive data. In such context, the ``++System.Cryptography.RandomNumberGenerator++`` class which relies on a CSPRNG should be used in place. include::../ask-yourself.adoc[] @@ -28,7 +21,7 @@ return BitConverter.ToString(data); // Check if this value is used for hashing o ---- using System.Security.Cryptography; ... -var randomGenerator = RandomNumberGenerator.Create(); // Compliant for security-sensitive use cases +var randomGenerator = RandomNumberGenerator.Create(); byte[] data = new byte[16]; randomGenerator.GetBytes(data); return BitConverter.ToString(data); diff --git a/rules/S2245/description.adoc b/rules/S2245/description.adoc index be5b73c0094..6108c2931bf 100644 --- a/rules/S2245/description.adoc +++ b/rules/S2245/description.adoc @@ -1,7 +1,11 @@ -Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities: +PRNGs are algorithms that produce sequences of numbers that only approximate true randomness. While they are suitable for applications like simulations or modeling, they are not appropriate for security-sensitive contexts because their outputs can be predictable if the internal state is known. + +In contrast, cryptographically secure pseudorandom number generators (CSPRNGs) are designed to be secure against prediction attacks. CSPRNGs use cryptographic algorithms to ensure that the generated sequences are not only random but also unpredictable, even if part of the sequence or the internal state becomes known. This unpredictability is crucial for security-related tasks such as generating encryption keys, tokens, or any other values that must remain confidential and resistant to guessing attacks. + +For example, the use of non-cryptographic PRNGs has led to vulnerabilities such as: * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386[CVE-2013-6386] * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419[CVE-2006-3419] * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102[CVE-2008-4102] -When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information. +When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information. Therefore, it is critical to use CSPRNGs in any security-sensitive application to ensure the robustness and security of the system. diff --git a/rules/S2245/go/rule.adoc b/rules/S2245/go/rule.adoc index 4ad13cd6fa2..c4307764a6f 100644 --- a/rules/S2245/go/rule.adoc +++ b/rules/S2245/go/rule.adoc @@ -30,7 +30,7 @@ num := rand.Intn(100) // Sensitive import "crypto/rand" a := make([]byte, 10) -_, err := rand.Read(a) // Compliant +_, err := rand.Read(a) if err != nil { panic(err) } @@ -40,7 +40,7 @@ if err != nil { ---- import "crypto/rand" -temp, err := rand.Int(rand.Reader, big.NewInt(100)) // Compliant +temp, err := rand.Int(rand.Reader, big.NewInt(100)) if err != nil { panic(err) } diff --git a/rules/S2245/java/rule.adoc b/rules/S2245/java/rule.adoc index fe798290cb3..7f803eaa030 100644 --- a/rules/S2245/java/rule.adoc +++ b/rules/S2245/java/rule.adoc @@ -1,19 +1,12 @@ -Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities: +include::../description.adoc[] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386[CVE-2013-6386] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419[CVE-2006-3419] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102[CVE-2008-4102] - -When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information. - - -As the ``++java.util.Random++`` class relies on a pseudorandom number generator, this class and relating ``++java.lang.Math.random()++`` method should not be used for security-critical applications or for protecting sensitive data. In such context, the ``++java.security.SecureRandom++`` class which relies on a cryptographically strong random number generator (RNG) should be used in place. +As the ``++java.util.Random++`` class relies on a non-cryptographic pseudorandom number generator, this class and relating ``++java.lang.Math.random()++`` method should not be used for security-critical applications or for protecting sensitive data. In such context, the ``++java.security.SecureRandom++`` class which relies on a CSPRNG should be used in place. include::../ask-yourself.adoc[] == Recommended Secure Coding Practices -* Use a cryptographically strong random number generator (RNG) like "java.security.SecureRandom" in place of this PRNG. +* Use a cryptographically secure pseudo random number generator (CSPRNG) like "java.security.SecureRandom" in place of a non-cryptographic PRNG. * Use the generated random values only once. * You should not expose the generated random value. If you have to store it, make sure that the database or file is secure. @@ -29,24 +22,23 @@ random.nextBytes(bytes); // Check if bytes is used for hashing, encryption, etc. [source,java] ---- -SecureRandom random = new SecureRandom(); // Compliant for security-sensitive use cases +SecureRandom random = new SecureRandom(); byte bytes[] = new byte[20]; random.nextBytes(bytes); ---- == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography -* https://cwe.mitre.org/data/definitions/338[MITRE, CWE-338] - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) -* https://cwe.mitre.org/data/definitions/330[MITRE, CWE-330] - Use of Insufficiently Random Values -* https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength -* https://cwe.mitre.org/data/definitions/1241[MITRE, CWE-1241] - Use of Predictable Algorithm in Random Number Generator +* OWASP - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation[Secure Random Number Generation Cheat Sheet] +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] +* CWE - https://cwe.mitre.org/data/definitions/338[CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)] +* CWE - https://cwe.mitre.org/data/definitions/330[CWE-330 - Use of Insufficiently Random Values] +* CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength] +* CWE - https://cwe.mitre.org/data/definitions/1241[CWE-1241 - Use of Predictable Algorithm in Random Number Generator] * https://wiki.sei.cmu.edu/confluence/x/oTdGBQ[CERT, MSC02-J.] - Generate strong random numbers -* https://wiki.sei.cmu.edu/confluence/x/UNcxBQ[CERT, MSC30-C.] - Do not use the rand() function for generating pseudorandom numbers -* https://wiki.sei.cmu.edu/confluence/x/2ns-BQ[CERT, MSC50-CPP.] - Do not use std::rand() for generating pseudorandom numbers * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#PREDICTABLE_RANDOM[Predictable Pseudo Random Number Generator] ifdef::env-github,rspecator-view[] diff --git a/rules/S2245/javascript/rule.adoc b/rules/S2245/javascript/rule.adoc index aaab7159e60..455879b7c5c 100644 --- a/rules/S2245/javascript/rule.adoc +++ b/rules/S2245/javascript/rule.adoc @@ -1,11 +1,4 @@ -Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities: - -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386[CVE-2013-6386] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419[CVE-2006-3419] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102[CVE-2008-4102] - -When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information. - +include::../description.adoc[] As the ``++Math.random()++`` function relies on a weak pseudorandom number generator, this function should not be used for security-critical applications or for protecting sensitive data. In such context, a cryptographically strong pseudorandom number generator (CSPRNG) should be used instead. @@ -13,7 +6,7 @@ include::../ask-yourself.adoc[] == Recommended Secure Coding Practices -* Use a cryptographically strong pseudorandom number generator (CSPRNG) like ``++crypto.getRandomValues()++``. +* Use a cryptographically secure pseudorandom number generator (CSPRNG) like ``++crypto.getRandomValues()++``. * Use the generated random values only once. * You should not expose the generated random value. If you have to store it, make sure that the database or file is secure. @@ -31,11 +24,11 @@ const val = Math.random(); // Sensitive // === Client side === const crypto = window.crypto || window.msCrypto; var array = new Uint32Array(1); -crypto.getRandomValues(array); // Compliant for security-sensitive use cases +crypto.getRandomValues(array); // === Server side === const crypto = require('crypto'); -const buf = crypto.randomBytes(1); // Compliant for security-sensitive use cases +const buf = crypto.randomBytes(1); ---- include::../see.adoc[] diff --git a/rules/S2245/kotlin/rule.adoc b/rules/S2245/kotlin/rule.adoc index 099e5773f3e..5ecb09225d8 100644 --- a/rules/S2245/kotlin/rule.adoc +++ b/rules/S2245/kotlin/rule.adoc @@ -16,7 +16,7 @@ random.nextBytes(bytes) [source,kotlin] ---- -val random = SecureRandom() // Compliant +val random = SecureRandom() val bytes = ByteArray(20) random.nextBytes(bytes) ---- diff --git a/rules/S2245/php/rule.adoc b/rules/S2245/php/rule.adoc index b73f370c842..c87812af9d9 100644 --- a/rules/S2245/php/rule.adoc +++ b/rules/S2245/php/rule.adoc @@ -1,34 +1,28 @@ -Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities: +include::../description.adoc[] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386[CVE-2013-6386] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419[CVE-2006-3419] -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102[CVE-2008-4102] - -When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information. - -As the ``++rand()++`` and ``++mt_rand()++`` functions rely on a pseudorandom number generator, it should not be used for security-critical applications or for protecting sensitive data. +As the ``++rand()++`` and ``++mt_rand()++`` functions are no CSPRNGs, they should not be used for security-critical applications or for protecting sensitive data. include::../ask-yourself.adoc[] == Recommended Secure Coding Practices -* Use functions which rely on a cryptographically strong random number generator such as ``++random_int()++`` or ``++random_bytes()++`` or ``++openssl_random_pseudo_bytes()++`` -* When using ``++openssl_random_pseudo_bytes()++``, provide and check the ``++crypto_strong++`` parameter +* Use functions which rely on a cryptographically secure pseudo random number generator (CSPRNG) such as ``++random_int()++`` or ``++random_bytes()++`` or ``++openssl_random_pseudo_bytes()++``. +* When using ``++openssl_random_pseudo_bytes()++``, provide and check the ``++crypto_strong++`` parameter. * Use the generated random values only once. * You should not expose the generated random value. If you have to store it, make sure that the database or file is secure. == Sensitive Code Example ---- -$random = rand(); -$random2 = mt_rand(0, 99); +$random = rand(); // Sensitive +$random2 = mt_rand(0, 99); // Sensitive ---- == Compliant Solution [source,php] ---- -$randomInt = random_int(0,99); // Compliant; generates a cryptographically secure random integer +$randomInt = random_int(0,99); ---- include::../see.adoc[] diff --git a/rules/S2245/see.adoc b/rules/S2245/see.adoc index f97dc9ed15e..de5e28b4ccb 100644 --- a/rules/S2245/see.adoc +++ b/rules/S2245/see.adoc @@ -1,11 +1,12 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography -* https://cwe.mitre.org/data/definitions/338[MITRE, CWE-338] - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) -* https://cwe.mitre.org/data/definitions/330[MITRE, CWE-330] - Use of Insufficiently Random Values -* https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength -* https://cwe.mitre.org/data/definitions/1241[MITRE, CWE-1241] - Use of Predictable Algorithm in Random Number Generator +* OWASP - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation[Secure Random Number Generation Cheat Sheet] +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] +* CWE - https://cwe.mitre.org/data/definitions/338[CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)] +* CWE - https://cwe.mitre.org/data/definitions/330[CWE-330 - Use of Insufficiently Random Values] +* CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength] +* CWE - https://cwe.mitre.org/data/definitions/1241[CWE-1241 - Use of Predictable Algorithm in Random Number Generator] * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#PREDICTABLE_RANDOM[Predictable Pseudo Random Number Generator] diff --git a/rules/S2251/java/metadata.json b/rules/S2251/java/metadata.json index 8759bfa831b..3abe1c24eaa 100644 --- a/rules/S2251/java/metadata.json +++ b/rules/S2251/java/metadata.json @@ -6,5 +6,6 @@ "CERT": [ "MSC54-J." ] - } + }, + "scope": "Main" } diff --git a/rules/S2252/java/metadata.json b/rules/S2252/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2252/java/metadata.json +++ b/rules/S2252/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2253/cfamily/metadata.json b/rules/S2253/cfamily/metadata.json new file mode 100644 index 00000000000..6a414df1368 --- /dev/null +++ b/rules/S2253/cfamily/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "User-specified functions should not be called" +} \ No newline at end of file diff --git a/rules/S2253/cfamily/rule.adoc b/rules/S2253/cfamily/rule.adoc new file mode 100644 index 00000000000..e1adb62926b --- /dev/null +++ b/rules/S2253/cfamily/rule.adoc @@ -0,0 +1,25 @@ +This rule template allows to define rules that ban the call of some functions, for instance functions provided for legacy reasons. It will not prevent calling member functions or macros with the same name. + +It comes with two parameters: + +* `names` defines a comma-separated list of function names to ban. You can specify a standalone name, in which case the rule will match functions with that name in any namespaces, or a qualified name (for instance, `print` will match `std::print`, but `::print` will not) +* `message` is the message to display when the rule is violated. If you use a `$` in that message, it will be replaced by the name of the function that was called. + + +=== Noncompliant code example + +Given parameters: + +* names: f1, ::f2 +* message: Don't call $ + +[source,cpp] +---- +void f() { + f1(); // Noncompliant: Don't call f1 + my::f1(); // Noncompliant: Don't call f1 + f2(); // Noncompliant: Don't call f2 + my::f2() // Compliant +} +---- + diff --git a/rules/S2254/java/metadata.json b/rules/S2254/java/metadata.json index a34fab19fba..108f0de7b6e 100644 --- a/rules/S2254/java/metadata.json +++ b/rules/S2254/java/metadata.json @@ -16,8 +16,12 @@ "cwe" ], "extra": { - "replacementRules": [], - "legacyKeys": [] + "replacementRules": [ + + ], + "legacyKeys": [ + + ] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2254", @@ -32,10 +36,13 @@ ], "OWASP Top 10 2021": [ "A4" + ], + "STIG ASD_V5R3": [ + "V-222582" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S2254/java/rule.adoc b/rules/S2254/java/rule.adoc index e502b24141f..eeb1738fb05 100644 --- a/rules/S2254/java/rule.adoc +++ b/rules/S2254/java/rule.adoc @@ -61,9 +61,10 @@ The compliant example instead uses the server's session ID to verify if the sess === Standards -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/807[MITRE, CWE-807] - Reliance on Untrusted Inputs in a Security Decision +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/807[CWE-807 - Reliance on Untrusted Inputs in a Security Decision] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. ifdef::env-github,rspecator-view[] diff --git a/rules/S2255/java/rule.adoc b/rules/S2255/java/rule.adoc index b61d0f81e98..5cfec78017b 100644 --- a/rules/S2255/java/rule.adoc +++ b/rules/S2255/java/rule.adoc @@ -87,9 +87,9 @@ class Play { == See -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/312[MITRE, CWE-312] - Cleartext Storage of Sensitive Information -* https://cwe.mitre.org/data/definitions/315[MITRE, CWE-315] - Cleartext Storage of Sensitive Information in a Cookie +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/312[CWE-312 - Cleartext Storage of Sensitive Information] +* CWE - https://cwe.mitre.org/data/definitions/315[CWE-315 - Cleartext Storage of Sensitive Information in a Cookie] * https://wiki.sei.cmu.edu/confluence/display/java/FIO52-J.+Do+not+store+unencrypted+sensitive+information+on+the+client+side[CERT, FIO52-J.] - Do not store unencrypted sensitive information on the client side * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#COOKIE_USAGE[COOKIE_USAGE] diff --git a/rules/S2255/see.adoc b/rules/S2255/see.adoc index 5c927d1e57d..4a5cbb66a4c 100644 --- a/rules/S2255/see.adoc +++ b/rules/S2255/see.adoc @@ -1,6 +1,6 @@ == See -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/312[MITRE, CWE-312] - Cleartext Storage of Sensitive Information -* https://cwe.mitre.org/data/definitions/315[MITRE, CWE-315] - Cleartext Storage of Sensitive Information in a Cookie +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/312[CWE-312 - Cleartext Storage of Sensitive Information] +* CWE - https://cwe.mitre.org/data/definitions/315[CWE-315 - Cleartext Storage of Sensitive Information in a Cookie] * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#COOKIE_USAGE[COOKIE_USAGE] diff --git a/rules/S2257/python/metadata.json b/rules/S2257/python/metadata.json index 17971333806..ba9315c9779 100644 --- a/rules/S2257/python/metadata.json +++ b/rules/S2257/python/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "cwe", + "bad-practice" + ] } diff --git a/rules/S2257/python/rule.adoc b/rules/S2257/python/rule.adoc index d57159f97a6..a1bd1e83c65 100644 --- a/rules/S2257/python/rule.adoc +++ b/rules/S2257/python/rule.adoc @@ -14,9 +14,9 @@ class CustomPasswordHasher(BasePasswordHasher): # Sensitive == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S2257/see.adoc b/rules/S2257/see.adoc index 027f2f6ab85..11fdb49df62 100644 --- a/rules/S2257/see.adoc +++ b/rules/S2257/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#CUSTOM_MESSAGE_DIGEST[MessageDigest is Custom] \ No newline at end of file diff --git a/rules/S2258/java/rule.adoc b/rules/S2258/java/rule.adoc index dc015a2a6f7..3d310fb8d4d 100644 --- a/rules/S2258/java/rule.adoc +++ b/rules/S2258/java/rule.adoc @@ -13,8 +13,8 @@ NullCipher nc = new NullCipher(); == Resources -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] ifdef::env-github,rspecator-view[] diff --git a/rules/S2259/cfamily/metadata.json b/rules/S2259/cfamily/metadata.json index 68f857420ec..ed93e1ada02 100644 --- a/rules/S2259/cfamily/metadata.json +++ b/rules/S2259/cfamily/metadata.json @@ -1,4 +1,10 @@ -{ +{ + "code": { + "impacts": { + "RELIABILITY": "HIGH" + }, + "attribute": "LOGICAL" +}, "tags": [ "cwe", "symbolic-execution", diff --git a/rules/S2259/cfamily/rule.adoc b/rules/S2259/cfamily/rule.adoc index 23bd023b555..36621ea8ec0 100644 --- a/rules/S2259/cfamily/rule.adoc +++ b/rules/S2259/cfamily/rule.adoc @@ -2,7 +2,7 @@ Dereferencing a null pointer results in undefined behavior. == Why is this an issue? -A pointer to null, also known as a null pointer, is created by initializing a pointer object to `0`, `NULL`, or in the case of C++ `nullptr`. +A pointer to null, also known as a null pointer, is created by initializing a pointer object to `0`, `NULL`, or in the case of {cpp} `nullptr`. A null pointer does neither point to an object nor to valid memory, and as a consequence dereferencing or accessing the memory pointed by such a pointer is undefined behavior. [source,c] @@ -42,7 +42,7 @@ Finally, invoking a function pointer that holds a null value, dereferences the p ---- void call() { void (*func)(int) = NULL; // func is a pointer to a function - func(10); // Noncompliant: the invocation of a null function pointer + func(10); // Noncompliant: the invocation of a null function pointer } ---- @@ -115,12 +115,12 @@ include::../../../shared_content/cfamily/reference_over_nonnull_pointer.adoc[] === Standards * CERT - https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[EXP34-C.Do not dereference null pointers] -* CWE - https://cwe.mitre.org/data/definitions/476[476 NULL Pointer Dereference] +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 NULL Pointer Dereference] === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md[F.16: For "in" parameters, pass cheaply-copied types by value and others by reference to const] -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md[F.17: For "in-out" parameters, pass by reference to non-const] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f16-for-in-parameters-pass-cheaply-copied-types-by-value-and-others-by-reference-to-const[F.16: For "in" parameters, pass cheaply-copied types by value and others by reference to `const`] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f17-for-in-out-parameters-pass-by-reference-to-non-const[F.17: For "in-out" parameters, pass by reference to non-`const`] === Related rules diff --git a/rules/S2259/csharp/metadata.json b/rules/S2259/csharp/metadata.json index bb3d04f385c..190d8cece38 100644 --- a/rules/S2259/csharp/metadata.json +++ b/rules/S2259/csharp/metadata.json @@ -1,3 +1,7 @@ { - "quickfix": "infeasible" + "quickfix": "infeasible", + "tags": [ + "cwe", + "symbolic-execution" + ] } diff --git a/rules/S2259/java/rule.adoc b/rules/S2259/java/rule.adoc index c229e7c4eba..4fa848da100 100644 --- a/rules/S2259/java/rule.adoc +++ b/rules/S2259/java/rule.adoc @@ -25,7 +25,7 @@ include::compliant-code.adoc[] == Resources -* MITRE, CWE-476 - https://cwe.mitre.org/data/definitions/476[NULL Pointer Dereference] +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] * CERT, EXP34-C. - https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[Do not dereference null pointers] * CERT, EXP01-J. - https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[Do not use a null in a case where an object is required] diff --git a/rules/S2259/python/rule.adoc b/rules/S2259/python/rule.adoc index fb91c8449ca..2694c6707ab 100644 --- a/rules/S2259/python/rule.adoc +++ b/rules/S2259/python/rule.adoc @@ -97,7 +97,7 @@ performing the call. === Articles & blog posts -* CVE - https://cwe.mitre.org/data/definitions/476[CWE-476: - NULL Pointer Dereference] +* CVE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] ifdef::env-github,rspecator-view[] diff --git a/rules/S2259/see.adoc b/rules/S2259/see.adoc index 13ddbbe2ee4..d18d1a738b1 100644 --- a/rules/S2259/see.adoc +++ b/rules/S2259/see.adoc @@ -2,4 +2,4 @@ === Documentation -* CVE - https://cwe.mitre.org/data/definitions/476[CWE-476: - NULL Pointer Dereference] +* CVE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] diff --git a/rules/S2259/vbnet/metadata.json b/rules/S2259/vbnet/metadata.json index bb3d04f385c..190d8cece38 100644 --- a/rules/S2259/vbnet/metadata.json +++ b/rules/S2259/vbnet/metadata.json @@ -1,3 +1,7 @@ { - "quickfix": "infeasible" + "quickfix": "infeasible", + "tags": [ + "cwe", + "symbolic-execution" + ] } diff --git a/rules/S2260/ansible/metadata.json b/rules/S2260/ansible/metadata.json new file mode 100644 index 00000000000..bc2695a7812 --- /dev/null +++ b/rules/S2260/ansible/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Ansible parsing failure" +} diff --git a/rules/S2260/ansible/rule.adoc b/rules/S2260/ansible/rule.adoc new file mode 100644 index 00000000000..10c9b1336a0 --- /dev/null +++ b/rules/S2260/ansible/rule.adoc @@ -0,0 +1,17 @@ +When the Ansible parser fails, it is possible to record the failure as a violation on the file. +This way, not only is it possible to track the number of files that do not parse but also to easily find out why they do not parse. + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] +endif::env-github,rspecator-view[] diff --git a/rules/S2260/dart/metadata.json b/rules/S2260/dart/metadata.json new file mode 100644 index 00000000000..ba8f1ca6d0a --- /dev/null +++ b/rules/S2260/dart/metadata.json @@ -0,0 +1,10 @@ +{ + "title": "Dart build, compiler, or analyzer configuration errors", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "0min" + }, + "defaultQualityProfiles": [ + "Sonar way" + ] +} diff --git a/rules/S2260/dart/rule.adoc b/rules/S2260/dart/rule.adoc new file mode 100644 index 00000000000..9403ff1233e --- /dev/null +++ b/rules/S2260/dart/rule.adoc @@ -0,0 +1,74 @@ +== Why is this an issue? + +When the analysis succeeds, it doesn't mean that the analyzer was able to understand all the analyzed code. If the analyzer fails on some parts of your code, it will ignore them during the analysis. This rule will help you track these analysis failures. + +There are many reasons why analysis failures can happen, here are the common ones: + +* The code contains compile-time error(s). +* `flutter pub get`, `dart pub get`, or similar commands were not executed. +* The types weren't resolved correctly (some dependencies are missing or files weren't generated). +* Use of new language features that are not yet supported by our analyzer. + +How do they impact analysis? We cannot judge without looking at specific examples, as they contain a broad range of types of errors. + +There are three recommended ways to deal with analysis failures: + +* Fix compiler errors. +* Make sure you got all project dependencies, via `flutter pub get`, `dart pub get`, ... +* Make sure all referenced generated files were generated before the analysis. + +If you cannot fix them, let us know through the https://community.sonarsource.com/[Sonar Community forum]. + +=== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void fun(int x) { + print(x) // Noncompliant, missing ';' +} + +---- + +=== Compliant solution + + +[source,dart,diff-id=1,diff-type=compliant] +---- +void fun(int x) { + print(x); +} + +---- + +=== Noncompliant code example + +Another example could be with missing generated classes + +[source,dart] +---- +import 'package:generated/my_classes.dart'; // Noncompliant, Target of URI doesn't exist: 'package:generated/my_classes.dart'. + +void main() { + print(MyClass().name); // MyClass type is missing +} +---- + +To fix this, make sure code generation task was executed before the analysis. + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Depends on the Diagnostic reported + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S2260/go/metadata.json b/rules/S2260/go/metadata.json index a74028fcc4d..886893b2f2b 100644 --- a/rules/S2260/go/metadata.json +++ b/rules/S2260/go/metadata.json @@ -1,6 +1,3 @@ { - "title": "Go parser failure", - "defaultQualityProfiles": [ - "Sonar way" - ] + "title": "Go parser failure" } diff --git a/rules/S2260/java/metadata.json b/rules/S2260/java/metadata.json index 32f74382436..bcc709ff485 100644 --- a/rules/S2260/java/metadata.json +++ b/rules/S2260/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Java parser failure" + "title": "Java parser failure", + "scope": "Main" } diff --git a/rules/S2260/javascript/metadata.json b/rules/S2260/javascript/metadata.json index 99f27b24a34..6c434b59fdc 100644 --- a/rules/S2260/javascript/metadata.json +++ b/rules/S2260/javascript/metadata.json @@ -1,4 +1,11 @@ { "title": "JavaScript parser failure", - "scope": "Main" + "scope": "Main", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM", + "RELIABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S2260/jcl/metadata.json b/rules/S2260/jcl/metadata.json new file mode 100644 index 00000000000..0699ba94063 --- /dev/null +++ b/rules/S2260/jcl/metadata.json @@ -0,0 +1,4 @@ +{ + "title": "JCL parser failure", + "scope": "Main" +} diff --git a/rules/S2260/jcl/rule.adoc b/rules/S2260/jcl/rule.adoc new file mode 100644 index 00000000000..45856ef641a --- /dev/null +++ b/rules/S2260/jcl/rule.adoc @@ -0,0 +1,19 @@ +== Why is this an issue? + +When the JCL parser fails, it is possible to record the failure as a violation on the file. This way, not only it is possible to track the number of files that do not parse but also to easily find out why they do not parse. + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S2260/metadata.json b/rules/S2260/metadata.json index 5e68c3a0df8..5608de7bcd3 100644 --- a/rules/S2260/metadata.json +++ b/rules/S2260/metadata.json @@ -25,5 +25,5 @@ "sqKey": "S2260", "scope": "All", "defaultQualityProfiles": [], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S2273/java/metadata.json b/rules/S2273/java/metadata.json index 23353ea13cb..50ac1472dc0 100644 --- a/rules/S2273/java/metadata.json +++ b/rules/S2273/java/metadata.json @@ -16,17 +16,13 @@ "multi-threading" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2273", "sqKey": "S2273", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2274/java/metadata.json b/rules/S2274/java/metadata.json index cdd5609ceab..3614e3eb98b 100644 --- a/rules/S2274/java/metadata.json +++ b/rules/S2274/java/metadata.json @@ -17,17 +17,13 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2274", "sqKey": "S2274", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "THI03-J." diff --git a/rules/S2275/cfamily/rule.adoc b/rules/S2275/cfamily/rule.adoc index f11a3058c83..1cc856e56ac 100644 --- a/rules/S2275/cfamily/rule.adoc +++ b/rules/S2275/cfamily/rule.adoc @@ -1,10 +1,11 @@ == Why is this an issue? -Because ``++printf++`` format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that lead to unexpected behavior or runtime errors. This rule statically validates the good behavior of ``++printf++`` formats. - +Because `printf` format strings are interpreted at runtime rather than validated by the compiler, they can contain errors that lead to unexpected behavior or runtime errors. This rule statically validates the good behavior of `printf` formats. The related rule S3457 is about errors that produce an unexpected string, while this rule is about errors that will create undefined behavior. +Starting with {cpp}23, `std::print` should be preferred: its arguments are validated at compile-time, making it more secure. + === Noncompliant code example [source,cpp] @@ -36,7 +37,15 @@ This rule will only work if the format string is provided as a string literal. == Resources -* https://www.securecoding.cert.org/confluence/x/wQA1[CERT, FIO47-C.] - Use valid format strings +=== Standards + +* CERT - https://wiki.sei.cmu.edu/confluence/display/c/FIO47-C.+Use+valid+format+strings[FIO47-C. Use valid format strings] + +=== Related rules + +* S3457 - Format strings should be used correctly +* S5281 - Argument of "printf" should be a format string +* S6494 - {cpp} formatting functions should be used instead of C printf-like functions ifdef::env-github,rspecator-view[] diff --git a/rules/S2275/java/metadata.json b/rules/S2275/java/metadata.json index 846f7a2c573..dd1a9e83ce9 100644 --- a/rules/S2275/java/metadata.json +++ b/rules/S2275/java/metadata.json @@ -6,5 +6,6 @@ "CERT": [ "FIO47-C." ] - } + }, + "scope": "Main" } diff --git a/rules/S2275/java/rule.adoc b/rules/S2275/java/rule.adoc index ace0735d5fd..edf338536fd 100644 --- a/rules/S2275/java/rule.adoc +++ b/rules/S2275/java/rule.adoc @@ -57,10 +57,6 @@ log4jLog.debug("message {}", 1); ---- -== Resources - -* https://www.securecoding.cert.org/confluence/x/wQA1[CERT, FIO47-C.] - Use valid format strings - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S2275/metadata.json b/rules/S2275/metadata.json index ed399d27634..d0e00bd816a 100644 --- a/rules/S2275/metadata.json +++ b/rules/S2275/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2275", diff --git a/rules/S2275/python/metadata.json b/rules/S2275/python/metadata.json index d770c72b44a..10d43fa426a 100644 --- a/rules/S2275/python/metadata.json +++ b/rules/S2275/python/metadata.json @@ -1,3 +1,6 @@ { - "title": "String formatting should not lead to runtime errors" + "title": "String formatting should not lead to runtime errors", + "tags": [ + "pitfall" + ] } diff --git a/rules/S2276/java/metadata.json b/rules/S2276/java/metadata.json index bc8d26c4c84..a82b277587e 100644 --- a/rules/S2276/java/metadata.json +++ b/rules/S2276/java/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -18,17 +18,13 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2276", "sqKey": "S2276", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "LCK09-J." diff --git a/rules/S2277/see.adoc b/rules/S2277/see.adoc index ea8feb9ac95..681da119f24 100644 --- a/rules/S2277/see.adoc +++ b/rules/S2277/see.adoc @@ -1,8 +1,8 @@ == Resources -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/780[MITRE, CWE-780] - Use of RSA Algorithm without OAEP -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/780[CWE-780 - Use of RSA Algorithm without OAEP] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#RSA_NO_PADDING[RSA NoPadding Unsafe] \ No newline at end of file diff --git a/rules/S2278/cfamily/rule.adoc b/rules/S2278/cfamily/rule.adoc index 7d4e26b331e..db7cb8507c3 100644 --- a/rules/S2278/cfamily/rule.adoc +++ b/rules/S2278/cfamily/rule.adoc @@ -23,10 +23,10 @@ include::../compliant.adoc[] == Resources -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#DES_USAGE[DES / DESede Unsafe] ifdef::env-github,rspecator-view[] diff --git a/rules/S2278/java/rule.adoc b/rules/S2278/java/rule.adoc index b510a902a1d..e2b361316d8 100644 --- a/rules/S2278/java/rule.adoc +++ b/rules/S2278/java/rule.adoc @@ -8,10 +8,10 @@ include::../compliant.adoc[] == Resources -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] * https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#DES_USAGE[DES / DESede Unsafe] diff --git a/rules/S2278/see.adoc b/rules/S2278/see.adoc index ae4fe745a40..219fd862db4 100644 --- a/rules/S2278/see.adoc +++ b/rules/S2278/see.adoc @@ -1,7 +1,7 @@ == Resources -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#DES_USAGE[DES / DESede Unsafe] diff --git a/rules/S2293/java/metadata.json b/rules/S2293/java/metadata.json index 23d0fe7beb4..69ef18714ef 100644 --- a/rules/S2293/java/metadata.json +++ b/rules/S2293/java/metadata.json @@ -16,17 +16,13 @@ "clumsy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2293", "sqKey": "S2293", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2301/java/metadata.json b/rules/S2301/java/metadata.json index 17971333806..0db3279e44b 100644 --- a/rules/S2301/java/metadata.json +++ b/rules/S2301/java/metadata.json @@ -1,3 +1,3 @@ { - + } diff --git a/rules/S2301/javascript/comments-and-links.adoc b/rules/S2301/javascript/comments-and-links.adoc new file mode 100644 index 00000000000..be64024d8c3 --- /dev/null +++ b/rules/S2301/javascript/comments-and-links.adoc @@ -0,0 +1,3 @@ +=== Documentation + +* https://dev.to/thinkster/code-smell-selector-arguments-57ak \ No newline at end of file diff --git a/rules/S2301/javascript/metadata.json b/rules/S2301/javascript/metadata.json new file mode 100644 index 00000000000..f8eb6b09d48 --- /dev/null +++ b/rules/S2301/javascript/metadata.json @@ -0,0 +1,10 @@ +{ + "title": "Methods should not contain selector parameters", + "defaultQualityProfiles": [ + "Sonar way" + ], + "tags": [ + "design", + "type-dependent" + ] +} diff --git a/rules/S2301/javascript/rule.adoc b/rules/S2301/javascript/rule.adoc new file mode 100644 index 00000000000..61655e6a8e6 --- /dev/null +++ b/rules/S2301/javascript/rule.adoc @@ -0,0 +1,17 @@ +include::./why.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::./comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S2301/javascript/why.adoc b/rules/S2301/javascript/why.adoc new file mode 100644 index 00000000000..daac6e13ceb --- /dev/null +++ b/rules/S2301/javascript/why.adoc @@ -0,0 +1,47 @@ +== Why is this an issue? + +A selector parameter is a ``++boolean++`` parameter that's used to determine which of two paths to take through a method. Specifying such a parameter may seem innocuous, particularly if it's well named. + + +Unfortunately, developers calling the method won't see the parameter name, only its value. They'll be forced either to guess at the meaning or to take extra time to look the method up. + +This rule finds methods with a ``++boolean++`` that's used to determine which path to take through the method. + + +=== Noncompliant code example + +[source,text,typescript] +---- +function tempt(name: string, ofAge: boolean) { + if (ofAge) { + offerLiquor(name); + } else { + offerCandy(name); + } +} + +// ... +function corrupt() { + tempt("Joe", false); // does this mean not to temp Joe? +} +---- + +=== Compliant solution + +Instead, separate methods should be written. + +[source,text,typescript] +---- +function temptAdult(name: string) { + offerLiquor(name); +} + +function temptChild(name: string) { + offerCandy(name); +} + +// ... +function corrupt() { + age < legalAge ? temptChild("Joe") : temptAdult("Joe"); +} +---- diff --git a/rules/S2303/cfamily/rule.adoc b/rules/S2303/cfamily/rule.adoc index 78bd8a3e817..468b778c5b3 100644 --- a/rules/S2303/cfamily/rule.adoc +++ b/rules/S2303/cfamily/rule.adoc @@ -28,7 +28,7 @@ If a derived class overrides a function with a dynamic exception specification, == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#e30-dont-use-exception-specifications[{cpp} Core Guidelines E.30] - Don’t use exception specifications +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#e30-dont-use-exception-specifications[E.30: Don't use exception specifications] diff --git a/rules/S2306/csharp/metadata.json b/rules/S2306/csharp/metadata.json index 5d9d87e820f..3ae50e3c34b 100644 --- a/rules/S2306/csharp/metadata.json +++ b/rules/S2306/csharp/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,9 +16,7 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "AsyncAwaitIdentifier" ] diff --git a/rules/S2309/java/metadata.json b/rules/S2309/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S2309/java/metadata.json +++ b/rules/S2309/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S2310/javascript/metadata.json b/rules/S2310/javascript/metadata.json index e841c8d408f..860ba7158f8 100644 --- a/rules/S2310/javascript/metadata.json +++ b/rules/S2310/javascript/metadata.json @@ -17,12 +17,18 @@ ] }, - "defaultSeverity": "Critical", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2310", "sqKey": "S2310", "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "unknown", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + } } diff --git a/rules/S2316/python/metadata.json b/rules/S2316/python/metadata.json index e2ade908087..3643af51e5f 100644 --- a/rules/S2316/python/metadata.json +++ b/rules/S2316/python/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,9 +16,7 @@ "python3" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "BackticksUsage" ] diff --git a/rules/S2317/python/metadata.json b/rules/S2317/python/metadata.json index 3a382f93fb9..0516fadb441 100644 --- a/rules/S2317/python/metadata.json +++ b/rules/S2317/python/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,9 +17,7 @@ "obsolete" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "ExecStatementUsage" ] diff --git a/rules/S2319/python/metadata.json b/rules/S2319/python/metadata.json index 5dde77f61f3..48547339ef1 100644 --- a/rules/S2319/python/metadata.json +++ b/rules/S2319/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "5min" }, "tags": [ - + "convention" ], "extra": { "replacementRules": [ diff --git a/rules/S2325/csharp/metadata.json b/rules/S2325/csharp/metadata.json index 17971333806..d860fd4691d 100644 --- a/rules/S2325/csharp/metadata.json +++ b/rules/S2325/csharp/metadata.json @@ -1,3 +1,5 @@ { - + "defaultQualityProfiles": [ + "Sonar way" + ] } diff --git a/rules/S2325/csharp/rule.adoc b/rules/S2325/csharp/rule.adoc index 8e9f6fed2ef..b6794fd558e 100644 --- a/rules/S2325/csharp/rule.adoc +++ b/rules/S2325/csharp/rule.adoc @@ -1,65 +1,88 @@ == Why is this an issue? -Methods and properties that don't access instance data can be ``++static++`` to prevent any misunderstanding about the contract of the method. +Methods and properties that don't access instance data should be marked as `static` for the following reasons: +* Clarity and Intent: Marking a method/property as static makes it clear that the method does not depend on instance data and can be called without creating an instance of the class. This improves the readability of the code by clearly conveying the member's intended use. +* Performance: Instance methods/properties in C# require an instance of the class to be called. This means that even if the it doesn't use any instance data, the runtime still needs to pass a reference to the instance during the call. For static methods and properties, this overhead is avoided, leading to slightly better performance. +* Memory Usage: Since instance methods implicitly carry a reference to the instance (the caller object), they can potentially prevent the garbage collector from collecting the instance whem it is not otherwise referenced. Static members do not carry this overhead, potentially reducing memory usage. +* Testing: Static members can be easier to test since they do not require an instance of the class. This can simplify unit testing and reduce the amount of boilerplate code needed to set up tests. -=== Noncompliant code example +=== Exceptions + +Methods with the following names are excluded because they can't be made `static`: + +* https://learn.microsoft.com/en-us/dotnet/api/system.web.httpapplication.authenticaterequest[Application_AuthenticateRequest] +* https://learn.microsoft.com/en-us/dotnet/api/system.web.httpapplication.beginrequest[Application_BeginRequest] +* https://learn.microsoft.com/en-us/previous-versions/aspnet/ms178473(v=vs.100)[Application_End] +* https://learn.microsoft.com/en-us/dotnet/api/system.web.httpapplication.endrequest[Application_EndRequest] +* https://learn.microsoft.com/en-us/previous-versions/aspnet/24395wz3(v=vs.100)[Application_Error] +* https://learn.microsoft.com/en-us/previous-versions/aspnet/ms178473(v=vs.100)[Application_Init] +* https://learn.microsoft.com/en-us/previous-versions/aspnet/ms178473(v=vs.100)[Application_Start] +* https://learn.microsoft.com/en-us/dotnet/api/system.web.sessionstate.sessionstatemodule.end[Session_End] +* https://learn.microsoft.com/en-us/dotnet/api/system.web.sessionstate.sessionstatemodule.start[Session_Start] + +Event handler methods part of a https://learn.microsoft.com/en-us/dotnet/desktop/winforms[Windows Forms] or https://learn.microsoft.com/en-us/dotnet/desktop/wpf[Windows Presentation Foundation] class are excluded because they can't be made `static`. + +== How to fix it + +=== Code examples -[source,csharp] +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- public class Utilities { - public int MagicNum // Noncompliant + public int MagicNum // Noncompliant - only returns a constant value { - get + get { return 42; } } private static string magicWord = "please"; - public string MagicWord // Noncompliant + public string MagicWord // Noncompliant - only accesses a static field { - get + get { return magicWord; } - set + set { magicWord = value; } - } + } - public int Sum(int a, int b) // Noncompliant + public int Sum(int a, int b) // Noncompliant - doesn't access instance data, only the method parameters { return a + b; } } ---- +==== Compliant solution -=== Compliant solution - -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- public class Utilities { public static int MagicNum { - get + get { return 42; } } private static string magicWord = "please"; - public static string MagicWord + public static string MagicWord { - get + get { return magicWord; } - set + set { magicWord = value; } @@ -72,21 +95,11 @@ public class Utilities } ---- +== Resources -=== Exceptions - -Methods with the following names are excluded because they can't be made ``++static++``: - -* Application_AuthenticateRequest -* Application_BeginRequest -* Application_End -* Application_EndRequest -* Application_Error -* Application_Init -* Application_Start -* Session_End -* Session_Start +=== Documentation +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/static[The static modifier] ifdef::env-github,rspecator-view[] diff --git a/rules/S2325/java/metadata.json b/rules/S2325/java/metadata.json index 254b57e2568..92a71329c6d 100644 --- a/rules/S2325/java/metadata.json +++ b/rules/S2325/java/metadata.json @@ -1,4 +1,5 @@ { "title": "\"private\" and \"final\" methods that don't access instance data should be \"static\"", - "quickfix": "covered" + "quickfix": "covered", + "scope": "Main" } diff --git a/rules/S2326/java/metadata.json b/rules/S2326/java/metadata.json index 0967ef424bc..f4b27f0bb34 100644 --- a/rules/S2326/java/metadata.json +++ b/rules/S2326/java/metadata.json @@ -1 +1,3 @@ -{} +{ + "scope": "Main" +} diff --git a/rules/S2328/csharp/rule.adoc b/rules/S2328/csharp/rule.adoc index 2b51f0a56a5..17cd2ece077 100644 --- a/rules/S2328/csharp/rule.adoc +++ b/rules/S2328/csharp/rule.adoc @@ -1,18 +1,25 @@ == Why is this an issue? -``++GetHashCode++`` is used to file an object in a ``++Dictionary++`` or ``++Hashtable++``. If ``++GetHashCode++`` uses non-``++readonly++`` fields and those fields change after the object is stored, the object immediately becomes mis-filed in the ``++Hashtable++``. Any subsequent test to see if the object is in the ``++Hashtable++`` will return a false negative. +`GetHashCode` is used to file an object in a `Dictionary` or `Hashtable`. If `GetHashCode` uses non-`readonly` fields and those fields change after the object is stored, the object immediately becomes mis-filed in the `Hashtable`. Any subsequent test to see if the object is in the `Hashtable` will return a false negative. +=== Exceptions -=== Noncompliant code example +This rule does not raise if the type implementing `GetHashCode` is a value type, for example a `struct` or a `record struct`, since when a value type is stored in a `Dictionary` or `Hashtable`, a copy of the value is stored, not a reference to the value. -[source,csharp] +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- -public class Person +public class Person { public int age; public string name; - public override int GetHashCode() + public override int GetHashCode() { int hash = 12; hash += this.age.GetHashCode(); // Noncompliant @@ -22,16 +29,16 @@ public class Person ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- -public class Person +public class Person { public readonly DateTime birthday; public string name; - public override int GetHashCode() + public override int GetHashCode() { int hash = 12; hash += this.birthday.GetHashCode(); diff --git a/rules/S2333/java/metadata.json b/rules/S2333/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2333/java/metadata.json +++ b/rules/S2333/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2335/cfamily/rule.adoc b/rules/S2335/cfamily/rule.adoc index b58a3d7775c..7f070e79af8 100644 --- a/rules/S2335/cfamily/rule.adoc +++ b/rules/S2335/cfamily/rule.adoc @@ -1,35 +1,42 @@ == Why is this an issue? -There is potential for confusion if an octal or hexadecimal escape sequence is immediately followed by other characters. Instead, such sequences shall be terminated by either: - -* The start of another escape sequence. -* The end of the character constant or the end of a string literal. +When using escape sequences in a string or character literal, the rules that determine the end of the sequence are complex: +* A hexadecimal sequence (`\x45`) ends on the first character that is not a hexadecimal digit. +* An octal sequence (`\123`) ends on a character that is not an octal digit or after 3 digits. -=== Noncompliant code example - -[source,cpp] ----- -const char *s1 = "\x41g"; // Noncompliant -int c1 = '\141t'; // Noncompliant ----- +There is potential for confusion if an octal or hexadecimal escape sequence is immediately followed by other characters. Instead, such sequences shall be terminated by either: +* The start of another escape sequence, or +* The end of the character constant or the end of a string literal, or +* Any character that obviously cannot be part of the sequence, like a space, a `[`, any punctuation... -=== Compliant solution [source,cpp] ---- +const char *s1 = "\x41g"; // Noncompliant const char *s2 = "\x41" "g"; // Compliant - terminated by end of literal const char *s3 = "\x41\x67"; // Compliant - terminated by another escape +const char *s4 = "\x41 g"; // Compliant - terminated by a space +int c1 = '\141t'; // Noncompliant int c2 = '\141\t'; // Compliant - terminated by another escape ---- +Note that, since {cpp}23, a syntax with delimiters allows writing escape sequences without confusion and should be preferred; see S7040. == Resources +=== External coding guidelines + +* MISRA {cpp}:2023, 5.13.2 - Octal escape sequences, hexadecimal escape sequences and +universal character names shall be terminated * MISRA C:2012, 4.1 - Octal and hexadecimal escape sequences shall be terminated -ifdef::env-github,rspecator-view[] +=== Related rules + +* S7040 - Escape sequences should use the delimited form (\u{}, \o{}, \x{}) + +ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) diff --git a/rules/S2353/vbnet/metadata.json b/rules/S2353/vbnet/metadata.json index 3ccbbc399a9..22e5e5b3523 100644 --- a/rules/S2353/vbnet/metadata.json +++ b/rules/S2353/vbnet/metadata.json @@ -7,7 +7,7 @@ }, "attribute": "IDENTIFIABLE" }, - "status": "deprecated", + "status": "closed", "remediation": { "func": "Constant\/Issue", "constantCost": "5min" diff --git a/rules/S2358/dart/metadata.json b/rules/S2358/dart/metadata.json new file mode 100644 index 00000000000..87f78dcfd26 --- /dev/null +++ b/rules/S2358/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "\"is!\" should be used instead of \"!(. is .)\"" +} diff --git a/rules/S2358/dart/rule.adoc b/rules/S2358/dart/rule.adoc new file mode 100644 index 00000000000..a2e2cdbff03 --- /dev/null +++ b/rules/S2358/dart/rule.adoc @@ -0,0 +1,45 @@ +== Why is this an issue? + +``++is!++`` operator is used to check if an object is not of a specified type. While ``++ x is! Y++`` is an equivalent of ``++!(x is Y)++``, it is preferred to use the first one. +The ``++ x is! Y++`` syntax is more compact and more readable than the ``++!(x is Y)++`` syntax. It is also less error-prone when used in complex expressions. + +=== Noncompliant code example + +[source,dart] +---- +if (!(x is Y)) { + print("$x is not Y!") +} +---- + + +=== Compliant solution + +[source,dart] +---- +if (x is! Y) { + print("$x is not Y!") +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_is_not_operator[Dart Linter rule - prefer_is_not_operator] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Use the 'is!' operator rather than negating the value of the 'is' + + +=== Highlighting + +The prefix expression + + +endif::env-github,rspecator-view[] diff --git a/rules/S2358/metadata.json b/rules/S2358/metadata.json index 2c63c085104..5dcae1e2876 100644 --- a/rules/S2358/metadata.json +++ b/rules/S2358/metadata.json @@ -1,2 +1,33 @@ { + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "clumsy" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + "NotIsUsage" + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-2358", + "sqKey": "S2358", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S2358/vbnet/metadata.json b/rules/S2358/vbnet/metadata.json index d55df9d95bc..816cea99bb5 100644 --- a/rules/S2358/vbnet/metadata.json +++ b/rules/S2358/vbnet/metadata.json @@ -1,34 +1,4 @@ { "title": "\"IsNot\" should be used instead of \"Not ... Is ...\"", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "clumsy" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - "NotIsUsage" - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-2358", - "sqKey": "S2358", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], "quickfix": "covered" } diff --git a/rules/S2365/csharp/rule.adoc b/rules/S2365/csharp/rule.adoc index dc06f71f95c..953584f747a 100644 --- a/rules/S2365/csharp/rule.adoc +++ b/rules/S2365/csharp/rule.adoc @@ -8,25 +8,24 @@ include::../why-dotnet.adoc[] [source,csharp,diff-id=1,diff-type=noncompliant] ---- -private List _foo = new List { "a", "b", "c" }; -public IEnumerable Foo // Noncompliant: expensive ToList call -{ - get - { - return (string[])_foo.Clone(); - } -} +private List foo = new List { "a", "b", "c" }; +private string[] bar = new string[] { "a", "b", "c" }; + +public IEnumerable Foo => foo.ToList(); // Noncompliant: collection foo is copied + +public IEnumerable Bar => (string[])bar.Clone(); // Noncompliant: array bar is copied ---- ==== Compliant solution [source,csharp,diff-id=1,diff-type=compliant] ---- -private List _foo = new List { "a", "b", "c" }; -public IEnumerable GetFoo() -{ - return (string[])_foo.Clone(); -} +private List foo = new List { "a", "b", "c" }; +private string[] bar = new string[] { "a", "b", "c" }; + +public IEnumerable GetFoo() => foo.ToList(); + +public IEnumerable GetBar() => (string[])bar.Clone(); ---- == Resources diff --git a/rules/S2365/vbnet/rule.adoc b/rules/S2365/vbnet/rule.adoc index bed06df0233..227d902cdec 100644 --- a/rules/S2365/vbnet/rule.adoc +++ b/rules/S2365/vbnet/rule.adoc @@ -8,11 +8,18 @@ include::../why-dotnet.adoc[] [source,vbnet,diff-id=1,diff-type=noncompliant] ---- -Dim foo = {"a", "b", "c" } -Property Foo() As String() ' Noncompliant +Private fFoo As New List(Of String) From {"a", "b", "c"} +Private fBar As String() = {"a", "b", "c"} + +Public ReadOnly Property Foo() As IEnumerable(Of String) ' Noncompliant: collection fFoo is copied + Get + Return fFoo.ToList() + End Get +End Property + +Public ReadOnly Property Bar() As IEnumerable(Of String) ' Noncompliant: array fBar is copied Get - Dim copy = foo.Clone ' Expensive call - Return copy + Return DirectCast(fBar.Clone(), String()) End Get End Property ---- @@ -21,10 +28,15 @@ End Property [source,vbnet,diff-id=1,diff-type=compliant] ---- -Dim foo = {"a", "b", "c" } -Function GetFoo() As String() - Dim copy = foo.Clone - Return copy +Private fFoo As New List(Of String) From {"a", "b", "c"} +Private fBar As String() = {"a", "b", "c"} + +Public Function GetFoo() As IEnumerable(Of String) + Return fFoo.ToList() +End Function + +Public Function GetBar() As IEnumerable(Of String) + Return DirectCast(fBar.Clone(), String()) End Function ---- @@ -36,4 +48,4 @@ End Function * https://learn.microsoft.com/en-us/dotnet/visual-basic/programming-guide/language-features/objects-and-classes/#fields-and-properties[Fields and properties] * https://learn.microsoft.com/en-us/dotnet/visual-basic/programming-guide/concepts/collections[Collections (Visual Basic)] -include::../rspecator.adoc[] \ No newline at end of file +include::../rspecator.adoc[] diff --git a/rules/S2368/metadata.json b/rules/S2368/metadata.json index a533da20546..5150a282172 100644 --- a/rules/S2368/metadata.json +++ b/rules/S2368/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,9 +16,7 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], + "replacementRules": [], "legacyKeys": [ "PublicMethodWithMultidimensionalArrayParameter" ] diff --git a/rules/S2384/csharp/rule.adoc b/rules/S2384/csharp/rule.adoc index 077b3c62332..067dc847946 100644 --- a/rules/S2384/csharp/rule.adoc +++ b/rules/S2384/csharp/rule.adoc @@ -59,8 +59,8 @@ class A == Resources -* https://cwe.mitre.org/data/definitions/374[MITRE, CWE-374] - Passing Mutable Objects to an Untrusted Method -* https://cwe.mitre.org/data/definitions/375[MITRE, CWE-375] - Returning a Mutable Object to an Untrusted Caller +* CWE - https://cwe.mitre.org/data/definitions/374[CWE-374 - Passing Mutable Objects to an Untrusted Method] +* CWE - https://cwe.mitre.org/data/definitions/375[CWE-375 - Returning a Mutable Object to an Untrusted Caller] ifdef::env-github,rspecator-view[] diff --git a/rules/S2384/java/rule.adoc b/rules/S2384/java/rule.adoc index 20296f1669d..43d8b707302 100644 --- a/rules/S2384/java/rule.adoc +++ b/rules/S2384/java/rule.adoc @@ -72,8 +72,8 @@ public class B { == Resources -* https://cwe.mitre.org/data/definitions/374[MITRE, CWE-374] - Passing Mutable Objects to an Untrusted Method -* https://cwe.mitre.org/data/definitions/375[MITRE, CWE-375] - Returning a Mutable Object to an Untrusted Caller +* CWE - https://cwe.mitre.org/data/definitions/374[CWE-374 - Passing Mutable Objects to an Untrusted Method] +* CWE - https://cwe.mitre.org/data/definitions/375[CWE-375 - Returning a Mutable Object to an Untrusted Caller] * https://wiki.sei.cmu.edu/confluence/x/OTdGBQ[CERT, OBJ05-J.] - Do not return references to private mutable class members * https://wiki.sei.cmu.edu/confluence/x/HTdGBQ[CERT, OBJ06-J.] - Defensively copy mutable inputs and mutable internal components * https://wiki.sei.cmu.edu/confluence/x/VzZGBQ[CERT, OBJ13-J.] - Ensure that references to mutable objects are not exposed diff --git a/rules/S2385/rule.adoc b/rules/S2385/rule.adoc index 373c9306b85..645fe4dfefb 100644 --- a/rules/S2385/rule.adoc +++ b/rules/S2385/rule.adoc @@ -43,8 +43,8 @@ public class A { == Resources -* https://cwe.mitre.org/data/definitions/582[MITRE, CWE-582] - Array Declared Public, Final, and Static -* https://cwe.mitre.org/data/definitions/607[MITRE, CWE-607] - Public Static Final Field References Mutable Object +* CWE - https://cwe.mitre.org/data/definitions/582[CWE-582 - Array Declared Public, Final, and Static] +* CWE - https://cwe.mitre.org/data/definitions/607[CWE-607 - Public Static Final Field References Mutable Object] ifdef::env-github,rspecator-view[] diff --git a/rules/S2386/csharp/rule.adoc b/rules/S2386/csharp/rule.adoc index 8a8c06883fb..014c216ea1e 100644 --- a/rules/S2386/csharp/rule.adoc +++ b/rules/S2386/csharp/rule.adoc @@ -1,31 +1,28 @@ == Why is this an issue? -``++public static++`` mutable fields of classes which are accessed directly should be protected to the degree possible. This can be done by reducing the accessibility of the field or by changing the return type to an immutable type. +`public static` mutable fields of classes which are accessed directly should be protected to the degree possible. This can be done by reducing the accessibility of the field or by changing the return type to an immutable type. - -This rule raises issues for ``++public static++`` fields with a type inheriting/implementing ``++System.Array++`` or ``++System.Collections.Generic.ICollection++``. +This rule raises issues for `public static` fields with a type inheriting/implementing `System.Array` or `System.Collections.Generic.ICollection`. === Noncompliant code example -[source,csharp] +[source,csharp,diff-id=1,diff-type=noncompliant] ---- public class A { - public static string[] strings1 = {"first","second"}; // Noncompliant - public static List strings3 = new List(); // Noncompliant - // ... + public static string[] strings1 = {"first","second"}; // Noncompliant + public static List strings3 = new List(); // Noncompliant } ---- === Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- public class A { - protected static string[] strings1 = {"first","second"}; - protected static List strings3 = new List(); - // ... + protected static string[] strings1 = {"first","second"}; + protected static List strings3 = new List(); } ---- @@ -34,20 +31,22 @@ public class A No issue is reported: * If the type of the field inherits/implements one (at least) of the following types: -** ``++System.Collections.ObjectModel.ReadOnlyCollection++`` -** ``++System.Collections.ObjectModel.ReadOnlyDictionary++`` -** ``++System.Collections.Immutable.IImmutableArray++`` -** ``++System.Collections.Immutable.IImmutableDictionary++`` -** ``++System.Collections.Immutable.IImmutableList++`` -** ``++System.Collections.Immutable.IImmutableSet++`` -** ``++System.Collections.Immutable.IImmutableStack++`` -** ``++System.Collections.Immutable.IImmutableQueue++`` -* If the field is ``++readonly++`` and is initialized inline with an immutable type (i.e. inherits/implements one of the types in the previous list) or null. +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.objectmodel.readonlycollection-1[`System.Collections.ObjectModel.ReadOnlyCollection`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.objectmodel.readonlydictionary-2[`System.Collections.ObjectModel.ReadOnlyDictionary`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.frozen.frozendictionary-2[`System.Collections.Frozen.FrozenDictionary`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.frozen.frozenset-1[`System.Collections.Frozen.FrozenSet`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablearray-1[`System.Collections.Immutable.ImmutableArray`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.iimmutabledictionary-2[`System.Collections.Immutable.IImmutableDictionary`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.iimmutablelist-1[`System.Collections.Immutable.IImmutableList`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.iimmutableset-1[`System.Collections.Immutable.IImmutableSet`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.iimmutablestack-1[`System.Collections.Immutable.IImmutableStack`] +** https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.iimmutablequeue-1[`System.Collections.Immutable.IImmutableQueue`] +* If the field is `readonly` and is initialized inline with an immutable type (i.e. inherits/implements one of the types in the previous list) or null. == Resources -* https://cwe.mitre.org/data/definitions/582[MITRE, CWE-582] - Array Declared Public, Final, and Static -* https://cwe.mitre.org/data/definitions/607[MITRE, CWE-607] - Public Static Final Field References Mutable Object +* CWE - https://cwe.mitre.org/data/definitions/582[CWE-582 - Array Declared Public, Final, and Static] +* CWE - https://cwe.mitre.org/data/definitions/607[CWE-607 - Public Static Final Field References Mutable Object] ifdef::env-github,rspecator-view[] diff --git a/rules/S2386/java/rule.adoc b/rules/S2386/java/rule.adoc index a140c35f14b..cfa7d733668 100644 --- a/rules/S2386/java/rule.adoc +++ b/rules/S2386/java/rule.adoc @@ -31,8 +31,8 @@ public class A { == Resources -* https://cwe.mitre.org/data/definitions/582[MITRE, CWE-582] - Array Declared Public, Final, and Static -* https://cwe.mitre.org/data/definitions/607[MITRE, CWE-607] - Public Static Final Field References Mutable Object +* CWE - https://cwe.mitre.org/data/definitions/582[CWE-582 - Array Declared Public, Final, and Static] +* CWE - https://cwe.mitre.org/data/definitions/607[CWE-607 - Public Static Final Field References Mutable Object] * https://wiki.sei.cmu.edu/confluence/x/LjdGBQ[CERT, OBJ01-J.] - Limit accessibility of fields * https://wiki.sei.cmu.edu/confluence/x/VzZGBQ[CERT, OBJ13-J.] - Ensure that references to mutable objects are not exposed diff --git a/rules/S2387/cfamily/rule.adoc b/rules/S2387/cfamily/rule.adoc index 94d4e34889a..18eb057dcdc 100644 --- a/rules/S2387/cfamily/rule.adoc +++ b/rules/S2387/cfamily/rule.adoc @@ -84,7 +84,7 @@ class Raspberry : public RedFruit { // RedFruit inherits from Fruit privately == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es12-do-not-reuse-names-in-nested-scopes[{cpp} Core Guidelines - ES.12] - Do not reuse names in nested scopes +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es12-do-not-reuse-names-in-nested-scopes[ES.12: Do not reuse names in nested scopes] ifdef::env-github,rspecator-view[] diff --git a/rules/S2387/csharp/metadata.json b/rules/S2387/csharp/metadata.json index 6fcc9070d35..f98143d34cc 100644 --- a/rules/S2387/csharp/metadata.json +++ b/rules/S2387/csharp/metadata.json @@ -1,5 +1,5 @@ { - "defaultQualityProfiles": [ - - ] + "status": "deprecated", + "tags": [], + "defaultQualityProfiles": [] } diff --git a/rules/S2387/metadata.json b/rules/S2387/metadata.json index 1ab4977c5ec..f8d7fa7c78f 100644 --- a/rules/S2387/metadata.json +++ b/rules/S2387/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "confusing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2387", diff --git a/rules/S2387/vbnet/metadata.json b/rules/S2387/vbnet/metadata.json index 17971333806..f98143d34cc 100644 --- a/rules/S2387/vbnet/metadata.json +++ b/rules/S2387/vbnet/metadata.json @@ -1,3 +1,5 @@ { - + "status": "deprecated", + "tags": [], + "defaultQualityProfiles": [] } diff --git a/rules/S2388/java/metadata.json b/rules/S2388/java/metadata.json index fd8695e7070..22f6a3cc843 100644 --- a/rules/S2388/java/metadata.json +++ b/rules/S2388/java/metadata.json @@ -16,17 +16,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2388", "sqKey": "S2388", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2389/java/rule.adoc b/rules/S2389/java/rule.adoc index 3ff624d3c95..898746c9e8b 100644 --- a/rules/S2389/java/rule.adoc +++ b/rules/S2389/java/rule.adoc @@ -19,7 +19,7 @@ public class B { == Resources -* https://www.securecoding.cert.org/confluence/display/java/DCL00-J.+Prevent+class+initialization+cycles[CERT, DCL00-J.] - Prevent class initialization cycles +* CERT - https://wiki.sei.cmu.edu/confluence/display/java/DCL00-J.+Prevent+class+initialization+cycles[DCL00-J. Prevent class initialization cycles] ifdef::env-github,rspecator-view[] diff --git a/rules/S2390/java/metadata.json b/rules/S2390/java/metadata.json index feaf3aa90a7..fa05848354f 100644 --- a/rules/S2390/java/metadata.json +++ b/rules/S2390/java/metadata.json @@ -16,17 +16,13 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2390", "sqKey": "S2390", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "DCL00-J." diff --git a/rules/S2390/java/rule.adoc b/rules/S2390/java/rule.adoc index 18d3e5a4c88..46d98c32f9b 100644 --- a/rules/S2390/java/rule.adoc +++ b/rules/S2390/java/rule.adoc @@ -33,7 +33,7 @@ class Child extends Parent { == Resources -* https://www.securecoding.cert.org/confluence/display/java/DCL00-J.+Prevent+class+initialization+cycles[CERT, DCL00-J.] - Prevent class initialization cycles +* CERT - https://wiki.sei.cmu.edu/confluence/display/java/DCL00-J.+Prevent+class+initialization+cycles[DCL00-J. Prevent class initialization cycles] * https://docs.oracle.com/javase/specs/jls/se17/html/jls-12.html#jls-12.4[Section 12.4: Initialization of Classes and Interfaces] - Java Language Specification ifdef::env-github,rspecator-view[] diff --git a/rules/S2424/javascript/rule.adoc b/rules/S2424/javascript/rule.adoc index 80552a92746..d49877b34bc 100644 --- a/rules/S2424/javascript/rule.adoc +++ b/rules/S2424/javascript/rule.adoc @@ -19,6 +19,8 @@ This rule detects overrides of the following native objects: ifdef::env-github,rspecator-view[] +=== duplicates: S3502 + ''' == Implementation Specification (visible only on this page) diff --git a/rules/S2432/dart/metadata.json b/rules/S2432/dart/metadata.json new file mode 100644 index 00000000000..c069231be23 --- /dev/null +++ b/rules/S2432/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Setters should not declare return types" +} diff --git a/rules/S2432/dart/rule.adoc b/rules/S2432/dart/rule.adoc new file mode 100644 index 00000000000..e400aa24a9d --- /dev/null +++ b/rules/S2432/dart/rule.adoc @@ -0,0 +1,63 @@ +== Why is this an issue? + +In Dart, a setter is a special type of function that is used to set the value of a property on an object. Setters are defined using the `set` keyword followed by the name of the property that the setter is associated with. + +To set the property, we simply assign a value to it as if it were a regular property. The setter function is automatically called with the value that we assign to the property. + +Functions declared with the `set` keyword can't return any value, so setting any return type other than `void` is a compile-time error. While this is possible to still add `void` return type it is redundant and should be omitted. + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class Person { + String name; + int birthYear; + + Person(this.name, this.birthYear); + + // Adding a calculated property age + int get age => currentYear - birthYear; + void set age(int value) => birthYear = currentYear - value; // Noncompliant +} +---- + +[source,dart,diff-id=1,diff-type=compliant] +---- +class Person { + String name; + int birthYear; + + Person(this.name, this.birthYear); + + // Adding a calculated property age + int get age => currentYear - birthYear; + set age(int value) => birthYear = currentYear - value; +} +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/avoid_return_types_on_setters[Dart Linter rule - avoid_return_types_on_setters] +* Dart Docs - https://dart.dev/language/methods#getters-and-setters[Getters and setters] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Unnecessary return type on a setter. + +=== Highlighting + +The `void` keyword in the setter declaration. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S2432/javascript/metadata.json b/rules/S2432/javascript/metadata.json index 2a80928aa8f..0db3279e44b 100644 --- a/rules/S2432/javascript/metadata.json +++ b/rules/S2432/javascript/metadata.json @@ -1,34 +1,3 @@ { - "title": "Setters should not return values", - "type": "BUG", - "code": { - "impacts": { - "RELIABILITY": "MEDIUM" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-2432", - "sqKey": "S2432", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S2432/metadata.json b/rules/S2432/metadata.json index 2c63c085104..2a80928aa8f 100644 --- a/rules/S2432/metadata.json +++ b/rules/S2432/metadata.json @@ -1,2 +1,34 @@ { + "title": "Setters should not return values", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-2432", + "sqKey": "S2432", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S2435/cfamily/metadata.json b/rules/S2435/cfamily/metadata.json index 5cc7dc16681..e6bba277114 100644 --- a/rules/S2435/cfamily/metadata.json +++ b/rules/S2435/cfamily/metadata.json @@ -12,6 +12,9 @@ ], "OWASP Top 10 2021": [ "A3" + ], + "STIG ASD_V5R3": [ + "V-222608" ] } } diff --git a/rules/S2435/cfamily/rule.adoc b/rules/S2435/cfamily/rule.adoc index 44d777f47af..d0f9876a1c8 100644 --- a/rules/S2435/cfamily/rule.adoc +++ b/rules/S2435/cfamily/rule.adoc @@ -4,10 +4,14 @@ include::../rule-except-see.adoc[] == Resources -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[OWASP Top 10 2017 Category A4] - XML External Entities (XXE) -* https://cwe.mitre.org/data/definitions/91[MITRE, CWE-91] - XML Injection (aka Blind XPath Injection) +=== Standards + +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)] +* CWE - https://cwe.mitre.org/data/definitions/91[CWE-91 - XML Injection (aka Blind XPath Injection)] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. + ifdef::env-github,rspecator-view[] diff --git a/rules/S2435/java/metadata.json b/rules/S2435/java/metadata.json index 2eef90b9d72..7eab4ba8af3 100644 --- a/rules/S2435/java/metadata.json +++ b/rules/S2435/java/metadata.json @@ -15,6 +15,9 @@ ], "OWASP Top 10 2021": [ "A3" + ], + "STIG ASD_V5R3": [ + "V-222608" ] } } diff --git a/rules/S2435/java/rule.adoc b/rules/S2435/java/rule.adoc index ee073388629..a85f38398be 100644 --- a/rules/S2435/java/rule.adoc +++ b/rules/S2435/java/rule.adoc @@ -4,11 +4,15 @@ include::../rule-except-see.adoc[] == Resources -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[OWASP Top 10 2017 Category A4] - XML External Entities (XXE) -* https://cwe.mitre.org/data/definitions/91[MITRE, CWE-91] - XML Injection (aka Blind XPath Injection) +=== Standards + +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)] +* CWE - https://cwe.mitre.org/data/definitions/91[CWE-91 - XML Injection (aka Blind XPath Injection)] * https://wiki.sei.cmu.edu/confluence/x/7jdGBQ[CERT, IDS51-J.] - Properly encode or escape output +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. + ifdef::env-github,rspecator-view[] diff --git a/rules/S2435/metadata.json b/rules/S2435/metadata.json index fea97bf128c..315bed45e30 100644 --- a/rules/S2435/metadata.json +++ b/rules/S2435/metadata.json @@ -7,6 +7,7 @@ "constantCost": "15min" }, "tags": [ + ], "extra": { "replacementRules": [ @@ -30,6 +31,9 @@ ], "OWASP Top 10 2021": [ "A3" + ], + "STIG ASD_V5R3": [ + "V-222608" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2437/java/metadata.json b/rules/S2437/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2437/java/metadata.json +++ b/rules/S2437/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2437/metadata.json b/rules/S2437/metadata.json index 4f2e7f2be80..0b40db74406 100644 --- a/rules/S2437/metadata.json +++ b/rules/S2437/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2437", diff --git a/rules/S2438/java/metadata.json b/rules/S2438/java/metadata.json index ed9ce00fdf8..36ebbb78049 100644 --- a/rules/S2438/java/metadata.json +++ b/rules/S2438/java/metadata.json @@ -17,17 +17,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2438", "sqKey": "S2438", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2440/java/metadata.json b/rules/S2440/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2440/java/metadata.json +++ b/rules/S2440/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2441/java/rule.adoc b/rules/S2441/java/rule.adoc index 5c996b26fef..2559c18498c 100644 --- a/rules/S2441/java/rule.adoc +++ b/rules/S2441/java/rule.adoc @@ -31,8 +31,8 @@ session.setAttribute("address", new Address()); == Resources -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://cwe.mitre.org/data/definitions/579[MITRE, CWE-579] - J2EE Bad Practices: Non-serializable Object Stored in Session +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* CWE - https://cwe.mitre.org/data/definitions/579[CWE-579 - J2EE Bad Practices: Non-serializable Object Stored in Session] ifdef::env-github,rspecator-view[] diff --git a/rules/S2442/java/metadata.json b/rules/S2442/java/metadata.json index ff1680961d5..74db6718957 100644 --- a/rules/S2442/java/metadata.json +++ b/rules/S2442/java/metadata.json @@ -18,17 +18,13 @@ "clumsy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2442", "sqKey": "S2442", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "LCK03-J." diff --git a/rules/S2444/java/metadata.json b/rules/S2444/java/metadata.json index 11c1cb5f9d2..85d977e9459 100644 --- a/rules/S2444/java/metadata.json +++ b/rules/S2444/java/metadata.json @@ -16,19 +16,13 @@ "multi-threading" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2444", "sqKey": "S2444", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2445/csharp/rule.adoc b/rules/S2445/csharp/rule.adoc index 4a1d9ed7fa5..b79663c0185 100644 --- a/rules/S2445/csharp/rule.adoc +++ b/rules/S2445/csharp/rule.adoc @@ -92,8 +92,8 @@ private void DoSomething() * https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/lock[Lock Statement] - lock statement - ensure exclusive access to a shared resource * https://learn.microsoft.com/en-us/dotnet/api/system.string.intern[String.Intern] - `String.Intern(String)` Method -* https://cwe.mitre.org/data/definitions/412[MITRE, CWE-412] - Unrestricted Externally Accessible Lock -* https://cwe.mitre.org/data/definitions/413[MITRE, CWE-413] - Improper Resource Locking +* CWE - https://cwe.mitre.org/data/definitions/412[CWE-412 - Unrestricted Externally Accessible Lock] +* CWE - https://cwe.mitre.org/data/definitions/413[CWE-413 - Improper Resource Locking] * https://learn.microsoft.com/en-us/dotnet/standard/threading/threads-and-threading[Threads and threading] ifdef::env-github,rspecator-view[] diff --git a/rules/S2445/java/metadata.json b/rules/S2445/java/metadata.json index 86c7c0912a6..fd0f42ecff2 100644 --- a/rules/S2445/java/metadata.json +++ b/rules/S2445/java/metadata.json @@ -13,5 +13,6 @@ 412, 413 ] - } + }, + "scope": "Main" } diff --git a/rules/S2445/java/rule.adoc b/rules/S2445/java/rule.adoc index 8015b0c2c6f..c67f00f3823 100644 --- a/rules/S2445/java/rule.adoc +++ b/rules/S2445/java/rule.adoc @@ -40,8 +40,8 @@ private void doSomething(){ == Resources -* https://cwe.mitre.org/data/definitions/412[MITRE, CWE-412] - Unrestricted Externally Accessible Lock -* https://cwe.mitre.org/data/definitions/413[MITRE, CWE-413] - Improper Resource Locking +* CWE - https://cwe.mitre.org/data/definitions/412[CWE-412 - Unrestricted Externally Accessible Lock] +* CWE - https://cwe.mitre.org/data/definitions/413[CWE-413 - Improper Resource Locking] * https://wiki.sei.cmu.edu/confluence/x/djdGBQ[CERT, LCK00-J.] - Use private final lock objects to synchronize classes that may interact with untrusted code ifdef::env-github,rspecator-view[] diff --git a/rules/S2446/java/metadata.json b/rules/S2446/java/metadata.json index 8a84419595f..517ffd25cd6 100644 --- a/rules/S2446/java/metadata.json +++ b/rules/S2446/java/metadata.json @@ -17,17 +17,13 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2446", "sqKey": "S2446", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "THI02-J." diff --git a/rules/S2447/java/metadata.json b/rules/S2447/java/metadata.json index 764dd441ece..0a3a1c49f30 100644 --- a/rules/S2447/java/metadata.json +++ b/rules/S2447/java/metadata.json @@ -18,17 +18,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2447", "sqKey": "S2447", - "scope": "All", + "scope": "Main", "securityStandards": { "CWE": [ 476 diff --git a/rules/S2447/java/rule.adoc b/rules/S2447/java/rule.adoc index f7118bf717f..34d4ee0915b 100644 --- a/rules/S2447/java/rule.adoc +++ b/rules/S2447/java/rule.adoc @@ -48,7 +48,7 @@ public void caller() { == Resources -* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] * https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[CERT, EXP01-J.] - Do not use a null in a case where an object is required ifdef::env-github,rspecator-view[] diff --git a/rules/S2471/dart/metadata.json b/rules/S2471/dart/metadata.json new file mode 100644 index 00000000000..3f685bcbcca --- /dev/null +++ b/rules/S2471/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Variables should not be initialized with \"null\"" +} diff --git a/rules/S2471/dart/rule.adoc b/rules/S2471/dart/rule.adoc new file mode 100644 index 00000000000..744d46f6781 --- /dev/null +++ b/rules/S2471/dart/rule.adoc @@ -0,0 +1,62 @@ +== Why is this an issue? + +In Dart, there's no concept of "uninitialized memory". Everything must be initialized before use, otherwise a compile-time error is reported. In case of non-nullable type, it has to be explicitly initialized before use, and it can't be initialized with `null`. This is guaranteed by compiler. In case of non-nullable variable, it will be set to `null` implicitly. In both cases there is no need to initialize a variable with `null`. + +=== Exceptions + +In case of `final` and `const` variables or members, they have to be initialized explicitly, so using `null` there won't trigger this rule. + +[source,dart] +---- +const int? x = null; +---- + + +=== Noncompliant code example + +[source,dart] +---- +void f() { + int? x = null; + g(x); +} +---- + + +=== Compliant solution + +[source,dart] +---- +void f() { + int? x; + g(x); +} +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/avoid_init_to_null[Dart Linter rule - avoid_init_to_null] +* Dart Docs - https://dart.dev/language/variables#default-values[Dart language - default values] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Redundant initialization to 'null'. + +=== Highlighting + +The entire initialization expression, including the identifier and the assigned value, but excluding the type: e.g. `i1 = null` in `int? i1 = null`. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S2471/metadata.json b/rules/S2471/metadata.json index 2c63c085104..adc46c445c5 100644 --- a/rules/S2471/metadata.json +++ b/rules/S2471/metadata.json @@ -1,2 +1,27 @@ { + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "1min" + }, + "tags": [ + "clumsy" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + "InitializeWithNullCheck" + ] + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-2471", + "sqKey": "InitializeWithNullCheck", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S2471/plsql/metadata.json b/rules/S2471/plsql/metadata.json index 637789c1635..30a1d3011d0 100644 --- a/rules/S2471/plsql/metadata.json +++ b/rules/S2471/plsql/metadata.json @@ -1,28 +1,3 @@ { - "title": "Variables should not be initialized with \"NULL\"", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "1min" - }, - "tags": [ - "clumsy" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - "InitializeWithNullCheck" - ] - }, - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-2471", - "sqKey": "InitializeWithNullCheck", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" + "title": "Variables should not be initialized with \"NULL\"" } diff --git a/rules/S2486/dart/metadata.json b/rules/S2486/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S2486/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S2486/dart/rule.adoc b/rules/S2486/dart/rule.adoc new file mode 100644 index 00000000000..110be732f33 --- /dev/null +++ b/rules/S2486/dart/rule.adoc @@ -0,0 +1,75 @@ +== Why is this an issue? + +include::../description.adoc[] + +=== Noncompliant code example + +[source,dart] +---- +void save() { + try { + saveDocument(); + } catch (exception) { + } +} +---- + +=== Compliant solution + +[source,dart] +---- +void save() { + try { + saveDocument(); + } catch (exception) { + log(exception); + } +} +---- + +[source,dart] +---- +void save() { + try { + saveDocument(); + } catch (_) { // Compliant, ignored intentionally + } +} +---- + +[source,dart] +---- +void save() { + try { + saveDocument(); + } catch (exception) { // Compliant, left a comment + // ignored intentionally + } +} +---- + +include::../see.adoc[] + +* Dart Docs - https://dart.dev/tools/linter-rules/empty_catches[Dart Linter rule - empty_catches] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Empty catch block. + +=== Highlighting + +The empty catch body. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S2486/see.adoc b/rules/S2486/see.adoc index 409e9dca753..aad254e2681 100644 --- a/rules/S2486/see.adoc +++ b/rules/S2486/see.adoc @@ -1,5 +1,5 @@ == Resources -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures -* https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[OWASP Top 10 2017 Category A10] - Insufficient Logging & Monitoring -* https://cwe.mitre.org/data/definitions/390[MITRE, CWE-390] - Detection of Error Condition Without Action \ No newline at end of file +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[Top 10 2017 Category A10 - Insufficient Logging & Monitoring] +* CWE - https://cwe.mitre.org/data/definitions/390[CWE-390 - Detection of Error Condition Without Action] \ No newline at end of file diff --git a/rules/S2529/plsql/rule.adoc b/rules/S2529/plsql/rule.adoc index 8040292c3b6..4b07629c2dd 100644 --- a/rules/S2529/plsql/rule.adoc +++ b/rules/S2529/plsql/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Developers should use the ``++FROM ... OUTER JOIN++`` syntax rather than the Oracle join operator (``+``). The reason is that outer join queries that use ``+`` are subject to several restrictions which do not apply to the ``++FROM ... OUTER JOIN++`` syntax. For instance, a ``++WHERE++`` condition containing the ``+`` operator cannot be combined with another condition using the ``++OR++`` logical operator. +Developers should use the `FROM ... OUTER JOIN` syntax rather than the Oracle join operator (`+`). The reason is that outer join queries that use `+` are subject to several restrictions which do not apply to the `FROM ... OUTER JOIN` syntax. For instance, a `WHERE` condition containing the `+` operator cannot be combined with another condition using the `OR` logical operator. === Noncompliant code example diff --git a/rules/S2551/csharp/rule.adoc b/rules/S2551/csharp/rule.adoc index 1d5fa4b2eaf..4433a6fe4b9 100644 --- a/rules/S2551/csharp/rule.adoc +++ b/rules/S2551/csharp/rule.adoc @@ -1,6 +1,8 @@ +The instance passed to the https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/lock[`lock` statement] should be a dedicated private field. + include::../why-dotnet.adoc[] -The following objects are considered as shared resources: +The following objects are considered potentially prone to accidental lock sharing: * a reference to https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/this[this]: if the instance is publicly accessibly, the lock might be shared * a https://learn.microsoft.com/en-us/dotnet/api/system.type[Type] object: if the type class is publicly accessibly, the lock might be shared @@ -23,12 +25,16 @@ void MyLockingMethod() } ---- - ==== Compliant solution [source,csharp,diff-id=1,diff-type=compliant] ---- -private readonly object lockObj = new object(); +#if NET9_0_OR_GREATER +private readonly Lock lockObj = new(); +#else +private readonly object lockObj = new(); +#endif + void MyLockingMethod() { lock (lockObj) @@ -38,7 +44,8 @@ void MyLockingMethod() } ---- - include::../resources-dotnet.adoc[] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/lock[The lock statement - ensure exclusive access to a shared resource] + include::../rspecator.adoc[] diff --git a/rules/S2551/resources-dotnet.adoc b/rules/S2551/resources-dotnet.adoc index 78caea3ead9..8716c168b75 100644 --- a/rules/S2551/resources-dotnet.adoc +++ b/rules/S2551/resources-dotnet.adoc @@ -2,9 +2,9 @@ === Documentation -* https://en.wikipedia.org/wiki/Thread_(computing)[Thread] -* https://en.wikipedia.org/wiki/Lock_(computer_science)[Locking] -* https://en.wikipedia.org/wiki/Deadlock[Deadlock] -* https://en.wikipedia.org/wiki/Interning_(computer_science)[Interning] -* https://learn.microsoft.com/en-us/dotnet/api/system.string.intern#remarks[String interning by the runtime] -* https://docs.microsoft.com/en-us/dotnet/standard/threading/managed-threading-best-practices[Managed Threading Best Practices] \ No newline at end of file +* Wikipedia - https://en.wikipedia.org/wiki/Thread_(computing)[Thread] +* Wikipedia - https://en.wikipedia.org/wiki/Lock_(computer_science)[Locking] +* Wikipedia - https://en.wikipedia.org/wiki/Deadlock[Deadlock] +* Wikipedia - https://en.wikipedia.org/wiki/Interning_(computer_science)[Interning] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.string.intern#remarks[String interning by the runtime] +* Microsoft Learn - https://docs.microsoft.com/en-us/dotnet/standard/threading/managed-threading-best-practices[Managed Threading Best Practices] \ No newline at end of file diff --git a/rules/S2551/vbnet/rule.adoc b/rules/S2551/vbnet/rule.adoc index d872bc87e17..3f2495e99ac 100644 --- a/rules/S2551/vbnet/rule.adoc +++ b/rules/S2551/vbnet/rule.adoc @@ -1,10 +1,12 @@ +The instance passed to the https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/statements/synclock-statement[`SyncLock` statement] should be a dedicated private field. + include::../why-dotnet.adoc[] -The following objects are considered as shared resources: +The following objects are considered potentially prone to accidental lock sharing: -* a reference to https://learn.microsoft.com/en-us/dotnet/visual-basic/programming-guide/program-structure/me-my-mybase-and-myclass#me[Me]: if the instance is publicly accessibly, the lock might be shared -* a https://learn.microsoft.com/en-us/dotnet/api/system.type[Type] object: if the type class is publicly accessibly, the lock might be shared -* a https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/data-types/string-data-type[string] literal or instance: if any other part of the program uses the same string, the lock is shared because of interning +* a reference to https://learn.microsoft.com/en-us/dotnet/visual-basic/programming-guide/program-structure/me-my-mybase-and-myclass#me[Me]: if the instance is publicly accessible, the lock might be shared +* a https://learn.microsoft.com/en-us/dotnet/api/system.type[Type] object: if the type class is publicly accessible, the lock might be shared +* a https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/data-types/string-data-type[String] literal or instance: if any other part of the program uses the same string, the lock is shared because of interning == How to fix it @@ -35,4 +37,6 @@ End Sub include::../resources-dotnet.adoc[] -include::../rspecator.adoc[] \ No newline at end of file +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/statements/synclock-statement[SyncLock Statement] + +include::../rspecator.adoc[] diff --git a/rules/S2551/why-dotnet.adoc b/rules/S2551/why-dotnet.adoc index 76746ddd398..379c23fb475 100644 --- a/rules/S2551/why-dotnet.adoc +++ b/rules/S2551/why-dotnet.adoc @@ -1,9 +1,7 @@ == Why is this an issue? -A shared resource refers to a resource or data that can be accessed or modified by multiple https://en.wikipedia.org/wiki/Thread_(computing)[threads] or concurrent parts of a program. It could be any piece of data, object, file, database connection, or system resource that needs to be accessed or manipulated by multiple parts of a program concurrently. +If the instance representing an exclusively acquired lock is publicly accessible, another thread in another part of the program could accidentally attempt to acquire the same lock. This increases the likelihood of https://en.wikipedia.org/wiki/Deadlock[deadlocks]. -Shared resources should not be used for https://en.wikipedia.org/wiki/Lock_(computer_science)[locking] as it increases the chance of https://en.wikipedia.org/wiki/Deadlock[deadlocks]. Any other thread could acquire (or attempt to acquire) the same lock while doing some operation, without knowing that the resource is meant to be used for locking purposes. +For example, a `string` should never be used for locking. When a `string` is https://en.wikipedia.org/wiki/Interning_(computer_science)[interned] by the runtime, it can be shared by multiple threads, breaking the locking mechanism. -One case of this is strings, which are https://en.wikipedia.org/wiki/Interning_(computer_science)[interned] by the runtime. This means that each string instance is immutable and stored, and then is reused everywhere it is referenced. - -Instead, a dedicated private `object` instance should be used for each shared resource. Making the lock-specific object `private` guarantees that the access to it is as minimal as possible, in order to avoid deadlocks or lock contention. \ No newline at end of file +Instead, a dedicated private https://learn.microsoft.com/en-us/dotnet/api/system.threading.lock?view=net-9.0[`Lock`] object instance (or `object` instance, for frameworks before .Net 9) should be used for locking. This minimizes access to the lock instance and therefore prevents accidential lock sharing. diff --git a/rules/S2574/java/rule.adoc b/rules/S2574/java/rule.adoc index a854f868a6d..49f5dc74bdd 100644 --- a/rules/S2574/java/rule.adoc +++ b/rules/S2574/java/rule.adoc @@ -4,7 +4,7 @@ include::../rule-except-see.adoc[] == Resources -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] * https://wiki.sei.cmu.edu/confluence/x/7jdGBQ[CERT, IDS51-J.] - Properly encode or escape output * https://wiki.sei.cmu.edu/confluence/x/FDZGBQ[CERT, IDS52-J.] - Prevent code injection diff --git a/rules/S2575/see.adoc b/rules/S2575/see.adoc index b454b32abe6..4281c7301b7 100644 --- a/rules/S2575/see.adoc +++ b/rules/S2575/see.adoc @@ -1,7 +1,7 @@ == Resources -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') -* https://cwe.mitre.org/data/definitions/80[MITRE, CWE-80] - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) -* https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF) +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] +* CWE - https://cwe.mitre.org/data/definitions/80[CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)] +* CWE - https://cwe.mitre.org/data/definitions/352[CWE-352 - Cross-Site Request Forgery (CSRF)] diff --git a/rules/S2577/java/rule.adoc b/rules/S2577/java/rule.adoc index db8b9a2cec4..216602c4439 100644 --- a/rules/S2577/java/rule.adoc +++ b/rules/S2577/java/rule.adoc @@ -41,8 +41,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) { == Resources -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] * {link-with-uscores1}[OWASP, XSS (Cross Site Scripting) Prevention Cheat Sheet] - Rule #3.1 ifdef::env-github,rspecator-view[] diff --git a/rules/S2578/html/rule.adoc b/rules/S2578/html/rule.adoc index 3226c3baacf..5f7fb5a1aee 100644 --- a/rules/S2578/html/rule.adoc +++ b/rules/S2578/html/rule.adoc @@ -36,11 +36,11 @@ This rule checks that values are not written directly into ``++application/json+ == Resources -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md[OWASP XSS (Cross Site Scripting) Prevention Cheat Sheet] -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') -* https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF) +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] +* CWE - https://cwe.mitre.org/data/definitions/352[CWE-352 - Cross-Site Request Forgery (CSRF)] diff --git a/rules/S2583/cfamily/rule.adoc b/rules/S2583/cfamily/rule.adoc index dc12e6fa31d..2bf77dca7c9 100644 --- a/rules/S2583/cfamily/rule.adoc +++ b/rules/S2583/cfamily/rule.adoc @@ -8,8 +8,8 @@ include::../noncompliant.adoc[] * MISRA C:2004, 13.7 - Boolean operations whose results are invariant shall not be permitted. * MISRA C:2012, 14.3 - Controlling expressions shall not be invariant -* https://cwe.mitre.org/data/definitions/570[MITRE, CWE-570] - Expression is Always False -* https://cwe.mitre.org/data/definitions/571[MITRE, CWE-571] - Expression is Always True +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] * https://wiki.sei.cmu.edu/confluence/x/5dUxBQ[CERT, MSC12-C.] - Detect and remove code that has no effect or is never executed ifdef::env-github,rspecator-view[] diff --git a/rules/S2583/comments-and-links.adoc b/rules/S2583/comments-and-links.adoc index b1812a1b7e6..31c575bad66 100644 --- a/rules/S2583/comments-and-links.adoc +++ b/rules/S2583/comments-and-links.adoc @@ -42,7 +42,7 @@ Last one should be already supported in fact. The message should be improved, as it is misleading. For example when the boolean expression is part of a chain of ``++OR++`` expressions, the subsequent code will be executed. Therefore _some subsequent code is never executed_ is misleading. (cc [~nicolas.harraudeau]) -Example for csharp (which came in https://github.com/SonarSource/sonar-dotnet/issues/2411[issue #2411]). Although this specific example is rather an occurence of https://rules.sonarsource.com/csharp/RSPEC-2589[RSPEC-2589] _Boolean expressions should not be gratuitous..._ +Example for csharp (which came in https://github.com/SonarSource/sonar-dotnet/issues/2411[issue #2411]). Although this specific example is rather an occurence of S2589 _Boolean expressions should not be gratuitous..._ ---- public void DoTest(Guid guid) diff --git a/rules/S2583/csharp/metadata.json b/rules/S2583/csharp/metadata.json index 82d2b123450..27e2c1ad07e 100644 --- a/rules/S2583/csharp/metadata.json +++ b/rules/S2583/csharp/metadata.json @@ -1,3 +1,10 @@ { - "quickfix": "targeted" + "quickfix": "targeted", + "tags": [ + "cwe", + "unused", + "suspicious", + "pitfall", + "symbolic-execution" + ] } diff --git a/rules/S2583/java/rule.adoc b/rules/S2583/java/rule.adoc index 3c021c34a88..affc10f4043 100644 --- a/rules/S2583/java/rule.adoc +++ b/rules/S2583/java/rule.adoc @@ -30,8 +30,8 @@ In these cases it is obvious the code is as intended. == Resources -* https://cwe.mitre.org/data/definitions/570[MITRE, CWE-570] - Expression is Always False -* https://cwe.mitre.org/data/definitions/571[MITRE, CWE-571] - Expression is Always True +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] * https://wiki.sei.cmu.edu/confluence/x/5dUxBQ[CERT, MSC12-C.] - Detect and remove code that has no effect or is never executed ifdef::env-github,rspecator-view[] diff --git a/rules/S2583/see.adoc b/rules/S2583/see.adoc index 715e652aed2..e2be46f6526 100644 --- a/rules/S2583/see.adoc +++ b/rules/S2583/see.adoc @@ -1,5 +1,5 @@ == Resources -* https://cwe.mitre.org/data/definitions/570[MITRE, CWE-570] - Expression is Always False -* https://cwe.mitre.org/data/definitions/571[MITRE, CWE-571] - Expression is Always True +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] * Wikipedia - https://en.wikipedia.org/wiki/Unreachable_code[Unreachable code] diff --git a/rules/S2583/vbnet/metadata.json b/rules/S2583/vbnet/metadata.json index 82d2b123450..27e2c1ad07e 100644 --- a/rules/S2583/vbnet/metadata.json +++ b/rules/S2583/vbnet/metadata.json @@ -1,3 +1,10 @@ { - "quickfix": "targeted" + "quickfix": "targeted", + "tags": [ + "cwe", + "unused", + "suspicious", + "pitfall", + "symbolic-execution" + ] } diff --git a/rules/S2589/cfamily/metadata.json b/rules/S2589/cfamily/metadata.json index a03dd487f3c..7105afa78c4 100644 --- a/rules/S2589/cfamily/metadata.json +++ b/rules/S2589/cfamily/metadata.json @@ -1,4 +1,5 @@ { + "status": "closed", "tags": [ "cwe", "based-on-misra", @@ -8,9 +9,7 @@ "redundant", "misra-c2012" ], - "defaultQualityProfiles": [ - "Sonar way" - ], + "defaultQualityProfiles": [], "securityStandards": { "CERT": [ "MSC12-C." diff --git a/rules/S2589/cfamily/rule.adoc b/rules/S2589/cfamily/rule.adoc index 91a5a7e138b..eb822b7e40d 100644 --- a/rules/S2589/cfamily/rule.adoc +++ b/rules/S2589/cfamily/rule.adoc @@ -42,8 +42,8 @@ if (c) { * MISRA C:2004, 13.7 - Boolean operations whose results are invariant shall not be permitted. * MISRA C:2012, 14.3 - Controlling expressions shall not be invariant -* https://cwe.mitre.org/data/definitions/571[MITRE, CWE-571] - Expression is Always True -* https://cwe.mitre.org/data/definitions/570[MITRE, CWE-570] - Expression is Always False +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] * https://wiki.sei.cmu.edu/confluence/x/5dUxBQ[CERT, MSC12-C.] - Detect and remove code that has no effect or is never executed ifdef::env-github,rspecator-view[] diff --git a/rules/S2589/comments-and-links.adoc b/rules/S2589/comments-and-links.adoc index 273151ee155..5fca8d13c57 100644 --- a/rules/S2589/comments-and-links.adoc +++ b/rules/S2589/comments-and-links.adoc @@ -9,3 +9,6 @@ Question : should we consider this RSPEC as being fully a subset of RSPEC-2583 ? === on 29 Feb 2016, 08:37:04 Pierre-Yves Nicolas wrote: \[~freddy.mallet] I don't really see why this RSPEC is "fully a subset of RSPEC-2583". Maybe that makes sense if it is implemented through symbolic execution with short-circuit logical operators, but then it all depends on the order of sub-conditions. Please consider ``++IF X > 1 AND X = 5++``: I think that this code would raise an issue for the current description of this RSPEC, but not for RSPEC-2583. + +=== on 26 Mar 2024, 08:15:00 Philipp Dominik Schubert wrote: +We created a circle to discuss CFamily's rules on dead code and decided to disable this rule in the CFamily analyzer since we believe it provides relatively low value and is not even implemented in CFamily's analyzer (cf. https://sonarsource.atlassian.net/browse/CPP-5165). diff --git a/rules/S2589/csharp/metadata.json b/rules/S2589/csharp/metadata.json index 17971333806..2b1b8d68008 100644 --- a/rules/S2589/csharp/metadata.json +++ b/rules/S2589/csharp/metadata.json @@ -1,3 +1,8 @@ { - + "tags": [ + "cwe", + "suspicious", + "redundant", + "symbolic-execution" + ] } diff --git a/rules/S2589/csharp/rule.adoc b/rules/S2589/csharp/rule.adoc index 81cd9081e4d..ef7a1ff0dce 100644 --- a/rules/S2589/csharp/rule.adoc +++ b/rules/S2589/csharp/rule.adoc @@ -120,8 +120,8 @@ public void Sample(bool b, bool c, string s) === Documentation -* https://cwe.mitre.org/data/definitions/571[MITRE, CWE-571] - Expression is Always True -* https://cwe.mitre.org/data/definitions/570[MITRE, CWE-570] - Expression is Always False +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] * https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/boolean-logical-operators#conditional-logical-and-operator-[Conditional logical AND operator &&] * https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/boolean-logical-operators#conditional-logical-or-operator-[Conditional logical OR operator ||] * https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/null-coalescing-operator[Null-coalescing operators ?? and ??=] diff --git a/rules/S2589/python/rule.adoc b/rules/S2589/python/rule.adoc index 9b4f0c9dc39..b3149910339 100644 --- a/rules/S2589/python/rule.adoc +++ b/rules/S2589/python/rule.adoc @@ -28,7 +28,7 @@ def f(b): ==== Noncompliant code example -[source,python,diff-id=2,diff-type=compliant] +[source,python,diff-id=2,diff-type=noncompliant] ---- def f(a, b): if a is None and b is None: @@ -39,7 +39,7 @@ def f(a, b): ==== Compliant solution -[source,python,diff-id=2,diff-type=noncompliant] +[source,python,diff-id=2,diff-type=compliant] ---- def f(a, b): if a is None and b is None: diff --git a/rules/S2589/see.adoc b/rules/S2589/see.adoc index 70ff278ce20..f8f5fb79575 100644 --- a/rules/S2589/see.adoc +++ b/rules/S2589/see.adoc @@ -2,5 +2,5 @@ === Articles & blog posts -* https://cwe.mitre.org/data/definitions/571[MITRE, CWE-571] - Expression is Always True -* https://cwe.mitre.org/data/definitions/570[MITRE, CWE-570] - Expression is Always False +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] diff --git a/rules/S2589/vbnet/metadata.json b/rules/S2589/vbnet/metadata.json index 3811ab0a164..753a79b6b62 100644 --- a/rules/S2589/vbnet/metadata.json +++ b/rules/S2589/vbnet/metadata.json @@ -1,3 +1,9 @@ { - "quickfix": "targeted" + "quickfix": "targeted" , + "tags": [ + "cwe", + "suspicious", + "redundant", + "symbolic-execution" + ] } diff --git a/rules/S2589/vbnet/rule.adoc b/rules/S2589/vbnet/rule.adoc index 66c92be5e2f..095ef663b12 100644 --- a/rules/S2589/vbnet/rule.adoc +++ b/rules/S2589/vbnet/rule.adoc @@ -86,8 +86,8 @@ End Sub === Documentation -* https://cwe.mitre.org/data/definitions/571[MITRE, CWE-571] - Expression is Always True -* https://cwe.mitre.org/data/definitions/570[MITRE, CWE-570] - Expression is Always False +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] * Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/visual-basic/programming-guide/language-features/operators-and-expressions/logical-and-bitwise-operators[Logical and Bitwise Operators in Visual Basic] * Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/operators/null-conditional-operators[?. and ?() null-conditional operators (Visual Basic)] * Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/operators/null-conditional-operators[If operator called with two arguments] diff --git a/rules/S2598/javascript/rule.adoc b/rules/S2598/javascript/rule.adoc index 3c6f5ee1226..cc60c5cdfb9 100644 --- a/rules/S2598/javascript/rule.adoc +++ b/rules/S2598/javascript/rule.adoc @@ -12,9 +12,9 @@ include::how-to-fix-it/multer.adoc[] == Resources -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://cwe.mitre.org/data/definitions/434[MITRE, CWE-434] - Unrestricted Upload of File with Dangerous Type -* https://cwe.mitre.org/data/definitions/400[MITRE, CWE-400] - Uncontrolled Resource Consumption +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* CWE - https://cwe.mitre.org/data/definitions/434[CWE-434 - Unrestricted Upload of File with Dangerous Type] +* CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption] * https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload[OWASP Unrestricted File Upload] - Unrestricted File Upload diff --git a/rules/S2608/rule.adoc b/rules/S2608/rule.adoc index 37146a7700d..10858e6e185 100644 --- a/rules/S2608/rule.adoc +++ b/rules/S2608/rule.adoc @@ -20,6 +20,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr == Resources -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://cwe.mitre.org/data/definitions/807[MITRE, CWE-807] - Reliance on Untrusted Inputs in a Security Decision +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* CWE - https://cwe.mitre.org/data/definitions/807[CWE-807 - Reliance on Untrusted Inputs in a Security Decision] diff --git a/rules/S2611/javascript/rule.adoc b/rules/S2611/javascript/rule.adoc index 6cc10ca52ea..c6c47a57850 100644 --- a/rules/S2611/javascript/rule.adoc +++ b/rules/S2611/javascript/rule.adoc @@ -18,8 +18,8 @@ include("http://hackers.com/steal.js") // Noncompliant == Resources -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/829[MITRE, CWE-829] - Inclusion of Functionality from Untrusted Control Sphere +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/829[CWE-829 - Inclusion of Functionality from Untrusted Control Sphere] ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/ansible/metadata.json b/rules/S2612/ansible/metadata.json new file mode 100644 index 00000000000..dc42ee2376c --- /dev/null +++ b/rules/S2612/ansible/metadata.json @@ -0,0 +1,33 @@ +{ + "tags": [ + "cwe" + ], + "securityStandards": { + "CERT": [ + + ], + "CWE": [ + 732, + 266 + ], + "OWASP": [ + + ], + "OWASP Top 10 2021": [ + + ], + "PCI DSS 3.2": [ + + ], + "PCI DSS 4.0": [ + + ], + "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222430" + ] + }, + "quickfix": "unknown" +} diff --git a/rules/S2612/ansible/rule.adoc b/rules/S2612/ansible/rule.adoc new file mode 100644 index 00000000000..7cd8afaa010 --- /dev/null +++ b/rules/S2612/ansible/rule.adoc @@ -0,0 +1,86 @@ +include::../description.adoc[] + +== Ask Yourself Whether + +* The Ansible host is designed to have multiple users. +* Services are run by dedicated low-privileged users to achieve privileges separation. + +There is a risk if you answered yes to any of those questions. + +include::../recommended.adoc[] + +To be secure, remove the unnecessary permissions. If required, use `owner` and `group` to +set the target user and group. + +== Sensitive Code Example + +[source,yaml] +---- +--- +- name: My deployment + hosts: all + tasks: + - name: Create /etc/demo with permissions + ansible.builtin.file: + path: /etc/demo + state: directory + mode: '0777' # Sensitive + + - name: Copy demo3.conf and set symbolic permissions + ansible.builtin.copy: + src: /files/demo.conf + dest: /etc/demo/demo.conf + mode: 'a=r,u+w' # Sensitive +---- + +== Compliant Solution + +[source,yaml] +---- +--- +- name: My deployment + hosts: all + tasks: + - name: Create /etc/demo with permissions + ansible.builtin.file: + path: /etc/demo + state: directory + mode: '0770' + + - name: Copy demo3.conf and set symbolic permissions + ansible.builtin.copy: + src: /files/demo.conf + dest: /etc/demo/demo.conf + mode: 'g=r,u+w,o=' +---- + +== See + +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* Ansible Community Documentation - https://docs.ansible.com/ansible/latest/collections/ansible/builtin/[Ansible.Builtin module] +* Ansible Community Documentation - https://docs.ansible.com/ansible/latest/collections/community/general/[Community.General module] +* GNU Coreutils - https://www.gnu.org/software/coreutils/manual/html_node/chown-invocation.html[chmod command] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Make sure granting access to others is safe here. + +== Highlighting + +* Highlight the `mode` value. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S2612/cfamily/metadata.json b/rules/S2612/cfamily/metadata.json index 1647fe19119..1fa6617f460 100644 --- a/rules/S2612/cfamily/metadata.json +++ b/rules/S2612/cfamily/metadata.json @@ -27,6 +27,9 @@ ], "ASVS 4.0": [ "4.3.3" + ], + "STIG ASD_V5R3": [ + "V-222430" ] } } diff --git a/rules/S2612/cfamily/rule.adoc b/rules/S2612/cfamily/rule.adoc index 2c90be9e880..9e92e8b1334 100644 --- a/rules/S2612/cfamily/rule.adoc +++ b/rules/S2612/cfamily/rule.adoc @@ -57,13 +57,15 @@ umask(S_IRWXO); // Compliant: further created files or directories will not have == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission[OWASP File Permission] -* https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource -* https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] - Incorrect Privilege Assignment +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] * https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions[CERT, FIO06-C.] - Create files with appropriate access permissions +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. + ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/docker/metadata.json b/rules/S2612/docker/metadata.json index 461042dc3ec..8a70ddd1a4a 100644 --- a/rules/S2612/docker/metadata.json +++ b/rules/S2612/docker/metadata.json @@ -5,19 +5,28 @@ ], "securityStandards": { "CERT": [ + ], "CWE": [ 732 ], "OWASP": [ + ], "OWASP Top 10 2021": [ + ], "PCI DSS 3.2": [ + ], "PCI DSS 4.0": [ + ], "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222430" ] }, "quickfix": "unknown" diff --git a/rules/S2612/docker/rule.adoc b/rules/S2612/docker/rule.adoc index 4de40abf810..fcdc84991db 100644 --- a/rules/S2612/docker/rule.adoc +++ b/rules/S2612/docker/rule.adoc @@ -40,11 +40,13 @@ RUN chmod +t resource == See -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-732 - Incorrect Permission Assignment for Critical Resource] * https://docs.docker.com/engine/reference/builder/#add[ADD] - Docker ADD command * https://docs.docker.com/engine/reference/builder/#copy[COPY] - Docker COPY command * https://man.archlinux.org/man/core/man-pages/chmod.1p.en[chmod reference] - `chmod` command * https://man.archlinux.org/man/chown.1.en[chown reference] - `chown` command +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. + ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/java/metadata.json b/rules/S2612/java/metadata.json index d19d99bbb7b..88e292a663c 100644 --- a/rules/S2612/java/metadata.json +++ b/rules/S2612/java/metadata.json @@ -27,6 +27,9 @@ ], "ASVS 4.0": [ "4.3.3" + ], + "STIG ASD_V5R3": [ + "V-222430" ] }, "quickfix": "unknown" diff --git a/rules/S2612/java/rule.adoc b/rules/S2612/java/rule.adoc index 25ea91b8c01..0dea0afec3d 100644 --- a/rules/S2612/java/rule.adoc +++ b/rules/S2612/java/rule.adoc @@ -64,14 +64,16 @@ On operating systems that implement POSIX standard. This will throw a ``++Unsupp == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission[OWASP File Permission] -* https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource -* https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] - Incorrect Privilege Assignment +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] * https://wiki.sei.cmu.edu/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions[CERT, FIO01-J.] - Create files with appropriate access permissions * https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions[CERT, FIO06-C.] - Create files with appropriate access permissions +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. + ifdef::env-github,rspecator-view[] diff --git a/rules/S2612/metadata.json b/rules/S2612/metadata.json index 581f40b637c..43b8f5f019c 100644 --- a/rules/S2612/metadata.json +++ b/rules/S2612/metadata.json @@ -47,6 +47,9 @@ ], "ASVS 4.0": [ "4.3.3" + ], + "STIG ASD_V5R3": [ + "V-222430" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2612/see.adoc b/rules/S2612/see.adoc index 3b146f15338..1b512527ba7 100644 --- a/rules/S2612/see.adoc +++ b/rules/S2612/see.adoc @@ -1,8 +1,10 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission[OWASP File Permission] -* https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource -* https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] - Incorrect Privilege Assignment +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. + diff --git a/rules/S2613/cfamily/rule.adoc b/rules/S2613/cfamily/rule.adoc index 79f94383e9d..913cf79f94c 100644 --- a/rules/S2613/cfamily/rule.adoc +++ b/rules/S2613/cfamily/rule.adoc @@ -22,7 +22,7 @@ char** addOne(char ** cpp, int len) { == Resources -* https://cwe.mitre.org/data/definitions/131[MITRE, CWE-131] - Incorrect Calculation of Buffer Size +* CWE - https://cwe.mitre.org/data/definitions/131[CWE-131 - Incorrect Calculation of Buffer Size] ifdef::env-github,rspecator-view[] diff --git a/rules/S2615/cfamily/rule.adoc b/rules/S2615/cfamily/rule.adoc index 69d8f292f1f..0ad7cc79dbd 100644 --- a/rules/S2615/cfamily/rule.adoc +++ b/rules/S2615/cfamily/rule.adoc @@ -2,8 +2,8 @@ include::../rule.adoc[] == Resources -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/134[MITRE, CWE-134] - Use of Externally-Controlled Format String +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/134[CWE-134 - Use of Externally-Controlled Format String] * https://wiki.sei.cmu.edu/confluence/x/RdYxBQ[CERT, FIO30-C.] - Exclude user input from format strings ifdef::env-github,rspecator-view[] diff --git a/rules/S2615/java/rule.adoc b/rules/S2615/java/rule.adoc index 69d8f292f1f..0ad7cc79dbd 100644 --- a/rules/S2615/java/rule.adoc +++ b/rules/S2615/java/rule.adoc @@ -2,8 +2,8 @@ include::../rule.adoc[] == Resources -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/134[MITRE, CWE-134] - Use of Externally-Controlled Format String +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/134[CWE-134 - Use of Externally-Controlled Format String] * https://wiki.sei.cmu.edu/confluence/x/RdYxBQ[CERT, FIO30-C.] - Exclude user input from format strings ifdef::env-github,rspecator-view[] diff --git a/rules/S2615/swift/rule.adoc b/rules/S2615/swift/rule.adoc index 7997b15337e..6d009007df4 100644 --- a/rules/S2615/swift/rule.adoc +++ b/rules/S2615/swift/rule.adoc @@ -2,8 +2,8 @@ include::../rule.adoc[] == Resources -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/134[MITRE, CWE-134] - Use of Externally-Controlled Format String +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/134[CWE-134 - Use of Externally-Controlled Format String] ifdef::env-github,rspecator-view[] diff --git a/rules/S2629/csharp/metadata.json b/rules/S2629/csharp/metadata.json new file mode 100644 index 00000000000..2391e038bc2 --- /dev/null +++ b/rules/S2629/csharp/metadata.json @@ -0,0 +1,4 @@ +{ + "title": "Logging templates should be constant", + "quickfix": "infeasible" +} \ No newline at end of file diff --git a/rules/S2629/csharp/rule.adoc b/rules/S2629/csharp/rule.adoc new file mode 100644 index 00000000000..fa281a8f3e8 --- /dev/null +++ b/rules/S2629/csharp/rule.adoc @@ -0,0 +1,218 @@ +== Why is this an issue? + +Logging arguments should not require evaluation in order to avoid unnecessary performance overhead. When passing concatenated strings or string interpolations directly into a logging method, the evaluation of these expressions occurs every time the logging method is called, regardless of the log level. This can lead to inefficient code execution and increased resource consumption. + +Instead, it is recommended to use the overload of the logger that accepts a log format and its arguments as separate parameters. By separating the log format from the arguments, the evaluation of expressions can be deferred until it is necessary, based on the log level. This approach improves performance by reducing unnecessary evaluations and ensures that logging statements are only evaluated when needed. + +Furthermore, using a constant log format enhances observability and facilitates searchability in log aggregation and monitoring software. + +The rule covers the following logging frameworks: + +* https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] +* https://www.nuget.org/packages/Castle.Core[Castle.Core] +* https://www.nuget.org/packages/log4net[log4net] +* https://www.nuget.org/packages/Serilog[Serilog] +* https://www.nuget.org/packages/NLog[Nlog] + +== How to fix it + +Use an overload that takes the log format and the parameters as separate arguments. The log format should be a constant string. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +logger.DebugFormat($"The value of the parameter is: {parameter}."); +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +logger.DebugFormat("The value of the parameter is: {Parameter}.", parameter); +---- + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.runtime.compilerservices.interpolatedstringhandlerattribute[InterpolatedStringHandlerArgumentAttribute] + +=== Benchmarks + +[options="header"] +|=== +| Method | Runtime | Mean | Standard Deviation | Allocated +| | | | | +| CastleCoreLoggingTemplateNotConstant | .NET 9.0 | 230.306 us | 2.7116 us | 479200 B +| CastleCoreLoggingTemplateConstant | .NET 9.0 | 46.827 us | 1.4743 us | 560000 B +| CastleCoreLoggingTemplateNotConstant | .NET Framework 4.8.1 | 1,060.413 us | 32.3559 us | 1115276 B +| CastleCoreLoggingTemplateConstant | .NET Framework 4.8.1 | 93.697 us | 1.8201 us | 561650 B +| | | | | +| MSLoggingTemplateNotConstant | .NET 9.0 | 333.246 us | 12.9214 us | 479200 B +| MSLoggingTemplateConstant | .NET 9.0 | 441.118 us | 68.7999 us | 560000 B +| MSLoggingTemplateNotConstant | .NET Framework 4.8.1 | 1,542.076 us | 99.3423 us | 1115276 B +| MSLoggingTemplateConstant | .NET Framework 4.8.1 | 698.071 us | 18.6319 us | 561653 B +| | | | | +| NLogLoggingTemplateNotConstant | .NET 9.0 | 178.789 us | 9.2528 us | 479200 B +| NLogLoggingTemplateConstant | .NET 9.0 | 6.009 us | 1.3303 us | - +| NLogLoggingTemplateNotConstant | .NET Framework 4.8.1 | 1,086.260 us | 44.1670 us | 1115276 B +| NLogLoggingTemplateConstant | .NET Framework 4.8.1 | 25.132 us | 0.5666 us | - +| | | | | +| SerilogLoggingTemplateNotConstant | .NET 9.0 | 234.460 us | 7.4831 us | 479200 B +| SerilogLoggingTemplateConstant | .NET 9.0 | 49.854 us | 1.8232 us | - +| SerilogLoggingTemplateNotConstant | .NET Framework 4.8.1 | 1,103.939 us | 47.0203 us | 1115276 B +| SerilogLoggingTemplateConstant | .NET Framework 4.8.1 | 35.752 us | 0.6022 us | - +| | | | | +| Log4NetLoggingTemplateNotConstant | .NET 9.0 | 255.754 us | 5.6046 us | 479200 B +| Log4NetLoggingTemplateConstant | .NET 9.0 | 46.425 us | 1.7087 us | 240000 B +| Log4NetLoggingTemplateNotConstant | .NET Framework 4.8.1 | 1,109.874 us | 23.4388 us | 1115276 B +| Log4NetLoggingTemplateConstant | .NET Framework 4.8.1 | 92.305 us | 2.4161 us | 240707 B +|=== + + + +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] + +The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: + +[source,csharp] +---- +using Microsoft.Extensions.Logging; +using ILogger = Microsoft.Extensions.Logging.ILogger; + +[Params(10_000)] +public int Iterations; + +private ILogger ms_logger; +private Castle.Core.Logging.ILogger cc_logger; +private log4net.ILog l4n_logger; +private Serilog.ILogger se_logger; +private NLog.ILogger nl_logger; + +[GlobalSetup] +public void GlobalSetup() +{ + ms_logger = new LoggerFactory().CreateLogger(); + cc_logger = new Castle.Core.Logging.NullLogFactory().Create("Castle.Core.Logging"); + l4n_logger = log4net.LogManager.GetLogger(typeof(LoggingTemplates)); + se_logger = Serilog.Log.Logger; + nl_logger = NLog.LogManager.GetLogger("NLog"); +} + +[BenchmarkCategory("Microsoft.Extensions.Logging")] +[Benchmark] +public void MSLoggingTemplateNotConstant() +{ + for (int i = 0; i < Iterations; i++) + { + ms_logger.LogInformation($"Param: {i}"); + } +} + +[BenchmarkCategory("Microsoft.Extensions.Logging")] +[Benchmark] +public void MSLoggingTemplateConstant() +{ + for (int i = 0; i < Iterations; i++) + { + ms_logger.LogInformation("Param: {Parameter}", i); + } +} + +[BenchmarkCategory("Castle.Core.Logging")] +[Benchmark] +public void CastleCoreLoggingTemplateNotConstant() +{ + for (int i = 0; i < Iterations; i++) + { + cc_logger.Info($"Param: {i}"); + } +} + +[BenchmarkCategory("Castle.Core.Logging")] +[Benchmark] +public void CastleCoreLoggingTemplateConstant() +{ + for (int i = 0; i < Iterations; i++) + { + cc_logger.InfoFormat("Param: {Parameter}", i); + } +} + +[BenchmarkCategory("log4net")] +[Benchmark] +public void Log4NetLoggingTemplateNotConstant() +{ + for (int i = 0; i < Iterations; i++) + { + l4n_logger.Info($"Param: {i}"); + } +} + +[BenchmarkCategory("log4net")] +[Benchmark] +public void Log4NetLoggingTemplateConstant() +{ + for (int i = 0; i < Iterations; i++) + { + l4n_logger.InfoFormat("Param: {Parameter}", i); + } +} + +[BenchmarkCategory("Serilog")] +[Benchmark] +public void SerilogLoggingTemplateNotConstant() +{ + for (int i = 0; i < Iterations; i++) + { + se_logger.Information($"Param: {i}"); + } +} + +[BenchmarkCategory("Serilog")] +[Benchmark] +public void SerilogLoggingTemplateConstant() +{ + for (int i = 0; i < Iterations; i++) + { + se_logger.Information("Param: {Parameter}", i); + } +} + +[BenchmarkCategory("NLog")] +[Benchmark] +public void NLogLoggingTemplateNotConstant() +{ + for (int i = 0; i < Iterations; i++) + { + nl_logger.Info($"Param: {i}"); + } +} + +[BenchmarkCategory("NLog")] +[Benchmark] +public void NLogLoggingTemplateConstant() +{ + for (int i = 0; i < Iterations; i++) + { + nl_logger.Info("Param: {Parameter}", i); + } +} +---- + +Hardware Configuration: + +[source] +---- +BenchmarkDotNet v0.14.0, Windows 10 (10.0.19045.5247/22H2/2022Update) +12th Gen Intel Core i7-12800H, 1 CPU, 20 logical and 14 physical cores + [Host] : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 + .NET 9.0 : .NET 9.0.0 (9.0.24.52809), X64 RyuJIT AVX2 + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 +---- diff --git a/rules/S2629/metadata.json b/rules/S2629/metadata.json index 2c63c085104..cc69590e207 100644 --- a/rules/S2629/metadata.json +++ b/rules/S2629/metadata.json @@ -1,2 +1,35 @@ { + "title": "\"Preconditions\" and logging arguments should not require evaluation", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "EFFICIENT" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "performance", + "logging" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-2629", + "sqKey": "S2629", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S2631/common/resources/standards.adoc b/rules/S2631/common/resources/standards.adoc index 79d50edcc54..4c60f6b3f15 100644 --- a/rules/S2631/common/resources/standards.adoc +++ b/rules/S2631/common/resources/standards.adoc @@ -1,7 +1,11 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/400[MITRE, CWE-400] - Uncontrolled Resource Consumption -* https://cwe.mitre.org/data/definitions/1333[MITRE, CWE-1333] - Inefficient Regular Expression Complexity +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption] +* CWE - https://cwe.mitre.org/data/definitions/1333[CWE-1333 - Inefficient Regular Expression Complexity] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222594[Application Security and Development: V-222594] - The application must restrict the ability to launch Denial of Service (DoS) attacks against itself or other information systems. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. + diff --git a/rules/S2631/metadata.json b/rules/S2631/metadata.json index bebe700f401..5c368744cca 100644 --- a/rules/S2631/metadata.json +++ b/rules/S2631/metadata.json @@ -50,6 +50,11 @@ "12.1.1", "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222594", + "V-222609", + "V-222667" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2637/cfamily/metadata.json b/rules/S2637/cfamily/metadata.json index 5cafcfbdce8..dfdd955974c 100644 --- a/rules/S2637/cfamily/metadata.json +++ b/rules/S2637/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "\"nonnull\" pointers should not be set to null", + "title": "\"nonnull\" parameters and return values of \"returns_nonnull\" functions should not be null", "tags": [ "cwe", "symbolic-execution", diff --git a/rules/S2637/cfamily/rule.adoc b/rules/S2637/cfamily/rule.adoc index 6dd1538ea35..d6a61eed063 100644 --- a/rules/S2637/cfamily/rule.adoc +++ b/rules/S2637/cfamily/rule.adoc @@ -13,7 +13,9 @@ A commonly used attribute is `nonnull` which can be used to mark a function's re #include __attribute__((returns_nonnull)) int * -make_array_copy(__attribute__((nonnull)) int *src, size_t len) { +make_array_copy(int *src, size_t len) __attribute__((nonnull(1))); + +int *make_array_copy(int *src, size_t len) { int *dst = (int *)malloc(len * sizeof(int)); if (dst == NULL) { perror("malloc failed"); @@ -32,8 +34,8 @@ However, developers may accidentally break the `nonnull` attribute as shown in t [source,cpp] ---- __attribute__((returns_nonnull)) -int* foo(__attribute__((nonnull)) int* x) { - x = 0; // Noncompliant: `x` is marked "nonnull" but is set to null +int *foo(__attribute__((nonnull)) int *x) { + x = 0; // This is compliant but might be surprising, use with caution foo(0); // Noncompliant: null is passed as an argument marked as "nonnull" return 0; // Noncompliant: return value is marked "nonnull" but null is returned } @@ -42,11 +44,35 @@ int* foo(__attribute__((nonnull)) int* x) { Failing to adhere to the attribute may introduce serious program errors. In particular, the compiler does not enforce that values marked as `nonnull` are indeed non-null at runtime; it is the developers' responsibility to adhere to the attribute. These values are typically _not_ null-checked before use. -Setting a value marked as `nonnull` to null (i.e., `NULL`, `0` or `nullptr`) is hence likely to cause a null-pointer dereference. +Passing null (i.e., `NULL`, `0` or `nullptr`) as an argument to a parameter that is marked as `nonnull` +or returning null from a function marked as `returns_nonnull` is, hence, likely to cause a null-pointer dereference. Compilers may even apply optimizations based on this attribute and might, for instance, _remove_ an explicit null-check if the parameter is declared as `nonnull` -- even in code outside of the function with the attribute. Note that the `nonnull` attribute is a GNU extension (see https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-nonnull-function-attribute[nonnull] and https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-returns_005fnonnull-function-attribute[returns_nonnull]) which many compiler vendors have implemented. +Note that it is allowed to _assign_ null to a parameter marked as `nonnull`. +This attribute is only concerned with the function call contract +and does not control the evolution of the parameter variable. +For example, a linked-list search could be implemented as follows: + +[source,cpp] +---- +struct List { + int value; + List *next; // nullptr for a tail node. +}; + + +List *findElement(List *l, int elem) __attribute__((nonnull(1))); + +List *findElement(List *l, int elem) { + while(l && l->value != elem) + l = l->next; + return l; +} +---- + + == What is the potential impact? @@ -58,29 +84,26 @@ In practice, dereferencing a null pointer may lead to program crashes, or the ap Besides affecting the application's availability, null-pointer dereferences may lead to malicious code execution, in rare circumstances. If null is equivalent to the 0x0 memory address that can be accessed by privileged code, writing, and reading memory is possible, which compromises the integrity and confidentiality of the application. -Because compilers may apply optimizations based on the `nonnull` attribute, not respecting `nonnull` can also introduce more complex bugs such as resource leaks or infinite loops as indicated in the following code snippet: +Because compilers may apply optimizations based on the `nonnull` attribute, not respecting `nonnull` can also introduce more complex bugs such as resource leaks or infinite recursion as indicated in the following code snippet: [source,cpp] ---- -struct Node { - int data; - Node *next; // NULL for a tail node. +struct List { + int value; + List *next; // nullptr for a tail node. }; -size_t len(__attribute__((nonnull)) Node *n) { - size_t l = 0; - while (n) { - ++l; - n = n->next; - } - return l; +size_t len(List *n) __attribute__((nonnull)); +size_t len(List *l) { + if (!l) return 0; // Impossible branch according to the attribute + return 1 + len(l->next); } ---- == How to fix it -Ensure not to pass null values when non-null arguments are expected, do not return a null value when a non-null return value is expected, and do not assign null to parameters marked as non-null. +Ensure not to pass null values when `nonnull` arguments are expected and not to return a null value when a function is marked as `returns_nonnull`. This especially holds for library functions, which frequently require `nonnull` pointer parameters. On other occasions, it might be more appropriate to remove the attribute. @@ -92,8 +115,8 @@ On other occasions, it might be more appropriate to remove the attribute. [source,cpp,diff-id=1,diff-type=noncompliant] ---- -__attribute__((returns_nonnull)) -int* foo(__attribute__((nonnull)) int* x) { +int *foo(int *x) __attribute__((nonnull)); +int *foo(int *x) { *x = 42; return x; } @@ -108,8 +131,8 @@ void bar() { [source,cpp,diff-id=1,diff-type=compliant] ---- -__attribute__((returns_nonnull)) -int* foo(__attribute__((nonnull)) int* x) { +int *foo(int *x) __attribute__((nonnull)); +int *foo(int *x) { *x = 42; return x; } @@ -126,7 +149,7 @@ void bar() { [source,cpp,diff-id=2,diff-type=noncompliant] ---- __attribute__((returns_nonnull)) -int* foo() { +int *foo() { return nullptr; // Noncompliant: function may not return a null pointer } ---- @@ -136,35 +159,12 @@ int* foo() { [source,cpp,diff-id=2,diff-type=compliant] ---- __attribute__((returns_nonnull)) -int* foo() { +int *foo() { int *p = new int(0); return p; // Compliant: `p` points to a valid memory location } ---- -==== Noncompliant code example - -[source,cpp,diff-id=3,diff-type=noncompliant] ----- -void process(int *p); - -void foo(__attribute__((nonnull)) int *p) { - p = nullptr; // Noncompliant: `p` is marked "nonnull" but is set to null - process(p); -} ----- - -==== Compliant solution - -[source,cpp,diff-id=3,diff-type=compliant] ----- -void process(int *p); - -void foo(__attribute__((nonnull)) int *p) { - process(p); -} ----- - === Going the extra mile @@ -177,8 +177,8 @@ include::../standards.adoc[] === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md[F.16: For "in" parameters, pass cheaply-copied types by value and others by reference to const] -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md[F.17: For "in-out" parameters, pass by reference to non-const] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f16-for-in-parameters-pass-cheaply-copied-types-by-value-and-others-by-reference-to-const[F.16: For "in" parameters, pass cheaply-copied types by value and others by reference to `const`] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f17-for-in-out-parameters-pass-by-reference-to-non-const[F.17: For "in-out" parameters, pass by reference to non-`const`] === Related rules diff --git a/rules/S2637/standards.adoc b/rules/S2637/standards.adoc index 85f139a0365..d4803e2052c 100644 --- a/rules/S2637/standards.adoc +++ b/rules/S2637/standards.adoc @@ -2,4 +2,4 @@ * CERT - https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[EXP34-C. Do not dereference null pointers] * CERT - https://wiki.sei.cmu.edu/confluence/display/java/EXP01-J.+Do+not+use+a+null+in+a+case+where+an+object+is+required[EXP01-J. Do not use a null in a case where an object is required] -* CWE - https://cwe.mitre.org/data/definitions/476[476 NULL Pointer Dereference] +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 NULL Pointer Dereference] diff --git a/rules/S2639/java/metadata.json b/rules/S2639/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2639/java/metadata.json +++ b/rules/S2639/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2647/common/resources/standards.adoc b/rules/S2647/common/resources/standards.adoc index 542b64d8f2c..46331f40b54 100644 --- a/rules/S2647/common/resources/standards.adoc +++ b/rules/S2647/common/resources/standards.adoc @@ -1,6 +1,8 @@ === Standards -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html#user-authentication[OWASP Web Service Security Cheat Sheet] -* https://cwe.mitre.org/data/definitions/522[MITRE, CWE-522] - Insufficiently Protected Credentials +* CWE - https://cwe.mitre.org/data/definitions/522[CWE-522 - Insufficiently Protected Credentials] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222533[Application Security and Development: V-222533] - The application must authenticate all network connected endpoint devices before establishing any connection. + diff --git a/rules/S2647/metadata.json b/rules/S2647/metadata.json index 6c12039cd5a..238d07208ff 100644 --- a/rules/S2647/metadata.json +++ b/rules/S2647/metadata.json @@ -7,17 +7,21 @@ }, "attribute": "TRUSTWORTHY" }, - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "2h" }, "tags": [ - "cwe" + ], "extra": { - "replacementRules": [], - "legacyKeys": [] + "replacementRules": [ + + ], + "legacyKeys": [ + + ] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-2647", @@ -41,10 +45,13 @@ ], "ASVS 4.0": [ "2.10.3" + ], + "STIG ASD_V5R3": [ + "V-222533" ] }, "defaultQualityProfiles": [ - "Sonar way" + ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S2652/java/rule.adoc b/rules/S2652/java/rule.adoc index 4146baabb38..1dc610383a3 100644 --- a/rules/S2652/java/rule.adoc +++ b/rules/S2652/java/rule.adoc @@ -42,7 +42,7 @@ public class MyBean implements BeanInterface { == Resources -* https://cwe.mitre.org/data/definitions/576[MITRE, CWE-576] - EJB Bad Practices: Use of Java I/O +* CWE - https://cwe.mitre.org/data/definitions/576[CWE-576 - EJB Bad Practices: Use of Java I/O] ifdef::env-github,rspecator-view[] diff --git a/rules/S2653/java/rule.adoc b/rules/S2653/java/rule.adoc index fefab8cd880..1fd34837d22 100644 --- a/rules/S2653/java/rule.adoc +++ b/rules/S2653/java/rule.adoc @@ -26,8 +26,8 @@ public class MyServlet extends HttpServlet { == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] * https://wiki.sei.cmu.edu/confluence/x/qzVGBQ[CERT, ENV06-J.] - Production code must not contain debugging entry points diff --git a/rules/S2654/java/rule.adoc b/rules/S2654/java/rule.adoc index aa165d1991a..1768fcb6ec0 100644 --- a/rules/S2654/java/rule.adoc +++ b/rules/S2654/java/rule.adoc @@ -24,8 +24,8 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro == Resources -* https://cwe.mitre.org/data/definitions/383[MITRE, CWE-383] - J2EE Bad Practices: Direct Use of Threads -* https://cwe.mitre.org/data/definitions/574[MITRE, CWE-574] - EJB Bad Practices: Use of Synchronization Primitives +* CWE - https://cwe.mitre.org/data/definitions/383[CWE-383 - J2EE Bad Practices: Direct Use of Threads] +* CWE - https://cwe.mitre.org/data/definitions/574[CWE-574 - EJB Bad Practices: Use of Synchronization Primitives] ifdef::env-github,rspecator-view[] diff --git a/rules/S2655/java/rule.adoc b/rules/S2655/java/rule.adoc index 91eaf423196..32fd54ba970 100644 --- a/rules/S2655/java/rule.adoc +++ b/rules/S2655/java/rule.adoc @@ -67,7 +67,7 @@ throws ServletException, IOException { == Resources === Documentation -* https://cwe.mitre.org/data/definitions/245[MITRE, CWE-245] - J2EE Bad Practices: Direct Management of Connections +* CWE - https://cwe.mitre.org/data/definitions/245[CWE-245 - J2EE Bad Practices: Direct Management of Connections] * https://docs.oracle.com/en/java/javase/20/docs/api/java.sql/javax/sql/DataSource.html[Oracle SDK 20 - javax.sql.DataSource] diff --git a/rules/S2656/java/rule.adoc b/rules/S2656/java/rule.adoc index 5406a32109b..d618a2f2a3c 100644 --- a/rules/S2656/java/rule.adoc +++ b/rules/S2656/java/rule.adoc @@ -41,8 +41,8 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro == Resources -* https://cwe.mitre.org/data/definitions/246[MITRE, CWE-246] - J2EE Bad Practices: Direct Use of Sockets -* https://cwe.mitre.org/data/definitions/577[MITRE, CWE-577] - EJB Bad Practices: Use of Sockets +* CWE - https://cwe.mitre.org/data/definitions/246[CWE-246 - J2EE Bad Practices: Direct Use of Sockets] +* CWE - https://cwe.mitre.org/data/definitions/577[CWE-577 - EJB Bad Practices: Use of Sockets] ifdef::env-github,rspecator-view[] diff --git a/rules/S2657/java/rule.adoc b/rules/S2657/java/rule.adoc index 1a3b12fa4e5..a6fba47d26a 100644 --- a/rules/S2657/java/rule.adoc +++ b/rules/S2657/java/rule.adoc @@ -21,7 +21,7 @@ ClassLoader loader = new MyClassLoader(); // Noncompliant == Resources -* https://cwe.mitre.org/data/definitions/578[MITRE, CWE-578] - EJB Bad Practices: Use of Class Loader +* CWE - https://cwe.mitre.org/data/definitions/578[CWE-578 - EJB Bad Practices: Use of Class Loader] ifdef::env-github,rspecator-view[] diff --git a/rules/S2658/see.adoc b/rules/S2658/see.adoc index b6d58a21732..bbdc4cd2057 100644 --- a/rules/S2658/see.adoc +++ b/rules/S2658/see.adoc @@ -1,4 +1,4 @@ == Resources -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/470[MITRE, CWE-470] - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/470[CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')] diff --git a/rules/S2669/cfamily/rule.adoc b/rules/S2669/cfamily/rule.adoc index 5140eb5b596..f5124520d79 100644 --- a/rules/S2669/cfamily/rule.adoc +++ b/rules/S2669/cfamily/rule.adoc @@ -20,7 +20,7 @@ int b = a +1; //What's the value of 'a' and so what's the value of 'b' ? == Resources -* https://cwe.mitre.org/data/definitions/457[MITRE, CWE-457] - Use of Uninitialized Variable +* CWE - https://cwe.mitre.org/data/definitions/457[CWE-457 - Use of Uninitialized Variable] ifdef::env-github,rspecator-view[] diff --git a/rules/S2674/csharp/metadata.json b/rules/S2674/csharp/metadata.json index 822f09bb73f..f29277906a6 100644 --- a/rules/S2674/csharp/metadata.json +++ b/rules/S2674/csharp/metadata.json @@ -1,6 +1,3 @@ { - "title": "The length returned from a stream read should be checked", - "defaultQualityProfiles": [ - - ] + "title": "The length returned from a stream read should be checked" } diff --git a/rules/S2674/csharp/rule.adoc b/rules/S2674/csharp/rule.adoc index 46d95a39d28..bfe55ccee81 100644 --- a/rules/S2674/csharp/rule.adoc +++ b/rules/S2674/csharp/rule.adoc @@ -1,47 +1,65 @@ == Why is this an issue? -You cannot assume that any given stream reading call will fill the ``++byte[]++`` passed in to the method with the number of bytes requested. Instead, you must check the value returned by the read method to see how many bytes were read. Fail to do so, and you introduce a bug that is both harmful and difficult to reproduce. +Invoking a stream reading method without verifying the number of bytes read can lead to erroneous assumptions. A Stream can represent any I/O operation, such as reading a file, network communication, or inter-process communication. As such, it is not guaranteed that the `byte[]` passed into the method will be filled with the requested number of bytes. Therefore, inspecting the value returned by the reading method is important to ensure the number of bytes read. +Neglecting the returned length read can result in a bug that is difficult to reproduce. -This rule raises an issue when a ``++Stream.Read++`` or a ``++Stream.ReadAsync++`` method is called, but the return value is not checked. +This rule raises an issue when the returned value is ignored for the following methods: -=== Noncompliant code example +* https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.read[Stream.Read] +* https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.readasync[Stream.ReadAsync] +* https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.readatleast[Stream.ReadAtLeast] +* https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.readatleastasync[Stream.ReadAtLeastAsync] -[source,csharp] +== How to fix it + +Check the return value of stream reading methods to verify the actual number of bytes read, and use this value when processing the data to avoid potential bugs. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- -public void DoSomething(string fileName) +public byte[] ReadFile(string fileName) { - using (var stream = File.Open(fileName, FileMode.Open)) - { + using var stream = File.Open(fileName, FileMode.Open); var result = new byte[stream.Length]; + stream.Read(result, 0, (int)stream.Length); // Noncompliant - // ... do something with result - } + + return result; } ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- -public void DoSomething(string fileName) +public byte[] ReadFile(string fileName) { - using (var stream = File.Open(fileName, FileMode.Open)) - { + using var stream = File.Open(fileName, FileMode.Open); + using var ms = new MemoryStream(); var buffer = new byte[1024]; - using (var ms = new MemoryStream()) + int read; + + while ((read = stream.Read(buffer, 0, buffer.Length)) > 0) { - int read; - while ((read = stream.Read(buffer, 0, buffer.Length)) > 0) - { - ms.Write(buffer, 0, read); - } - // ... do something with ms - } - } + ms.Write(buffer, 0, read); + } + + return ms.ToArray(); } ---- +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.read[Stream.Read Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.readasync[Stream.ReadAsync Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.readatleast[Stream.ReadAtLeast Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.readatleastasync[Stream.ReadAtLeastAsync Method] ifdef::env-github,rspecator-view[] diff --git a/rules/S2675/java/metadata.json b/rules/S2675/java/metadata.json index 8c52e30caee..462a0415b3b 100644 --- a/rules/S2675/java/metadata.json +++ b/rules/S2675/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2675", "sqKey": "S2675", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2676/java/metadata.json b/rules/S2676/java/metadata.json index 39869c85f95..6ccdbc8aa8a 100644 --- a/rules/S2676/java/metadata.json +++ b/rules/S2676/java/metadata.json @@ -19,7 +19,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2676", "sqKey": "S2676", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2681/cfamily/metadata.json b/rules/S2681/cfamily/metadata.json index 8e038a8fed2..265c97370d0 100644 --- a/rules/S2681/cfamily/metadata.json +++ b/rules/S2681/cfamily/metadata.json @@ -5,5 +5,6 @@ ], "defaultQualityProfiles": [ "Sonar way" - ] -} + ], + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S2681/cfamily/rule.adoc b/rules/S2681/cfamily/rule.adoc index 7962938db5d..e7bcd671f4f 100644 --- a/rules/S2681/cfamily/rule.adoc +++ b/rules/S2681/cfamily/rule.adoc @@ -6,7 +6,7 @@ include::../description.adoc[] == Resources -* https://cwe.mitre.org/data/definitions/483[MITRE, CWE-483] - Incorrect Block Delimitation +* CWE - https://cwe.mitre.org/data/definitions/483[CWE-483 - Incorrect Block Delimitation] ifdef::env-github,rspecator-view[] diff --git a/rules/S2681/java/metadata.json b/rules/S2681/java/metadata.json index 336445d3d71..ad3bd4c591a 100644 --- a/rules/S2681/java/metadata.json +++ b/rules/S2681/java/metadata.json @@ -10,5 +10,6 @@ "CWE": [ 483 ] - } + }, + "scope": "Main" } diff --git a/rules/S2681/java/rule.adoc b/rules/S2681/java/rule.adoc index 78572fec013..fc880008349 100644 --- a/rules/S2681/java/rule.adoc +++ b/rules/S2681/java/rule.adoc @@ -6,7 +6,7 @@ include::../description.adoc[] == Resources -* https://cwe.mitre.org/data/definitions/483[MITRE, CWE-483] - Incorrect Block Delimitation +* CWE - https://cwe.mitre.org/data/definitions/483[CWE-483 - Incorrect Block Delimitation] * https://wiki.sei.cmu.edu/confluence/x/MzZGBQ[CERT, EXP52-J.] - Use braces for the body of an if, for, or while statement ifdef::env-github,rspecator-view[] diff --git a/rules/S2681/javascript/rule.adoc b/rules/S2681/javascript/rule.adoc index 50841d32491..5c3281bebc9 100644 --- a/rules/S2681/javascript/rule.adoc +++ b/rules/S2681/javascript/rule.adoc @@ -6,7 +6,7 @@ include::../description.adoc[] == Resources -* https://cwe.mitre.org/data/definitions/483[MITRE, CWE-483] - Incorrect Block Delimitation +* CWE - https://cwe.mitre.org/data/definitions/483[CWE-483 - Incorrect Block Delimitation] ifdef::env-github,rspecator-view[] diff --git a/rules/S2681/see.adoc b/rules/S2681/see.adoc index a2aaf8513b8..c2f47bd09ee 100644 --- a/rules/S2681/see.adoc +++ b/rules/S2681/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/483[MITRE, CWE-483] - Incorrect Block Delimitation +* CWE - https://cwe.mitre.org/data/definitions/483[CWE-483 - Incorrect Block Delimitation] diff --git a/rules/S2689/metadata.json b/rules/S2689/metadata.json index 2b1b9ed9fd4..5efe3179d49 100644 --- a/rules/S2689/metadata.json +++ b/rules/S2689/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, diff --git a/rules/S2692/java/metadata.json b/rules/S2692/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2692/java/metadata.json +++ b/rules/S2692/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2693/java/metadata.json b/rules/S2693/java/metadata.json index d84c4b499cc..6791da21dc0 100644 --- a/rules/S2693/java/metadata.json +++ b/rules/S2693/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "FOCUSED" }, @@ -18,12 +18,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2693", @@ -34,8 +30,6 @@ "TSM02-J." ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2694/java/rule.adoc b/rules/S2694/java/rule.adoc index c07157b612d..31071e66388 100644 --- a/rules/S2694/java/rule.adoc +++ b/rules/S2694/java/rule.adoc @@ -11,10 +11,21 @@ However, while a nested/``++static++`` class would be more efficient, it's worth * an inner class can only be instantiated within the context of an instance of the outer class. * a nested (``++static++``) class can be instantiated independently of the outer class. +== How to fix it -=== Noncompliant code example +There are two scenarios in which this rule will raise an issue: -[source,java] +1. On an _inner class_: make it `static`. + +2. On a _local class_: extract it as a `static` _inner class_. + +=== Code examples + +==== Noncompliant code example + +Inner classes that don't use the outer class reference should be static. + +[source,java,diff-id=1,diff-type=noncompliant] ---- public class Fruit { // ... @@ -31,10 +42,9 @@ public class Fruit { } ---- +==== Compliant solution -=== Compliant solution - -[source,java] +[source,java,diff-id=1,diff-type=compliant] ---- public class Fruit { // ... @@ -51,6 +61,70 @@ public class Fruit { } ---- +Local classes that don't use the outer class reference should be extracted as a static inner classes. + +==== Noncompliant code example + +[source,java,diff-id=2,diff-type=noncompliant] +---- +public class Foo { + public Foo() { + class Bar { // Noncompliant + void doSomething() { + // ... + } + } + new Bar().doSomething(); + } + + public void method() { + class Baz { // Noncompliant + void doSomething() { + // ... + } + } + new Baz().doSomething(); + } +} +---- + +==== Compliant solution + +[source,java,diff-id=2,diff-type=compliant] +---- +public class Foo { + public Foo() { + new Bar().doSomething(); + } + + public void method() { + new Baz().doSomething(); + } + + private static class Bar { // Compliant + void doSomething() { + // ... + } + } + + private static class Baz { // Compliant + void doSomething() { + // ... + } + } +} +---- + +== Resources + +=== Documentation + +* https://docs.oracle.com/javase/tutorial/java/javaOO/nested.html[Oracle Java SE - Nested Classes] +* https://docs.oracle.com/javase/tutorial/java/javaOO/localclasses.html[Oracle Java SE - Local Classes] + +=== Articles & blog posts + +* https://www.geeksforgeeks.org/difference-between-static-and-non-static-nested-class-in-java/[GeeksforGeeks - Difference between static and non-static nested class in Java] ifdef::env-github,rspecator-view[] diff --git a/rules/S2695/java/metadata.json b/rules/S2695/java/metadata.json index 0db3279e44b..f4b27f0bb34 100644 --- a/rules/S2695/java/metadata.json +++ b/rules/S2695/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2695/metadata.json b/rules/S2695/metadata.json index 82eaaf87bcd..36fbd5464c4 100644 --- a/rules/S2695/metadata.json +++ b/rules/S2695/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, diff --git a/rules/S2696/common/resources/standards.adoc b/rules/S2696/common/resources/standards.adoc new file mode 100644 index 00000000000..a7d9d7297c9 --- /dev/null +++ b/rules/S2696/common/resources/standards.adoc @@ -0,0 +1,4 @@ +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + diff --git a/rules/S2696/csharp/rule.adoc b/rules/S2696/csharp/rule.adoc index 97aa75db8d3..2b28f0ccf3c 100644 --- a/rules/S2696/csharp/rule.adoc +++ b/rules/S2696/csharp/rule.adoc @@ -40,6 +40,9 @@ interface MyInterface * https://www.c-sharpcorner.com/UploadFile/1d42da/race-conditions-in-threading-C-Sharp/[Race Conditions in C#] +include::../common/resources/standards.adoc[] + + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S2696/java/rule.adoc b/rules/S2696/java/rule.adoc index 98f39bd7ba5..3ee004e063a 100644 --- a/rules/S2696/java/rule.adoc +++ b/rules/S2696/java/rule.adoc @@ -22,6 +22,11 @@ public class MyClass { ---- +== Resources + +include::../common/resources/standards.adoc[] + + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S2696/metadata.json b/rules/S2696/metadata.json index 1945fb9ad51..277b237a5be 100644 --- a/rules/S2696/metadata.json +++ b/rules/S2696/metadata.json @@ -27,6 +27,11 @@ "ruleSpecification": "RSPEC-2696", "sqKey": "S2696", "scope": "Main", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222567" + ] + }, "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2699/csharp/rule.adoc b/rules/S2699/csharp/rule.adoc index 4a116fddb67..cf5c08187a5 100644 --- a/rules/S2699/csharp/rule.adoc +++ b/rules/S2699/csharp/rule.adoc @@ -23,6 +23,7 @@ The rule identifies a potential issue when no assertions are present in tests ut * `FluentAssertions` (4.x and 5.x) * `NFluent` * `NSubstitute` +* `Moq` * `Shoudly` By enforcing the presence of assertions, this rule aims to enhance the reliability and comprehensiveness of tests by ensuring that they provide meaningful validation of the expected behavior. @@ -31,10 +32,13 @@ By enforcing the presence of assertions, this rule aims to enhance the reliabili Test methods that include a call to a custom assertion method will not raise any issues. -== How to fix it +// This is on purpose not spelled "How to fix it" because: +// - we cannot mix the generic section with framework-specific sections +// - we cannot use a subsection with that name. +=== How can you fix it? To address this issue, you should include assertions to validate the expected behavior. -Choose an appropriate assertion method provided by your testing framework (such as MSTest, NUnit, xUnit) or select a suitable assertion library like FluentAssertions, NFluent, NSubstitute, or Shouldly. +Choose an appropriate assertion method provided by your testing framework (such as MSTest, NUnit, xUnit) or select a suitable assertion library like FluentAssertions, NFluent, NSubstitute, Moq, or Shouldly. In addition to using built-in assertion methods, you also have the option to create custom assertion methods. To do this, declare an attribute named `[AssertionMethodAttribute]` and apply it to the respective method. This allows you to encapsulate specific validation logic within your custom assertion methods without raising the issue. Here's an example: @@ -61,14 +65,14 @@ public static class Validator [AssertionMethod] public static void AssertCustomEquality(int expected, int actual) { - // ... + // ... } } public class AssertionMethodAttribute : Attribute { } ---- -== Hot to fix it in MSTest +== How to fix it in MSTest === Code examples @@ -97,7 +101,7 @@ public void Add_SingleNumber_ReturnsSameNumber() } ---- -== Hot to fix it in NUnit +== How to fix it in NUnit === Code examples @@ -126,7 +130,7 @@ public void Add_SingleNumber_ReturnsSameNumber() } ---- -== Hot to fix it in xUnit +== How to fix it in xUnit === Code examples diff --git a/rules/S2699/javascript/rule.adoc b/rules/S2699/javascript/rule.adoc index 856cb0ca47e..37f7af39668 100644 --- a/rules/S2699/javascript/rule.adoc +++ b/rules/S2699/javascript/rule.adoc @@ -6,7 +6,12 @@ When the unit test is executed, the assertions are evaluated. If all the asserti Without assertions, a unit test doesn't actually verify anything, making it ineffective in catching potential bugs or regressions. It will always pass, regardless of the implementation of the unit. This can lead to a false sense of security, as you may believe that your code is working correctly when it might not be. -This rule raises an issue when the assertion library ``++chai++``,``++sinon++`` or ``++vitest++`` is imported but no assertion is used in a test. +This rule raises an issue when one of the following assertion libraries is imported but no assertion is used in a test: + +- ``++chai++`` +- ``++sinon++`` +- ``++vitest++`` +- ``++supertest++`` [source,javascript,diff-id=1,diff-type=noncompliant] ---- diff --git a/rules/S2699/metadata.json b/rules/S2699/metadata.json index cb212f1e0eb..acdd716f39b 100644 --- a/rules/S2699/metadata.json +++ b/rules/S2699/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "TESTED" }, @@ -16,12 +16,8 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2699", diff --git a/rules/S2701/csharp/how-mstest.adoc b/rules/S2701/csharp/how-mstest.adoc new file mode 100644 index 00000000000..86e56174ca5 --- /dev/null +++ b/rules/S2701/csharp/how-mstest.adoc @@ -0,0 +1,33 @@ +== How to fix it in MSTest + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +bool someResult; + +Assert.AreEqual(false, someResult); // Noncompliant: use Assert.IsFalse +Assert.AreEqual(true, someResult); // Noncompliant: use Assert.IsTrue +Assert.AreNotEqual(false, someResult); // Noncompliant: use Assert.IsTrue +Assert.AreNotEqual(true, someResult); // Noncompliant: use Assert.IsFalse +Assert.IsFalse(true, "Should not reach this line!"); // Noncompliant: use Assert.Fail +Assert.IsTrue(false, "Should not reach this line!"); // Noncompliant: use Assert.Fail +Assert.IsFalse(false); // Noncompliant: remove it +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +bool someResult; + +Assert.IsFalse(someResult); +Assert.IsTrue(someResult); +Assert.IsTrue(someResult); +Assert.IsFalse(someResult); +Assert.Fail("Should not reach this line!"); +Assert.Fail("Should not reach this line!"); +// Removed +---- \ No newline at end of file diff --git a/rules/S2701/csharp/how-nunit.adoc b/rules/S2701/csharp/how-nunit.adoc new file mode 100644 index 00000000000..32aa02d4524 --- /dev/null +++ b/rules/S2701/csharp/how-nunit.adoc @@ -0,0 +1,33 @@ +== How to fix it in NUnit + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=2,diff-type=noncompliant] +---- +bool someResult; + +Assert.AreEqual(false, someResult); // Noncompliant: use Assert.False +Assert.AreEqual(true, someResult); // Noncompliant: use Assert.True +Assert.AreNotEqual(false, someResult); // Noncompliant: use Assert.True +Assert.AreNotEqual(true, someResult); // Noncompliant: use Assert.False +Assert.False(true, "Should not reach this line!"); // Noncompliant: use Assert.Fail +Assert.True(false, "Should not reach this line!"); // Noncompliant: use Assert.Fail +Assert.False(false); // Noncompliant: remove it +---- + +==== Compliant solution + +[source,csharp,diff-id=2,diff-type=compliant] +---- +bool someResult; + +Assert.False(someResult); +Assert.True(someResult); +Assert.True(someResult); +Assert.False(someResult); +Assert.Fail("Should not reach this line!"); +Assert.Fail("Should not reach this line!"); +// Removed +---- \ No newline at end of file diff --git a/rules/S2701/csharp/how-xunit.adoc b/rules/S2701/csharp/how-xunit.adoc new file mode 100644 index 00000000000..0421b876ae3 --- /dev/null +++ b/rules/S2701/csharp/how-xunit.adoc @@ -0,0 +1,27 @@ +== How to fix it in xUnit + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=3,diff-type=noncompliant] +---- +bool someResult; + +Assert.Equal(false, someResult); // Noncompliant: use Assert.False +Assert.Equal(true, someResult); // Noncompliant: use Assert.True +Assert.NotEqual(false, someResult); // Noncompliant: use Assert.True +Assert.NotEqual(true, someResult); // Noncompliant: use Assert.False +---- + +==== Compliant solution + +[source,csharp,diff-id=3,diff-type=compliant] +---- +bool someResult; + +Assert.False(someResult); +Assert.True(someResult); +Assert.True(someResult); +Assert.False(someResult); +---- diff --git a/rules/S2701/csharp/metadata.json b/rules/S2701/csharp/metadata.json index 17971333806..b2323665202 100644 --- a/rules/S2701/csharp/metadata.json +++ b/rules/S2701/csharp/metadata.json @@ -1,3 +1,5 @@ { - + "defaultQualityProfiles": [ + "Sonar way" + ] } diff --git a/rules/S2701/csharp/rule.adoc b/rules/S2701/csharp/rule.adoc index 4ab79e6f0a1..18846d5f333 100644 --- a/rules/S2701/csharp/rule.adoc +++ b/rules/S2701/csharp/rule.adoc @@ -1,30 +1,26 @@ == Why is this an issue? -include::../description.adoc[] +Using literal boolean values in assertions can lead to less readable and less informative unit tests. +When a test fails, it's important to have a clear understanding of what the test was checking and why it failed. +Most of the testing frameworks provide more explicit assertion methods that will provide a more helpful error message if the test fails. -=== Noncompliant code example +=== Exceptions -[source,csharp] ----- -bool b = true; -NUnit.Framework.Assert.AreEqual(true, b); -Xunit.Assert.NotSame(true, b); -Microsoft.VisualStudio.TestTools.UnitTesting.Assert.AreEqual(true, b); -System.Diagnostics.Debug.Assert(true); ----- +In the context of xUnit, `Assert.True` and `Assert.False` are not flagged by this rule. This is because `Assert.Fail` was only introduced in 2020 with version `2.4.2`. Prior to this, developers used `Assert.True(false, message)` and `Assert.False(true, message)` as workarounds to simulate the functionality of `Assert.Fail()`. -ifdef::env-github,rspecator-view[] +include::how-mstest.adoc[] -''' -== Implementation Specification -(visible only on this page) +include::how-nunit.adoc[] -include::../message.adoc[] +include::how-xunit.adoc[] -''' -== Comments And Links -(visible only on this page) +== Resources -include::../comments-and-links.adoc[] +=== Documentation -endif::env-github,rspecator-view[] +* https://docs.nunit.org/[NUnit Documentation] +* https://xunit.net/docs/getting-started/netcore/cmdline[xUnit Documentation] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/testing/unit-testing-with-mstest[MSTest Documentation] +* https://github.com/xunit/xunit/issues/2027[Xunit doesn't have an Assert.Fail() operation] + +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S2701/rspecator.adoc b/rules/S2701/rspecator.adoc new file mode 100644 index 00000000000..b1736a3f0b8 --- /dev/null +++ b/rules/S2701/rspecator.adoc @@ -0,0 +1,15 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::comments-and-links.adoc[] + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S2703/javascript/metadata.json b/rules/S2703/javascript/metadata.json index 3a84f18fe79..ad026fb8323 100644 --- a/rules/S2703/javascript/metadata.json +++ b/rules/S2703/javascript/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2703", diff --git a/rules/S2710/python/rule.adoc b/rules/S2710/python/rule.adoc index b4ab970ef60..8d159a82a1a 100644 --- a/rules/S2710/python/rule.adoc +++ b/rules/S2710/python/rule.adoc @@ -7,9 +7,11 @@ By convention, the first argument in a class method, i.e. methods decorated with By default this rule accepts ``++cls++`` and ``++mcs++``, which is sometime used in metaclasses, as valid names for class parameters. You can set your own list of accepted names via the parameter ``++classParameterNames++``. -=== How to fix it +== How to fix it Follow the naming convention for the first parameter name of a class method. +=== Code examples + ==== Noncompliant code example [source,python,diff-id=1,diff-type=noncompliant] diff --git a/rules/S2711/python/metadata.json b/rules/S2711/python/metadata.json index 40af40c3fd5..e128ccd0f73 100644 --- a/rules/S2711/python/metadata.json +++ b/rules/S2711/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "15min" }, "tags": [ - + "pitfall", + "syntax" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2711", diff --git a/rules/S2712/python/metadata.json b/rules/S2712/python/metadata.json index 7f7db232b23..f2e4e9539c1 100644 --- a/rules/S2712/python/metadata.json +++ b/rules/S2712/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,22 +13,18 @@ "constantCost": "15min" }, "tags": [ - + "pitfall", + "python3", + "syntax" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2712", "sqKey": "S2712", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2718/java/metadata.json b/rules/S2718/java/metadata.json index 497d698893d..2cbdee48efc 100644 --- a/rules/S2718/java/metadata.json +++ b/rules/S2718/java/metadata.json @@ -19,7 +19,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2718", "sqKey": "S2718", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2733/python/metadata.json b/rules/S2733/python/metadata.json index 970082c8cca..6c4c4d299b1 100644 --- a/rules/S2733/python/metadata.json +++ b/rules/S2733/python/metadata.json @@ -7,7 +7,7 @@ "constantCost": "5min" }, "tags": [ - + "pitfall" ], "extra": { "replacementRules": [ diff --git a/rules/S2734/python/metadata.json b/rules/S2734/python/metadata.json index 88386ccd85e..390f7a36280 100644 --- a/rules/S2734/python/metadata.json +++ b/rules/S2734/python/metadata.json @@ -7,7 +7,8 @@ "constantCost": "5min" }, "tags": [ - + "convention", + "pitfall" ], "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2734", diff --git a/rules/S2753/cfamily/metadata.json b/rules/S2753/cfamily/metadata.json index 38d8f9bc976..13343d82eb7 100644 --- a/rules/S2753/cfamily/metadata.json +++ b/rules/S2753/cfamily/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S2755/common/resources/standards.adoc b/rules/S2755/common/resources/standards.adoc index 9b1151352ad..80624efb7b4 100644 --- a/rules/S2755/common/resources/standards.adoc +++ b/rules/S2755/common/resources/standards.adoc @@ -1,7 +1,8 @@ === Standards -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[OWASP Top 10 2017 Category A4] - XML External Entities (XXE) -* https://cwe.mitre.org/data/definitions/611[MITRE, CWE-611] - Information Exposure Through XML External Entity Reference -* https://cwe.mitre.org/data/definitions/827[MITRE, CWE-827] - Improper Control of Document Type Definition +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)] +* CWE - https://cwe.mitre.org/data/definitions/611[CWE-611 - Information Exposure Through XML External Entity Reference] +* CWE - https://cwe.mitre.org/data/definitions/827[CWE-827 - Improper Control of Document Type Definition] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. diff --git a/rules/S2755/java/how-to-fix-it/dom4j.adoc b/rules/S2755/java/how-to-fix-it/dom4j.adoc index 9f47b0b23cb..3ab3c6e6f4a 100644 --- a/rules/S2755/java/how-to-fix-it/dom4j.adoc +++ b/rules/S2755/java/how-to-fix-it/dom4j.adoc @@ -6,7 +6,7 @@ include::../../common/fix/code-rationale.adoc[] ==== Noncompliant code example -[source,java,diff-id=1,diff-type=noncompliant] +[source,java,diff-id=21,diff-type=noncompliant] ---- import org.dom4j.io.SAXReader; @@ -17,7 +17,7 @@ public void decode() { ==== Compliant solution -[source,java,diff-id=1,diff-type=compliant] +[source,java,diff-id=21,diff-type=compliant] ---- import org.dom4j.io.SAXReader; diff --git a/rules/S2755/java/how-to-fix-it/java-se.adoc b/rules/S2755/java/how-to-fix-it/java-se.adoc index e36109ae2c6..45ac2d7c845 100644 --- a/rules/S2755/java/how-to-fix-it/java-se.adoc +++ b/rules/S2755/java/how-to-fix-it/java-se.adoc @@ -6,66 +6,56 @@ include::../../common/fix/code-rationale.adoc[] ==== Noncompliant code example -[source,java] +[source,java,diff-id=1,diff-type=noncompliant] ---- -DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); // Noncompliant ----- - -==== Compliant solution - -Protection from XXE can be done in several different ways. Choose one depending -on how the affected parser object is used in your code. +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilderFactory; -**1.** The first way is to completely disable `DOCTYPE` declarations: +public void decode() { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); // Noncompliant +} +---- -[source, java] +[source,java,diff-id=2,diff-type=noncompliant] ---- -// Applicable to: -// - DocumentBuilderFactory -// - SAXParserFactory -// - SchemaFactory -factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - -// For XMLInputFactory: -factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); +import javax.xml.stream.XMLInputFactory; + +public void decode() { + XMLInputFactory factory = XMLInputFactory.newInstance(); // Noncompliant +} ---- -**2.** Disable external entity declarations completely: +==== Compliant solution -[source, java] +For `DocumentBuilderFactory`, `SAXParserFactory`, `TransformerFactory`, and +`SchemaFactory` set `XMLConstants.FEATURE_SECURE_PROCESSING` to `true`. + +[source,java,diff-id=1,diff-type=compliant] ---- -// Applicable to: -// - DocumentBuilderFactory -// - SAXParserFactory -factory.setFeature("http://xml.org/sax/features/external-general-entities", false); -factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - -// For XMLInputFactory: -factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE); +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilderFactory; + +public void decode() { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); +} ---- -**3.** Prohibit the use of all protocols by external entities: +For `XMLInputFactory` set `SUPPORT_DTD` to `false`. -[source, java] +[source,java,diff-id=2,diff-type=compliant] ---- -// `setAttribute` variant, applicable to: -// - DocumentBuilderFactory -// - TransformerFactory -factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); -factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); - -// `setProperty` variant, applicable to: -// - XMLInputFactory -// - SchemaFactory -factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); -factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); - -// For SAXParserFactory, the prohibition is done on child objects: -SAXParser parser = factory.newSAXParser(); -parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); -parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); +import javax.xml.stream.XMLInputFactory; + +public void decode() { + XMLInputFactory factory = XMLInputFactory.newInstance(); + factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); +} ---- +Other combinations of settings are secure, but in general, it is recommendable +to use the approaches shown here, as they are the most clear. + === How does this work? include::../../common/fix/xxe.adoc[] @@ -73,6 +63,7 @@ include::../../common/fix/xxe.adoc[] === Going the extra mile ==== Disable entity expansion + Specifically for `DocumentBuilderFactory`, it is possible to disable the entity expansion. Note, however, that this does not prevent the retrieval of external entities. diff --git a/rules/S2755/java/how-to-fix-it/jdom2.adoc b/rules/S2755/java/how-to-fix-it/jdom2.adoc index 26d698be3ce..4cb47daacb5 100644 --- a/rules/S2755/java/how-to-fix-it/jdom2.adoc +++ b/rules/S2755/java/how-to-fix-it/jdom2.adoc @@ -24,7 +24,6 @@ import org.jdom2.input.SAXBuilder; public void decode() { SAXBuilder builder = new SAXBuilder(); builder.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - builder.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); } ---- diff --git a/rules/S2755/java/how-to-fix-it/sax.adoc b/rules/S2755/java/how-to-fix-it/sax.adoc new file mode 100644 index 00000000000..497f8380c54 --- /dev/null +++ b/rules/S2755/java/how-to-fix-it/sax.adoc @@ -0,0 +1,36 @@ +== How to fix it in SAX + +=== Code examples + +include::../../common/fix/code-rationale.adoc[] + +==== Noncompliant code example + +[source,java,diff-id=31,diff-type=noncompliant] +---- +import org.xml.sax.XMLReader; +import org.xml.sax.helpers.XMLReaderFactory; + +public void decode() { + XMLReader reader = XMLReaderFactory.createXMLReader(); // Noncompliant +} +---- + +==== Compliant solution + +Set `disallow-doctype-decl` to `true`. + +[source,java,diff-id=31,diff-type=compliant] +---- +import org.xml.sax.XMLReader; +import org.xml.sax.helpers.XMLReaderFactory; + +public void decode() { + XMLReader reader = XMLReaderFactory.createXMLReader(); + reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); +} +---- + +=== How does this work? + +include::../../common/fix/xxe.adoc[] diff --git a/rules/S2755/java/rule.adoc b/rules/S2755/java/rule.adoc index b0c00e8f9e2..05368bfb912 100644 --- a/rules/S2755/java/rule.adoc +++ b/rules/S2755/java/rule.adoc @@ -14,6 +14,8 @@ include::how-to-fix-it/dom4j.adoc[] include::how-to-fix-it/jdom2.adoc[] +include::how-to-fix-it/sax.adoc[] + == Resources include::../common/resources/standards.adoc[] diff --git a/rules/S2755/metadata.json b/rules/S2755/metadata.json index 615b0b807d8..933bfdaff5c 100644 --- a/rules/S2755/metadata.json +++ b/rules/S2755/metadata.json @@ -46,6 +46,9 @@ ], "ASVS 4.0": [ "5.5.2" + ], + "STIG ASD_V5R3": [ + "V-222608" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2757/java/metadata.json b/rules/S2757/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S2757/java/metadata.json +++ b/rules/S2757/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S2757/python/metadata.json b/rules/S2757/python/metadata.json index 17971333806..5ca14620c47 100644 --- a/rules/S2757/python/metadata.json +++ b/rules/S2757/python/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "confusing", + "convention" + ] } diff --git a/rules/S2761/java/metadata.json b/rules/S2761/java/metadata.json index 1d44daec618..232fb9456e0 100644 --- a/rules/S2761/java/metadata.json +++ b/rules/S2761/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Unary prefix operators should not be repeated" + "title": "Unary prefix operators should not be repeated", + "scope": "Main" } diff --git a/rules/S2761/python/metadata.json b/rules/S2761/python/metadata.json index 5ca3b13214c..fe3866464ba 100644 --- a/rules/S2761/python/metadata.json +++ b/rules/S2761/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "5min" }, "tags": [ - + "confusing" ], "extra": { "replacementRules": [ diff --git a/rules/S2772/python/metadata.json b/rules/S2772/python/metadata.json index 68173b87320..0886cf56fa1 100644 --- a/rules/S2772/python/metadata.json +++ b/rules/S2772/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "2min" }, "tags": [ - "unused" + "confusing" ], "extra": { "replacementRules": [ diff --git a/rules/S2774/see.adoc b/rules/S2774/see.adoc index 6e19a666352..9e67a7c0f7f 100644 --- a/rules/S2774/see.adoc +++ b/rules/S2774/see.adoc @@ -1,4 +1,4 @@ == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/615[MITRE, CWE-615] - Information Exposure Through Comments \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/615[CWE-615 - Information Exposure Through Comments] \ No newline at end of file diff --git a/rules/S2778/cobol/rule.adoc b/rules/S2778/cobol/rule.adoc index e1a1b87a833..e1fffb68829 100644 --- a/rules/S2778/cobol/rule.adoc +++ b/rules/S2778/cobol/rule.adoc @@ -17,8 +17,8 @@ END-EXEC. == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/497[MITRE, CWE-497] - Exposure of System Data to an Unauthorized Control Sphere +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/497[CWE-497 - Exposure of System Data to an Unauthorized Control Sphere] ifdef::env-github,rspecator-view[] diff --git a/rules/S2786/java/metadata.json b/rules/S2786/java/metadata.json index 782d4d34897..01bca6b9eba 100644 --- a/rules/S2786/java/metadata.json +++ b/rules/S2786/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-2786", "sqKey": "S2786", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2789/java/metadata.json b/rules/S2789/java/metadata.json index f8a95c6348d..b4a51a85677 100644 --- a/rules/S2789/java/metadata.json +++ b/rules/S2789/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2789", "sqKey": "S2789", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2806/cfamily/metadata.json b/rules/S2806/cfamily/metadata.json index 703e4483929..4ca5105b33e 100644 --- a/rules/S2806/cfamily/metadata.json +++ b/rules/S2806/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -17,19 +17,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2806", "sqKey": "S2806", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2807/cfamily/metadata.json b/rules/S2807/cfamily/metadata.json index 30f2bac8baf..9e431a0db0f 100644 --- a/rules/S2807/cfamily/metadata.json +++ b/rules/S2807/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "Binary operators should be overloaded as \"friend\" functions", + "title": "Binary operators should be overloaded as hidden friend functions", "type": "CODE_SMELL", "code": { "impacts": { @@ -29,7 +29,7 @@ "sqKey": "S2807", "scope": "Main", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S2807/cfamily/rule.adoc b/rules/S2807/cfamily/rule.adoc index 08fb8607eed..de6f8648c1d 100644 --- a/rules/S2807/cfamily/rule.adoc +++ b/rules/S2807/cfamily/rule.adoc @@ -1,34 +1,455 @@ +This rule raises issues for overloaded binary mathematical and relational operators that are not declared as hidden friends. + == Why is this an issue? -Member functions can only be used with an instance of a class. But ``++friend++`` functions can be used with an implicitly converted type. So loosening access privileges to ``++friend++`` on overloaded binary operators makes them more flexible. Specifically, with a ``++friend++`` function, the class instance can be on either the right or the left of the operator, but with a member function, it can only be on the left. +When overloading binary or relational operators, it is recommended that they be declared hidden friends of the class. + +=== The hidden friend pattern + +The hidden friend pattern consists of declaring and defining a function directly as a friend inside the class body. This reduces the function's visibility to argument-dependent lookup only. Approximately, such a function is considered only when called on an object of the enclosing class. + +[source,cpp] +---- +struct MyClass { + friend void function(MyClass const& arg) { // This function is a hidden friend of MyClass + ... + } +}; +---- +=== Benefits of hidden friends -This rule raises an issue for all non-``++friend++`` overloaded binary operators except: +Using hidden friends provides the following benefits: -* \"``++=++``", \"``++[ ]++``", and \"``++->++``", which cannot be overloaded as ``++friend++`` functions. -* \"``+++=++``", \"``++-=++``", \"``++*=++``", \"``++/=++``", \"``++%=++``", \"``++^=++``", \"``++&=++``", \"``++|=++``", \"``++<<=++``", and \"``++>>=++``", which are not symmetric operators. +* in contrast to the member function, it allows conversion to be applied to both operands +* in contrast to free functions, it is considered only if one of the operands is an object of the given class +This rule raises issues for these overloaded binary operators: -=== Noncompliant code example +* mathematical operators: `+`, `-`, `*`, `/`, `%`, `^`, `&`, `|`, `<<`, `>>` +* until {cpp}20, all relational operators: `==`, `!=`, `<`, `>`, ``++<=++``, ``++>=++`` +* since {cpp}20, non-members key relational operators: `==`, ``++<=>++`` [source,cpp] ---- -bool operator==(const MyClass &RHS); // Noncompliant +struct MyClass { + MyClass operator+(const MyClass& rhs) // Noncompliant + { /* ... */ } +}; + +bool operator==(const MyClass &lhs, const MyClass& rhs) // Noncompliant +{ /* ... */ } +---- + + +=== Why are hidden friends preferred over free functions? + +The overloaded operators that are declared as hidden friends are found only by argument-dependent lookup (ADL) for a given class. +Roughly, this means that the hidden friend of class `C` is considered a candidate +only if one of the arguments of the call is an object of type `C` or one derived from it. +In contrast, a free function is considered for any class declared in the same namespace. + +For illustration, let's consider the following example which defines `operator/` as a free function. +[source,cpp,diff-id=1,diff-type=noncompliant] +---- +namespace lib { + class Path { + public: + Path(char const*); + Path(std::string_view); + Path& operator/=(Path const&); + }; + + Path operator/(Path const& lhs, Path const& rhs) { + auto result = lhs; + result /= rhs; + return result; + } +} ---- +The `operator/` will be considered as a candidate for any call `a / b` +when either `a` or `b` are of a type declared in the namespace `lib`. +This not only makes compilation slower but also lists the function as a candidate in case of a compilation error, +making such a message less readable. -=== Compliant solution +Furthermore, when such an operator is visible via normal lookup, it may be invoked when both arguments are of the type that is convertible to `lib::Path`. +This may happen for code in the `lib` namespace or after using `using namespace lib;`. +However, such code will not compile or, even worse, select different overloads when placed in a different namespace. [source,cpp] ---- -friend bool operator==(const MyClass &LHS, const MyClass &RHS); +namespace lib { + void insideLib(std::string_view sv) { + sv / "dir"; // Compiles, converts both arg to lib::Path + } +} // namespace lib + +namespace otherNS { + void withoutUsing(std::string_view sv) { + sv / "dir"; // Either does not compile or calls a different operator + } + void withUsing(std::string_view sv) { + using namespace lib; + sv / "dir"; // Compiles, converts both arg to lib::Path + } +} // namespace otherNS +---- + +Such conversion for both arguments will not be allowed when the operator is declared as a hidden friend, +as none of the operands are of `lib::Path` type: + +[source,cpp,diff-id=1,diff-type=compliant] +---- +namespace lib { + class Path { + public: + Path(char const*); + Path(std::string_view); + Path& operator/=(Path const&); + + friend Path operator/(Path const& lhs, Path const& rhs) { + auto result = lhs; + result /= rhs; + return result; + } + }; +} +---- + +=== Why are hidden friends preferred over member functions? + +When the overloaded operator is declared as a class member, +it can be invoked only for objects of that class or classes derived from it. +These restrictions also apply when operator syntax (`a op b`) is used +and disallows implicit conversion for left operands while allowing them for right operands. + +For example, given the object `i` of class `Integer` that defines +`operator+` as a member: +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +class Integer { +public: + Integer(long long int); + Integer& operator+=(Integer const& rhs); + Integer operator+(Integer const& rhs) const { // Noncompliant + Integer res = *this; + res += rhs; + return res; + } +}; +---- +The call `i + 10` is well-formed and resolves to `i.operator+(10)`, +which will convert `10` to an `Integer` object using the implicit converting constructor. +However, `10 + i` is ill-formed. + +If hidden friend functions were used, the expressions `i + 10` and `10 + i`, +would resolve to `operator+(i, 10)` and `operator+(10, i)` respectively, +allowing conversion to be performed symmetrically on the integer literal. +[source,cpp,diff-id=2,diff-type=compliant] +---- +class Integer { +public: + Integer(long long int); + Integer& operator+=(Integer const& rhs); + friend Integer operator+(Integer const& lhs, Integer const& rhs) { // Compliant + Integer res = lhs; + res += rhs; + return res; + } +}; +---- + + +=== Why relational operators are treated differently since {cpp}20? + +{cpp}20 has introduced a three-way comparison operator ``++<=>++`` (also known as spaceship) +in addition to the mechanism that considers additional functions when interpreting relational operations: + +* `a < b` (also `>`, ``++<=++``, ``++>=++``) is also interpreted as ``++operator<=>(a, b) < 0++``, ``++a.operator<=>(b) < 0++``, or ``++0 < operator<=>(b, a)++``, ``++0 < b.operator<=>(a)++``, +* `a != b` is also intepreted as `!operator==(a, b)`, `!a.operator==(b)`, or `!operator==(b, a)`, `!b.operator==(a)`, +* `a == b` is also intepreted as `operator==(a, b)`, `a.operator==(b)`, or `operator==(b, a)`, `b.operator==(a)`. + +The above mechanism makes overloads for `!=`, `<`, `>`, ``++<=++``, ``++>=++`` replacable with ``++<=>++`` and `==` (see S6187). +As these overloads will usually be removed, we do not suggest replacing them with hidden friends. + +Additionally, such rewrites consider calls of overloads with the order of argument as spelled (`a`, `b`), and reversed (`b`, `a`). +This makes the behavior of expression consistent regardless of the order of operands. +Given the following example: + +[source,cpp] +---- +struct MyString { + MyString(char const* cstr); + bool + operator==(MyString const& other) const; // Compliant since C++20: see below + + std::strong_ordering + operator<=>(MyString const& other) const; // Compliant: only available since C++20 +}; + +const MySting ms; +---- + +The expression `ms == "Some string"` and `"SomeString" == ms` both compile, +and the latter calls `operator==` with the argument reversed. +This removes the drawbacks of declaring all combinations of such operators as members, +and the issue is not raised for them for {cpp}20 and later. + +Note, that hidden friends are still preferred over free functions: +[source,cpp] +---- +struct MyString { + MyString(char const* cstr); +}; + +bool +operator==(MyString const& lhs, MyString const& rhs) // Noncompliant +{ /* ... */ } + +std::strong_ordering +operator<=>(MyString const& lhs, MyString const& rhs) // Noncompliant +{ /* ... */ } +---- + +== How to fix it + +The issue can be fixed by declaring the operator as a hidden friend, +i.e., declaring it as a `friend` inside the class and inlining its function body. + +=== Code examples + +==== Noncompliant code example + +[source,cpp,diff-id=3,diff-type=noncompliant] +---- +struct IntWrapper { + long i; + MyClass operator+(const MyClass& rhs) const // Noncompliant + { + return MyClass{i + rhs.i} + } +}; +---- + +==== Compliant solution + +[source,cpp,diff-id=3,diff-type=compliant] +---- +struct IntWrapper { + long i; + friend MyClass operator+(const MyClass& lhs, const MyClass& rhs) // Compliant + { + return Myclass{lhs.i + rhs.i} + } +}; +---- + +==== Noncompliant code example + +[source,cpp,diff-id=4,diff-type=noncompliant] +---- +struct IntWrapper { + long i; +}; + +MyClass operator+(const MyClass& lhs, const MyClass& rhs) // Noncompliant +{ + return Myclass{lhs.i + rhs.i} +} +---- + +==== Compliant solution + +[source,cpp,diff-id=4,diff-type=compliant] +---- +struct IntWrapper { + long i; + friend MyClass operator+(const MyClass& lhs, const MyClass& rhs) // Compliant + { + return Myclass{lhs.i + rhs.i} + } +}; +---- + +=== How to handle operator with definition in source file + +To define a hidden friend, the overloaded operator needs to be defined in class. +If the operator is initially defined in the source file, it may be necessary to move its definition to the header file. +In complex implementations, this may be undesired or impossible. + +==== Noncompliant code example + +[source,cpp,diff-id=5,diff-type=noncompliant] +---- +// Header file +class Integer { +public: + Integer(long long int); + Integer operator+(Integer const& rhs) const; // Noncompliant +}; + +// Source file +Integer Integer::operator+(Integer const& rhs) const +{ + /* Complex logic */ +} +---- + +==== Compliant solution + +To properly resolve such an issue, you may define a helper member function, +that will remain defined in the source file, and define the operator in terms of it. + +For mathematical operators, this is usually achieved by defining them in terms of the corresponding compound assignment operator. +This has the additional benefit of reducing code duplication if both `operator+` and `operator+=` were already defined, +or making the interface more consistent by providing compound assignment counterparts for each supported operator. + +[source,cpp,diff-id=5,diff-type=compliant] +---- +// Header file +class Integer { +public: + Integer(long long int); + Integer& operator+=(Integer const& rhs); + friend Integer operator+(Integer const& lhs, Integer const& rhs) // Compliant + { + Integer result = lhs; + result += rhs; + return result; + } +}; + +// Source file +Integer& Integer::operator+=(Integer const& rhs) +{ + /* Complex logic */ +} +---- + +=== How to handle operator template + +When declaring a hidden friend for a class template, a separate friend function is instantiated for each instantiation of the enclosing class. +When changing from a free overloaded operator template to a friend function, template parameters corresponding to the class should be removed. + +==== Noncompliant code example + +[source,cpp,diff-id=6,diff-type=noncompliant] ---- +template +class StringRef { +public: + StringRef(CharT const* str); + int compare(StringRef other) const; +}; + +template +bool operator==(StringRef lhs, StringRef rhs) // Noncompliant +{ + return lhs.compare(rhs) == 0; +} +---- + +==== Compliant solution + +[source,cpp,diff-id=6,diff-type=compliant] +---- +template +class StringRef { +public: + StringRef(CharT const* str); + + int compare(StringRef other) const; + + friend bool operator==(StringRef lhs, StringRef rhs) // Compliant: separate overload for each instantiation of StringRef + { + return lhs.compare(rhs) == 0; + } +}; +---- + +Such a solution has the additional benefit of allowing the operands to be converted (as the operator is no longer a template). +This means that for `StringRef sr`, the expression `sr == "Some string"` will compile and use the implicit constructor from ``++CharT const*++``, +alleviating the need to declare additional overloads accepting ``++const CharT*++``. + +In the case of heterogeneous operators that accept different specializations, only one set of template parameters should be removed: + +==== Noncompliant code example + +[source,cpp,diff-id=7,diff-type=noncompliant] +---- +template +struct Optional { + bool has_value() const; + T const& value() const; +}; + +template + requires std::equality_comparable +bool operator==(Optional const& lhs, Optional const& rhs) // Noncompliant +{ + if (lhs.has_value() && rhs.has_value()) { + return lhs.value() == rhs.value(); + } + return lhs.has_value() == rhs.has_value(); +} + +template + requires std::equality_comparable_with +bool operator==(Optional const& lhs, Optional rhs) // Noncompliant +{ + if (lhs.has_value() && rhs.has_value()) { + return lhs.value() == rhs.value(); + } + return lhs.has_value() == rhs.has_value(); +} +---- + +==== Compliant solution + +[source,cpp,diff-id=7,diff-type=compliant] +---- +template +struct Optional { + bool has_value() const; + T const& value() const; + + friend bool operator==(Optional const& lhs, Optional rhs) // Compliant: lhs and rhs are Optional + requires std::equality_comparable + { + if (lhs.has_value() && rhs.has_value()) { + return lhs.value() == rhs.value(); + } + return lhs.has_value() == rhs.has_value(); + } + + template + requires std::equality_comparable_with + friend bool operator==(Optional const& lhs, Optional rhs) // Compliant: lhs is Optional + { + if (lhs.has_value() && rhs.has_value()) { + return lhs.value() == rhs.value(); + } + return lhs.has_value() == rhs.has_value(); + } +}; +---- == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c161-use-nonmember-functions-for-symmetric-operators[{cpp} Core Guidelines C.161] - Use nonmember functions for symmetric operators +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/language/lookup[Name lookup] +* {cpp} reference - https://en.cppreference.com/w/cpp/language/adl[Argument-dependent lookup] + +=== External coding guidelines + +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c161-use-non-member-functions-for-symmetric-operators[C.161: Use non-member functions for symmetric operators] +=== Related rules + +* S6187 - Operator spaceship "<=>" should be used to define comparable types ifdef::env-github,rspecator-view[] @@ -38,13 +459,18 @@ ifdef::env-github,rspecator-view[] === Message -Make this a free function, potentially "friend". - +* "Make this member overloaded operator a hidden friend." +* "Make this overloaded operator a hidden friend of class "{}"." +* "Make this overloaded operator a hidden friend of class "{}" or "{}"." ''' == Comments And Links (visible only on this page) +Exception for member `operator<<` and `operator>>` that looks like streaming is omitted on purpose. +I do not think any user will be confused about not having an issue there when they write a stream +(this happens only for members). + === on 17 Nov 2015, 09:01:34 Evgeny Mandrikov wrote: \[~ann.campbell.2] could you please help me update this RSPEC - operators ``++=++``, ``++[]++`` and ``++->++`` can't be overloaded as friend functions. diff --git a/rules/S2809/abap/rule.adoc b/rules/S2809/abap/rule.adoc index 058609df403..1c068098285 100644 --- a/rules/S2809/abap/rule.adoc +++ b/rules/S2809/abap/rule.adoc @@ -73,10 +73,10 @@ No issue will be raised when ``++CALL TRANSACTION++`` is followed by ``++WITHOUT == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/285[MITRE, CWE-285] - Improper Authorization -* https://cwe.mitre.org/data/definitions/862[MITRE, CWE-862] - Missing Authorization +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/285[CWE-285 - Improper Authorization] +* CWE - https://cwe.mitre.org/data/definitions/862[CWE-862 - Missing Authorization] ifdef::env-github,rspecator-view[] diff --git a/rules/S2817/javascript/metadata.json b/rules/S2817/javascript/metadata.json index 1b32865c4c9..13b3ac634ae 100644 --- a/rules/S2817/javascript/metadata.json +++ b/rules/S2817/javascript/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,19 +16,13 @@ "type-dependent" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2817", "sqKey": "S2817", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2817/javascript/rule.adoc b/rules/S2817/javascript/rule.adoc index ea0a9593410..bbb19932b1a 100644 --- a/rules/S2817/javascript/rule.adoc +++ b/rules/S2817/javascript/rule.adoc @@ -16,8 +16,8 @@ var db = window.openDatabase("myDb", "1.0", "Personal secrets stored here", 2*10 == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] ifdef::env-github,rspecator-view[] diff --git a/rules/S2819/common/resources/standards.adoc b/rules/S2819/common/resources/standards.adoc index 6ef63300419..97a31e22405 100644 --- a/rules/S2819/common/resources/standards.adoc +++ b/rules/S2819/common/resources/standards.adoc @@ -2,5 +2,6 @@ === Standards * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] -* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] -* CWE - https://cwe.mitre.org/data/definitions/345.html[CWE-345 - Insufficient Verification of Data Authenticity] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/345[CWE-345 - Insufficient Verification of Data Authenticity] diff --git a/rules/S2819/javascript/metadata.json b/rules/S2819/javascript/metadata.json index c29aeaa03c2..19cbe8b67b1 100644 --- a/rules/S2819/javascript/metadata.json +++ b/rules/S2819/javascript/metadata.json @@ -34,7 +34,8 @@ 345 ], "OWASP": [ - "A3" + "A3", + "A5" ], "OWASP Top 10 2021": [ "A1" diff --git a/rules/S2823/python/metadata.json b/rules/S2823/python/metadata.json index 2e4fdfe9c78..0cf58304f24 100644 --- a/rules/S2823/python/metadata.json +++ b/rules/S2823/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,11 @@ "constantCost": "1min" }, "tags": [ - + "python3" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2823", diff --git a/rules/S2857/metadata.json b/rules/S2857/metadata.json index 1df1829e322..47016545017 100644 --- a/rules/S2857/metadata.json +++ b/rules/S2857/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,12 +16,8 @@ "sql" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2857", diff --git a/rules/S2864/java/metadata.json b/rules/S2864/java/metadata.json index 7f8fe782665..667d72a2256 100644 --- a/rules/S2864/java/metadata.json +++ b/rules/S2864/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2864", "sqKey": "S2864", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2871/javascript/rule.adoc b/rules/S2871/javascript/rule.adoc index b9ecfe60d11..3737326a8af 100644 --- a/rules/S2871/javascript/rule.adoc +++ b/rules/S2871/javascript/rule.adoc @@ -25,7 +25,7 @@ numbers.sort((a, b) => a - b); console.log(numbers); // Output: [1, 2, 5, 10, 30] ---- -Even to sort strings, the default sort order may give unexpected results. Not only does it not support localization, it also doesn't fully support Unicode, as it only considers UTF-16 code units. For example, in the code below, `"eΔ"` is surprisingly before and after `"éΔ"`. +Even to sort strings, the default sort order may give unexpected results. Not only does it not support localization, it also doesn't fully support Unicode, as it only considers UTF-16 code units. For example, in the code below, `"eΔ"` is surprisingly before and after `"éΔ"`. To guarantee that the sorting is reliable and remains as such in the long run, it is necessary to provide a compare function that is both locale and Unicode aware - typically `String.localeCompare`. [source,javascript] ---- diff --git a/rules/S2876/python/metadata.json b/rules/S2876/python/metadata.json index 1a8bcce5b31..e7ee98b8207 100644 --- a/rules/S2876/python/metadata.json +++ b/rules/S2876/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "10min" }, "tags": [ - + "python3", + "pep" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2876", diff --git a/rules/S2885/java/metadata.json b/rules/S2885/java/metadata.json index 5a2d39449ad..b8a1435c235 100644 --- a/rules/S2885/java/metadata.json +++ b/rules/S2885/java/metadata.json @@ -19,6 +19,11 @@ "ruleSpecification": "RSPEC-2885", "sqKey": "S2885", "scope": "Main", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222567" + ] + }, "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S2885/java/rule.adoc b/rules/S2885/java/rule.adoc index a3cff65bb14..974403b094c 100644 --- a/rules/S2885/java/rule.adoc +++ b/rules/S2885/java/rule.adoc @@ -48,12 +48,18 @@ public class MyClass { ---- == Resources + === Articles & blog posts * https://web.mit.edu/6.005/www/fa14/classes/18-thread-safety/[MIT - Thread safety] * https://www.baeldung.com/java-thread-safety[Baeldung - Thread safety] * https://www.baeldung.com/java-static[Baeldung - Static] +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S2886/java/metadata.json b/rules/S2886/java/metadata.json index 668868e5f33..fe4a59b6582 100644 --- a/rules/S2886/java/metadata.json +++ b/rules/S2886/java/metadata.json @@ -19,10 +19,13 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2886", "sqKey": "S2886", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "VNA01-J." + ], + "STIG ASD_V5R3": [ + "V-222567" ] }, "defaultQualityProfiles": [ diff --git a/rules/S2886/java/rule.adoc b/rules/S2886/java/rule.adoc index a3aa269f6cc..6170b83ee74 100644 --- a/rules/S2886/java/rule.adoc +++ b/rules/S2886/java/rule.adoc @@ -82,15 +82,17 @@ public class Person { * https://docs.oracle.com/javase/tutorial/essential/concurrency/syncmeth.html[Oracle Java - Synchronized Methods] * https://docs.oracle.com/javase/specs/jls/se20/html/jls-8.html#jls-8.4.3.6[Oracle SE 20 - Synchronized Methods] -=== Standards - -* https://wiki.sei.cmu.edu/confluence/x/4jdGBQ[CERT, VNA01-J.] - Ensure visibility of shared references to immutable objects - === Articles & blog posts * https://web.mit.edu/6.005/www/fa14/classes/18-thread-safety/[MIT - Thread safety] * https://www.baeldung.com/java-thread-safety[Baeldung - Thread safety] +=== Standards + +* https://wiki.sei.cmu.edu/confluence/x/4jdGBQ[CERT, VNA01-J.] - Ensure visibility of shared references to immutable objects +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S2930/csharp/rule.adoc b/rules/S2930/csharp/rule.adoc index 0ca5f71236b..0f5c53b7aa4 100644 --- a/rules/S2930/csharp/rule.adoc +++ b/rules/S2930/csharp/rule.adoc @@ -1,17 +1,29 @@ == Why is this an issue? -When writing https://learn.microsoft.com/en-us/dotnet/standard/managed-code[managed code], there is no need to worry about memory allocation or deallocation as it is taken care of by the https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection[garbage collector]. However, certain objects, such as `Bitmap`, utilize unmanaged memory for specific purposes like https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/unsafe-code[pointer arithmetic]. These objects may have substantial unmanaged memory footprints while having minimal managed footprints. Unfortunately, the garbage collector only recognizes the small managed footprint and does not promptly reclaim the corresponding unmanaged memory (by invoking the finalizer method of `Bitmap`) for efficiency reasons. +When writing https://learn.microsoft.com/en-us/dotnet/standard/managed-code[managed code], there is no need to worry about memory allocation or deallocation as it is taken care of by the https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection[garbage collector]. However, certain objects, such as `Bitmap`, utilize unmanaged memory for specific purposes like https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/unsafe-code[pointer arithmetic]. These objects may have substantial unmanaged memory footprints while having minimal managed footprints. Unfortunately, the garbage collector only recognizes the small managed footprint and does not promptly reclaim the corresponding unmanaged memory (by invoking the finalizer method of `Bitmap`) for efficiency reasons. In addition, it's essential to manage other system resources besides memory. The operating system has limits on the number of https://en.wikipedia.org/wiki/File_descriptor[file descriptors] (e.g., `FileStream`) or https://en.wikipedia.org/wiki/Network_socket[sockets] (e.g., `WebClient`) that can remain open simultaneously. Therefore, it's crucial to `Dispose` of these resources promptly when they are no longer required, instead of relying on the garbage collector to invoke the finalizers of these objects at an unpredictable time in the future. This rule keeps track of `private` fields and local variables of specific types that implement `IDisposable` or `IAsyncDisposable`. It identifies instances of these types that are not properly disposed, closed, aliased, returned, or passed to other methods. This applies to instances that are either directly created using the `new` operator or instantiated through a predefined list of factory methods. +Here is the list of the types tracked by this rule: + +* `FluentAssertions.Execution.AssertionScope` +* `System.Drawing.Bitmap` +* `System.Drawing.Image` +* `System.IO.FileStream` +* `System.IO.StreamReader` +* `System.IO.StreamWriter` +* `System.Net.Sockets.TcpClient` +* `System.Net.Sockets.UdpClient` +* `System.Net.WebClient` + Here is the list of predefined factory methods tracked by this rule: -* `System.IO.File.Create()` -* `System.IO.File.Open()` * `System.Drawing.Image.FromFile()` * `System.Drawing.Image.FromStream()` +* `System.IO.File.Create()` +* `System.IO.File.Open()` === Exceptions @@ -48,7 +60,7 @@ When creating the disposable resource for a one-time use (cases not covered by t [source,csharp,diff-id=1,diff-type=noncompliant] ---- -public class ResourceHolder +public class ResourceHolder { private FileStream fs; // Noncompliant: dispose or close are never called @@ -79,7 +91,7 @@ public class ResourceHolder : IDisposable, IAsyncDisposable this.fs = new FileStream(path, FileMode.Open); } - public void Dispose() + public void Dispose() { this.fs.Dispose(); } @@ -104,17 +116,17 @@ public class ResourceHolder : IDisposable, IAsyncDisposable === Documentation -* https://learn.microsoft.com/en-us/dotnet/standard/managed-code[What is "managed code"?] -* https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection[Garbage collection] -* https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/finalizers[Finalizers] -* https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/unsafe-code[Unsafe code, pointer types, and function pointers] -* https://en.wikipedia.org/wiki/File_descriptor[File descriptor - Wiki] -* https://en.wikipedia.org/wiki/Network_socket[Network socket - Wiki] -* https://learn.microsoft.com/en-us/dotnet/standard/design-guidelines/dispose-pattern[Dispose pattern] -** https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection/implementing-dispose[Implement a Dispose method] -** https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection/implementing-disposeasync[Implement a DisposeAsync method] -* https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/using[using statement and using declaration] -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459 - Incomplete Cleanup] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/standard/managed-code[What is "managed code"?] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection[Garbage collection] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/finalizers[Finalizers] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/unsafe-code[Unsafe code, pointer types, and function pointers] +* Wikipedia - https://en.wikipedia.org/wiki/File_descriptor[File descriptor] +* Wikipedia - https://en.wikipedia.org/wiki/Network_socket[Network socket] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/standard/design-guidelines/dispose-pattern[Dispose pattern] +** Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection/implementing-dispose[Implement a Dispose method] +** Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection/implementing-disposeasync[Implement a DisposeAsync method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/using[using statement and using declaration] +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] ifdef::env-github,rspecator-view[] diff --git a/rules/S2930/metadata.json b/rules/S2930/metadata.json index 7406a67af41..fc67b547960 100644 --- a/rules/S2930/metadata.json +++ b/rules/S2930/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "denial-of-service" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2930", diff --git a/rules/S2931/metadata.json b/rules/S2931/metadata.json index 36c3e27b613..dd0da8642a2 100644 --- a/rules/S2931/metadata.json +++ b/rules/S2931/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -17,12 +17,8 @@ "denial-of-service" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2931", @@ -33,8 +29,6 @@ 459 ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2931/rule.adoc b/rules/S2931/rule.adoc index 957083e789e..37f9b906bed 100644 --- a/rules/S2931/rule.adoc +++ b/rules/S2931/rule.adoc @@ -49,4 +49,4 @@ public class ResourceHolder : IDisposable == Resources -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459] - Incomplete Cleanup \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] \ No newline at end of file diff --git a/rules/S2933/dart/metadata.json b/rules/S2933/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S2933/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S2933/dart/rule.adoc b/rules/S2933/dart/rule.adoc new file mode 100644 index 00000000000..9f744eb0395 --- /dev/null +++ b/rules/S2933/dart/rule.adoc @@ -0,0 +1,47 @@ +== Why is this an issue? + +Final fields can't be reassigned. There's often a need to declare some fields that aren't intended to be changed. To avoid confusion, such fields should be marked `final` to make their intended use explicit, and to prevent future maintainers from inadvertently changing their use. + + +== How to fix it + +Mark the given field with the `final` modifier. + + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class Person { + var _birthYear; // Noncompliant, _birthYear never updated in this class + var _age = 0; + + Person(this.birthYear); + + void updateAge(int newAge) { + _age = newAge; + } +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class Person { + final _birthYear; + var _age = 0; + + Person(this.birthYear); + + void updateAge(int newAge) { + _age = newAge; + } +} +---- + +== Resources + +* https://dart.dev/tools/linter-rules/prefer_final_fields[Dart Lint rule] diff --git a/rules/S2933/javascript/metadata.json b/rules/S2933/javascript/metadata.json index 7fe1e24c8b3..b0ddda554b6 100644 --- a/rules/S2933/javascript/metadata.json +++ b/rules/S2933/javascript/metadata.json @@ -1,5 +1,4 @@ { - "defaultQualityProfiles": [], "scope": "Main", "quickfix": "covered", "tags": [ diff --git a/rules/S2951/vbnet/metadata.json b/rules/S2951/vbnet/metadata.json index f643669609a..0f4c7e78b6f 100644 --- a/rules/S2951/vbnet/metadata.json +++ b/rules/S2951/vbnet/metadata.json @@ -1,3 +1,3 @@ { - "title": "VB.Net: \"Exit Select\" statements should not be used redundantly" + "title": "\"Exit Select\" statements should not be used redundantly" } diff --git a/rules/S2952/csharp/rule.adoc b/rules/S2952/csharp/rule.adoc index f44af48c059..05b79a4b6ac 100644 --- a/rules/S2952/csharp/rule.adoc +++ b/rules/S2952/csharp/rule.adoc @@ -61,7 +61,7 @@ public class ResourceHolder : IDisposable == Resources -* https://cwe.mitre.org/data/definitions/459[MITRE, CWE-459] - Incomplete Cleanup +* CWE - https://cwe.mitre.org/data/definitions/459[CWE-459 - Incomplete Cleanup] ifdef::env-github,rspecator-view[] diff --git a/rules/S2953/metadata.json b/rules/S2953/metadata.json index fe33838cf36..5b62851ce3c 100644 --- a/rules/S2953/metadata.json +++ b/rules/S2953/metadata.json @@ -1,33 +1,29 @@ { - "title": "Methods named \"Dispose\" should implement \"IDisposable.Dispose\"", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "HIGH" - }, - "attribute": "IDENTIFIABLE" + "title": "Methods named \"Dispose\" should implement \"IDisposable.Dispose\"", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "BLOCKER" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "10min" - }, - "tags": [ - "pitfall" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-2953", - "sqKey": "S2953", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ] + "attribute": "IDENTIFIABLE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "10min" + }, + "tags": [ + "pitfall" + ], + "extra": { + "replacementRules": [], + "legacyKeys": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-2953", + "sqKey": "S2953", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ] } diff --git a/rules/S2955/csharp/metadata.json b/rules/S2955/csharp/metadata.json index 968536c9bb9..2c63c085104 100644 --- a/rules/S2955/csharp/metadata.json +++ b/rules/S2955/csharp/metadata.json @@ -1,34 +1,2 @@ { - "title": "Generic parameters not constrained to reference types should not be compared to \"null\"", - "type": "BUG", - "code": { - "impacts": { - "RELIABILITY": "LOW" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "10min" - }, - "tags": [ - - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-2955", - "sqKey": "S2955", - "scope": "All", - "defaultQualityProfiles": [ - - ], - "quickfix": "covered" } diff --git a/rules/S2955/csharp/rule.adoc b/rules/S2955/csharp/rule.adoc index 90af30afd0c..b82f0085dc8 100644 --- a/rules/S2955/csharp/rule.adoc +++ b/rules/S2955/csharp/rule.adoc @@ -1,76 +1,62 @@ == Why is this an issue? -When constraints have not been applied to restrict a generic type parameter to be a reference type, then a value type, such as a ``++struct++``, could also be passed. In such cases, comparing the type parameter to ``++null++`` would always be false, because a ``++struct++`` can be empty, but never ``++null++``. If a value type is truly what's expected, then the comparison should use ``++default()++``. If it's not, then constraints should be added so that no value type can be passed. +In C#, without constraints on a generic type parameter, both https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/reference-types[reference] and https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/builtin-types/value-types[value] types can be passed. However, comparing this type parameter to `null` can be misleading as value types, like `struct`, can never be null. +== How to fix it -=== Noncompliant code example +To avoid unexpected comparisons: -[source,csharp] +* if you expect a value type, use https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/default#default-operator[default()] for comparison +* if you expect a reference type, add a https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/generics/constraints-on-type-parameters[constraint] to prevent value types from being passed + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- -private bool IsDefault(T value) +bool IsDefault(T value) { if (value == null) // Noncompliant { // ... } - // ... } ---- +==== Compliant solution -=== Compliant solution - -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- -private bool IsDefault(T value) +bool IsDefault(T value) { - if(object.Equals(value, default(T))) + if (EqualityComparer.Default.Equals(value, default(T))) { // ... } - // ... } ---- + or [source,csharp] ---- -private bool IsDefault(T value) where T : class +bool IsDefault(T value) where T : class { - if (value == null) + if (value == null) { // ... } - // ... } ---- +== Resources -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Use a comparison to "default(xxx)" instead or add a constraint to "xxx" so that it can't be a value type. - - -''' -== Comments And Links -(visible only on this page) - -=== on 22 May 2015, 10:04:25 Tamas Vajk wrote: -Fixed some minor wording issues, and the sample - -=== on 22 May 2015, 12:07:32 Ann Campbell wrote: -Thanks [~tamas.vajk]. Looks good. - -=== on 29 May 2015, 12:50:40 Tamas Vajk wrote: -\[~ann.campbell.2] Could you run through the description? I've change the wording "false negative" because it sounded strange. +=== Documentation -=== on 29 May 2015, 14:50:44 Ann Campbell wrote: -looks good [~tamas.vajk] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/generics/constraints-on-type-parameters[Constraints on type parameters] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/reference-types[Reference types] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/builtin-types/value-types[Value types] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/default#default-operator[`default` operator] -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] diff --git a/rules/S2955/metadata.json b/rules/S2955/metadata.json index 2c63c085104..a41fa4c2302 100644 --- a/rules/S2955/metadata.json +++ b/rules/S2955/metadata.json @@ -1,2 +1,26 @@ { + "title": "Generic parameters not constrained to reference types should not be compared to \"null\"", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "LOW" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "10min" + }, + "tags": [ + + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-2955", + "sqKey": "S2955", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "covered" } diff --git a/rules/S2955/rspecator.adoc b/rules/S2955/rspecator.adoc new file mode 100644 index 00000000000..a4ef703ba59 --- /dev/null +++ b/rules/S2955/rspecator.adoc @@ -0,0 +1,27 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Use a comparison to "default(xxx)" instead or add a constraint to "xxx" so that it can't be a value type. + +''' +== Comments And Links +(visible only on this page) + +=== on 22 May 2015, 10:04:25 Tamas Vajk wrote: +Fixed some minor wording issues, and the sample + +=== on 22 May 2015, 12:07:32 Ann Campbell wrote: +Thanks [~tamas.vajk]. Looks good. + +=== on 29 May 2015, 12:50:40 Tamas Vajk wrote: +\[~ann.campbell.2] Could you run through the description? I've change the wording "false negative" because it sounded strange. + +=== on 29 May 2015, 14:50:44 Ann Campbell wrote: +looks good [~tamas.vajk] + +endif::env-github,rspecator-view[] diff --git a/rules/S2959/java/metadata.json b/rules/S2959/java/metadata.json index d3b75f7ec43..115af514243 100644 --- a/rules/S2959/java/metadata.json +++ b/rules/S2959/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Unnecessary semicolons should be omitted" + "title": "Unnecessary semicolons should be omitted", + "scope": "Main" } diff --git a/rules/S2963/dart/metadata.json b/rules/S2963/dart/metadata.json new file mode 100644 index 00000000000..2531ba3fb96 --- /dev/null +++ b/rules/S2963/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "\"this\" should only be used when required" +} diff --git a/rules/S2963/dart/rule.adoc b/rules/S2963/dart/rule.adoc new file mode 100644 index 00000000000..30d9619dcdc --- /dev/null +++ b/rules/S2963/dart/rule.adoc @@ -0,0 +1,55 @@ +== Why is this an issue? + +The use of `this` is optional except when redirecting to a named constructor, and when it's needed to distinguish between property names and arguments or other variables. For the sake of brevity, `this` should be omitted when it's not strictly required. + +=== Noncompliant code example + +[source,dart] +---- +class Car { + int color; + + Car(this.color); // Mandatory to distinguish between 'color' property and 'color' parameter + + void fade() { + this.color--; // Noncompliant + } +} +---- + +=== Compliant solution + +[source,dart] +---- +class Car { + int color; + + Car(this.color); // Mandatory to distinguish between 'color' property and 'color' parameter + + void fade() { + color--; + } +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/unnecessary_this[Dart Linter rule - unnecessary_this] +* https://dart.dev/effective-dart/usage#dont-use-this-when-not-needed-to-avoid-shadowing[Effective Dart] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Unnecessary 'this.' qualifier. + +=== Highlighting + +'this' keyword + + +endif::env-github,rspecator-view[] diff --git a/rules/S2964/php/rule.adoc b/rules/S2964/php/rule.adoc index b1f9f1895e0..e5a03c996c5 100644 --- a/rules/S2964/php/rule.adoc +++ b/rules/S2964/php/rule.adoc @@ -15,7 +15,7 @@ if (is_bad_ip($requester)) { == Resources -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] ifdef::env-github,rspecator-view[] diff --git a/rules/S2970/metadata.json b/rules/S2970/metadata.json index 16a48495ffe..676baf2d7b0 100644 --- a/rules/S2970/metadata.json +++ b/rules/S2970/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "TESTED" }, @@ -16,12 +16,8 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2970", diff --git a/rules/S2971/csharp/metadata.json b/rules/S2971/csharp/metadata.json index 05b12c9b823..207a7a79888 100644 --- a/rules/S2971/csharp/metadata.json +++ b/rules/S2971/csharp/metadata.json @@ -1,34 +1,3 @@ { - "title": "LINQ expressions should be simplified", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "FOCUSED" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "clumsy" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-2971", - "sqKey": "S2971", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" + "title": "LINQ expressions should be simplified" } diff --git a/rules/S2971/dart/metadata.json b/rules/S2971/dart/metadata.json new file mode 100644 index 00000000000..8a99504a5d1 --- /dev/null +++ b/rules/S2971/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Iterable \"whereType\" should be used to filter by type" +} diff --git a/rules/S2971/dart/rule.adoc b/rules/S2971/dart/rule.adoc new file mode 100644 index 00000000000..c7c10b2ebde --- /dev/null +++ b/rules/S2971/dart/rule.adoc @@ -0,0 +1,61 @@ +== Why is this an issue? + +In the interests of readability, code that can be simplified should be simplified. When you would like to filter elements of iterable by some type, it's more concise to use the method `whereType()`. +This approach improves readability and is less error-prone. + +== How to fix it + +Use `whereType` instead of `where((x) => x is Type)`. + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void foo(Iterable iterable) +{ + iterable.where((x) => x is Car) // Noncompliant + .forEach((car) => print(car.model)); + +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +void foo(Iterable iterable) +{ + iterable.whereType() + .forEach((car) => print(car.model)); + +} +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_iterable_whereType[Dart Linter rule - prefer_iterable_whereType] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Use 'whereType' to select elements of a given type. + +=== Highlighting + +The identifier of the `where` method call. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S2971/metadata.json b/rules/S2971/metadata.json index 2c63c085104..90ef55f7e62 100644 --- a/rules/S2971/metadata.json +++ b/rules/S2971/metadata.json @@ -1,2 +1,33 @@ { + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "FOCUSED" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "clumsy" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-2971", + "sqKey": "S2971", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S2972/java/metadata.json b/rules/S2972/java/metadata.json index ee0f1a5b782..37e3d5c9df1 100644 --- a/rules/S2972/java/metadata.json +++ b/rules/S2972/java/metadata.json @@ -16,19 +16,13 @@ "brain-overload" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2972", "sqKey": "S2972", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2973/java/metadata.json b/rules/S2973/java/metadata.json index 870e411d107..e935d0e9005 100644 --- a/rules/S2973/java/metadata.json +++ b/rules/S2973/java/metadata.json @@ -16,19 +16,13 @@ "confusing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-2973", "sqKey": "S2973", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S2975/java/metadata.json b/rules/S2975/java/metadata.json index e33b8f59841..a71f497e3da 100644 --- a/rules/S2975/java/metadata.json +++ b/rules/S2975/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,12 +16,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-2975", diff --git a/rules/S2976/java/rule.adoc b/rules/S2976/java/rule.adoc index 37182dc1799..451b1c284f7 100644 --- a/rules/S2976/java/rule.adoc +++ b/rules/S2976/java/rule.adoc @@ -34,7 +34,7 @@ File tempDir = tempPath.toFile(); == Resources -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] diff --git a/rules/S2992/cfamily/rule.adoc b/rules/S2992/cfamily/rule.adoc index b93b80f60f1..905b90ddded 100644 --- a/rules/S2992/cfamily/rule.adoc +++ b/rules/S2992/cfamily/rule.adoc @@ -28,8 +28,6 @@ Function pointers are ignored by this rule. == Resources -* https://www.securecoding.cert.org/confluence/x/14At[CERT, DCL05-C.] - Use typedefs of non-pointer types only - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S2998/rule.adoc b/rules/S2998/rule.adoc index 173e610431b..e03d6e20f51 100644 --- a/rules/S2998/rule.adoc +++ b/rules/S2998/rule.adoc @@ -5,7 +5,7 @@ A statement without side effects, such as creating an object without assigning i == Resources -* https://cwe.mitre.org/data/definitions/482[MITRE, CWE-482] - Comparing instead of Assigning +* CWE - https://cwe.mitre.org/data/definitions/482[CWE-482 - Comparing instead of Assigning] ifdef::env-github,rspecator-view[] diff --git a/rules/S3014/java/metadata.json b/rules/S3014/java/metadata.json index df0863a34fb..8f8b12c1aad 100644 --- a/rules/S3014/java/metadata.json +++ b/rules/S3014/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -18,12 +18,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3014", diff --git a/rules/S3020/java/metadata.json b/rules/S3020/java/metadata.json index 09c46e65ed2..47044aa22cf 100644 --- a/rules/S3020/java/metadata.json +++ b/rules/S3020/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-3020", "sqKey": "S3020", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3030/java/metadata.json b/rules/S3030/java/metadata.json index 8b1e13ac045..6c0abf5e59e 100644 --- a/rules/S3030/java/metadata.json +++ b/rules/S3030/java/metadata.json @@ -16,19 +16,13 @@ "brain-overload" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3030", "sqKey": "S3030", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3034/java/metadata.json b/rules/S3034/java/metadata.json index 61249cfd7b0..c71da58c8e6 100644 --- a/rules/S3034/java/metadata.json +++ b/rules/S3034/java/metadata.json @@ -16,17 +16,13 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3034", "sqKey": "S3034", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "NUM52-J." diff --git a/rules/S3038/java/metadata.json b/rules/S3038/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3038/java/metadata.json +++ b/rules/S3038/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3042/java/metadata.json b/rules/S3042/java/metadata.json index f7746d6ea23..4bffae07890 100644 --- a/rules/S3042/java/metadata.json +++ b/rules/S3042/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3042", "sqKey": "S3042", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3046/metadata.json b/rules/S3046/metadata.json index 3ae94f087bc..2075741ebaf 100644 --- a/rules/S3046/metadata.json +++ b/rules/S3046/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -17,12 +17,8 @@ "deadlock" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3046", diff --git a/rules/S3052/java/metadata.json b/rules/S3052/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3052/java/metadata.json +++ b/rules/S3052/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3060/metadata.json b/rules/S3060/metadata.json index 81840471f65..9455baeed99 100644 --- a/rules/S3060/metadata.json +++ b/rules/S3060/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "bad-practice" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3060", diff --git a/rules/S3067/java/metadata.json b/rules/S3067/java/metadata.json index f2c70ebc11a..6f2c875be88 100644 --- a/rules/S3067/java/metadata.json +++ b/rules/S3067/java/metadata.json @@ -17,17 +17,13 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3067", "sqKey": "S3067", - "scope": "All", + "scope": "Main", "securityStandards": { "CERT": [ "LCK02-J." diff --git a/rules/S3135/cfamily/rule.adoc b/rules/S3135/cfamily/rule.adoc index af2d5ba2b7b..f9fe2fe4a8e 100644 --- a/rules/S3135/cfamily/rule.adoc +++ b/rules/S3135/cfamily/rule.adoc @@ -39,7 +39,7 @@ void fun(int *data, int dataSize, int (&array)[10]) { == Resources * https://wiki.sei.cmu.edu/confluence/x/CdYxBQ[CERT, ARR01-C.] - Do not apply the `sizeof` operator to a pointer when taking the size of an array -* https://cwe.mitre.org/data/definitions/467[MITRE, CWE-467] - Use of sizeof() on a Pointer Type +* CWE - https://cwe.mitre.org/data/definitions/467[CWE-467 - Use of sizeof() on a Pointer Type] diff --git a/rules/S3168/csharp/rule.adoc b/rules/S3168/csharp/rule.adoc index c7d44788602..7ea6d6b2f59 100644 --- a/rules/S3168/csharp/rule.adoc +++ b/rules/S3168/csharp/rule.adoc @@ -10,7 +10,10 @@ Doing so prevents control over the https://learn.microsoft.com/en-us/dotnet/csha === Exceptions -* Methods with the https://learn.microsoft.com/en-us/dotnet/api/system.eventhandler[`EventHandler`] delegate signature. +* Methods implementing an interface +* Methods overriding a base class method +* Virtual methods +* Methods with the https://learn.microsoft.com/en-us/dotnet/api/system.eventhandler[`EventHandler`] delegate signature + Using `void` for `EventHandler` is compliant with the TAP model. + @@ -21,9 +24,9 @@ public async void button1_Click(object sender, EventArgs e) await DoSomethingAsync(); } ---- -* Methods name matching ``++On[A-Z]\w*++`` pattern. +* Methods name matching ``++On[A-Z]\w*++`` pattern + -Some frameworks may not use the same `EventHandler` method signature +Some frameworks may not use the same `EventHandler` method signature. + [source,csharp] ---- @@ -72,7 +75,7 @@ private async Task ThrowExceptionAsync() // Compliant: async method return type throw new InvalidOperationException(); } -public void Method() +public async Task Method() { try { diff --git a/rules/S3169/csharp/rule.adoc b/rules/S3169/csharp/rule.adoc index b2e9860eb1d..df9d2c517f5 100644 --- a/rules/S3169/csharp/rule.adoc +++ b/rules/S3169/csharp/rule.adoc @@ -1,14 +1,16 @@ == Why is this an issue? -There's no point in chaining multiple ``++OrderBy++`` calls in a LINQ; only the last one will be reflected in the result because each subsequent call completely reorders the list. Thus, calling ``++OrderBy++`` multiple times is a performance issue as well, because all of the sorting will be executed, but only the result of the last sort will be kept. +There's no point in chaining multiple `OrderBy` calls in a LINQ; only the last one will be reflected in the result because each subsequent call completely reorders the list. Thus, calling `OrderBy` multiple times is a performance issue as well, because all of the sorting will be executed, but only the result of the last sort will be kept. +== How to fix it -Instead, use ``++ThenBy++`` for each call after the first. +Instead, use `ThenBy` for each call after the first. +=== Code examples -=== Noncompliant code example +==== Noncompliant code example -[source,csharp] +[source,csharp,diff-id=1,diff-type=noncompliant] ---- var x = personList .OrderBy(person => person.Age) @@ -17,9 +19,9 @@ var x = personList ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- var x = personList .OrderBy(person => person.Age) @@ -27,6 +29,79 @@ var x = personList .ToList(); ---- +== Resources + +=== Benchmarks + +[options="header"] +|=== +| Method | Runtime | Mean | StdDev | Allocated +| OrderByAge | .NET 9.0 | 12.84 ms | 0.804 ms | 1.53 MB +| OrderByAgeOrderBySize | .NET 9.0 | 24.08 ms | 0.267 ms | 3.05 MB +| OrderByAgeThenBySize | .NET 9.0 | 18.58 ms | 0.747 ms | 1.91 MB +| | | | | +| OrderByAge | .NET Framework 4.8.1 | 22.99 ms | 0.228 ms | 1.53 MB +| OrderByAgeOrderBySize | .NET Framework 4.8.1 | 44.90 ms | 0.581 ms | 4.3 MB +| OrderByAgeThenBySize | .NET Framework 4.8.1 | 31.72 ms | 0.402 ms | 1.91 MB +|=== + +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] + +The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: + +[source,csharp] +---- +public class Person +{ + public string Name { get; set; } + public int Age { get; set; } + public int Size { get; set; } +} + +private Random random = new Random(1); +private Consumer consumer = new Consumer(); +private Person[] array; + +[Params(100_000)] +public int N { get; set; } + +[GlobalSetup] +public void GlobalSetup() +{ + array = Enumerable.Range(0, N).Select(x => new Person + { + Name = Path.GetRandomFileName(), + Age = random.Next(0, 100), + Size = random.Next(0, 200) + }).ToArray(); +} + +[Benchmark(Baseline = true)] +public void OrderByAge() => + array.OrderBy(x => x.Age).Consume(consumer); + +[Benchmark] +public void OrderByAgeOrderBySize() => + array.OrderBy(x => x.Age).OrderBy(x => x.Size).Consume(consumer); + +[Benchmark] +public void OrderByAgeThenBySize() => + array.OrderBy(x => x.Age).ThenBy(x => x.Size).Consume(consumer); +---- + +Hardware configuration: + +[source] +---- +BenchmarkDotNet v0.14.0, Windows 10 (10.0.19045.5247/22H2/2022Update) +Intel Core Ultra 7 165H, 1 CPU, 22 logical and 16 physical cores + [Host] : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 + .NET 9.0 : .NET 9.0.0 (9.0.24.52809), X64 RyuJIT AVX2 + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 +---- ifdef::env-github,rspecator-view[] @@ -56,7 +131,7 @@ I shuffled the text some, [~tamas.vajk] \[~ann.campbell.2] Shouldn't this issue have some performance related label as well? -I simplified the message as the ordering might not happen by some property, but by some complex logic, and in this case we can't display the whole expression and ``++Comparer++`` in the message. +I simplified the message as the ordering might not happen by some property, but by some complex logic, and in this case we can't display the whole expression and `Comparer` in the message. === on 1 Jul 2015, 11:26:48 Ann Campbell wrote: added [~tamas.vajk] diff --git a/rules/S3221/rule.adoc b/rules/S3221/rule.adoc index 10c148d1855..5df7a67ab22 100644 --- a/rules/S3221/rule.adoc +++ b/rules/S3221/rule.adoc @@ -20,8 +20,8 @@ var leftLegs = //... for(var i = 0; i() where T : new() => + random.Next(2) switch + { + 0 => new T(), + 1 => new object(), + }; +[BenchmarkCategory("ValueType"), Benchmark(Baseline = true)] +public int IsPattern_ValueType() +{ + var i = ReturnSometimes(); + return i is int d + ? d + : default; +} -''' -== Comments And Links -(visible only on this page) +[BenchmarkCategory("ValueType"), Benchmark] +public int IsWithCast_ValueType() +{ + var i = ReturnSometimes(); + return i is int + ? (int)i + : default; +} -=== is related to: S1905 +[BenchmarkCategory("Class"), Benchmark(Baseline = true)] +public DuplicateCasts IsPattern_Class() +{ + var i = ReturnSometimes(); + return i is DuplicateCasts d + ? d + : default; +} -=== on 8 Jul 2015, 15:28:40 Ann Campbell wrote: -\[~tamas.vajk] note that I'm a little concerned the title might be too broad. What do you think? +[BenchmarkCategory("Class"), Benchmark] +public DuplicateCasts IsWithCast_Class() +{ + var i = ReturnSometimes(); + return i is DuplicateCasts + ? (DuplicateCasts)i + : default; +} -=== on 9 Jul 2015, 12:18:38 Tamas Vajk wrote: -\[~ann.campbell.2] I think the title is okay. Maybe we could add "useless duplicate casts..." +[BenchmarkCategory("Interface"), Benchmark(Baseline = true)] +public IReadOnlyList IsPattern_Interface() +{ + var i = ReturnSometimes>(); + return i is IReadOnlyList d + ? d + : default; +} +[BenchmarkCategory("Interface"), Benchmark] +public IReadOnlyList IsWithCast_Interface() +{ + var i = ReturnSometimes>(); + return i is IReadOnlyList + ? (IReadOnlyList)i + : default; +} +---- -I found this: \https://msdn.microsoft.com/en-us/library/ms182271.aspx, which also uses the phrase "duplicate casts", so there is no need to modify it. +Hardware configuration: -=== on 9 Jul 2015, 12:35:34 Ann Campbell wrote: -\[~tamas.vajk] I vote against adding "useless" to the title since that, in itself, would be redundant. :-) +[source] +---- +BenchmarkDotNet v0.14.0, Windows 10 (10.0.19045.5247/22H2/2022Update) +Intel Core Ultra 7 165H, 1 CPU, 22 logical and 16 physical cores + [Host] : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 + .NET 9.0 : .NET 9.0.0 (9.0.24.52809), X64 RyuJIT AVX2 + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9282.0), X64 RyuJIT VectorSize=256 +---- -endif::env-github,rspecator-view[] +include::../rspecator.adoc[] diff --git a/rules/S3247/rspecator.adoc b/rules/S3247/rspecator.adoc new file mode 100644 index 00000000000..2bed3cf309d --- /dev/null +++ b/rules/S3247/rspecator.adoc @@ -0,0 +1,38 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Primary: "Replace this type-check-and-cast sequence to use pattern matching." + +Secondary: Replace this cast + + +=== Highlighting + +* Primary: on the "is" check +* Secondary: on the following casts + + +''' +== Comments And Links +(visible only on this page) + +=== is related to: S1905 + +=== on 8 Jul 2015, 15:28:40 Ann Campbell wrote: +\[~tamas.vajk] note that I'm a little concerned the title might be too broad. What do you think? + +=== on 9 Jul 2015, 12:18:38 Tamas Vajk wrote: +\[~ann.campbell.2] I think the title is okay. Maybe we could add "useless duplicate casts..." + + +I found this: \https://msdn.microsoft.com/en-us/library/ms182271.aspx, which also uses the phrase "duplicate casts", so there is no need to modify it. + +=== on 9 Jul 2015, 12:35:34 Ann Campbell wrote: +\[~tamas.vajk] I vote against adding "useless" to the title since that, in itself, would be redundant. :-) + +endif::env-github,rspecator-view[] diff --git a/rules/S3254/rule.adoc b/rules/S3254/rule.adoc index 1cd3a77b72b..e865058d5c9 100644 --- a/rules/S3254/rule.adoc +++ b/rules/S3254/rule.adoc @@ -10,8 +10,8 @@ Specifying the default parameter values in a method call is redundant. Such valu public void M(int x, int y=5, int z = 7) { /* ... */ } // ... -M(1, 5); //Noncompliant, y has the default value -M(1, z: 7); //Noncompliant, z has the default value +M(1, 5); // Noncompliant, y has the default value +M(1, z: 7); // Noncompliant, z has the default value ---- diff --git a/rules/S3257/dart/metadata.json b/rules/S3257/dart/metadata.json new file mode 100644 index 00000000000..2e7f2ee2dac --- /dev/null +++ b/rules/S3257/dart/metadata.json @@ -0,0 +1,4 @@ +{ + "title": "Collection literals should be preferred", + "defaultQualityProfiles": ["Sonar way"] +} diff --git a/rules/S3257/dart/rule.adoc b/rules/S3257/dart/rule.adoc new file mode 100644 index 00000000000..6c11be35504 --- /dev/null +++ b/rules/S3257/dart/rule.adoc @@ -0,0 +1,53 @@ +== Why is this an issue? + +Dart supports type inference, a mechanism that automatically infers the type of a variable based on its initial value. This means that if you initialize a variable with a particular value, Dart will assume that this variable should always hold that type of value. + +Unnecessarily verbose declarations and initializations of collections make it harder to read the code and should be simplified. Therefore, type annotations should be omitted from collection declarations when they can be easily inferred from the initialized or defaulted value. + +== How to fix it + +Omit explicit type annotations in collection declarations whenever the type can be inferred from the context. + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +var numbers = Set(); +var occurrences = Map(); +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- + var numbers = {}; + var occurrences = {}; +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_collection_literals[Dart Linter rule - prefer_collection_literals] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Unnecessary constructor invocation. + +=== Highlighting + +The entire constructor invocation expression, including the type and the parentheses (e.g. `Set()`). + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S3260/csharp/resources.adoc b/rules/S3260/csharp/resources.adoc index c10a55ca37f..0c0423060f9 100644 --- a/rules/S3260/csharp/resources.adoc +++ b/rules/S3260/csharp/resources.adoc @@ -13,15 +13,20 @@ [options="header"] |=== -|Method | Runtime | Mean | StdDev | Ratio -| UnsealedType | .NET 5.0 | 918.7 us | 10.72 us | 1.00 -| SealedType | .NET 5.0 | 231.2 us | 3.20 us | 0.25 -| UnsealedType | .NET 6.0 | 867.9 us | 5.65 us | 1.00 -| SealedType | .NET 6.0 | 218.4 us | 0.59 us | 0.25 -| UnsealedType | .NET 7.0 | 1,074.5 us | 3.15 us | 1.00 -| SealedType | .NET 7.0 | 216.1 us | 1.19 us | 0.20 +| Method | Runtime | Mean | Standard Deviation +| UnsealedType | .NET 5.0 | 918.7 us | 10.72 us +| SealedType | .NET 5.0 | 231.2 us | 3.20 us +| UnsealedType | .NET 6.0 | 867.9 us | 5.65 us +| SealedType | .NET 6.0 | 218.4 us | 0.59 us +| UnsealedType | .NET 7.0 | 1,074.5 us | 3.15 us +| SealedType | .NET 7.0 | 216.1 us | 1.19 us |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] diff --git a/rules/S3261/metadata.json b/rules/S3261/metadata.json index 72323be0cb4..ea37e72e55a 100644 --- a/rules/S3261/metadata.json +++ b/rules/S3261/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S3264/csharp/rule.adoc b/rules/S3264/csharp/rule.adoc index bedb1ca9b4a..1033d16a1b8 100644 --- a/rules/S3264/csharp/rule.adoc +++ b/rules/S3264/csharp/rule.adoc @@ -9,11 +9,11 @@ Events that are not invoked anywhere are dead code, and there's no good reason t ---- class UninvokedEventSample { - private event Action Happened; //Noncompliant + private event Action Happened; // Noncompliant public void RegisterEventHandler(Action handler) { - Happened += handler; //we register some event handlers + Happened += handler; // we register some event handlers } public void RaiseEvent() diff --git a/rules/S3271/javascript/metadata.json b/rules/S3271/javascript/metadata.json index 79d56ce2253..caad4ffe518 100644 --- a/rules/S3271/javascript/metadata.json +++ b/rules/S3271/javascript/metadata.json @@ -1,7 +1,7 @@ { "title": "Local storage should not be used", "type": "VULNERABILITY", - "status": "deprecated", + "status": "closed", "remediation": { "func": "Linear with offset", "linearDesc": "per additional use of the api", diff --git a/rules/S3271/javascript/rule.adoc b/rules/S3271/javascript/rule.adoc index 0ca03a0298a..0d6f19383a5 100644 --- a/rules/S3271/javascript/rule.adoc +++ b/rules/S3271/javascript/rule.adoc @@ -17,7 +17,7 @@ sessionStorage.setItem("sessionId", sessionId); // Noncompliant == Resources -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://dl.packetstormsecurity.net/papers/attack/HTML5AttackVectors_RafayBaloch_UPDATED.pdf[Packet Storm Security] - HTML 5 Modern Day Attack And Defence Vectors diff --git a/rules/S3273/javascript/rule.adoc b/rules/S3273/javascript/rule.adoc index de073824224..d30b51803fc 100644 --- a/rules/S3273/javascript/rule.adoc +++ b/rules/S3273/javascript/rule.adoc @@ -18,7 +18,7 @@ window.addEventListener("message", function (event){ // Noncompliant == Resources -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] * https://dl.packetstormsecurity.net/papers/attack/HTML5AttackVectors_RafayBaloch_UPDATED.pdf[Packet Storm Security] - HTML 5 Modern Day Attack And Defence Vectors diff --git a/rules/S3274/html/rule.adoc b/rules/S3274/html/rule.adoc index e9fbeddea41..b3f660b6d48 100644 --- a/rules/S3274/html/rule.adoc +++ b/rules/S3274/html/rule.adoc @@ -34,10 +34,10 @@ Following the principle of minimum privileges, this rule raises an issue for eac == Resources -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/829[MITRE, CWE-829] - Inclusion of Functionality from Untrusted Control Sphere +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/829[CWE-829 - Inclusion of Functionality from Untrusted Control Sphere] ifdef::env-github,rspecator-view[] diff --git a/rules/S3275/rule.adoc b/rules/S3275/rule.adoc index 5b68f87774b..4c86574e5c8 100644 --- a/rules/S3275/rule.adoc +++ b/rules/S3275/rule.adoc @@ -49,7 +49,7 @@ public void cbcEncrypt(String strKey, String plainText) { == Resources -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://cwe.mitre.org/data/definitions/329[MITRE, CWE-329] - Not Using a Random IV with CBC Mode -* OWASP Top 10 2017 Category A6 - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* CWE - https://cwe.mitre.org/data/definitions/329[CWE-329 - Not Using a Random IV with CBC Mode] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] diff --git a/rules/S3281/xml/metadata.json b/rules/S3281/xml/metadata.json index 66a9c11255f..1816dbc61ab 100644 --- a/rules/S3281/xml/metadata.json +++ b/rules/S3281/xml/metadata.json @@ -3,8 +3,8 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH", - "MAINTAINABILITY": "HIGH" + "SECURITY": "BLOCKER", + "MAINTAINABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, diff --git a/rules/S3282/xml/metadata.json b/rules/S3282/xml/metadata.json index 006b4badded..c25d6c08b6e 100644 --- a/rules/S3282/xml/metadata.json +++ b/rules/S3282/xml/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,19 +16,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3282", "sqKey": "S3282", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3291/php/rule.adoc b/rules/S3291/php/rule.adoc index 08017963b4e..7347e5bd612 100644 --- a/rules/S3291/php/rule.adoc +++ b/rules/S3291/php/rule.adoc @@ -49,8 +49,8 @@ try { == Resources -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command] ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3306/java/metadata.json b/rules/S3306/java/metadata.json index 5424d5aa734..06bebcb5cdb 100644 --- a/rules/S3306/java/metadata.json +++ b/rules/S3306/java/metadata.json @@ -19,19 +19,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3306", "sqKey": "S3306", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3318/rule.adoc b/rules/S3318/rule.adoc index 2bce574135d..a89a34785e9 100644 --- a/rules/S3318/rule.adoc +++ b/rules/S3318/rule.adoc @@ -17,7 +17,7 @@ session.setAttribute("login", login); // Noncompliant == Resources -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/501[MITRE, CWE-501] - Trust Boundary Violation +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/501[CWE-501 - Trust Boundary Violation] diff --git a/rules/S3329/common/resources/standards.adoc b/rules/S3329/common/resources/standards.adoc index 0fdb9d4b724..fabdf0da72a 100644 --- a/rules/S3329/common/resources/standards.adoc +++ b/rules/S3329/common/resources/standards.adoc @@ -1,8 +1,8 @@ === Standards -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography -* https://cwe.mitre.org/data/definitions/329[MITRE, CWE-329] - Not Using an Unpredictable IV with CBC Mode +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/329[CWE-329 - Not Using an Unpredictable IV with CBC Mode] +* CWE - https://cwe.mitre.org/data/definitions/780[CWE-780 - Use of RSA Algorithm without OAEP] * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[NIST, SP-800-38A] - Recommendation for Block Cipher Modes of Operation diff --git a/rules/S3329/csharp/metadata.json b/rules/S3329/csharp/metadata.json index 82d2b123450..f6e63de38f1 100644 --- a/rules/S3329/csharp/metadata.json +++ b/rules/S3329/csharp/metadata.json @@ -1,3 +1,7 @@ { - "quickfix": "targeted" + "quickfix": "targeted", + "tags": [ + "cwe", + "symbolic-execution" + ] } diff --git a/rules/S3329/java/how-to-fix-it/java-cryptographic-extension.adoc b/rules/S3329/java/how-to-fix-it/java-cryptography-extension.adoc similarity index 75% rename from rules/S3329/java/how-to-fix-it/java-cryptographic-extension.adoc rename to rules/S3329/java/how-to-fix-it/java-cryptography-extension.adoc index edc8141c10b..580113f04a7 100644 --- a/rules/S3329/java/how-to-fix-it/java-cryptographic-extension.adoc +++ b/rules/S3329/java/how-to-fix-it/java-cryptography-extension.adoc @@ -1,4 +1,4 @@ -== How to fix it in Java Cryptographic Extension +== How to fix it in Java Cryptography Extension === Code examples @@ -11,7 +11,7 @@ import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; import java.security.InvalidAlgorithmParameterException; import javax.crypto.Cipher; -import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.crypto.NoSuchPaddingException; @@ -19,12 +19,12 @@ public void encrypt(String key, String plainText) { byte[] RandomBytes = "7cVgr5cbdCZVw5WY".getBytes(StandardCharsets.UTF_8); - GCMParameterSpec iv = new GCMParameterSpec(128, RandomBytes); + IvParameterSpec iv = new IvParameterSpec(RandomBytes); SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "AES"); try { - Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv); // Noncompliant + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv); } catch(NoSuchAlgorithmException|InvalidKeyException| NoSuchPaddingException|InvalidAlgorithmParameterException e) { @@ -47,22 +47,22 @@ import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; import java.security.InvalidAlgorithmParameterException; import javax.crypto.Cipher; -import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.crypto.NoSuchPaddingException; public void encrypt(String key, String plainText) { SecureRandom random = new SecureRandom(); - byte[] randomBytes = new byte[16]; + byte[] randomBytes = new byte[128]; random.nextBytes(randomBytes); - GCMParameterSpec iv = new GCMParameterSpec(128, randomBytes); + IvParameterSpec iv = new IvParameterSpec(randomBytes); SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "AES"); try { - Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv); // Noncompliant + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv); } catch(NoSuchAlgorithmException|InvalidKeyException| NoSuchPaddingException|InvalidAlgorithmParameterException e) { diff --git a/rules/S3329/java/metadata.json b/rules/S3329/java/metadata.json index 2ce2cae2a0e..cda14dd95f5 100644 --- a/rules/S3329/java/metadata.json +++ b/rules/S3329/java/metadata.json @@ -1,8 +1,5 @@ { "securityStandards": { - "CERT": [ - "MSC61-J." - ], "CWE": [ 327, 780 @@ -11,12 +8,6 @@ "A6", "A3" ], - "OWASP Mobile": [ - "M5" - ], - "MASVS": [ - "MSTG-CRYPTO-3" - ], "OWASP Top 10 2021": [ "A2" ], @@ -33,6 +24,15 @@ "2.9.3", "6.2.2", "8.3.7" + ], + "CERT": [ + "MSC61-J." + ], + "OWASP Mobile": [ + "M5" + ], + "MASVS": [ + "MSTG-CRYPTO-3" ] } } diff --git a/rules/S3329/java/rule.adoc b/rules/S3329/java/rule.adoc index 7f944783ecc..75fad5204d9 100644 --- a/rules/S3329/java/rule.adoc +++ b/rules/S3329/java/rule.adoc @@ -9,7 +9,7 @@ include::../impact.adoc[] // How to fix it section -include::how-to-fix-it/java-cryptographic-extension.adoc[] +include::how-to-fix-it/java-cryptography-extension.adoc[] == Resources @@ -21,6 +21,9 @@ include::../common/resources/presentations.adoc[] include::../common/resources/standards.adoc[] +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3329/kotlin/how-to-fix-it/java-cryptographic-extension.adoc b/rules/S3329/kotlin/how-to-fix-it/java-cryptography-extension.adoc similarity index 83% rename from rules/S3329/kotlin/how-to-fix-it/java-cryptographic-extension.adoc rename to rules/S3329/kotlin/how-to-fix-it/java-cryptography-extension.adoc index 5c26d5ac561..726420925cf 100644 --- a/rules/S3329/kotlin/how-to-fix-it/java-cryptographic-extension.adoc +++ b/rules/S3329/kotlin/how-to-fix-it/java-cryptography-extension.adoc @@ -1,4 +1,4 @@ -== How to fix it in Java Cryptographic Extension +== How to fix it in Java Cryptography Extension === Code examples @@ -12,18 +12,18 @@ import java.security.InvalidKeyException import java.security.NoSuchAlgorithmException import javax.crypto.Cipher import javax.crypto.NoSuchPaddingException -import javax.crypto.spec.GCMParameterSpec +import javax.crypto.spec.IvParameterSpec import javax.crypto.spec.SecretKeySpec fun encrypt(key: String, plainText: String) { val randomBytes = "7cVgr5cbdCZVw5WY".toByteArray(StandardCharsets.UTF_8) - val iv = GCMParameterSpec(128, randomBytes) + val iv = IvParameterSpec(randomBytes) val keySpec = SecretKeySpec(key.toByteArray(StandardCharsets.UTF_8), "AES") try { - val cipher = Cipher.getInstance("AES/CBC/NoPadding") + val cipher = Cipher.getInstance("AES/CBC/PKCS5Padding") cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv) // Noncompliant } catch (e: NoSuchAlgorithmException) { @@ -53,20 +53,20 @@ import java.security.InvalidKeyException import java.security.NoSuchAlgorithmException import javax.crypto.Cipher import javax.crypto.NoSuchPaddingException -import javax.crypto.spec.GCMParameterSpec +import javax.crypto.spec.IvParameterSpec import javax.crypto.spec.SecretKeySpec fun encrypt(key: String, plainText: String) { val random = SecureRandom(); - val randomBytes = ByteArray(16); + val randomBytes = ByteArray(128); random.nextBytes(randomBytes); - val iv = GCMParameterSpec(128, randomBytes) + val iv = IvParameterSpec(randomBytes) val keySpec = SecretKeySpec(key.toByteArray(StandardCharsets.UTF_8), "AES") try { - val cipher = Cipher.getInstance("AES/CBC/NoPadding") + val cipher = Cipher.getInstance("AES/CBC/PKCS5Padding") cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv) } catch (e: NoSuchAlgorithmException) { diff --git a/rules/S3329/kotlin/metadata.json b/rules/S3329/kotlin/metadata.json index 2ce2cae2a0e..cda14dd95f5 100644 --- a/rules/S3329/kotlin/metadata.json +++ b/rules/S3329/kotlin/metadata.json @@ -1,8 +1,5 @@ { "securityStandards": { - "CERT": [ - "MSC61-J." - ], "CWE": [ 327, 780 @@ -11,12 +8,6 @@ "A6", "A3" ], - "OWASP Mobile": [ - "M5" - ], - "MASVS": [ - "MSTG-CRYPTO-3" - ], "OWASP Top 10 2021": [ "A2" ], @@ -33,6 +24,15 @@ "2.9.3", "6.2.2", "8.3.7" + ], + "CERT": [ + "MSC61-J." + ], + "OWASP Mobile": [ + "M5" + ], + "MASVS": [ + "MSTG-CRYPTO-3" ] } } diff --git a/rules/S3329/kotlin/rule.adoc b/rules/S3329/kotlin/rule.adoc index 7f944783ecc..75fad5204d9 100644 --- a/rules/S3329/kotlin/rule.adoc +++ b/rules/S3329/kotlin/rule.adoc @@ -9,7 +9,7 @@ include::../impact.adoc[] // How to fix it section -include::how-to-fix-it/java-cryptographic-extension.adoc[] +include::how-to-fix-it/java-cryptography-extension.adoc[] == Resources @@ -21,6 +21,9 @@ include::../common/resources/presentations.adoc[] include::../common/resources/standards.adoc[] +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3329/metadata.json b/rules/S3329/metadata.json index 56d67bcc6be..e255179c940 100644 --- a/rules/S3329/metadata.json +++ b/rules/S3329/metadata.json @@ -29,24 +29,29 @@ "scope": "Main", "securityStandards": { "CWE": [ - 329 + 327, + 780 ], "OWASP": [ + "A6", "A3" ], - "OWASP Mobile": [ - "M5" - ], - "MASVS": [ - "MSTG-CRYPTO-6" - ], "OWASP Top 10 2021": [ "A2" ], + "PCI DSS 3.2": [ + "4.1", + "6.5.3", + "6.5.4" + ], + "PCI DSS 4.0": [ + "4.2.1", + "6.2.4" + ], "ASVS 4.0": [ - "2.3.1", - "2.6.2", - "2.9.2" + "2.9.3", + "6.2.2", + "8.3.7" ] }, "defaultQualityProfiles": [ diff --git a/rules/S3329/python/how-to-fix-it/pyca.adoc b/rules/S3329/python/how-to-fix-it/pyca.adoc index bde914ff137..581055c140a 100644 --- a/rules/S3329/python/how-to-fix-it/pyca.adoc +++ b/rules/S3329/python/how-to-fix-it/pyca.adoc @@ -12,7 +12,7 @@ from cryptography.hazmat.primitives.ciphers import ( modes, ) -iv = "doNotTryThis@Home2023" +iv = b"exampleIV1234567" cipher = Cipher(algorithms.AES(key), modes.CBC(iv)) cipher.encryptor() # Noncompliant diff --git a/rules/S3329/python/how-to-fix-it/pycryptodome.adoc b/rules/S3329/python/how-to-fix-it/pycryptodome.adoc index 3433a0d7542..c35283ddf4d 100644 --- a/rules/S3329/python/how-to-fix-it/pycryptodome.adoc +++ b/rules/S3329/python/how-to-fix-it/pycryptodome.adoc @@ -10,7 +10,7 @@ from Crypto.Cipher import AES from Crypto.Random import get_random_bytes from Crypto.Util.Padding import pad -iv = "doNotTryThis@Home2023" +iv = b"exampleIV1234567" cipher = AES.new(key, AES.MODE_CBC, iv) cipher.encrypt(pad(data, AES.block_size)) # Noncompliant ---- diff --git a/rules/S3329/python/metadata.json b/rules/S3329/python/metadata.json index 17971333806..ba9315c9779 100644 --- a/rules/S3329/python/metadata.json +++ b/rules/S3329/python/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "cwe", + "bad-practice" + ] } diff --git a/rules/S3329/vbnet/metadata.json b/rules/S3329/vbnet/metadata.json index 82d2b123450..f6e63de38f1 100644 --- a/rules/S3329/vbnet/metadata.json +++ b/rules/S3329/vbnet/metadata.json @@ -1,3 +1,7 @@ { - "quickfix": "targeted" + "quickfix": "targeted", + "tags": [ + "cwe", + "symbolic-execution" + ] } diff --git a/rules/S3330/go/metadata.json b/rules/S3330/go/metadata.json new file mode 100644 index 00000000000..6afd55ee1cb --- /dev/null +++ b/rules/S3330/go/metadata.json @@ -0,0 +1,3 @@ +{ + "quickfix": "unknown" +} diff --git a/rules/S3330/go/rule.adoc b/rules/S3330/go/rule.adoc new file mode 100644 index 00000000000..3f4d6241759 --- /dev/null +++ b/rules/S3330/go/rule.adoc @@ -0,0 +1,155 @@ +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +For https://pkg.go.dev/std[Go Standard Library]: + +[source,go,diff-id=1,diff-type=noncompliant] +---- +import "net/http" + +func handler(w http.ResponseWriter, req *http.Request) { + cookie := http.Cookie{} + cookie.Name = "cookiename" + cookie.Value = "cookievalue" + http.SetCookie(w, &cookie) // Sensitive: HttpOnly is false by default +} +---- + +For https://pkg.go.dev/github.com/beego/beego/v2/server/web[Beego]: + +[source,go,diff-id=2,diff-type=noncompliant] +---- +import "github.com/beego/beego/v2/server/web" + +func (ctrl *MainController) handler() { + ctrl.Ctx.SetCookie("name1", "value1", 200, "/", "example.com", false, false) // Sensitive +} +---- + +For https://pkg.go.dev/github.com/gofiber/fiber/v2[Fiber]: + +[source,go,diff-id=3,diff-type=noncompliant] +---- +import "github.com/gofiber/fiber/v2" + +func handler(c *fiber.Ctx) error { + cookie := new(fiber.Cookie) + cookie.Name = "name" + cookie.Value = "value" + c.Cookie(cookie) // Sensitive: HttpOnly is false by default + return c.SendString("") +} +---- + +For https://pkg.go.dev/github.com/gin-gonic/gin[Gin]: + +[source,go,diff-id=4,diff-type=noncompliant] +---- +import "github.com/gin-gonic/gin" + +func handler(c *gin.Context) { + c.SetCookie("name", "value", 200, "/", "example.com", false, false) // Sensitive + c.JSON(http.StatusOK, gin.H{"message": ""}) +} +---- + +== Compliant Solution + +For https://pkg.go.dev/std[Go Standard Library]: + +[source,go,diff-id=1,diff-type=compliant] +---- +import "net/http" + +func handler(w http.ResponseWriter, req *http.Request) { + cookie := http.Cookie{} + cookie.Name = "cookiename" + cookie.Value = "cookievalue" + cookie.HttpOnly = true + http.SetCookie(w, &cookie) +} +---- + +For https://pkg.go.dev/github.com/beego/beego/v2/server/web[Beego]: + +[source,go,diff-id=2,diff-type=compliant] +---- +import "github.com/beego/beego/v2/server/web" + +func (ctrl *MainController) handler() { + ctrl.Ctx.SetCookie("name1", "value1", 200, "/", "example.com", false, true) +} +---- + +For https://pkg.go.dev/github.com/gofiber/fiber/v2[Fiber]: + +[source,go,diff-id=3,diff-type=compliant] +---- +import "github.com/gofiber/fiber/v2" + +func handler(c *fiber.Ctx) error { + cookie := new(fiber.Cookie) + cookie.Name = "name" + cookie.Value = "value" + cookie.HTTPOnly = true + c.Cookie(cookie) + return c.SendString("") +} +---- + +For https://pkg.go.dev/github.com/gin-gonic/gin[Gin]: + +[source,go,diff-id=4,diff-type=compliant] +---- +import "github.com/gin-gonic/gin" + +func handler(c *gin.Context) { + c.SetCookie("name", "value", 200, "/", "example.com", false, true) + c.JSON(http.StatusOK, gin.H{"message": ""}) +} +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +=== Highlighting + +For Go Standard Library: + +* Highlight `SetCookie` if it is assigned an `http.Cookie` that has not `HttpOnly` field specified. +* Highlight `HttpOnly` field of `http.Cookie` if it is set to `false`. + +For Beego: + +* Highlight the 7th argument of `web.Controller.Context.SetCookie` if it is set to `false`. +* Highlight the 7th argument of `web.Controller.Context.Output.Cookie` if it is set to `false`. +* Highlight the 7th argument of `web.Controller.Context.SetSecureCookie` if it is set to `false`. + +For Fiber: + +* Highlight `Cookie` if it is assigned a `fiber.Cookie` that has not `HTTPOnly` field specified. +* Highlight `HTTPOnly` field of `fiber.Cookie` if it is set to `false`. + +For Gin: + +* Highlight the 7th argument of `gin.Context.SetCookie` if it is set to `false`. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S3330/metadata.json b/rules/S3330/metadata.json index 6b84f415a99..d8672428ded 100644 --- a/rules/S3330/metadata.json +++ b/rules/S3330/metadata.json @@ -46,6 +46,9 @@ ], "ASVS 4.0": [ "3.4.2" + ], + "STIG ASD_V5R3": [ + "V-222575" ] }, "defaultQualityProfiles": [ diff --git a/rules/S3330/python/metadata.json b/rules/S3330/python/metadata.json index 17971333806..e0ca8e5742f 100644 --- a/rules/S3330/python/metadata.json +++ b/rules/S3330/python/metadata.json @@ -1,3 +1,9 @@ { - + "tags": [ + "cwe", + "privacy", + "flask", + "fastapi", + "django" + ] } diff --git a/rules/S3330/see.adoc b/rules/S3330/see.adoc index 1a3a84867dc..304a751f41d 100644 --- a/rules/S3330/see.adoc +++ b/rules/S3330/see.adoc @@ -1,7 +1,9 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * https://owasp.org/www-community/HttpOnly[OWASP HttpOnly] -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/1004[MITRE, CWE-1004] - Sensitive Cookie Without 'HttpOnly' Flag -* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#HTTPONLY_COOKIE[HTTPONLY_COOKIE] \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/1004[CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag] +* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#HTTPONLY_COOKIE[HTTPONLY_COOKIE] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222575[Application Security and Development: V-222575] - The application must set the HTTPOnly flag on session cookies. + diff --git a/rules/S3331/see.adoc b/rules/S3331/see.adoc index e1242f989fb..3cb626efea2 100644 --- a/rules/S3331/see.adoc +++ b/rules/S3331/see.adoc @@ -1,3 +1,3 @@ == See -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] diff --git a/rules/S3332/php/rule.adoc b/rules/S3332/php/rule.adoc index 694ef7f3f93..7544fbad808 100644 --- a/rules/S3332/php/rule.adoc +++ b/rules/S3332/php/rule.adoc @@ -10,7 +10,7 @@ This rule raises an issue when ``++expires++`` is set for a session cookie, eith == Resources -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] * https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#expire-and-max-age-attributes[OWASP, Session Management Cheat Sheet] - Expire and Max-Age Attributes * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#COOKIE_PERSISTENT[COOKIE_PERSISTENT] diff --git a/rules/S3333/php/metadata.json b/rules/S3333/php/metadata.json index 7d7b380089a..22fe371ce02 100644 --- a/rules/S3333/php/metadata.json +++ b/rules/S3333/php/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "php-ini" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3333", @@ -48,8 +44,6 @@ "6.2.4" ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3334/php/metadata.json b/rules/S3334/php/metadata.json index 0ac2df5b77d..717a878cba0 100644 --- a/rules/S3334/php/metadata.json +++ b/rules/S3334/php/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -17,12 +17,8 @@ "php-ini" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3334", @@ -51,8 +47,6 @@ "5.3.9" ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3336/php/metadata.json b/rules/S3336/php/metadata.json index 9d7afa3cd9d..f52e9169a2a 100644 --- a/rules/S3336/php/metadata.json +++ b/rules/S3336/php/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,12 +16,8 @@ "php-ini" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3336", @@ -41,8 +37,6 @@ "6.2.4" ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3337/php/metadata.json b/rules/S3337/php/metadata.json index 25b4c085dfa..776dfec8ddf 100644 --- a/rules/S3337/php/metadata.json +++ b/rules/S3337/php/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,12 +16,8 @@ "php-ini" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3337", @@ -41,8 +37,6 @@ "6.2.4" ] }, - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3338/php/rule.adoc b/rules/S3338/php/rule.adoc index b31f27db77b..16dced0ea2d 100644 --- a/rules/S3338/php/rule.adoc +++ b/rules/S3338/php/rule.adoc @@ -26,8 +26,8 @@ file_uploads=0 == Resources -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/434[MITRE, CWE-434] - Unrestricted Upload of File with Dangerous Type +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/434[CWE-434 - Unrestricted Upload of File with Dangerous Type] ifdef::env-github,rspecator-view[] diff --git a/rules/S3353/kotlin/metadata.json b/rules/S3353/kotlin/metadata.json new file mode 100644 index 00000000000..bfdf94d1083 --- /dev/null +++ b/rules/S3353/kotlin/metadata.json @@ -0,0 +1,4 @@ +{ + "title": "\"var\" should be \"val\" if local variable is never re-assigned", + "quickfix": "unknown" +} \ No newline at end of file diff --git a/rules/S3353/kotlin/rule.adoc b/rules/S3353/kotlin/rule.adoc new file mode 100644 index 00000000000..32a7d2fff98 --- /dev/null +++ b/rules/S3353/kotlin/rule.adoc @@ -0,0 +1,69 @@ +== Why is this an issue? + +If a local variable is never reassigned, it should be declared `val` to make it a constant within its scope. +This makes the code easier to read and protects the variable from accidental re-assignments in future code changes. + +=== What is the potential impact? + +==== Readability and Understanding + +If a variable is declared `val`, it is evident to readers that the variable value is never altered but serves as a constant. +This makes it easier to understand the code because readers do not need to keep track of possible state changes of the variable. + +==== Wrong code + +Developers might intend for a variable to remain unchanged and have their code relying on that constraint. +For example, a variable could be expected to have a specific range. +Changing the value of the variable could break that constraint. +Also, developers could have assigned the wrong variable. +If the developers inject a value into a variable with an annotation, they should declare it as late initialized. + +Declare variables that remain unchanged as `val` to avoid these mistakes. + +== How to fix it + +Replace the keyword `var` with `val`. + +=== Code examples + +==== Noncompliant code example + +[source,kotlin,diff-id=1,diff-type=noncompliant] +---- +fun resize(): Int { + var newLength = max(16, 2*bufferLength) // Noncompliant, `newLength` is assigned only once + allocBuffer(newLength) + return resize +} + +class MyClass { + @inject + private var myVar: Int = 0 // Noncompliant, `myVar` is late initialized and should be declared as such +} +---- + +==== Compliant solution + +[source,kotlin,diff-id=1,diff-type=compliant] +---- +fun resize(): Int { + val newLength = max(16, 2*bufferLength) // Compliant + allocBuffer(newLength) + return resize +} + +class MyClass { + @inject + private lateinit var myVar: Int // Compliant +} +---- + +== Resources + +=== Documentation + +* https://kotlinlang.org/docs/basic-syntax.html#variables[Kotlin Docs, Variables] + +=== Articles & blog posts + +* https://medium.com/techmacademy/kotlin-101-val-vs-var-behind-the-scenes-65d96c6608bf[Estefania Cassingena Navone, Kotlin 101: val vs. var Behind The Scenes!] diff --git a/rules/S3358/dart/metadata.json b/rules/S3358/dart/metadata.json new file mode 100644 index 00000000000..f4b27f0bb34 --- /dev/null +++ b/rules/S3358/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "scope": "Main" +} diff --git a/rules/S3358/dart/rule.adoc b/rules/S3358/dart/rule.adoc new file mode 100644 index 00000000000..c45be3615f0 --- /dev/null +++ b/rules/S3358/dart/rule.adoc @@ -0,0 +1,19 @@ +include::../rule.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../highlighting.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S3358/java/metadata.json b/rules/S3358/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3358/java/metadata.json +++ b/rules/S3358/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3358/javascript/rule.adoc b/rules/S3358/javascript/rule.adoc index f607874a1e8..18f719252e4 100644 --- a/rules/S3358/javascript/rule.adoc +++ b/rules/S3358/javascript/rule.adoc @@ -6,6 +6,50 @@ include::../description.adoc[] +=== Exceptions + +This rule does not apply in JSX expressions to support conditional rendering and conditional attributes as long as the nesting happens in separate JSX expression containers, i.e. JSX elements embedding JavaScript code, as shown below: + +[source,javascript] +---- +return ( +<> + {isLoading ? ( + + ) : ( + + {isEditing ? 'Close now' : 'Start now'} + !saving) : null} /> + + )} + +); +---- + +If you have nested ternaries in the same JSX expression container, refactor your logic into a separate function like that: + +[source,javascript] +---- + +function myComponent(condition) { + if (condition < 0) { + return 'it is negative'; + } else if (condition > 0) { + return 'it is positive'; + } else { + return 'it is zero'; + } +} + +return ( + {myComponent(foo)} +); +---- + +== Resources + +=== Articles & blog posts +* Sonar - https://www.sonarsource.com/blog/stop-nesting-ternaries-javascript/[Stop nesting ternaries in JavaScript] ifdef::env-github,rspecator-view[] @@ -25,22 +69,4 @@ include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] -=== Exceptions - -This rule does not apply in JSX expressions to support conditional rendering and conditional attributes. -[source,javascript] ----- -return ( -<> - {isLoading ? ( - - ) : ( - - {isEditing ? 'Close now' : 'Start now'} - !saving) : null} /> - - )} - -); ----- diff --git a/rules/S3360/metadata.json b/rules/S3360/metadata.json index 159b7af3c07..95ffee2e361 100644 --- a/rules/S3360/metadata.json +++ b/rules/S3360/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "IDENTIFIABLE" }, @@ -16,19 +16,13 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3360", "sqKey": "S3360", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3367/java/rule.adoc b/rules/S3367/java/rule.adoc index a85e3593f94..40d33f5840a 100644 --- a/rules/S3367/java/rule.adoc +++ b/rules/S3367/java/rule.adoc @@ -26,10 +26,10 @@ public class MyForm extends org.apache.struts.validator.ValidatorForm { == Resources -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/104[MITRE, CWE-104] - Struts: Form Bean Does Not Extend Validation Class +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/104[CWE-104 - Struts: Form Bean Does Not Extend Validation Class] diff --git a/rules/S3369/java/rule.adoc b/rules/S3369/java/rule.adoc index a025ea9ec64..843e3f78dd4 100644 --- a/rules/S3369/java/rule.adoc +++ b/rules/S3369/java/rule.adoc @@ -8,8 +8,8 @@ This rule raises an issue when a _web.xml_ file has no ``++ == Resources -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] ifdef::env-github,rspecator-view[] diff --git a/rules/S3371/java/rule.adoc b/rules/S3371/java/rule.adoc index 12343bb1656..368e665c57c 100644 --- a/rules/S3371/java/rule.adoc +++ b/rules/S3371/java/rule.adoc @@ -26,10 +26,10 @@ PreparedStatement stmt = null; == Resources -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command -* https://www.owasp.org/index.php/Top_10_2013-A1-Injection[OWASP Top Ten 2013 Category A1] - Injection +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1 - Injection] ifdef::env-github,rspecator-view[] diff --git a/rules/S3374/xml/metadata.json b/rules/S3374/xml/metadata.json index 0ee53ae4398..3aa0a59ff99 100644 --- a/rules/S3374/xml/metadata.json +++ b/rules/S3374/xml/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "struts" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3374", diff --git a/rules/S3394/cobol/rule.adoc b/rules/S3394/cobol/rule.adoc index ea20d797983..7a9993f3233 100644 --- a/rules/S3394/cobol/rule.adoc +++ b/rules/S3394/cobol/rule.adoc @@ -47,7 +47,7 @@ In this specific example, `USER-INPUT` is expected to be numeric by the system. ==== Noncompliant code example -[source,cobol,diff-id=1,diff-type=noncompliant] +[source,cobol] ---- IDENTIFICATION DIVISION. PROGRAM-ID. EXAMPLE. @@ -68,33 +68,6 @@ EXAMPLE-PROCEDURE. STOP RUN. ---- -==== Compliant solution - -[source,cobol,diff-id=1,diff-type=compliant] ----- -IDENTIFICATION DIVISION. -PROGRAM-ID. EXAMPLE. - -DATA DIVISION. -WORKING-STORAGE SECTION. -01 WS-NUMERIC PIC X VALUE 'N'. -01 USER-INPUT PIC X(4). - -PROCEDURE DIVISION. -EXAMPLE-PROCEDURE. - MOVE 'N' TO WS-NUMERIC. - PERFORM UNTIL WS-NUMERIC = 'Y' - DISPLAY 'ENTER YOUR 4 DIGIT RECORD NUMBER: ' NO ADVANCING - ACCEPT USER-INPUT FROM CONSOLE - IF USER-INPUT IS NUMERIC THEN - MOVE 'Y' TO WS-NUMERIC - ELSE - DISPLAY 'INVALID INPUT. PLEASE ENTER A NUMERIC VALUE.' - END-IF - END-PERFORM - STOP RUN. ----- - === How does this work? To mitigate the risks associated with the ACCEPT keyword in COBOL, you should diff --git a/rules/S3398/java/metadata.json b/rules/S3398/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3398/java/metadata.json +++ b/rules/S3398/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3402/javascript/rule.adoc b/rules/S3402/javascript/rule.adoc index eac7707402a..28410e531f1 100644 --- a/rules/S3402/javascript/rule.adoc +++ b/rules/S3402/javascript/rule.adoc @@ -3,7 +3,7 @@ Use a ``+`` with two numbers and you'll get addition. But use it with a string and anything else, and you'll get concatenation. This could be confusing, especially if it's not obvious that one of the operands is a string. It is recommended to explicitly convert the non-string component to make it easier to understand to future maintainers. -This rule raises an issue when ``+`` or ``+=`` is used with a string and a non-string. +This rule raises an issue when `pass:[+]` or `pass:[+=]` is used with a string and a non-string. === Noncompliant code example diff --git a/rules/S3403/python/metadata.json b/rules/S3403/python/metadata.json index 40076174a98..af09fdd6649 100644 --- a/rules/S3403/python/metadata.json +++ b/rules/S3403/python/metadata.json @@ -1,9 +1,14 @@ { "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, - "defaultSeverity": "Blocker" + "defaultSeverity": "Blocker", + "tags": [ + "confusing", + "pitfall", + "typing" + ] } diff --git a/rules/S3416/comments-and-links.adoc b/rules/S3416/comments-and-links.adoc new file mode 100644 index 00000000000..5a538060b95 --- /dev/null +++ b/rules/S3416/comments-and-links.adoc @@ -0,0 +1,10 @@ +== Comments And Links +(visible only on this page) + +=== on 25 Nov 2015, 09:22:38 Freddy Mallet wrote: +See my comment on relating Google Group thread [~ann.campbell.2]: \https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/sonarqube/7DGhtbqRsHk/j2rDIp6dAwAJ + +=== on 7 Jun 2018, 14:17:52 Andrei Epure wrote: +Also requested in \https://groups.google.com/forum/?utm_source=digest&utm_medium=email#!topic/sonarqube/qCK_pZJ7G_Q + + diff --git a/rules/S3416/csharp/how.adoc b/rules/S3416/csharp/how.adoc new file mode 100644 index 00000000000..65036aac962 --- /dev/null +++ b/rules/S3416/csharp/how.adoc @@ -0,0 +1,58 @@ +== How to fix it + +When the logger name is defined by a generic type parameter: + +[source,csharp] +---- +class EnclosingType +{ + private readonly ILogger logger; + + public EnclosingType(ILoggerFactory loggerFactory) + { + logger = loggerFactory.CreateLogger(); // Noncompliant + logger = loggerFactory.CreateLogger(); // Compliant + } +} +---- + +When the logger name is defined by an input parameter of type `Type`: + +[source,csharp] +---- +class EnclosingType +{ + private readonly ILogger logger; + + public EnclosingType(ILoggerFactory loggerFactory) + { + logger = loggerFactory.CreateLogger(typeof(AnotherType)); // Noncompliant + logger = loggerFactory.CreateLogger(typeof(EnclosingType)); // Compliant + logger = loggerFactory.CreateLogger(GetType()); // Compliant + } +} +---- + +When the logger name is a string, derived from a `Type`: + +[source,csharp] +---- +class EnclosingType +{ + private readonly ILogger logger; + + public EnclosingType(ILoggerFactory loggerFactory) + { + logger = loggerFactory.CreateLogger(typeof(AnotherType).Name); // Noncompliant + logger = loggerFactory.CreateLogger(typeof(AnotherType).FullName); // Noncompliant + logger = loggerFactory.CreateLogger(nameof(AnotherType)); // Noncompliant + // Fix by referring to the right type + logger = loggerFactory.CreateLogger(typeof(EnclosingType).Name); // Compliant + logger = loggerFactory.CreateLogger(typeof(EnclosingType).FullName); // Compliant + logger = loggerFactory.CreateLogger(nameof(EnclosingType)); // Compliant + // or by retrieving the right type dynamically + logger = loggerFactory.CreateLogger(GetType().FullName); // Compliant + } +} +---- + diff --git a/rules/S3416/csharp/metadata.json b/rules/S3416/csharp/metadata.json new file mode 100644 index 00000000000..eff16326075 --- /dev/null +++ b/rules/S3416/csharp/metadata.json @@ -0,0 +1,6 @@ +{ + "title": "Loggers should be named for their enclosing types", + "quickfix": "targeted", + "defaultQualityProfiles": [ + ] +} diff --git a/rules/S3416/csharp/rule.adoc b/rules/S3416/csharp/rule.adoc new file mode 100644 index 00000000000..aaccfa20c20 --- /dev/null +++ b/rules/S3416/csharp/rule.adoc @@ -0,0 +1,3 @@ +:language: csharp + +include::../rule-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S3416/csharp/why-code-example.adoc b/rules/S3416/csharp/why-code-example.adoc new file mode 100644 index 00000000000..37fa2bed443 --- /dev/null +++ b/rules/S3416/csharp/why-code-example.adoc @@ -0,0 +1,13 @@ +[source,csharp] +---- +class EnclosingType +{ + private readonly ILogger logger; + + public EnclosingType(ILoggerFactory loggerFactory) + { + logger = loggerFactory.CreateLogger(); // Noncompliant + logger = loggerFactory.CreateLogger(); // Compliant + } +} +---- diff --git a/rules/S3416/csharp/why-exception-example.adoc b/rules/S3416/csharp/why-exception-example.adoc new file mode 100644 index 00000000000..acbfd5010eb --- /dev/null +++ b/rules/S3416/csharp/why-exception-example.adoc @@ -0,0 +1,13 @@ +[source,csharp] +---- +class EnclosingType +{ + private readonly ILogger logger; + + EnclosingType(ILoggerFactory loggerFactory) + { + logger = loggerFactory.CreateLogger("My cross-type logging category"); // Compliant + logger = loggerFactory.CreateLogger(AComplexLogicToFindTheRightType()); // Compliant + } +} +---- diff --git a/rules/S3416/java/metadata.json b/rules/S3416/java/metadata.json index 2b0cc9d363a..7a73a41bfdf 100644 --- a/rules/S3416/java/metadata.json +++ b/rules/S3416/java/metadata.json @@ -1,34 +1,2 @@ { - "title": "Loggers should be named for their enclosing classes", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW" - }, - "attribute": "IDENTIFIABLE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "confusing" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-3416", - "sqKey": "S3416", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" -} +} \ No newline at end of file diff --git a/rules/S3416/java/rule.adoc b/rules/S3416/java/rule.adoc index fee789af99d..8a4d8db02d1 100644 --- a/rules/S3416/java/rule.adoc +++ b/rules/S3416/java/rule.adoc @@ -36,20 +36,12 @@ ifdef::env-github,rspecator-view[] Update this logger to use the current class. - === Highlighting Xxx.class - ''' -== Comments And Links -(visible only on this page) - -=== on 25 Nov 2015, 09:22:38 Freddy Mallet wrote: -See my comment on relating Google Group thread [~ann.campbell.2]: \https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/sonarqube/7DGhtbqRsHk/j2rDIp6dAwAJ -=== on 7 Jun 2018, 14:17:52 Andrei Epure wrote: -Also requested in \https://groups.google.com/forum/?utm_source=digest&utm_medium=email#!topic/sonarqube/qCK_pZJ7G_Q +include::../comments-and-links.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S3416/metadata.json b/rules/S3416/metadata.json index 2c63c085104..c1b83882f39 100644 --- a/rules/S3416/metadata.json +++ b/rules/S3416/metadata.json @@ -1,2 +1,33 @@ { + "title": "Loggers should be named for their enclosing classes", + "type": "CODE_SMELL", + "status": "ready", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "IDENTIFIABLE" + }, + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "confusing", + "logging" + ], + "extra": { + "replacementRules": [ + ], + "legacyKeys": [ + ] + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-3416", + "sqKey": "S3416", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S3416/rspecator-dotnet.adoc b/rules/S3416/rspecator-dotnet.adoc new file mode 100644 index 00000000000..d79825bd3a7 --- /dev/null +++ b/rules/S3416/rspecator-dotnet.adoc @@ -0,0 +1,21 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Update this logger to use its enclosing type. + +=== Highlighting + +XXX | typeof(XXX) | typeof(XXX).FullName + +''' +== Comments And Links +(visible only on this page) + +include::comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S3416/rule-dotnet.adoc b/rules/S3416/rule-dotnet.adoc new file mode 100644 index 00000000000..a345405e5e9 --- /dev/null +++ b/rules/S3416/rule-dotnet.adoc @@ -0,0 +1,57 @@ +== Why is this an issue? + +It is a well-established convention to name each logger after its enclosing type. This rule raises an issue when the convention is not respected. + +include::{language}/why-code-example.adoc[] + +Not following such a convention can result in confusion and logging misconfiguration. + +For example, the person configuring the log may attempt to change the logging behavior for the `MyNamespace.EnclosingType` type, by overriding defaults for the logger named after that type. + +[source,json] +---- +{ + "Logging": { + "LogLevel": { + "Default": "Error", + "MyNamespace.EnclosingType": "Debug" + } + } +} +---- + +However, if the convention is not in place, the override would not affect logs from `MyNamespace.EnclosingType`, since they are made via a logger with a different name. + +Moreover, using the same logger name for multiple types prevents the granular configuration of each type's logger, since there is no way to distinguish them in configuration. + +The rule targets the following logging frameworks: +* https://learn.microsoft.com/en-us/dotnet/core/extensions/logging[Microsoft Extensions Logging] +* https://logging.apache.org/log4net/[Apache log4net] +* https://nlog-project.org/[NLog] + +=== Exceptions + +The rule doesn't raise issues when custom handling of logging names is in place, and the logger name is not derived from a `Type`. + +include::{language}/why-exception-example.adoc[] + +include::{language}/how.adoc[] + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/diagnostics/logging-tracing[.NET logging and tracing] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/logging?tabs=command-line#log-category[Logging in C# and .NET - Log category] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/logging?tabs=command-line#configure-logging[Logging in C# and .NET - Configure logging] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.logging.ilogger-1[ILogger Interface] +* Apache Logging - https://logging.apache.org/log4net/[Apache log4net] +* NLog - https://nlog-project.org/[Flexible & free open-source logging for .NET] + +=== Articles & blog posts + +* Raygun Blog - https://raygun.com/blog/c-sharp-logging-best-practices/[C# logging: Best practices in 2023 with examples and tools] +* Apache Logging - https://logging.apache.org/log4net/release/manual/configuration.html[Apache log4net Manual - Configuration] +* GitHub NLog repository - https://github.com/nlog/nlog/wiki/Tutorial#best-practices-for-using-nlog[Best practices for using NLog] + +include::rspecator-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S3422/xml/rule.adoc b/rules/S3422/xml/rule.adoc index 147bd54ecb4..f30efb58f14 100644 --- a/rules/S3422/xml/rule.adoc +++ b/rules/S3422/xml/rule.adoc @@ -5,7 +5,7 @@ === Noncompliant code example -[source,xml] +[source,xml,diff-id=1,diff-type=noncompliant] ---- javax.sql @@ -16,6 +16,17 @@ ---- +=== Compliant solution + +[source,xml,diff-id=1,diff-type=compliant] +---- + + javax.sql + jdbc-stdext + 2.0 + provided + +---- ifdef::env-github,rspecator-view[] diff --git a/rules/S3427/metadata.json b/rules/S3427/metadata.json index a5cf1cb0040..168653fdb3e 100644 --- a/rules/S3427/metadata.json +++ b/rules/S3427/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -17,12 +17,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3427", diff --git a/rules/S3431/csharp/flow-example.adoc b/rules/S3431/csharp/flow-example.adoc new file mode 100644 index 00000000000..29bacf14aad --- /dev/null +++ b/rules/S3431/csharp/flow-example.adoc @@ -0,0 +1,33 @@ +[source,csharp] +---- +[TestMethod] +[ExpectedException(typeof(InvalidOperationException))] +public void UsingTest() +{ + Console.ForegroundColor = ConsoleColor.Black; + try + { + using var _ = new ConsoleAlert(); + Assert.AreEqual(ConsoleColor.Red, Console.ForegroundColor); + throw new InvalidOperationException(); + } + finally + { + Assert.AreEqual(ConsoleColor.Black, Console.ForegroundColor); // The exception itself is not relevant for the test. + } +} + +public sealed class ConsoleAlert : IDisposable +{ + private readonly ConsoleColor previous; + + public ConsoleAlert() + { + previous = Console.ForegroundColor; + Console.ForegroundColor = ConsoleColor.Red; + } + + public void Dispose() => + Console.ForegroundColor = previous; +} +---- diff --git a/rules/S3431/csharp/how-mstest.adoc b/rules/S3431/csharp/how-mstest.adoc new file mode 100644 index 00000000000..39ee97e6c8f --- /dev/null +++ b/rules/S3431/csharp/how-mstest.adoc @@ -0,0 +1,30 @@ +== How to fix it in MSTest + +Remove the `ExpectedException` attribute in favor of using the https://learn.microsoft.com/en-us/dotnet/api/microsoft.visualstudio.testtools.unittesting.assert.throwsexception[Assert.ThrowsException] assertion. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +[TestMethod] +[ExpectedException(typeof(ArgumentNullException))] // Noncompliant +public void Method_NullParam() +{ + var sut = new MyService(); + sut.Method(null); +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +[TestMethod] +public void Method_NullParam() +{ + var sut = new MyService(); + Assert.ThrowsException(() => sut.Method(null)); +} +---- diff --git a/rules/S3431/csharp/how-nunit.adoc b/rules/S3431/csharp/how-nunit.adoc new file mode 100644 index 00000000000..61eb1652a9b --- /dev/null +++ b/rules/S3431/csharp/how-nunit.adoc @@ -0,0 +1,30 @@ +== How to fix it in NUnit + +Remove the `ExpectedException` attribute in favor of using the https://docs.nunit.org/articles/nunit/writing-tests/assertions/classic-assertions/Assert.Throws.html[Assert.Throws] assertion. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=2,diff-type=noncompliant] +---- +[Test] +[ExpectedException(typeof(ArgumentNullException))] // Noncompliant +public void Method_NullParam() +{ + var sut = new MyService(); + sut.Method(null); +} +---- + +==== Compliant solution + +[source,csharp,diff-id=2,diff-type=compliant] +---- +[Test] +public void Method_NullParam() +{ + var sut = new MyService(); + Assert.Throws(() => sut.Method(null)); +} +---- diff --git a/rules/S3431/csharp/rule.adoc b/rules/S3431/csharp/rule.adoc index 31e121d06ea..177dd645c4d 100644 --- a/rules/S3431/csharp/rule.adoc +++ b/rules/S3431/csharp/rule.adoc @@ -1,52 +1,18 @@ +include::../../../shared_content/dotnet/csharp_dictionary.adoc[] +:language: csharp + == Why is this an issue? include::../description.adoc[] -=== Noncompliant code example - -[source,csharp] ----- -[TestMethod] -[ExpectedException(typeof(ArgumentNullException))] // Noncompliant -public void TestNullArg() -{ - //... -} ----- - -=== Compliant solution - -[source,csharp] ----- -[TestMethod] -public void TestNullArg() -{ - bool callFailed = false; - try - { - //... - } - catch (ArgumentNullException) - { - callFailed = true; - } - Assert.IsTrue(callFailed, "Expected call to MyMethod to fail with ArgumentNullException"); -} ----- - -or - -[source,csharp] ----- -[TestMethod] -public void TestNullArg() -{ - Assert.ThrowsException(() => /*...*/); -} ----- - include::../exceptions.adoc[] +include::./how-mstest.adoc[] + +include::./how-nunit.adoc[] + +include::../resources.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3431/description.adoc b/rules/S3431/description.adoc index d6edc97065a..9cbcf703347 100644 --- a/rules/S3431/description.adoc +++ b/rules/S3431/description.adoc @@ -1,3 +1,3 @@ It should be clear to a casual reader what code a test is testing and what results are expected. Unfortunately, that's not usually the case with the `ExpectedException` attribute since an exception could be thrown from almost any line in the method. -This rule detects MSTest and NUnit `ExpectedException` attribute. \ No newline at end of file +This rule detects MSTest and NUnit `ExpectedException` attribute. diff --git a/rules/S3431/exceptions.adoc b/rules/S3431/exceptions.adoc index 83dd36e1527..9b67c42eedd 100644 --- a/rules/S3431/exceptions.adoc +++ b/rules/S3431/exceptions.adoc @@ -1,3 +1,8 @@ === Exceptions -This rule ignores one-line test methods, since it is obvious in such methods where the exception is expected to be thrown. \ No newline at end of file +This rule ignores: + +* single-line tests, since it is obvious in such methods where the exception is expected to be thrown +* tests when it tests control flow and assertion are present in either a `{keyword_catch}` or `{keyword_finally}` clause + +include::{language}/flow-example.adoc[] diff --git a/rules/S3431/metadata.json b/rules/S3431/metadata.json index 470c1ce024a..bbcb9721de0 100644 --- a/rules/S3431/metadata.json +++ b/rules/S3431/metadata.json @@ -28,7 +28,7 @@ "sqKey": "S3431", "scope": "Tests", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S3431/resources.adoc b/rules/S3431/resources.adoc new file mode 100644 index 00000000000..201e9f555c2 --- /dev/null +++ b/rules/S3431/resources.adoc @@ -0,0 +1,8 @@ +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/microsoft.visualstudio.testtools.unittesting.assert.throwsexception[Assert.ThrowsException Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/microsoft.visualstudio.testtools.unittesting.expectedexceptionattribute[ExpectedExceptionAttribute Class] +* NUnit - https://docs.nunit.org/articles/nunit/writing-tests/assertions/classic-assertions/Assert.Throws.html[Assert.Throws] +* NUnit - https://docs.nunit.org/2.4/exception.html[ExpectedExceptionAttribute] diff --git a/rules/S3431/vbnet/flow-example.adoc b/rules/S3431/vbnet/flow-example.adoc new file mode 100644 index 00000000000..69c91843143 --- /dev/null +++ b/rules/S3431/vbnet/flow-example.adoc @@ -0,0 +1,31 @@ +[source,vbnet] +---- + + +Public Sub UsingTest() + Console.ForegroundColor = ConsoleColor.Black + Try + Using alert As New ConsoleAlert() + Assert.AreEqual(ConsoleColor.Red, Console.ForegroundColor) + Throw New InvalidOperationException() + End Using + Finally + Assert.AreEqual(ConsoleColor.Black, Console.ForegroundColor) ' The exception itself is not relevant for the test. + End Try +End Sub + +Public NotInheritable Class ConsoleAlert + Implements IDisposable + + Private ReadOnly previous As ConsoleColor + + Public Sub New() + previous = Console.ForegroundColor + Console.ForegroundColor = ConsoleColor.Red + End Sub + + Public Sub Dispose() Implements IDisposable.Dispose + Console.ForegroundColor = previous + End Sub +End Class +---- diff --git a/rules/S3431/vbnet/how-mstest.adoc b/rules/S3431/vbnet/how-mstest.adoc new file mode 100644 index 00000000000..86dbcdefa42 --- /dev/null +++ b/rules/S3431/vbnet/how-mstest.adoc @@ -0,0 +1,28 @@ +== How to fix it in MSTest + +Remove the `ExpectedException` attribute in favor of using the https://learn.microsoft.com/en-us/dotnet/api/microsoft.visualstudio.testtools.unittesting.assert.throwsexception[Assert.ThrowsException] assertion. + +=== Code examples + +==== Noncompliant code example + +[source,vbnet,diff-id=1,diff-type=noncompliant] +---- + + ' Noncompliant +Public Sub Method_NullParam() + Dim sut As New MyService() + sut.Method(Nothing) +End Sub +---- + +==== Compliant solution + +[source,vbnet,diff-id=1,diff-type=compliant] +---- + +Public Sub Method_NullParam() + Dim sut As New MyService() + Assert.ThrowsException(Of ArgumentNullException)(Sub() sut.Method(Nothing)) +End Sub +---- diff --git a/rules/S3431/vbnet/how-nunit.adoc b/rules/S3431/vbnet/how-nunit.adoc new file mode 100644 index 00000000000..408c65a446b --- /dev/null +++ b/rules/S3431/vbnet/how-nunit.adoc @@ -0,0 +1,28 @@ +== How to fix it in NUnit + +Remove the `ExpectedException` attribute in favor of using the https://docs.nunit.org/articles/nunit/writing-tests/assertions/classic-assertions/Assert.Throws.html[Assert.Throws] assertion. + +=== Code examples + +==== Noncompliant code example + +[source,vbnet,diff-id=2,diff-type=noncompliant] +---- + + ' Noncompliant +Public Sub Method_NullParam() + Dim sut As New MyService() + sut.Method(Nothing) +End Sub +---- + +==== Compliant solution + +[source,vbnet,diff-id=2,diff-type=compliant] +---- + +Public Sub Method_NullParam() + Dim sut As New MyService() + Assert.Throws(Of ArgumentNullException)(Sub() sut.Method(Nothing)) +End Sub +---- diff --git a/rules/S3431/vbnet/rule.adoc b/rules/S3431/vbnet/rule.adoc index 66c58cec7b4..cab82d7829e 100644 --- a/rules/S3431/vbnet/rule.adoc +++ b/rules/S3431/vbnet/rule.adoc @@ -1,46 +1,18 @@ +include::../../../shared_content/dotnet/vbnet_dictionary.adoc[] +:language: vbnet + == Why is this an issue? include::../description.adoc[] -=== Noncompliant code example - -[source,vbnet] ----- - - ' Noncompliant -Public Sub TestNullArg() - '... -End Sub ----- - -=== Compliant solution - -[source,vbnet] ----- - -Public Sub TestNullArg() - Dim CallFailed As Boolean = False - Try - ' ... - Catch ex As Exception - CallFailed = true - End Try - Assert.IsTrue(CallFailed, "Expected call to MyMethod to fail with ArgumentNullException") -End Sub ----- - -or - -[source,vbnet] ----- - -Public Sub TestNullArg() - Assert.ThrowsException(Of ArgumentNullException)(Sub() ... ) -End Sub ----- - include::../exceptions.adoc[] +include::./how-mstest.adoc[] + +include::./how-nunit.adoc[] + +include::../resources.adoc[] + ifdef::env-github,rspecator-view[] ''' == Comments And Links diff --git a/rules/S3433/metadata.json b/rules/S3433/metadata.json index e8a3d6a9ab3..43fc8ab7a15 100644 --- a/rules/S3433/metadata.json +++ b/rules/S3433/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3433", diff --git a/rules/S3436/java/metadata.json b/rules/S3436/java/metadata.json index d1f1721723e..c978547f83d 100644 --- a/rules/S3436/java/metadata.json +++ b/rules/S3436/java/metadata.json @@ -18,17 +18,13 @@ "lock-in" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3436", "sqKey": "S3436", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3443/metadata.json b/rules/S3443/metadata.json index 44b9240bc58..885cb3f45ce 100644 --- a/rules/S3443/metadata.json +++ b/rules/S3443/metadata.json @@ -1,35 +1,30 @@ { - "title": "Type should not be examined on \"System.Type\" instances", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "HIGH" - }, - "attribute": "CLEAR" + "title": "Type should not be examined on \"System.Type\" instances", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "BLOCKER" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "suspicious" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-3443", - "sqKey": "S3443", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" - } - \ No newline at end of file + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "suspicious" + ], + "extra": { + "replacementRules": [], + "legacyKeys": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-3443", + "sqKey": "S3443", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S3449/vbnet/rule.adoc b/rules/S3449/vbnet/rule.adoc index a8846d46af4..1cab043e5d5 100644 --- a/rules/S3449/vbnet/rule.adoc +++ b/rules/S3449/vbnet/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Numbers can be shifted with the `<<` and `>>` https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/operators/bit-shift-operators[operators], but the right operand of the operation needs to be an `int` or a type that has an https://learn.microsoft.com/en-us/dotnet/visual-basic/programming-guide/language-features/data-types/implicit-and-explicit-conversions[implicit conversion] to `int`. However, when the left operand is an `object`, the compiler's type checking is turned off, so you can pass anything to the right of a shift operator and have it compile. And if the argument can't be implicitly converted to `int` at runtime, then a https://learn.microsoft.com/en-us/dotnet/api/microsoft.csharp.runtimebinder.runtimebinderexception[RuntimeBinderException] will be raised. +Numbers can be shifted with the `<<` and `>>` https://learn.microsoft.com/en-us/dotnet/visual-basic/language-reference/operators/bit-shift-operators[operators], but the right operand of the operation needs to be an `int` or a type that has an https://learn.microsoft.com/en-us/dotnet/visual-basic/programming-guide/language-features/data-types/implicit-and-explicit-conversions[implicit conversion] to `int`. However, when the left operand is an `object`, the compiler's type checking is turned off, therfore you can pass anything to the right of a shift operator and have it compile. If the argument can't be implicitly converted to `int` at runtime, a https://learn.microsoft.com/en-us/dotnet/api/microsoft.csharp.runtimebinder.runtimebinderexception[RuntimeBinderException] will be raised. [source,vbnet] ---- diff --git a/rules/S3457/csharp/rule.adoc b/rules/S3457/csharp/rule.adoc index 5c860c70960..ae154932e28 100644 --- a/rules/S3457/csharp/rule.adoc +++ b/rules/S3457/csharp/rule.adoc @@ -1,23 +1,23 @@ == Why is this an issue? -A [composite format string](https://learn.microsoft.com/en-us/dotnet/standard/base-types/composite-formatting) is a string that contains placeholders, represented by indices inside curly braces "{0}", "{1}", etc. These placeholders are replaced by values when the string is printed or logged. +A https://learn.microsoft.com/en-us/dotnet/standard/base-types/composite-formatting[composite format string] is a string that contains placeholders, represented by indices inside curly braces "{0}", "{1}", etc. These placeholders are replaced by values when the string is printed or logged. Because composite format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that lead to unexpected behaviors or runtime errors. This rule validates the correspondence between arguments and composite formats when calling the following methods: -* https://learn.microsoft.com/en-us/dotnet/api/system.string.format?view=net-7.0[`String.Format`] -* https://learn.microsoft.com/en-us/dotnet/api/system.text.stringbuilder.appendformat?view=net-7.0[`StringBuilder.AppendFormat`] -* https://learn.microsoft.com/en-us/dotnet/api/system.console.write?view=net-7.0[`Console.Write`] -* https://learn.microsoft.com/en-us/dotnet/api/system.console.writeline?view=net-7.0[`Console.WriteLine`] -* https://learn.microsoft.com/en-us/dotnet/api/system.io.textwriter.write?view=net-7.0[`TextWriter.Write`] -* https://learn.microsoft.com/en-us/dotnet/api/system.io.textwriter.writeline?view=net-7.0[`TextWriter.WriteLine`] -* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.debug.writeline?view=net-7.0[`Debug.WriteLine(String, Object[])`] -* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceerror?view=net-7.0[`Trace.TraceError(String, Object[])`] -* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceinformation?view=net-7.0[`Trace.TraceInformation(String, Object[])`] -* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.tracewarning?view=net-7.0[`Trace.TraceWarning(String, Object[])`] -* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.tracesource.traceinformation?view=net-7.0[`TraceSource.TraceInformation(String, Object[])`] +* https://learn.microsoft.com/en-us/dotnet/api/system.string.format[`String.Format`] +* https://learn.microsoft.com/en-us/dotnet/api/system.text.stringbuilder.appendformat[`StringBuilder.AppendFormat`] +* https://learn.microsoft.com/en-us/dotnet/api/system.console.write[`Console.Write`] +* https://learn.microsoft.com/en-us/dotnet/api/system.console.writeline[`Console.WriteLine`] +* https://learn.microsoft.com/en-us/dotnet/api/system.io.textwriter.write[`TextWriter.Write`] +* https://learn.microsoft.com/en-us/dotnet/api/system.io.textwriter.writeline[`TextWriter.WriteLine`] +* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.debug.writeline[`Debug.WriteLine(String, Object[\])`] +* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceerror[`Trace.TraceError(String, Object[\])`] +* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceinformation[`Trace.TraceInformation(String, Object[\])`] +* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.tracewarning[`Trace.TraceWarning(String, Object[\])`] +* https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.tracesource.traceinformation[`TraceSource.TraceInformation(String, Object[\])`] === Exceptions diff --git a/rules/S3457/java/rule.adoc b/rules/S3457/java/rule.adoc index 1c699ce45be..677d8ab6f64 100644 --- a/rules/S3457/java/rule.adoc +++ b/rules/S3457/java/rule.adoc @@ -22,34 +22,43 @@ A `printf-`-style format string is a string that contains placeholders, which ar To avoid issues, a developer should ensure that the provided arguments match format specifiers. +Note that https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/text/MessageFormat.html[MessageFormat] is used by most logging mechanisms, for example `java.util.logging.Logger`, thus the _single quote_ must be escaped by a _double single quote_. + === Code examples ==== Noncompliant code example [source,java,diff-id=1,diff-type=noncompliant] ---- -String.format("Too many arguments %d and %d", 1, 2, 3); // Noncompliant; the third argument '3' is unused -String.format("First {0} and then {1}", "foo", "bar"); //Noncompliant. It appears there is confusion with the use of "java.text.MessageFormat"; parameters "foo" and "bar" will be ignored here +void logging(org.slf4j.Logger slf4jLog, java.util.logging.Logger logger) { + String.format("Too many arguments %d and %d", 1, 2, 3); // Noncompliant - the third argument '3' is unused + String.format("First {0} and then {1}", "foo", "bar"); //Noncompliant - it appears there is confusion with the use of "java.text.MessageFormat" - parameters "foo" and "bar" will be ignored here + -org.slf4j.Logger slf4jLog; -slf4jLog.debug("The number: ", 1); // Noncompliant - String contains no format specifiers. + slf4jLog.debug("The number: ", 1); // Noncompliant - String contains no format specifiers. + + logger.log(level, "Can't load library \"{0}\"!", "foo"); // Noncompliant - the single quote ' must be escaped +} ---- ==== Compliant solution [source,java,diff-id=1,diff-type=compliant] ---- -String.format("Too many arguments %d and %d", 1, 2); -String.format("First %s and then %s", "foo", "bar"); +void logging(org.slf4j.Logger slf4jLog, java.util.logging.Logger logger) { + String.format("Too many arguments %d and %d", 1, 2); + String.format("First %s and then %s", "foo", "bar"); + + slf4jLog.debug("The number: {}", 1); -org.slf4j.Logger slf4jLog; -slf4jLog.debug("The number: {}", 1); + logger.log(level, "Can''t load library \"{0}\"!", "foo"); +} ---- == Resources * https://wiki.sei.cmu.edu/confluence/x/J9YxBQ[CERT, FIO47-C.] - Use valid format strings -* https://docs.oracle.com/javase/8/docs/api/java/text/MessageFormat.html[java.text.MessageFormat] +* https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/text/MessageFormat.html[java.text.MessageFormat] ifdef::env-github,rspecator-view[] diff --git a/rules/S3458/cfamily/metadata.json b/rules/S3458/cfamily/metadata.json index d860fd4691d..eeaaa16a428 100644 --- a/rules/S3458/cfamily/metadata.json +++ b/rules/S3458/cfamily/metadata.json @@ -1,5 +1,4 @@ { - "defaultQualityProfiles": [ - "Sonar way" - ] -} + "status": "deprecated", + "defaultQualityProfiles": [] +} \ No newline at end of file diff --git a/rules/S3464/metadata.json b/rules/S3464/metadata.json index 59cacdbac8b..6546c715681 100644 --- a/rules/S3464/metadata.json +++ b/rules/S3464/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "1h" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3464", diff --git a/rules/S3470/cfamily/metadata.json b/rules/S3470/cfamily/metadata.json index e96a1598fe8..ddd557131ad 100644 --- a/rules/S3470/cfamily/metadata.json +++ b/rules/S3470/cfamily/metadata.json @@ -35,5 +35,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S3470/cfamily/rule.adoc b/rules/S3470/cfamily/rule.adoc index 43cd32b987f..87b6ce26725 100644 --- a/rules/S3470/cfamily/rule.adoc +++ b/rules/S3470/cfamily/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -It may seem tidy to add your new declarations to the ``++std++`` or ``++posix++`` namespaces, but doing so results in undefined behavior. The {cpp}14 Standard, [namespace.std] (ISO/IEC 14882-2014 §17.6.4.2.1), paragraphs 1 and 2 states: +It may seem tidy to add your new declarations to the `std` or `posix` namespaces, but doing so results in undefined behavior. The {cpp}14 Standard, [namespace.std] (ISO/IEC 14882-2014 §17.6.4.2.1), paragraphs 1 and 2 states: ____ @@ -12,17 +12,20 @@ ____ ** an explicit or partial specialization of any member class template of a standard library class or class template. ____ -In addition to restricting extensions to the ``++std++`` namespace, the {cpp}14 Standard goes on in §17.6.4.2.2 to say: +In addition to restricting extensions to the `std` namespace, the {cpp}14 Standard goes on in §17.6.4.2.2 to say: ____ . The behavior of a {cpp} program is undefined if it adds declarations or definitions to namespace posix or to a namespace within namespace posix unless otherwise specified. The namespace posix is reserved for use by ISO/IEC 9945 and other POSIX standards. ____ -You may think that it's legitimate to reopen ``++std++`` to define a version of extension points (``++std::swap++``, ``++std::hash++``...) that work with your types, but it's not necessary: If you call these extension points according to the correct pattern (see for instance S5963 for ``++swap++``), user-defined version will be found too. +However, the standard allows specializing standard class templates in namespace `std`. In that case, the specialization must respect the requirement of the original template and has to be for a "program-defined type" (a type that is specific to the program, by opposition to a type from the standard). +You may therefore think that it's legitimate to reopen `std` to define a version of extension points (``++std::swap++``, ``++std::hash++``...) that work with your types, but it's not necessary: If you call these extension points according to the correct pattern, the user-defined version will be found too. -This rule raises an issue for any modification of the standard ``++std++`` and ``++posix++`` namespaces. +The only extension points for which the specialization is the recommended approach are ``++std::out_ptr++`` and ``++std::inout_ptr++``. + +This rule raises an issue for any modification of the standard `std` and `posix` namespaces that is not a template specialization. === Noncompliant code example @@ -48,16 +51,11 @@ namespace expanded_std { } namespace MyNamespace { class MyType {/*...*/}; - void swap(MyType &m1, MyType &m2); // See also S5963 to see how to properly call it + void swap(MyType &m1, MyType &m2); } ---- -=== Exceptions - -A namespace fragment that only contains template specializations or explicit instantiations is ignored by this rule. - - == Resources * https://wiki.sei.cmu.edu/confluence/x/Xnw-BQ[CERT, DCL58-CPP.] - Do not modify the standard namespaces diff --git a/rules/S3471/cfamily/rule.adoc b/rules/S3471/cfamily/rule.adoc index 3d019e51d35..bd4e5c17884 100644 --- a/rules/S3471/cfamily/rule.adoc +++ b/rules/S3471/cfamily/rule.adoc @@ -51,7 +51,7 @@ public: == Resources -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c128-virtual-functions-should-specify-exactly-one-of-virtual-override-or-final[C.128 - Virtual functions should specify exactly one of virtual, override, or final] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c128-virtual-functions-should-specify-exactly-one-of-virtual-override-or-final[C.128: Virtual functions should specify exactly one of `virtual`, `override`, or `final`] === Related rules diff --git a/rules/S3481/cobol/metadata.json b/rules/S3481/cobol/metadata.json index dca8181e092..9801b84dc5f 100644 --- a/rules/S3481/cobol/metadata.json +++ b/rules/S3481/cobol/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -17,19 +17,13 @@ "sql" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3481", "sqKey": "S3481", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3490/cfamily/rule.adoc b/rules/S3490/cfamily/rule.adoc index d9ba29b6683..8358a1866b1 100644 --- a/rules/S3490/cfamily/rule.adoc +++ b/rules/S3490/cfamily/rule.adoc @@ -1,22 +1,25 @@ == Why is this an issue? -All special member functions (default constructor, copy and move constructors, copy and move assignment operators, destructor) can be automatically generated by the compiler if you don't prevent it (for many classes, it is good practice to organize your code so that you can use these default versions, see S4963). +All special member functions (default constructor, copy and move constructors, copy and move assignment operators, destructor) can be automatically generated by the compiler if you don't prevent it (for most classes, the good practice is to organize your code so that you can use these compiler generated versions, which is known as the "Rule of Zero"). -There are cases where it's still useful to manually write such a function, because the default implementation is not doing what you need. But if the manually written function is equivalent to the default implementation, this is an issue: +There are cases where it's still useful to manually write such a function because the default implementation is not doing what you need. But when the manually written function is equivalent to the default implementation, this is an issue because: -* It's more code to write, test and maintain for no good reason -* Writing the code of those functions correctly is surprisingly difficult -* Once you write one such function, you will typically have to write several (see S3624) +* It's more code to write, test, and maintain for no good reason +* Correctly writing the code of those functions is surprisingly difficult +* Once you write one such function, you will typically have to write several (see S3624) * If you want your class to be _trivial_ or to be an _aggregate_, those functions cannot be user-provided anyways -In most cases, you should just remove the code of the redundant function. In some cases, the compiler will not automatically generate the default version of the function, but you can force it to do so by using the ``++= default++`` syntax. +In most cases, you should just remove the code of the redundant function. In some cases, the compiler will not automatically generate the default version of the function, but you can force it to do so by using the ``++= default++`` syntax. -For default constructors, you will often be able to use the default version if you use in-class initialization instead of the initializer list (see S5424). You will have to make it explicitly defaulted if your class has any other constructor. +For default constructors, you can often use the default version if you use in-class initialization instead of the initializer list. You must make it explicitly defaulted if your class has any other constructor. -For destructors, you may want to use the ``++=default++`` syntax to be able to declare it as virtual (see S1235). +For destructors, you may want to use the ``++= default++`` syntax in the following cases: + +* When you want to declare the destructor as _virtual_ (see S1235). +* When your class contains smart pointers to incomplete types, and you want to delay the destructor definition to the point where the types are complete. This commonly happens when using the PIMPL idiom. In that case, declare the destructor in the class and define it out-of-line with `= default` when the type is complete so that the smart pointer can properly delete them. This rule raises an issue when any of the following is implemented in a way equivalent to the default implementation: @@ -69,8 +72,14 @@ struct Book { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c30-define-a-destructor-if-a-class-needs-an-explicit-action-at-object-destruction[{cpp} Core Guidelines C.30] - Define a destructor if a class needs an explicit action at object destruction +=== Articles & blog posts + +* Sonar Blog - https://www.sonarsource.com/blog/the-rules-of-three-five-and-zero/#the-rule-of-zero[The Rule of Zero] + +=== External coding guidelines +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c30-define-a-destructor-if-a-class-needs-an-explicit-action-at-object-destruction[C.30: Define a destructor if a class needs an explicit action at object destruction] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c48-prefer-in-class-initializers-to-member-initializers-in-constructors-for-constant-initializers[C.48: Prefer in-class initializers to member initializers in constructors for constant initializers] ifdef::env-github,rspecator-view[] diff --git a/rules/S3491/cfamily/metadata.json b/rules/S3491/cfamily/metadata.json index 2aa500c3827..8d14ec98622 100644 --- a/rules/S3491/cfamily/metadata.json +++ b/rules/S3491/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3491", diff --git a/rules/S3510/java/rule.adoc b/rules/S3510/java/rule.adoc index b087e3e4221..07d68523482 100644 --- a/rules/S3510/java/rule.adoc +++ b/rules/S3510/java/rule.adoc @@ -50,8 +50,8 @@ Client client = ClientBuilder.newBuilder().sslContext(sslcontext).hostnameVerifi == Resources -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/295[MITRE, CWE-295] - Improper Certificate Validation +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation] * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#WEAK_HOSTNAME_VERIFIER[WEAK_HOSTNAME_VERIFIER] diff --git a/rules/S3512/dart/metadata.json b/rules/S3512/dart/metadata.json new file mode 100644 index 00000000000..5f2d793ecf5 --- /dev/null +++ b/rules/S3512/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Interpolation should be used instead of String concatenation" +} diff --git a/rules/S3512/dart/rule.adoc b/rules/S3512/dart/rule.adoc new file mode 100644 index 00000000000..23356112df1 --- /dev/null +++ b/rules/S3512/dart/rule.adoc @@ -0,0 +1,81 @@ +== Why is this an issue? + +In Dart there's an ability to use template literals instead of concatenation. Since their use is clearer and more concise, they are preferred. + +=== Exceptions + +Concatenation of string literals, without any variables, is allowed, both using `+` and using adjacent strings. Those are typically used for multiline strings. + +Raw string literals are also an exception to this rule, since they don't support interpolation. + +[source,dart] +---- +var s1 = + 'hello\n' + + 'world'; // OK +var s2 = + 'hello\n' + 'world'; // OK +var s3 = r'hello\n' + s1; // OK +---- + +The multiline strings like `s1` and `s2` above can also be written as follows: + +[source,dart] +---- +var s1Alternative = ''' +hello +world'''; // OK +---- + +=== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void sayHello(name) { + print('hello ' + name + '!'); // Noncompliant +} +---- + +=== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +void sayHello(name) { + print('hello $name!'); +} +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_interpolation_to_compose_strings[Dart Linter rule - prefer_interpolation_to_compose_strings] +* Dart Docs - https://dart.dev/language/built-in-types#strings[Dart language - strings] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Use interpolation to compose strings and values. + +=== Highlighting + +The entire string concatenation expression, including the operands. + +If a non-parenthesized sequence of concatenations is detected, a single issue is reported, either on the full concatenation or on part of it: e.g. in `'a' + s1 + 'a'`, `'a' + s1 + 'a'` is reported, whereas in `s1 + 'a' + s1` only `s1 + 'a'` is reported. + +An exception is made for single string variables or literals in parentheses, where the outer concatenation is reported: e.g. in `'a' + (s1)`, the entire expression is reported. + +In parenthesized expressions, only innermost concatenations are reported: e.g. in `'a' + (s1 + 'a')`, only `s1 + 'a'` is reported. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S3512/javascript/metadata.json b/rules/S3512/javascript/metadata.json index 57f9b9678a0..9a419a6c6aa 100644 --- a/rules/S3512/javascript/metadata.json +++ b/rules/S3512/javascript/metadata.json @@ -1,33 +1,4 @@ { - "title": "Template strings should be used instead of concatenation", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "es2015", - "clumsy" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-3512", - "sqKey": "S3512", - "scope": "Main", "defaultQualityProfiles": [ ], diff --git a/rules/S3512/metadata.json b/rules/S3512/metadata.json index 2c63c085104..5f01ef8033e 100644 --- a/rules/S3512/metadata.json +++ b/rules/S3512/metadata.json @@ -1,2 +1,35 @@ { + "title": "Template strings should be used instead of concatenation", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "es2015", + "clumsy" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-3512", + "sqKey": "S3512", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S3516/cfamily/metadata.json b/rules/S3516/cfamily/metadata.json index da5fe01b7a5..079d9f5aa55 100644 --- a/rules/S3516/cfamily/metadata.json +++ b/rules/S3516/cfamily/metadata.json @@ -1,4 +1,5 @@ { + "status": "closed", "code": { "impacts": { "MAINTAINABILITY": "MEDIUM" @@ -6,7 +7,5 @@ "attribute": "LOGICAL" }, "defaultSeverity": "Major", - "defaultQualityProfiles": [ - "Sonar way" - ] + "defaultQualityProfiles": [] } diff --git a/rules/S3516/comments-and-links.adoc b/rules/S3516/comments-and-links.adoc index cf68e2cb624..316c12120a3 100644 --- a/rules/S3516/comments-and-links.adoc +++ b/rules/S3516/comments-and-links.adoc @@ -1,2 +1,4 @@ === relates to: S3400 +=== on 26 Mar 2024, 08:15:00 Philipp Dominik Schubert wrote: +We created a circle to discuss CFamily's rules on dead code and decided to disable this rule in the CFamily analyzer since we believe it provides relatively low value and is not even implemented in CFamily's analyzer (cf. https://sonarsource.atlassian.net/browse/CPP-5165). diff --git a/rules/S3516/metadata.json b/rules/S3516/metadata.json index 35054a49152..eb76cbea38a 100644 --- a/rules/S3516/metadata.json +++ b/rules/S3516/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,16 +13,10 @@ "linearDesc": "Per number of return statements", "linearFactor": "2min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3516", diff --git a/rules/S3516/python/metadata.json b/rules/S3516/python/metadata.json index 58052d7ef5c..33c5c7b07a2 100644 --- a/rules/S3516/python/metadata.json +++ b/rules/S3516/python/metadata.json @@ -1,3 +1,7 @@ { - "title": "Functions returns should not be invariant" + "title": "Functions returns should not be invariant", + "tags": [ + "confusing", + "design" + ] } diff --git a/rules/S3518/cfamily/metadata.json b/rules/S3518/cfamily/metadata.json index ff48e09418e..3ece7e8d2a3 100644 --- a/rules/S3518/cfamily/metadata.json +++ b/rules/S3518/cfamily/metadata.json @@ -16,6 +16,9 @@ ], "CWE": [ 369 + ], + "STIG ASD_V5R3": [ + "V-222612" ] } } diff --git a/rules/S3518/cfamily/rule.adoc b/rules/S3518/cfamily/rule.adoc index 650317327e8..e6b8c397326 100644 --- a/rules/S3518/cfamily/rule.adoc +++ b/rules/S3518/cfamily/rule.adoc @@ -137,11 +137,12 @@ std::optional safe_division(int a, int b) { * CERT - https://wiki.sei.cmu.edu/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow[INT32-C. Ensure that operations on signed integers do not result in overflow] * CERT - https://wiki.sei.cmu.edu/confluence/x/ftYxBQ[INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors] -* CWE - https://cwe.mitre.org/data/definitions/369[369 - Divide by zero] +* CWE - https://cwe.mitre.org/data/definitions/369[CWE-369 - Divide by zero] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. === External coding guidelines -* {cpp} Core Guidelines https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md[ES.105: Don't divide by integer zero] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es105-dont-divide-by-integer-zero[ES.105: Don't divide by integer zero] ifdef::env-github,rspecator-view[] diff --git a/rules/S3518/java/metadata.json b/rules/S3518/java/metadata.json index 0909f01266a..ad2fcf5b412 100644 --- a/rules/S3518/java/metadata.json +++ b/rules/S3518/java/metadata.json @@ -12,6 +12,9 @@ ], "CWE": [ 369 + ], + "STIG ASD_V5R3": [ + "V-222612" ] } } diff --git a/rules/S3518/java/rule.adoc b/rules/S3518/java/rule.adoc index fc1cb2a7bef..ac83eff1552 100644 --- a/rules/S3518/java/rule.adoc +++ b/rules/S3518/java/rule.adoc @@ -59,16 +59,15 @@ void test_divide() { === Documentation * https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/lang/ArithmeticException.html[ArithmeticException] +* https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.2[The Division Operator in the JLS] +* https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.3[The Remainder Operator in the JLS] -=== Articles & blog posts +=== Standards -* https://cwe.mitre.org/data/definitions/369[MITRE, CWE-369] - Divide by zero +* CWE - https://cwe.mitre.org/data/definitions/369[CWE-369 - Divide by zero] * https://wiki.sei.cmu.edu/confluence/x/CTZGBQ[CERT, NUM02-J.] - Ensure that division and remainder operations do not result in divide-by-zero errors +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. -=== Standards - -* https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.2[The Division Operator in the JLS] -* https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.3[The Remainder Operator in the JLS] ifdef::env-github,rspecator-view[] diff --git a/rules/S3518/metadata.json b/rules/S3518/metadata.json index 559015907b8..daab6849904 100644 --- a/rules/S3518/metadata.json +++ b/rules/S3518/metadata.json @@ -31,6 +31,9 @@ "securityStandards": { "CWE": [ 369 + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S3518/python/metadata.json b/rules/S3518/python/metadata.json index 5ba48ac266f..53dbb97f439 100644 --- a/rules/S3518/python/metadata.json +++ b/rules/S3518/python/metadata.json @@ -11,6 +11,9 @@ ], "CWE": [ 369 + ], + "STIG ASD_V5R3": [ + "V-222612" ] } } diff --git a/rules/S3518/python/rule.adoc b/rules/S3518/python/rule.adoc index b352ed41e49..ee1998773ab 100644 --- a/rules/S3518/python/rule.adoc +++ b/rules/S3518/python/rule.adoc @@ -26,12 +26,12 @@ The goal is to ensure that a zero value never reaches the denominator. def foo(): z = 0 if (unknown()): - # ... z = 4 + ... else: - # ... # (z is not reassigned to a non-zero value here) - z = 1 / z + ... + z = 1 / z # Noncompliant: divisor can be 0 ---- ==== Compliant solution @@ -41,11 +41,11 @@ def foo(): def foo(): z = 0 if (unknown()): - # ... z = 4 + ... else: - # ... z = 1 + ... z = 1 / z ---- @@ -104,10 +104,8 @@ if the denominator is zero. * https://docs.python.org/3/reference/expressions.html#binary-arithmetic-operations[Binary arithmetic operations] * https://docs.python.org/3/library/exceptions.html#ZeroDivisionError[ZeroDivisionError] -=== Articles & blog posts +=== Standards -* https://cwe.mitre.org/data/definitions/369[MITRE, CWE-369] - Divide by zero +* CWE - https://cwe.mitre.org/data/definitions/369[CWE-369 - Divide by zero] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. -//=== Articles & blog posts -//=== Conference presentations -//=== Standards diff --git a/rules/S3519/cfamily/metadata.json b/rules/S3519/cfamily/metadata.json index 3a6f5a53b9b..9e0a11eb724 100644 --- a/rules/S3519/cfamily/metadata.json +++ b/rules/S3519/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -18,12 +18,8 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3519", @@ -47,6 +43,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S3519/cfamily/rule.adoc b/rules/S3519/cfamily/rule.adoc index e5f32f401d2..716a2e17541 100644 --- a/rules/S3519/cfamily/rule.adoc +++ b/rules/S3519/cfamily/rule.adoc @@ -375,20 +375,21 @@ void tar(std::string const &s) { === Conference presentations -* CppCon 2014 - https://youtu.be/V2_80g0eOMc?si=U_qv9iBKI5B3a_EL[Sanitize your C++ code] -* CppCon 2018 - https://youtu.be/0S0QgQd75Sw?si=AW9mA09L5PEbkqXc[Software Vulnerabilities in C and C++] +* CppCon 2014 - https://youtu.be/V2_80g0eOMc?si=U_qv9iBKI5B3a_EL[Sanitize your {cpp} code] +* CppCon 2018 - https://youtu.be/0S0QgQd75Sw?si=AW9mA09L5PEbkqXc[Software Vulnerabilities in C and {cpp}] * CppCon 2020 - https://youtu.be/xEzfnbTabyE?si=9yJQkrcRKn6tuPaV[2020: The Year of Sanitizers?] === Standards * CERT - https://wiki.sei.cmu.edu/confluence/x/wtYxBQ[ARR30-C. Do not form or use out-of-bounds pointers or array subscripts] * CERT - https://wiki.sei.cmu.edu/confluence/x/i3w-BQ[STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator] -* CWE - https://cwe.mitre.org/data/definitions/119[119 Improper Restriction of Operations within the Bounds of a Memory Buffer] -* CWE - https://cwe.mitre.org/data/definitions/121[121 Stack-based Buffer Overflow] -* CWE - https://cwe.mitre.org/data/definitions/122[122 Heap-based Buffer Overflow] -* CWE - https://cwe.mitre.org/data/definitions/131[131 Incorrect Calculation of Buffer Size] -* CWE - https://cwe.mitre.org/data/definitions/193[193 Off-by-one Error] -* CWE - https://cwe.mitre.org/data/definitions/788[788 Access of Memory Location After End of Buffer] +* CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer] +* CWE - https://cwe.mitre.org/data/definitions/121[CWE-121 Stack-based Buffer Overflow] +* CWE - https://cwe.mitre.org/data/definitions/122[CWE-122 Heap-based Buffer Overflow] +* CWE - https://cwe.mitre.org/data/definitions/131[CWE-131 Incorrect Calculation of Buffer Size] +* CWE - https://cwe.mitre.org/data/definitions/193[CWE-193 Off-by-one Error] +* CWE - https://cwe.mitre.org/data/definitions/788[CWE-788 Access of Memory Location After End of Buffer] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. === Related rules diff --git a/rules/S3520/cfamily/metadata.json b/rules/S3520/cfamily/metadata.json index 6ba91ba6e0e..c541d9581a1 100644 --- a/rules/S3520/cfamily/metadata.json +++ b/rules/S3520/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "symbolic-execution" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3520", diff --git a/rules/S3520/cfamily/rule.adoc b/rules/S3520/cfamily/rule.adoc index 60b6ae6df80..038ef649e9d 100644 --- a/rules/S3520/cfamily/rule.adoc +++ b/rules/S3520/cfamily/rule.adoc @@ -254,7 +254,7 @@ Passing this pointer to a function that might release it can lead to a "double-f === Standards -* CWE - https://cwe.mitre.org/data/definitions/415[415 Double Free] +* CWE - https://cwe.mitre.org/data/definitions/415[CWE-415 Double Free] * CERT - https://wiki.sei.cmu.edu/confluence/x/GdYxBQ[MEM30-C - Do not access freed memory] * CERT - https://wiki.sei.cmu.edu/confluence/x/Gns-BQ[MEM51-CPP - Properly deallocate dynamically allocated resources] * CERT - https://wiki.sei.cmu.edu/confluence/x/Zns-BQ[MEM56-CPP - Do not store an already-owned pointer value in an unrelated smart pointer] diff --git a/rules/S3523/javascript/metadata.json b/rules/S3523/javascript/metadata.json index 4007f46b303..ca6e2bd6ebb 100644 --- a/rules/S3523/javascript/metadata.json +++ b/rules/S3523/javascript/metadata.json @@ -17,12 +17,18 @@ ] }, - "defaultSeverity": "Critical", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3523", "sqKey": "S3523", "scope": "Main", "defaultQualityProfiles": [ ], - "quickfix": "unknown" + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S3523/javascript/rule.adoc b/rules/S3523/javascript/rule.adoc index 8a8c237ee33..c7a905b1234 100644 --- a/rules/S3523/javascript/rule.adoc +++ b/rules/S3523/javascript/rule.adoc @@ -29,7 +29,7 @@ Function calls where the argument is a string literal (e.g. ``++(Function('retur == Resources -* OWASP Top 10 2017 Category A1 - Injection +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] ifdef::env-github,rspecator-view[] diff --git a/rules/S3529/cfamily/metadata.json b/rules/S3529/cfamily/metadata.json index 46c1d9db022..aa674af9e8b 100644 --- a/rules/S3529/cfamily/metadata.json +++ b/rules/S3529/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -18,12 +18,8 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3529", diff --git a/rules/S3529/cfamily/rule.adoc b/rules/S3529/cfamily/rule.adoc index 3860bfb3f20..81f8d84e4ee 100644 --- a/rules/S3529/cfamily/rule.adoc +++ b/rules/S3529/cfamily/rule.adoc @@ -138,7 +138,7 @@ Class* p3 = objPtr.get(); // becomes dangling, when objPtr releases the pointer === Standards -* CWE - https://cwe.mitre.org/data/definitions/416[416 - Use After Free] +* CWE - https://cwe.mitre.org/data/definitions/416[CWE-416 - Use After Free] * CERT - https://wiki.sei.cmu.edu/confluence/x/GdYxBQ[MEM30-C - Do not access freed memory] * CERT - https://wiki.sei.cmu.edu/confluence/x/onw-BQ[MEM50-CPP - Do not access freed memory] * CERT - https://wiki.sei.cmu.edu/confluence/x/OXw-BQ[EXP54-CPP - Do not access an object outside of its lifetime] diff --git a/rules/S3539/cfamily/rule.adoc b/rules/S3539/cfamily/rule.adoc index 807006577be..afa29472868 100644 --- a/rules/S3539/cfamily/rule.adoc +++ b/rules/S3539/cfamily/rule.adoc @@ -8,17 +8,17 @@ Redundant access specifiers should be removed because they needlessly clutter th [source,cpp,diff-id=1,diff-type=noncompliant] ---- struct S { - public: // Noncompliant; does not affect any declaration - private: - void method(); - private: // Noncompliant; does not change accessibility level - int member; - private: // Noncompliant; does not affect any declaration +public: // Noncompliant; does not affect any declaration +private: + void f1(); +private: // Noncompliant; does not change accessibility level + void f2(); +private: // Noncompliant; does not affect any declaration }; class C { - int member; - private: // Noncompliant; does not change accessibility level - void method(); + void f1(); +private: // Noncompliant; does not change accessibility level + void f2(); }; ---- @@ -28,20 +28,20 @@ class C { [source,cpp,diff-id=1,diff-type=compliant] ---- struct S { - private: - void method(); - int member; +private: + void f1(); + void f2(); }; class C { - int member; - void method(); + void f1(); + void f2(); }; ---- === Exceptions -An access specifier at the very beginning of a ``++class++`` or ``++struct++`` that matches the default access level is ignored even when it doesn't change any accessibility levels. +An access specifier at the very beginning of a `class` or `struct` that matches the default access level is ignored even when it doesn't change any accessibility levels. [source,cpp] ---- @@ -54,7 +54,7 @@ struct S { // ... }; ---- -Such a specifier is redundant but ignored to allow ``++class++``es and ``++struct++``s to be described uniformly. +Such a specifier is redundant but ignored to allow ``class``es and ``struct``s to be described uniformly. [source,cpp] ---- @@ -80,6 +80,48 @@ struct S { }; ---- +Additionally, many people use an access specifier not to change the access level but as a visual separator between member functions and member variables of a class. This rule does not raise an issue on this pattern: + +[source,cpp] +---- +class C { +public: + void f1(); + +private: + void f2(); + void f3(); + +private: // redundant but accepted: separates functions from variables + int m1; + +} +---- + +Finally, Qt meta-object system makes use of some custom (macro-based) access specifiers. Even when they have no impact on the access level of the following members according to the {cpp} definition, they are accepted as long as they differ in spelling: + +[source,cpp] +---- +class Counter : public QObject { + Q_OBJECT +public: + Counter() { m_value = 0; } + int value() const { return m_value; } + +public slots: // equivalent to "public" but accepted + void setValue(int value); + +signals: // equivalent to "public" but accepted + void keyChanged(int newValue); + +signals: // Noncompliant; does not change accessibility level + void valueChanged(int newValue); + +private: + int m_key; + int m_value; +}; +---- ifdef::env-github,rspecator-view[] diff --git a/rules/S3541/cfamily/metadata.json b/rules/S3541/cfamily/metadata.json index b57157d339b..53aa03b636b 100644 --- a/rules/S3541/cfamily/metadata.json +++ b/rules/S3541/cfamily/metadata.json @@ -7,15 +7,12 @@ }, "attribute": "CLEAR" }, - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "2min" }, - "tags": [ - "redundant", - "clumsy" - ], + "tags": [], "extra": { "replacementRules": [ @@ -28,8 +25,6 @@ "ruleSpecification": "RSPEC-3541", "sqKey": "S3541", "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3546/java/metadata.json b/rules/S3546/java/metadata.json index 93c1936fb7c..82d41875e42 100644 --- a/rules/S3546/java/metadata.json +++ b/rules/S3546/java/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -17,19 +17,13 @@ "symbolic-execution" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3546", "sqKey": "S3546", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3548/cfamily/metadata.json b/rules/S3548/cfamily/metadata.json index 700c6118657..96e090c462e 100644 --- a/rules/S3548/cfamily/metadata.json +++ b/rules/S3548/cfamily/metadata.json @@ -16,12 +16,8 @@ "clumsy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-3548", @@ -30,5 +26,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S3553/java/metadata.json b/rules/S3553/java/metadata.json index d0d66e1f0bf..bc3df6415e0 100644 --- a/rules/S3553/java/metadata.json +++ b/rules/S3553/java/metadata.json @@ -16,19 +16,13 @@ "clumsy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3553", "sqKey": "S3553", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3562/cfamily/metadata.json b/rules/S3562/cfamily/metadata.json index 09c4cd8dd12..0db3279e44b 100644 --- a/rules/S3562/cfamily/metadata.json +++ b/rules/S3562/cfamily/metadata.json @@ -1,34 +1,3 @@ { - "title": "\"switch\" statements should cover all cases", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "10min" - }, - "tags": [ - "suspicious" - ], - "extra": { - "replacementRules": [ - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-3562", - "sqKey": "S3562", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S3562/cfamily/rule.adoc b/rules/S3562/cfamily/rule.adoc index 929fc82236f..fb5e122978e 100644 --- a/rules/S3562/cfamily/rule.adoc +++ b/rules/S3562/cfamily/rule.adoc @@ -88,7 +88,7 @@ void example(fruit f) { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#enum2-use-enumerations-to-represent-sets-of-related-named-constants[{cpp} Core Guidelines - Enum.2] - Use enumerations to represent sets of related named constants +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#enum2-use-enumerations-to-represent-sets-of-related-named-constants[Enum.2: Use enumerations to represent sets of related named constants] === Related rules diff --git a/rules/S3562/dart/metadata.json b/rules/S3562/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S3562/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S3562/dart/rule.adoc b/rules/S3562/dart/rule.adoc new file mode 100644 index 00000000000..734378b928c --- /dev/null +++ b/rules/S3562/dart/rule.adoc @@ -0,0 +1,117 @@ +== Why is this an issue? + +For completeness, a `switch` over the values of an `enum` must either address each value in the `enum` or contain a `default` case. `switch` statements that are not over `enum` must end with a `default` case. This exhaustiveness is enforced by compiler. However, in the code there might be other enum-like classes which are not enums according to compiler, but the switch over its constants was intended to be exhaustive. + +This rule with raise an issue when switch over such enum-like classes doesn't cover all cases. + +Enum-like classes are classes that: + +* are defined as non-abstract +* have only one private non-factory constructor +* have two or more static const fields whose type is the enclosing class +* no subclasses of the class is in the defining library + + +=== Noncompliant code example + +[source,dart] +---- +class MyEnum { + final int i; + const EnumLike._(this.i); + + static const a = MyEnum._(1); + static const b = MyEnum._(2); + static const c = MyEnum._(3); +} + +void foo(MyEnum e) { + switch(e) { // Noncompliant, case 'b' is missing + case MyEnum.a: + print('a'); + case MyEnum.b: + print('b'); + } +} +---- + + +=== Compliant solution + +[source,dart] +---- +class MyEnum { + final int i; + const EnumLike._(this.i); + + static const a = MyEnum._(1); + static const b = MyEnum._(2); + static const c = MyEnum._(3); +} + +void foo(MyEnum e) { + switch(e) { + case MyEnum.a: + print('a'); + case MyEnum.b: + print('b'); + case MyEnum.c: + print('c'); + } +} +---- +or + +[source,dart] +---- +class MyEnum { + final int i; + const EnumLike._(this.i); + + static const a = MyEnum._(1); + static const b = MyEnum._(2); + static const c = MyEnum._(3); +} + +void foo(MyEnum e) { + switch(e) { + case MyEnum.a: + print('a'); + break; + case MyEnum.b: + print('b'); + break; + default: + print('default'); + } +} +---- + + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/exhaustive_cases[Dart Linter rule - exhaustive_cases] +* Dart Docs - https://dart.dev/language/branches#exhaustiveness-checking[Exhaustiveness checking] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Missing case clauses for some constants in ''. + +The rule is triggered as many times as the number of missing case clauses. + +=== Highlighting + +The `switch` keyword and the expression in parentheses. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S3562/metadata.json b/rules/S3562/metadata.json index 2c63c085104..0a10aaf4e2e 100644 --- a/rules/S3562/metadata.json +++ b/rules/S3562/metadata.json @@ -1,2 +1,34 @@ { + "title": "\"switch\" statements should cover all cases", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "10min" + }, + "tags": [ + "suspicious" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-3562", + "sqKey": "S3562", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "infeasible" } diff --git a/rules/S3574/cfamily/metadata.json b/rules/S3574/cfamily/metadata.json index 1b4281c5f29..bb81d5453cd 100644 --- a/rules/S3574/cfamily/metadata.json +++ b/rules/S3574/cfamily/metadata.json @@ -17,12 +17,8 @@ "since-c++11" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-3574", @@ -31,5 +27,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S3574/cfamily/rule.adoc b/rules/S3574/cfamily/rule.adoc index e2ea8d12458..555aee4bfa3 100644 --- a/rules/S3574/cfamily/rule.adoc +++ b/rules/S3574/cfamily/rule.adoc @@ -34,7 +34,7 @@ The issue is raised when explicit return types are used. There are a few exceptions to this rule. First, no issue is raised when the compiler is not deducing the same type by itself. -This can happens when a conversion is requested. +This can happen when a conversion is requested. [source,cpp] ---- @@ -65,7 +65,7 @@ This can have an impact on both correctness and performance. ---- Additionally, no issues are raised when the deduction of the return type is not available. -This is the case with C++20 coroutines in their lambda form. +This is the case with {cpp}20 coroutines in their lambda form. [source,cpp] ---- diff --git a/rules/S3584/cfamily/metadata.json b/rules/S3584/cfamily/metadata.json index c00fd2d00b0..ae22a0a0f56 100644 --- a/rules/S3584/cfamily/metadata.json +++ b/rules/S3584/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -20,12 +20,8 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3584", diff --git a/rules/S3584/cfamily/rule.adoc b/rules/S3584/cfamily/rule.adoc index 8eadf8b8a66..ae423a09bfd 100644 --- a/rules/S3584/cfamily/rule.adoc +++ b/rules/S3584/cfamily/rule.adoc @@ -225,7 +225,7 @@ bool fire(Point pos, Direction dir, State const& s) { === Standards -* CWE - https://cwe.mitre.org/data/definitions/401[401 Improper Release of Memory Before Removing Last Reference ('Memory Leak')] +* CWE - https://cwe.mitre.org/data/definitions/401[CWE-401 Improper Release of Memory Before Removing Last Reference ('Memory Leak')] * CERT - https://wiki.sei.cmu.edu/confluence/x/FtYxBQ[MEM00-C. Allocate and free memory in the same module, at the same level of abstraction] * CERT - https://wiki.sei.cmu.edu/confluence/x/GNYxBQ[MEM31-C. Free dynamically allocated memory when no longer needed] diff --git a/rules/S3588/cfamily/metadata.json b/rules/S3588/cfamily/metadata.json index 4a53f23d071..38277ed35f8 100644 --- a/rules/S3588/cfamily/metadata.json +++ b/rules/S3588/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3588", diff --git a/rules/S3590/cfamily/metadata.json b/rules/S3590/cfamily/metadata.json index 0613581f141..a1104b9ecdb 100644 --- a/rules/S3590/cfamily/metadata.json +++ b/rules/S3590/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "unpredictable" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3590", diff --git a/rules/S3599/java/metadata.json b/rules/S3599/java/metadata.json index e1c8a1cfa2d..d1fcbaa8a58 100644 --- a/rules/S3599/java/metadata.json +++ b/rules/S3599/java/metadata.json @@ -16,17 +16,13 @@ "leak" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-3599", "sqKey": "S3599", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3603/description.adoc b/rules/S3603/description.adoc index 1e46946c283..1b01afad1f9 100644 --- a/rules/S3603/description.adoc +++ b/rules/S3603/description.adoc @@ -1,5 +1,5 @@ == Why is this an issue? -Marking a method with the https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.contracts.pureattribute[`Pure`] attribute indicates that the method doesn't make any visible state changes. Therefore, a `Pure` method should return a result otherwise it indicates a no-operation call. +Marking a method with the https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.contracts.pureattribute[`Pure`] attribute indicates that the method doesn't make any visible state changes. Therefore, a `Pure` method should return a result. Otherwise, it indicates a no-operation call. Using `Pure` on a `void` method is either by mistake or the method is not doing a meaningful task. diff --git a/rules/S3618/metadata.json b/rules/S3618/metadata.json index e6aaf3c4b9d..6d776c6e017 100644 --- a/rules/S3618/metadata.json +++ b/rules/S3618/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "sql" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3618", diff --git a/rules/S3618/plsql/rule.adoc b/rules/S3618/plsql/rule.adoc index ab39b36bfe5..7fbc25b1f26 100644 --- a/rules/S3618/plsql/rule.adoc +++ b/rules/S3618/plsql/rule.adoc @@ -1,42 +1,54 @@ == Why is this an issue? -Any insert which omits a value for a ``++NOT NULL++`` column in a database table will be automatically rejected by the database unless a default value has been specified for the column. +Any insert which omits a value for a `NOT NULL` column in a database table will be automatically rejected by the database unless a default value has been specified for the column. +include::../../../shared_content/plsql/data_dictionary.adoc[] -*Noteworthy* +== How to fix it -This rule raises issues only when a *Data Dictionary* is provided during the analysis. See https://docs.sonarqube.org/latest/analysis/languages/plsql/ +Ensure that all `NOT NULL` columns have a value specified in the `INSERT` statement. -=== Noncompliant code example +=== Code examples -With the table ``++MY_TABLE++`` having a ``++NOT NULL++`` column ``++N2++`` without default value and a ``++NOT NULL++`` column ``++N3++`` with default value: +Given the following table: [source,sql] ---- - INSERT INTO MY_TABLE -- Noncompliant; N2 value omitted - ( - N1 - ) - VALUES - ( - 1 - ) +CREATE TABLE MY_TABLE ( + N1 NUMBER NOT NULL, + N2 VARCHAR2(50) NOT NULL, + N3 VARCHAR2(50) DEFAULT 'Default Value' +); +---- + +==== Noncompliant code example + +[source,sql,diff-id=1,diff-type=noncompliant] +---- +INSERT INTO MY_TABLE -- Noncompliant; N2 value omitted +( + N1 +) +VALUES +( + 1 +) ---- === Compliant solution -[source,sql] +[source,sql,diff-id=1,diff-type=compliant] ---- - INSERT INTO MY_TABLE -- Compliant even though N3 value not supplied - ( - N1, - N2 - ) - VALUES - ( - 1, - 'Paul' - ) +INSERT INTO MY_TABLE -- Compliant; N3 has a default value +( + N1, + N2 +) +VALUES +( + 1, + 'Paul' +) ---- ifdef::env-github,rspecator-view[] diff --git a/rules/S3624/cfamily/metadata.json b/rules/S3624/cfamily/metadata.json index aaa98d6929d..663b0ae8dfc 100644 --- a/rules/S3624/cfamily/metadata.json +++ b/rules/S3624/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "When the \"Rule-of-Zero\" is not applicable, the \"Rule-of-Five\" should be followed", + "title": "Classes should have regular copy and move semantic", "type": "CODE_SMELL", "code": { "impacts": { diff --git a/rules/S3624/cfamily/rule.adoc b/rules/S3624/cfamily/rule.adoc index cba02bb08bf..9d87fbae034 100644 --- a/rules/S3624/cfamily/rule.adoc +++ b/rules/S3624/cfamily/rule.adoc @@ -1,109 +1,167 @@ +When a class cannot follow the Rule of Zero, its special members should follow one of a few logical patterns. + == Why is this an issue? -In {cpp}, you should not directly manipulate resources (a database transaction, a network connection, a mutex lock) but encapsulate them in RAII (_Resource Acquisition Is Initialization_) wrapper classes that will allow you to manipulate them safely. When defining one of those wrapper classes, you cannot rely on the compiler-generated special member functions to manage the class' resources for you (see the Rule-of-Zero, S4963). You must define those functions yourself to make sure the class' resources are properly copied, moved, and destroyed. +Most classes should not directly handle resources, but instead, use member variables of a type that wraps individual resources and do resource handling for them: + +* For memory, it can be ``++std::unique_ptr++``, ``++std::shared_ptr++``, ``++std::vector++``... +* For files, it can be ``++std::ofstream++``, ``++std::ifstream++``... +* ... + +Classes that avoid directly handling resources don't need to define any of the special member functions required to properly handle resources: destructor, copy constructor, move constructor, copy assignment operator, and move assignment operator. That's because the versions of those functions provided by the compiler do the right thing automatically, which is especially useful because writing these functions correctly is typically tricky and error-prone. + +Omitting all of these functions from a class is known as the Rule of Zero because no special function should be defined. This rule should apply to the vast majority of classes. + +[source,cpp] +---- +// Compliant: vector and unique_ptr handle the resources for us +// we don't need to declare any special member function +class RuleOfZero { +public: + void useResource(); + void addValue(Value const& value); + Value getValueAtIndex(int index); +private: + std::unique_ptr resource = std::make_unique(); + std::vector values; +}; +---- + +The remaining classes that cannot use the Rule of Zero should be dedicated to managing a specific kind of resource and should follow a few logical rules: + +* Copy operations only make sense when the corresponding move operations are available. That is because move operations are optimized copy operations allowed to steal resources from the source (the source is an r-value). At worst, copying is a valid implementation of move operations. + +* Copy and move assignment operators only make sense when the corresponding constructor is available. +* If you need to customize one of the special member functions, it means that you directly handle resources and the other special member functions probably have a role to play in this resource management. Using `= default` only performs memberwise operations. -In that case, make sure you consider what should be done for all five special functions (or only the first three before {cpp}11): +From these rules, we can describe three categories among which all classes should fall into. -* The destructor: to release the resource when the wrapper is destroyed -* The copy constructor and the copy-assignment operator: to handle what should happen to the resource when the wrapper is copied (a valid option is to disable those operations with ``++=delete++``) -* The move constructor and the move-assignment operator: to handle what should happen to the resource when the wrapper is moved (since {cpp}11). If you cannot find a way to implement them more efficiently than the copy operations, as an exception to this rule, you can just leave out these operations: the compiler will not generate them and will use the copy operations as a fallback. +=== Copyable classes -The operations mentioned above are interdependent. Letting the compiler generate some of these operations automatically, but not all of them, creates a situation where calling one of these functions may compromise the integrity of the resource. For example, it could result in a double-release of a resource when the wrapper is copied. +Like most simple classes, these classes can be copied and moved. +==== Special member functions for copyable classes -=== Noncompliant code example +* Copy construction and move construction should both be available. + +* Either copy assignment and move assignment are both available, or neither is. + +==== Providing custom special member functions for copyable classes + +If at least one special function needs to be customized, then: + +* You need to provide a custom destructor and a custom copy constructor. + +* The copy assignment needs to be either deleted or customized. + +* If you can optimize the move construction, compared to the copy, you should provide a custom move constructor. Otherwise, you should just omit the move constructor. + +* If the copy assignment is deleted, you need to delete the move assignment. + +* If the copy assignment is customized, you need to provide a move assignment if you can optimize the move operation, compared to the copy. Otherwise, you should just omit the move assignment operator. + +==== Examples of copyable classes [source,cpp] ---- -class FooPointer { // Noncompliant, missing copy constructor and copy-assignment operator - Foo* pFoo; +// Compliant, no copy assignment operator. Move construction will call the copy constructor. +class CountedCopyable { + inline static int count = 0; +public: + CountedCopyable() { count++; } + ~CountedCopyable() { count--; } + CountedCopyable(CountedCopyable const&) {count ++;} + CountedCopyable& operator=(CountedCopyable const&) = delete; +}; + +// Compliant, all members are declared +class VerboseCopyable { public: - FooPointer(int initValue) { - pFoo = new Foo(initValue); - } - ~FooPointer() { - delete pFoo; - } + VerboseCopyable() { std::cout << "Constructor called\n"; } + ~VerboseCopyable() { std::cout << "Destructor called\n"; } + VerboseCopyable(VerboseCopyable const&) { std::cout << "Copy constructor called\n"; } + VerboseCopyable& operator=(VerboseCopyable const&) { std::cout << "Copy assignment operator called\n"; } + VerboseCopyable(VerboseCopyable &&) { std::cout << "Move constructor called\n"; } + VerboseCopyable& operator=(VerboseCopyable &&) { std::cout << "Move assignment operator called\n"; } }; -int main() { - FooPointer a(5); - FooPointer b = a; // implicit copy constructor gives rise to double free memory error - return 0; -} ---- +=== Move-only classes + +These are classes that cannot be copied but can be moved. For example, a class handling a resource that cannot be shared (`std::ofstream` manages an open file handle) or a class whose objects can be very costly to create. -=== Compliant solution +==== Special member functions for move-only classes + +* Move construction is available. + +* Copy construction and copy assignment are not available. + +* Move assignment may be available or not. + +==== Providing custom special member functions for move-only classes + +* You need to provide a custom destructor and a custom move constructor. + +* The move assignment should be either deleted or customized. + +==== Examples of move-only classes [source,cpp] ---- -class FooPointer { // Compliant, although it's usually better to reuse an existing wrapper for memory - Foo* pFoo; +// Compliant, the move assignment operator is implicitly deleted. +class MoveOnlyResourceHandler { + Resource resource; public: - FooPointer(int initValue) { - pFoo = new Foo(initValue); - } - FooPointer(FooPointer& other) { - pFoo = new Foo(other.pFoo->value); - } - FooPointer& operator=(const FooPointer& other) { - int val = other.pFoo->value; - delete pFoo; - pFoo = new Foo(val); - return *this; - } - FooPointer(FooPointer &&fp) noexcept { - pFoo = fp.pFoo; - fp.pFoo = nullptr; - } - FooPointer const & operator=(FooPointer &&fp) { - FooPointer temp(std::move(fp)); - std::swap(temp.pFoo, pFoo); - return *this; - } - ~FooPointer() { - delete pFoo; - } + MoveOnlyResourceHandler() { resource.open(); } + ~MoveOnlyResourceHandler() { resource.close(); } + MoveOnlyResourceHandler(MoveOnlyResourceHandler const& other) { std::swap(other.resource, resource); } }; - -int main() { - FooPointer a(5); - FooPointer b = a; // no error - return 0; -} ---- +=== Unmovable classes -== Resources +These are classes that cannot be copied, nor moved. They cannot escape their current scope. -=== Documentation +==== Special member functions for unmovable classes -* {cpp} reference - https://en.cppreference.com/w/cpp/language/raii[RAII] +All copy and move operations are deleted. -=== Standards +==== Examples of unmovable classes -* CERT - https://wiki.sei.cmu.edu/confluence/x/oHs-BQ[OOP54-CPP. - Gracefully handle self-copy assignment] +[source,cpp] +---- +// Compliant, deleting the move assignment operator implicitly deletes all implicit special member functions +class UnmovableResource { + Resource resource; +public: + UnmovableResource() { resource.open(); } + ~UnmovableResource() { resource.close(); } + UnmovableResource& operator=(UnmovableResource&&) = delete; +}; +---- +== Resources -ifdef::env-github,rspecator-view[] +=== Documentation -''' -== Implementation Specification -(visible only on this page) +* {cpp} reference - https://en.cppreference.com/w/cpp/language/raii[RAII] -=== Message +=== Standards + +* MISRA {cpp}23 15.0.1 - "Special member functions" shall be provided appropriately -Explicitly define the missing "[copy constructor|copy-assignment operator|destructor|move constructor|move-assignment operator]" so that it will not be implicitly provided. +=== External coding guidelines +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c20-if-you-can-avoid-defining-default-operations-do[C.20: If you can avoid defining default operations, do] -=== Highlighting +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c21-if-you-define-or-delete-any-copy-move-or-destructor-function-define-or-delete-them-all[C.21: If you define or =delete any copy, move, or destructor function, define or =delete them all] -class name +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c22-make-default-operations-consistent[C.22: Make default operations consistent] +ifdef::env-github,rspecator-view[] -''' == Comments And Links (visible only on this page) @@ -112,7 +170,7 @@ class name === relates to: S4963 === on 1 Jun 2016, 17:29:31 Ann Campbell wrote: -\[~alban.auzeill], you mentioned in our discussion something about not raising false positives when the move constructor and move-assignment operator are missing. I didn't really get the details of that, so it's not included here and we'll probably need to add it. Feel free to stub the details in or add them in a comment. +\[~alban.auzeill], you mentioned in our discussion something about not raising false positives when the move constructor and move assignment operator are missing. I didn't really get the details of that, so it's not included here and we'll probably need to add it. Feel free to stub the details in or add them in a comment. Also, I've changed the code samples from IntPointers to FooPointers & added a second compliant solution, which you'll probably want to take a look at. @@ -154,10 +212,10 @@ ex : \https://peach.sonarsource.com/project/issues?id=c-family%3Aclang&issues=AW * Copy constructor and copy assignment operator are defined to keep a counter (or something like that) -* An attribute is a unique_ptr. So the user defines the copy constructor and the copy-assignment operator to copy what is inside the unique_ptr. But there is no need of a destructor as the unique_ptr takes care of it. +* An attribute is a unique_ptr. So the user defines the copy constructor and the copy assignment operator to copy what is inside the unique_ptr. But there is no need of a destructor as the unique_ptr takes care of it. ex : \https://peach.sonarsource.com/project/issues?id=c-family%3Aclang&issues=AWczyhmIUxytsEdVyqnR&open=AWczyhmIUxytsEdVyqnR -* Class which defines the copy constructor and/or copy-assignment operator when it does not need to. This class should apply the "Rule-of-Zero". +* Class which defines the copy constructor and/or copy assignment operator when it does not need to. This class should apply the "Rule-of-Zero". endif::env-github,rspecator-view[] diff --git a/rules/S3626/cfamily/metadata.json b/rules/S3626/cfamily/metadata.json index d860fd4691d..9aac5e629e5 100644 --- a/rules/S3626/cfamily/metadata.json +++ b/rules/S3626/cfamily/metadata.json @@ -1,5 +1,4 @@ { - "defaultQualityProfiles": [ - "Sonar way" - ] + "status": "closed", + "defaultQualityProfiles": [] } diff --git a/rules/S3626/comments-and-links.adoc b/rules/S3626/comments-and-links.adoc index 6be9bf4ac2f..41ad50a1762 100644 --- a/rules/S3626/comments-and-links.adoc +++ b/rules/S3626/comments-and-links.adoc @@ -11,3 +11,5 @@ Note that there is a potential overlap of this rule with RSPEC-1751: uncondition === on 2 Jun 2016, 14:05:22 Ann Campbell wrote: looks fine [~tamas.vajk] +=== on 26 Mar 2024, 08:15:00 Philipp Dominik Schubert wrote: +We created a circle to discuss CFamily's rules on dead code and decided to disable this rule in the CFamily analyzer since we believe it provides relatively low value and is not even implemented in CFamily's analyzer (cf. https://sonarsource.atlassian.net/browse/CPP-5165). diff --git a/rules/S3626/java/metadata.json b/rules/S3626/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3626/java/metadata.json +++ b/rules/S3626/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3630/cfamily/metadata.json b/rules/S3630/cfamily/metadata.json index 20343b74141..7556d68978e 100644 --- a/rules/S3630/cfamily/metadata.json +++ b/rules/S3630/cfamily/metadata.json @@ -2,5 +2,6 @@ "tags": [ "cppcoreguidelines", "pitfall" - ] -} + ], + "quickfix": "partial" +} \ No newline at end of file diff --git a/rules/S3630/cfamily/rule.adoc b/rules/S3630/cfamily/rule.adoc index 92effbafa4b..2db1e15315c 100644 --- a/rules/S3630/cfamily/rule.adoc +++ b/rules/S3630/cfamily/rule.adoc @@ -1,9 +1,12 @@ == Why is this an issue? -Because ``++reinterpret_cast++`` does not perform any type safety validations, it is capable of performing dangerous conversions between unrelated types. +Because ``++reinterpret_cast++`` does not perform any safety validations, it is capable of dangerous conversions between unrelated types, often leading to undefined behavior. +In some cases, `reinterpret_cast` can be simply replaced by a more focused cast, such as `static_cast`. -Since {cpp}20, a ``++std::bit_cast++`` should be used instead of ``++reinterpret_cast++`` to reinterpret a value as being of a different type of the same length preserving its binary representation, as the behavior of ``++reinterpret_cast++`` is undefined in such case. +If the goal is to reinterpret the binary representation of an object as a value of a different type, `reinterpret_cast` leads to undefined behavior. +Before {cpp}20, the correct way is to use `memcpy` to copy the object's bits. +Since {cpp}20, a better option is available: ``++std::bit_cast++`` allows the reinterpretation of a value as being of a different type of the same length, preserving its binary representation (see also S6181). This rule raises an issue when ``++reinterpret_cast++`` is used. @@ -17,10 +20,11 @@ This rule raises an issue when ``++reinterpret_cast++`` is used. class B : public A { public: void doSomething(){} }; void func(A *a, float f) { - if (B* b = reinterpret_cast(a)) { // Noncompliant - b->doSomething(); - } - int x = *reinterpret_cast(f); // Noncompliant + B* b = reinterpret_cast(a) // Noncompliant, another cast is more appropriate + b->doSomething(); + + static_assert(sizeof(float) == sizeof(uint32_t)); + uint32_t x = reinterpret_cast(f); // Noncompliant and undefined behavior } ---- @@ -36,11 +40,22 @@ This rule raises an issue when ``++reinterpret_cast++`` is used. if (B* b = dynamic_cast(a)) { b->doSomething(); } - int x = std::bit_cast(f); + + static_assert(sizeof(float) == sizeof(uint32_t)); + uint32_t x = std::bit_cast(f); + // Or, before C++20 + uint32_t y; + std::memcpy(&y, &f, sizeof(float)); } ---- +=== Exceptions + +Since those conversions have a well-defined behavior, this rule does not raise an issue when `reinterpret_cast` is used to convert a pointer to: +* ``++char*++``, ``++unsigned char*++``, ``++std::byte*++`` or `const` variants of these types, +* `std::intptr_t,` `std::unintptr_t`, or another integer type with sufficient size. + include::../see.adoc[] diff --git a/rules/S3630/metadata.json b/rules/S3630/metadata.json index cb583bb24fc..03c84622331 100644 --- a/rules/S3630/metadata.json +++ b/rules/S3630/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S3630/see.adoc b/rules/S3630/see.adoc index f52684e69c7..a43789700d5 100644 --- a/rules/S3630/see.adoc +++ b/rules/S3630/see.adoc @@ -1,3 +1,3 @@ == Resources -* CppCoreGuidelines, Type safety profile - Type.1: Don't use reinterpret_cast. +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#prosafety-type-safety-profile[Type.1: Avoid casts] diff --git a/rules/S3631/java/metadata.json b/rules/S3631/java/metadata.json index ce421553916..f48548ccddf 100644 --- a/rules/S3631/java/metadata.json +++ b/rules/S3631/java/metadata.json @@ -16,17 +16,13 @@ "performance" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3631", "sqKey": "S3631", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3641/compliant.adoc b/rules/S3641/compliant.adoc deleted file mode 100644 index 0a265a13177..00000000000 --- a/rules/S3641/compliant.adoc +++ /dev/null @@ -1,15 +0,0 @@ -=== Compliant solution - -[source,text] ----- -SELECT * -FROM my_table -WHERE NOT EXISTS (SELECT 1 FROM another_table WHERE nullable_column = my_table.my_column) ----- - -[source,text] ----- -SELECT * -FROM my_table -WHERE my_column NOT IN (SELECT nullable_column FROM another_table WHERE nullable_column IS NOT NULL) ----- diff --git a/rules/S3641/how.adoc b/rules/S3641/how.adoc new file mode 100644 index 00000000000..312705eac0d --- /dev/null +++ b/rules/S3641/how.adoc @@ -0,0 +1,30 @@ +== How to fix it + +Use `NOT EXISTS` or `IS NOT NULL` instead of `NOT IN` when the subquery may return `NULL` values. + +=== Code examples + +==== Noncompliant code example + +[source,sql] +---- +SELECT * +FROM my_table +WHERE my_column NOT IN (SELECT nullable_column FROM another_table) -- Noncompliant; "nullable_column" may contain 'NULL' value and the whole SELECT query will return nothing +---- + +==== Compliant solution + +[source,sql] +---- +SELECT * +FROM my_table +WHERE NOT EXISTS (SELECT 1 FROM another_table WHERE nullable_column = my_table.my_column) +---- + +[source,sql] +---- +SELECT * +FROM my_table +WHERE my_column NOT IN (SELECT nullable_column FROM another_table WHERE nullable_column IS NOT NULL) +---- diff --git a/rules/S3641/noncompliant.adoc b/rules/S3641/noncompliant.adoc deleted file mode 100644 index 076c91338cc..00000000000 --- a/rules/S3641/noncompliant.adoc +++ /dev/null @@ -1,8 +0,0 @@ -=== Noncompliant code example - -[source,text] ----- -SELECT * -FROM my_table -WHERE my_column NOT IN (SELECT nullable_column FROM another_table) -- Noncompliant; "nullable_column" may contain 'NULL' value and the whole SELECT query will return nothing ----- diff --git a/rules/S3641/plsql/rule.adoc b/rules/S3641/plsql/rule.adoc index 842d96f01fa..6592876ee32 100644 --- a/rules/S3641/plsql/rule.adoc +++ b/rules/S3641/plsql/rule.adoc @@ -1,17 +1,12 @@ == Why is this an issue? -A WHERE clause condition that uses NOT IN with a subquery will have unexpected results if that subquery returns NULL. On the other hand NOT EXISTS subqueries work reliably under the same conditions. +A `WHERE` clause condition that uses `NOT IN` with a subquery will have unexpected results if that subquery returns `NULL`. On the other hand `NOT EXISTS` subqueries work reliably under the same conditions. -This rule raises an issue when NOT IN is used with a subquery where the selected column is nullable. +This rule raises an issue when `NOT IN` is used with a subquery where the selected column is nullable. +include::../../../shared_content/plsql/data_dictionary.adoc[] -*Noteworthy* - -This rule raises issues only when a *Data Dictionary* is provided during the analysis. See https://docs.sonarqube.org/latest/analysis/languages/plsql/ - -include::../noncompliant.adoc[] - -include::../compliant.adoc[] +include::../how.adoc[] ifdef::env-github,rspecator-view[] diff --git a/rules/S3641/tsql/rule.adoc b/rules/S3641/tsql/rule.adoc index aa53b9d710f..2806952316c 100644 --- a/rules/S3641/tsql/rule.adoc +++ b/rules/S3641/tsql/rule.adoc @@ -5,9 +5,7 @@ A ``++WHERE++`` clause condition that uses ``++NOT IN++`` with a subquery will h This rule raises an issue when ``++NOT IN++`` is used with a subquery. This rule doesn't check if the selected column is a nullable column because the rules engine has no information about the table definition. It's up to the developer to review manually if the column is nullable. -include::../noncompliant.adoc[] - -include::../compliant.adoc[] +include::../how.adoc[] ifdef::env-github,rspecator-view[] diff --git a/rules/S3642/cfamily/rule.adoc b/rules/S3642/cfamily/rule.adoc index 1aedaefcde3..19be5ad243b 100644 --- a/rules/S3642/cfamily/rule.adoc +++ b/rules/S3642/cfamily/rule.adoc @@ -78,7 +78,7 @@ When the enum is a private class member, the class encapsulates its use, and the === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#enum3-prefer-class-enums-over-plain-enums[Enum.3 - Prefer class enums over “plain” enums] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#enum3-prefer-class-enums-over-plain-enums[Enum.3: Prefer class enums over "plain" enums] ifdef::env-github,rspecator-view[] diff --git a/rules/S3646/cfamily/metadata.json b/rules/S3646/cfamily/metadata.json index 3712d2c2d79..2d178568c86 100644 --- a/rules/S3646/cfamily/metadata.json +++ b/rules/S3646/cfamily/metadata.json @@ -17,12 +17,8 @@ "confusing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-3646", @@ -31,5 +27,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S3646/cfamily/rule.adoc b/rules/S3646/cfamily/rule.adoc index 0aff07b291e..3997c441fdf 100644 --- a/rules/S3646/cfamily/rule.adoc +++ b/rules/S3646/cfamily/rule.adoc @@ -25,7 +25,7 @@ Container container; == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#Rc-standalone[{cpp} Core Guidelines C.7] - Don't define a class or enum and declare a variable of its type in the same statement +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c7-dont-define-a-class-or-enum-and-declare-a-variable-of-its-type-in-the-same-statement[C.7: Don't define a class or enum and declare a variable of its type in the same statement] diff --git a/rules/S3649/common/resources/standards.adoc b/rules/S3649/common/resources/standards.adoc index 77b448af5f8..a382d152ef2 100644 --- a/rules/S3649/common/resources/standards.adoc +++ b/rules/S3649/common/resources/standards.adoc @@ -1,7 +1,10 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command] * https://wiki.sei.cmu.edu/confluence/x/ITdGBQ[CERT, IDS00-J.] - Prevent SQL injection +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222607[Application Security and Development: V-222607] - The application must not be vulnerable to SQL Injection. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S3649/java/how-to-fix-it/cassandra.adoc b/rules/S3649/java/how-to-fix-it/cassandra.adoc new file mode 100644 index 00000000000..acae0c36d5c --- /dev/null +++ b/rules/S3649/java/how-to-fix-it/cassandra.adoc @@ -0,0 +1,66 @@ +== How to fix it in Spring Data Cassandra + +=== Code examples + +The following code is an example of a simple API endpoint designed to read public messages. It is vulnerable to CQL injection because user-controlled data is inserted directly into a query string. The application assumes that incoming data always has a specific range of characters and ignores that some characters may change the query logic to a malicious one. + +In this particular case, the query can be exploited with the following values: + + * ``++user=foo'/*++`` + * ``++date=*/AND date = 'xxxx-yy-zz++`` + +By adapting and inserting these values, an attacker can bypass the `private = false` condition and get access to private messages. + +==== Noncompliant code example + +[source,java,diff-id=22,diff-type=noncompliant] +---- +@RestController +public class ApiController +{ + @Autowired + CqlSession cqlSession; + + @GetMapping(value = "/read") + @ResponseBody + public List readPublicOnly( + @RequestParam("user") String user, + @RequestParam("date") String date) + { + String query = "SELECT content FROM app.message WHERE user = '" + user + "' AND private = false AND date = '"+ date +"'"; + + CqlOperations template = new CqlTemplate(cqlSession); + return template.queryForList(query, String.class); //Noncompliant + } +} +---- + +==== Compliant solution + +[source,java,diff-id=22,diff-type=compliant] +---- +@RestController +public class ApiController +{ + @Autowired + CqlSession cqlSession; + + @GetMapping(value = "/read") + @ResponseBody + public List readPublicOnly( + @RequestParam("user") String user, + @RequestParam("date") String date) + { + String query = "SELECT content FROM app.message WHERE user = ? AND private = false AND date = ?"; + + CqlOperations template = new CqlTemplate(cqlSession); + LocalDate filterDate = LocalDate.parse(date); + return template.queryForList(query, String.class, user, filterDate); + } +} +---- + +=== How does this work? + +include::../../common/fix/prepared-statements.adoc[] + diff --git a/rules/S3649/java/how-to-fix-it/couchbase.adoc b/rules/S3649/java/how-to-fix-it/couchbase.adoc new file mode 100644 index 00000000000..2d7799786be --- /dev/null +++ b/rules/S3649/java/how-to-fix-it/couchbase.adoc @@ -0,0 +1,63 @@ +== How to fix it in Couchbase + +=== Code examples + +The following code is vulnerable to SQL++ injection because user-controlled data +is inserted directly into a query string. The application assumes that incoming +data always has a specific range of characters, and ignores that some characters +may change the query logic to a malicious one. + +==== Noncompliant code example + +[source,java,diff-id=31,diff-type=noncompliant] +---- +import com.couchbase.client.java.Cluster; + +@RestController +public class ApiController +{ + private final Cluster couchbaseCluster; + + @GetMapping("/find") + public List find(@RequestParam("name") String name) { + QueryResult result = couchbaseCluster.query("SELECT * FROM `bucket` WHERE name = '" + name + "'"); + return result.rowsAs(Person.class); + } +} +---- + +==== Compliant solution + +[source,java,diff-id=31,diff-type=compliant] +---- +org.springframework.data.couchbase.core.query.Query; + +@RestController +public class ApiController +{ + private final CouchbaseTemplate couchbaseTemplate; + + @GetMapping("/find") + public List find(@RequestParam("name") String name) { + Query query = Query.query(QueryCriteria.where("name").eq(name)); + return couchbaseTemplate.findByQuery(Person.class).matching(query).all(); + } +} +---- + +=== How does this work? + +`QueryCriteria` is used to define the conditions of a query. It offers a fluent +API to specify conditions on the fields of the documents you are querying +against. + +The `Query` class encapsulates the query defined by `QueryCriteria`. It allows +for the specification of additional parameters for the query, such as sorting +and limit. The `Query` object is then used as an argument to the query methods +provided by Couchbase-specific classes, like `CouchbaseTemplate`. + +One of the key advantages of using `Query` and `QueryCriteria` is the inherent +security they provide. They help prevent injection attacks by ensuring that +user-provided input is properly escaped or parameterized, which prevents it from +being interpreted as part of the query itself. This is because these classes do +not rely on string concatenation to build a query. diff --git a/rules/S3649/java/how-to-fix-it/spring-data-neo4j.adoc b/rules/S3649/java/how-to-fix-it/spring-data-neo4j.adoc new file mode 100644 index 00000000000..0fd2c96838d --- /dev/null +++ b/rules/S3649/java/how-to-fix-it/spring-data-neo4j.adoc @@ -0,0 +1,55 @@ +== How to fix it in Spring Data Neo4j + +=== Code examples + +The following code is vulnerable to Cypher injection because user-controlled data +is inserted directly into a query string. The application assumes that incoming +data always has a specific range of characters, and ignores that some characters +may change the query logic to a malicious one. + +==== Noncompliant code example + +[source,java,diff-id=41,diff-type=noncompliant] +---- +import org.springframework.data.neo4j.core.Neo4jTemplate; + +@RestController +public class ApiController +{ + private final Neo4jTemplate neo4jTemplate; + + @GetMapping("/find") + public List find(@RequestParam("name") String name) { + String cypherQuery = "MATCH (n:Person) WHERE n.name = '" + name + "' RETURN n"; + return neo4jTemplate.findAll(cypherQuery, Person.class); + } +} +---- + +==== Compliant solution + +[source,java,diff-id=41,diff-type=compliant] +---- +import org.springframework.data.neo4j.core.Neo4jTemplate; + +@RestController +public class ApiController +{ + private final Neo4jTemplate neo4jTemplate; + + @GetMapping("/find") + public List find(@RequestParam("name") String name) { + String cypherQuery = "MATCH (n:Person) WHERE n.name = $name RETURN n"; + var parameters = new HashMap(); + parameters.put("name", name); + return neo4jTemplate.findAll(cypherQuery, parameters, Person.class); + } +} +---- + +=== How does this work? + +As a rule of thumb, the best approach to protect against injections is to +systematically ensure that untrusted data cannot break out of an interpreted +context. For Neo4j, parameterized queries can securely and efficiently supply +dynamic values to the query at the time of execution. diff --git a/rules/S3649/java/metadata.json b/rules/S3649/java/metadata.json index 17971333806..ddd301d3511 100644 --- a/rules/S3649/java/metadata.json +++ b/rules/S3649/java/metadata.json @@ -1,3 +1,7 @@ { - + "tags": [ + "cwe", + "sql", + "android" + ] } diff --git a/rules/S3649/java/rule.adoc b/rules/S3649/java/rule.adoc index 351cde8051f..b49ffcecb6b 100644 --- a/rules/S3649/java/rule.adoc +++ b/rules/S3649/java/rule.adoc @@ -6,12 +6,18 @@ include::../impact.adoc[] // How to fix it section +include::how-to-fix-it/cassandra.adoc[] + include::how-to-fix-it/java-se.adoc[] include::how-to-fix-it/spring-jdbc.adoc[] +include::how-to-fix-it/spring-data-neo4j.adoc[] + include::how-to-fix-it/hibernate.adoc[] +include::how-to-fix-it/couchbase.adoc[] + == Resources include::../common/resources/docs.adoc[] diff --git a/rules/S3649/javascript/how-to-fix-it/sequelize.adoc b/rules/S3649/javascript/how-to-fix-it/sequelize.adoc index bccc2bf5153..43ab41193f7 100644 --- a/rules/S3649/javascript/how-to-fix-it/sequelize.adoc +++ b/rules/S3649/javascript/how-to-fix-it/sequelize.adoc @@ -11,8 +11,11 @@ include::../../common/fix/code-rationale.adoc[] async function index(req, res) { const { db, User } = req.app.get('sequelize'); + const user = req.query.user; + const pass = req.query.pass; + let loggedInUser = await db.query( - `SELECT * FROM users WHERE user = '${req.query.user}' AND pass = '${req.query.pass}'`, + `SELECT * FROM users WHERE user = '${user}' AND pass = '${pass}'`, { model: User, } @@ -20,7 +23,7 @@ async function index(req, res) { res.send(JSON.stringify(loggedInUser)); res.end(); -}} +} ---- ==== Compliant solution @@ -30,8 +33,8 @@ async function index(req, res) { async function index(req, res) { const { db, User, QueryTypes } = req.app.get('sequelize'); - let user = req.query.user; - let pass = req.query.pass; + const user = req.query.user; + const pass = req.query.pass; let loggedInUser = await db.query( `SELECT * FROM users WHERE user = $user AND pass = $pass`, diff --git a/rules/S3649/metadata.json b/rules/S3649/metadata.json index ed79a6082ad..5cfc2438774 100644 --- a/rules/S3649/metadata.json +++ b/rules/S3649/metadata.json @@ -50,6 +50,10 @@ "5.1.4", "5.3.4", "5.3.5" + ], + "STIG ASD_V5R3": [ + "V-222607", + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S3649/python/how-to-fix-it/sqlalchemy.adoc b/rules/S3649/python/how-to-fix-it/sqlalchemy.adoc index f839c894393..8fa14bfd944 100644 --- a/rules/S3649/python/how-to-fix-it/sqlalchemy.adoc +++ b/rules/S3649/python/how-to-fix-it/sqlalchemy.adoc @@ -27,7 +27,7 @@ import sqlalchemy @app.route('/example') def get_users(): user = request.args["user"] - conn = sqlalchemy.create_engine(connection_string) + engine = sqlalchemy.create_engine(connection_string) conn = engine.connect() conn.execute("SELECT user FROM users WHERE user = '" + user + "'") # Noncompliant @@ -43,7 +43,7 @@ import sqlalchemy @app.route('/example') def get_users(): user = request.args["user"] - conn = sqlalchemy.create_engine(connection_string) + engine = sqlalchemy.create_engine(connection_string) metadata = sqlalchemy.MetaData(bind=conn, reflect=True) users = metadata.tables['users'] conn = engine.connect() diff --git a/rules/S3651/plsql/rule.adoc b/rules/S3651/plsql/rule.adoc index a9e9d3bb85a..fea874b9885 100644 --- a/rules/S3651/plsql/rule.adoc +++ b/rules/S3651/plsql/rule.adoc @@ -1,27 +1,45 @@ == Why is this an issue? -``++WHERE++`` clause conditions that reinforce or contradict the definitions of their columns are useless; they are always either unconditionally true or unconditionally false. For instance, there's no point in including ``++AND column IS NOT NULL++`` if the column is defined as non-null. +Conditions in the `WHERE` clause that either reinforce or contradict the definitions of their columns are redundant, as they are always either unconditionally true or unconditionally false. For example, including `AND column IS NOT NULL` is unnecessary if the column is already defined as non-null. +include::../../../shared_content/plsql/data_dictionary.adoc[] -*Noteworthy* +== How to fix it -This rule raises issues only when a *Data Dictionary* is provided during the analysis. See https://docs.sonarqube.org/latest/analysis/languages/plsql/ +Ensure that the conditions in the `WHERE` clause are not always true or false. -=== Noncompliant code example +=== Code examples + +Given the following table: [source,sql] ---- -CREATE TABLE product -(id INT, - name VARCHAR(6) NOT NULL, - mfg_name VARCHAR(6), - mfg_id INT - ... - -SELECT name, price -FROM product -WHERE name is not null -- Noncompliant; always true. This column is NOT NULL - AND mfg_name = 'Too long name' -- Noncompliant; always false. This column can contain only 6 characters +CREATE TABLE Product +( + Id INT, + Name VARCHAR(6), + Price INT NOT NULL +) +---- + + +==== Noncompliant code example + +[source,sql,diff-id=1,diff-type=noncompliant] +---- +SELECT Name, Price FROM Product +WHERE + Name = 'Too long name' -- Noncompliant; always false. This column can contain only 6 characters + AND Price IS NOT NULL -- Noncompliant; always true. This column is NOT NULL +---- + +==== Compliant solution + +[source,sql,diff-id=1,diff-type=compliant] +---- +SELECT Name, Price FROM Product +WHERE + Name = 'Name' ---- ifdef::env-github,rspecator-view[] diff --git a/rules/S3654/cfamily/metadata.json b/rules/S3654/cfamily/metadata.json index 73695f9ad99..ac61d7045a2 100644 --- a/rules/S3654/cfamily/metadata.json +++ b/rules/S3654/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -18,12 +18,8 @@ "since-c++11" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3654", diff --git a/rules/S3655/csharp/rule.adoc b/rules/S3655/csharp/rule.adoc index 82207f1485d..8659cf9a56c 100644 --- a/rules/S3655/csharp/rule.adoc +++ b/rules/S3655/csharp/rule.adoc @@ -47,6 +47,6 @@ void Sample(bool condition) === Documentation * https://learn.microsoft.com/en-us/dotnet/api/system.nullable-1[Nullable] -* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] include::../rspecator-dotnet.adoc[] diff --git a/rules/S3655/java/metadata.json b/rules/S3655/java/metadata.json index 30bfb33b844..e104ad4426c 100644 --- a/rules/S3655/java/metadata.json +++ b/rules/S3655/java/metadata.json @@ -1,7 +1,3 @@ { - "title": "Optional value should only be accessed after calling isPresent()", - "tags": [ - "cwe", - "symbolic-execution" - ] + "title": "Optional value should only be accessed after calling isPresent()" } diff --git a/rules/S3655/metadata.json b/rules/S3655/metadata.json index ec4fad90a7a..9c5b673de10 100644 --- a/rules/S3655/metadata.json +++ b/rules/S3655/metadata.json @@ -13,7 +13,8 @@ "constantCost": "10min" }, "tags": [ - "cwe" + "cwe", + "symbolic-execution" ], "extra": { "replacementRules": [ diff --git a/rules/S3655/see.adoc b/rules/S3655/see.adoc index 7f70ae9c0bb..dad40290b1a 100644 --- a/rules/S3655/see.adoc +++ b/rules/S3655/see.adoc @@ -1,3 +1,3 @@ == Resources -* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] \ No newline at end of file diff --git a/rules/S3655/vbnet/rule.adoc b/rules/S3655/vbnet/rule.adoc index 04102051bd7..fe56c955cff 100644 --- a/rules/S3655/vbnet/rule.adoc +++ b/rules/S3655/vbnet/rule.adoc @@ -43,6 +43,6 @@ End Sub === Documentation * https://learn.microsoft.com/en-us/dotnet/api/system.nullable-1[Nullable] -* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference] include::../rspecator-dotnet.adoc[] diff --git a/rules/S3656/cfamily/rule.adoc b/rules/S3656/cfamily/rule.adoc index dcb5adeb919..86bd4eb1b24 100644 --- a/rules/S3656/cfamily/rule.adoc +++ b/rules/S3656/cfamily/rule.adoc @@ -77,7 +77,7 @@ Const member variables and reference member variables are ignored since they don == Resources * MISRA {cpp}:2008, 11-0-1 - Member data in non-POD class types shall be private. -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c133-avoid-protected-data[ C.133 - Avoid protected data] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c133-avoid-protected-data[C.133: Avoid `protected` data] ifdef::env-github,rspecator-view[] diff --git a/rules/S3657/cfamily/metadata.json b/rules/S3657/cfamily/metadata.json index ac25aeea78b..765b1bcd1f3 100644 --- a/rules/S3657/cfamily/metadata.json +++ b/rules/S3657/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3657", diff --git a/rules/S3657/cfamily/rule.adoc b/rules/S3657/cfamily/rule.adoc index 9f2e3e27564..4d515d69539 100644 --- a/rules/S3657/cfamily/rule.adoc +++ b/rules/S3657/cfamily/rule.adoc @@ -1,12 +1,12 @@ == Why is this an issue? -{cpp} does not support polymorphic copy or move assignment operators. For example, the signature of a copy assignment operator on a "Base" class would be ``++Base& operator=(const Base& other)++``. +{cpp} does not support polymorphic copy or move assignment operators. For example, the signature of a copy assignment operator on a "Base" class would be ``++Base& operator=(const Base& other)++``. And on a "Derived" class that extends "Base", it would be ``++Derived& operator=(const Derived& other)++``. -Because these are two entirely different method signatures, the second method does not override the first, and adding ``++virtual++`` to the "Base" signature does not change which method is called. +Because these are two entirely different method signatures, the second method does not override the first, and adding ``++virtual++`` to the "Base" signature does not change which method is called. It is possible to add an ``++operator=++`` override in a derived class, but doing so is an indication that you may need to reexamine your application architecture. @@ -46,8 +46,8 @@ public: == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c60-make-copy-assignment-non-virtual-take-the-parameter-by-const-and-return-by-non-const[{cpp} Core Guidelines C.60] - Make copy assignment non-virtual, take the parameter by const&, and return by non-const& -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c63-make-move-assignment-non-virtual-take-the-parameter-by\--and-return-by-non-const-[{cpp} Core Guidelines C.63] - Make move assignment non-virtual, take the parameter by &&, and return by non-const & +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c60-make-copy-assignment-non-virtual-take-the-parameter-by-const-and-return-by-non-const[C.60: Make copy assignment non-`virtual`, take the parameter by `const&`, and return by non-`const&`] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c63-make-move-assignment-non-virtual-take-the-parameter-by\--and-return-by-non-const[C.63: Make move assignment non-`virtual`, take the parameter by `&&`, and return by non-`const&`] ifdef::env-github,rspecator-view[] @@ -73,7 +73,7 @@ Remove this "virtual" specifier; polymorphism should not be used with assignment === relates to: S1023 === on 27 Jun 2016, 21:46:17 Ann Campbell wrote: -\[~alban.auzeill] I've made some edits, but I'm not done. I'm stuck on +\[~alban.auzeill] I've made some edits, but I'm not done. I'm stuck on ____ diff --git a/rules/S3687/cfamily/metadata.json b/rules/S3687/cfamily/metadata.json index 9040a6a6bd2..da3ca380b0d 100644 --- a/rules/S3687/cfamily/metadata.json +++ b/rules/S3687/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "Atomic types should be used instead of \"volatile\" types", + "title": "Local variables and member data should not be volatile", "type": "CODE_SMELL", "code": { "impacts": { @@ -31,6 +31,11 @@ "ruleSpecification": "RSPEC-3687", "sqKey": "S3687", "scope": "All", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222567" + ] + }, "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3687/cfamily/rule.adoc b/rules/S3687/cfamily/rule.adoc index 9d43dbc792e..a9496b7ecd5 100644 --- a/rules/S3687/cfamily/rule.adoc +++ b/rules/S3687/cfamily/rule.adoc @@ -1,17 +1,17 @@ == Why is this an issue? -The main intended use-case for ``++volatile++`` in C and {cpp} is to access data that can be modified by something external to the program, typically some hardware register. In contrast with other languages that provide a ``++volatile++`` keyword, it does not provide any useful guarantees related to atomicity, memory ordering, or inter-thread synchronization. It is only really needed for the kind of low-level code found in kernels or embedded software, i.e. using memory-mapped I/O registers to manipulate hardware directly. +The main intended use-case for ``++volatile++`` in C and {cpp} is to access data that can be modified by something external to the program, typically some hardware register. In contrast with some other languages with a ``++volatile++`` keyword, it does not provide any useful guarantees related to atomicity, memory ordering, or inter-thread synchronization. It is only really needed for the kind of low-level code found in kernels or embedded software, i.e. using memory-mapped I/O registers to manipulate hardware directly. According to the C standard: ____ ``++volatile++`` is a hint to the implementation to avoid aggressive optimization involving the object because the value of the object might be changed by means undetectable by an implementation. - ____ -Only C11/{cpp}11 "atomic types" are free from data races, and you should use them or synchronization primitives if you want to avoid race conditions. +Local variables and data members are completely controlled by the {cpp} language. This means they can't change their value without the compiler knowing about it. Therefore, it doesn't make sense for them to be marked as `volatile`. +If the intent is to share those variables between threads, race conditions can be avoided by using synchronization primitives (such as `std::mutex`) or atomic types (``++_Atomic++`` in C11, `std::atomic` in {cpp}11). This rule raises an issue when a local variable or class data member is declared as ``++volatile++`` (at the top level of the type, pointers to volatile are not reported). @@ -38,8 +38,11 @@ User volatile * pvUser; == Resources +=== Standards + * https://wiki.sei.cmu.edu/confluence/display/c/CON02-C.+Do+not+use+volatile+as+a+synchronization+primitive[CERT CON02-C] - Do not use volatile as a synchronization primitive -* https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cp200-use-volatile-only-to-talk-to-non-c-memory[{cpp} Core Guidelines CP.200] - Use volatile only to talk to non-{cpp} memory +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp200-use-volatile-only-to-talk-to-non-c-memory[CP.200: Use `volatile` only to talk to non-{cpp} memory] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. ifdef::env-github,rspecator-view[] diff --git a/rules/S3688/java/metadata.json b/rules/S3688/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3688/java/metadata.json +++ b/rules/S3688/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3688/jcl/metadata.json b/rules/S3688/jcl/metadata.json new file mode 100644 index 00000000000..68353f60ca5 --- /dev/null +++ b/rules/S3688/jcl/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Track uses of disallowed programs and procedures" +} \ No newline at end of file diff --git a/rules/S3688/jcl/rule.adoc b/rules/S3688/jcl/rule.adoc new file mode 100644 index 00000000000..2bc47931d9e --- /dev/null +++ b/rules/S3688/jcl/rule.adoc @@ -0,0 +1,53 @@ +== Why is this an issue? + +This rule allows banning the use of some programs or procedures. + +=== Code examples + +==== Noncompliant code example + +With ``++programName++`` configured with ``SORT``: + + +[source,jcl] +---- +//EXEC PGM=SORT +//EXEC PROC=SORT +//EXEC SORT +---- + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Remove the use of this forbidden program or procedure. Use {replacementProgramName} instead. + + +=== Parameters + +.progName +**** + +Name of the forbidden program or procedure. Use a regex to forbid multiple programs. + +**** +.replacementProgramName +**** + +Name of the program to use as a replacement of the forbidden one. +**** + + +include::../highlighting.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S3689/cfamily/metadata.json b/rules/S3689/cfamily/metadata.json index 5879e84d319..4336c3104a7 100644 --- a/rules/S3689/cfamily/metadata.json +++ b/rules/S3689/cfamily/metadata.json @@ -1,34 +1,3 @@ { - "title": "Declaration specifiers should not be redundant", - "type": "BUG", - "code": { - "impacts": { - "RELIABILITY": "MEDIUM" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "redundant" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-3689", - "sqKey": "S3689", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" + "title": "Declaration specifiers should not be redundant" } diff --git a/rules/S3689/dart/metadata.json b/rules/S3689/dart/metadata.json new file mode 100644 index 00000000000..849d6907c5e --- /dev/null +++ b/rules/S3689/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "\"const\" modifier should not be redundant" +} diff --git a/rules/S3689/dart/rule.adoc b/rules/S3689/dart/rule.adoc new file mode 100644 index 00000000000..6ade39b992d --- /dev/null +++ b/rules/S3689/dart/rule.adoc @@ -0,0 +1,73 @@ +== Why is this an issue? + +In Dart, `const` is used to declare compile-time constants. It can also be used to declare constant values, typically provided by https://dart.dev/language/constructors#constant-constructors[constant constructors]. This constructor, if used within `const` context will create an instance as a compile-time constant. This is an example of usage of a constant constructor: + +Declaration + +[source,dart] +---- +class Person { + final int age; + final String name; + + const Person(this.age, this.name); +} +---- + +Usage + +[source,dart] +---- +void f() { + var p = const Person(40, 'A'); + var family = const [Person(40, 'A'), Person(39, 'B')]; +} +---- + +When you're already inside the `const` context, there's no need to repeat the keyword. So instead of writing `const [const Person(40, 'A'), const Person(39, 'B')]` you can just write `const [Person(40, 'A'), Person(39, 'B')]`. + +This rule raises an issue when `const` modifier was used within another `const` context + +=== Noncompliant code example + +[source,dart] +---- +void f() { + var family = const [const Person(40, 'A'), const Person(39, 'B')]; +} +---- + + +=== Compliant solution + +[source,dart] +---- +void f() { + var family = const [Person(40, 'A'), Person(39, 'B')]; +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/unnecessary_const[Dart Linter rule - unnecessary_const] +* Dart Docs - https://dart.dev/language/constructors#constant-constructors[Constant constructors] +* Dart Docs - https://dart.dev/language/classes[Dart classes] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Unnecessary 'const' keyword. + + +=== Highlighting + +the const keyword + + +endif::env-github,rspecator-view[] diff --git a/rules/S3689/metadata.json b/rules/S3689/metadata.json index 2c63c085104..add8aeb20d7 100644 --- a/rules/S3689/metadata.json +++ b/rules/S3689/metadata.json @@ -1,2 +1,33 @@ { + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "redundant" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-3689", + "sqKey": "S3689", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S3692/cfamily/metadata.json b/rules/S3692/cfamily/metadata.json index 466a05098fa..d6ff0233594 100644 --- a/rules/S3692/cfamily/metadata.json +++ b/rules/S3692/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -17,12 +17,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3692", diff --git a/rules/S3692/cfamily/rule.adoc b/rules/S3692/cfamily/rule.adoc index 2556010a62a..56238c4b761 100644 --- a/rules/S3692/cfamily/rule.adoc +++ b/rules/S3692/cfamily/rule.adoc @@ -30,7 +30,7 @@ struct Foo { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c87-beware-of\--on-base-classes[{cpp} Core Guidelines C.87] - Beware of ++==++ on base classes +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c87-beware-of\--on-base-classes[C.87: Beware of `==` on base classes] ifdef::env-github,rspecator-view[] diff --git a/rules/S3698/cfamily/rule.adoc b/rules/S3698/cfamily/rule.adoc index 763ce4bb23d..118683c422e 100644 --- a/rules/S3698/cfamily/rule.adoc +++ b/rules/S3698/cfamily/rule.adoc @@ -34,7 +34,7 @@ try { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#Re-exception-types[{cpp} Core Guidelines E.14] - Use purpose-designed user-defined types as exceptions (not built-in types) +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#e14-use-purpose-designed-user-defined-types-as-exceptions-not-built-in-types[E.14: Use purpose-designed user-defined types as exceptions (not built-in types)] ifdef::env-github,rspecator-view[] diff --git a/rules/S3699/python/metadata.json b/rules/S3699/python/metadata.json index 17971333806..ca656ccb0db 100644 --- a/rules/S3699/python/metadata.json +++ b/rules/S3699/python/metadata.json @@ -1,3 +1,5 @@ { - + "tags": [ + "python3" + ] } diff --git a/rules/S3708/cfamily/rule.adoc b/rules/S3708/cfamily/rule.adoc index 7373dc4982c..605e7265b59 100644 --- a/rules/S3708/cfamily/rule.adoc +++ b/rules/S3708/cfamily/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -The {cpp} specification forbids the qualification of reference types with ``++const++`` or ``++volatile++`` unless it happens via a ``++typedef++``, in which case it's ignored. Most compilers treat such direct qualifications as errors, but the Microsoft compiler allows them. +The {cpp} specification forbids the qualification of reference types with ``++const++`` or ``++volatile++`` unless it happens via a ``++typedef++``, in which case it's ignored. Most compilers treat such direct qualifications as errors, but the Microsoft compiler allows them. This rule raises an issue on both types of ``++const++`` qualification. @@ -34,7 +34,7 @@ void example(char c) { == Resources -* https://www.securecoding.cert.org/confluence/display/cplusplus/DCL52-CPP.+Never+qualify+a+reference+type+with+const+or+volatile[CERT, DCL52-CPP.] - Never qualify a reference type with const or volatile +* CERT - https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL52-CPP.+Never+qualify+a+reference+type+with+const+or+volatile[DCL52-CPP. Never qualify a reference type with const or volatile] ifdef::env-github,rspecator-view[] diff --git a/rules/S3715/cfamily/rule.adoc b/rules/S3715/cfamily/rule.adoc index 1211b47fbca..e7cce8b46dc 100644 --- a/rules/S3715/cfamily/rule.adoc +++ b/rules/S3715/cfamily/rule.adoc @@ -11,6 +11,7 @@ Proprietary compiler extensions can be handy, but they commit you to always usin * A structure member initializer with a colon * Decimal floating points numbers ``++_Decimal32++``, ``++_Decimal64++``, and ``++_Decimal128++`` * Structures and union without named data members +* Empty initializers ``= {}`` in pre-C23 code, as the feature was standardized in C23 === Noncompliant code example diff --git a/rules/S3723/metadata.json b/rules/S3723/metadata.json index eec4d00b352..ed41a9028b8 100644 --- a/rules/S3723/metadata.json +++ b/rules/S3723/metadata.json @@ -17,10 +17,16 @@ ] }, - "defaultSeverity": "Minor", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3723", "sqKey": "S3723", "scope": "All", "defaultQualityProfiles": [], - "quickfix": "unknown" + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "FORMATTED" + } } diff --git a/rules/S3725/java/metadata.json b/rules/S3725/java/metadata.json index f316763fea8..0b1bfd0cc7f 100644 --- a/rules/S3725/java/metadata.json +++ b/rules/S3725/java/metadata.json @@ -17,19 +17,13 @@ "java8" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3725", "sqKey": "S3725", - "scope": "All", - "defaultQualityProfiles": [ - - ], + "scope": "Main", + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3729/cfamily/metadata.json b/rules/S3729/cfamily/metadata.json index 41e8daa8ed8..b78d304386e 100644 --- a/rules/S3729/cfamily/metadata.json +++ b/rules/S3729/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -16,12 +16,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3729", diff --git a/rules/S3730/cfamily/metadata.json b/rules/S3730/cfamily/metadata.json index 4e1fd275d8f..66e298f64a7 100644 --- a/rules/S3730/cfamily/metadata.json +++ b/rules/S3730/cfamily/metadata.json @@ -31,5 +31,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S3735/javascript/rule.adoc b/rules/S3735/javascript/rule.adoc index 59a850b282a..7d9f8ebdcf6 100644 --- a/rules/S3735/javascript/rule.adoc +++ b/rules/S3735/javascript/rule.adoc @@ -42,7 +42,7 @@ void function() { }(); ---- -* `void` is allowed with Promise-like objects to mark a promise as intentionally not awaited, as advised by https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/docs/rules/no-floating-promises.md[@typescript-eslint/no-floating-promises]. +* `void` is allowed with Promise-like objects to mark a promise as intentionally not awaited, as advised by https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/docs/rules/no-floating-promises.mdx[@typescript-eslint/no-floating-promises]. [source,javascript] ---- diff --git a/rules/S3740/java/metadata.json b/rules/S3740/java/metadata.json index 00bd5b29fae..b7830a7af8e 100644 --- a/rules/S3740/java/metadata.json +++ b/rules/S3740/java/metadata.json @@ -16,17 +16,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3740", "sqKey": "S3740", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3740/java/rule.adoc b/rules/S3740/java/rule.adoc index aa28e14ddb9..1bb1f62b8c1 100644 --- a/rules/S3740/java/rule.adoc +++ b/rules/S3740/java/rule.adoc @@ -1,4 +1,4 @@ -Generic types should not be used raw (without type parameters). +Generic types should not be used raw (without type arguments). To fix this issue, add the type parameters. == Why is this an issue? @@ -6,18 +6,31 @@ To fix this issue, add the type parameters. A generic type is a generic class or interface that is parameterized over types. For example, `java.util.List` has one type parameter: the type of its elements. -When generic types are used raw (without type parameters), the compiler is not able to do generic type checking. -For this reason, it is sometimes necessary to cast objects and defer type-checking to runtime. +Using generic types raw (without binding arguments to the type parameters) prevents compile-time type checking for expressions that use these type parameters. +Explicit type casts are necessary for them, which do perform a runtime type check that may fail with a `ClassCastException`. === What is the potential impact? -When a cast fails, a `ClassCastException` is thrown and the program most likely crashes. +The compiler cannot assert that the program is inherently type safe. +When a cast fails, a `ClassCastException` is thrown during runtime and the program most likely crashes. Therefore, this issue might impact the availability and reliability of your application. +=== Exceptions + +The rule does not raise an issue for the simple `instanceof` operator, which checks against runtime types where type parameter information has been erased. +Since it does not return a rawly typed instance but a boolean value, it does not prevent compile-time type checking. + +This, however, is not the case for the `cast` operator as well as the extended `instanceof` operator which are both not an exception from this rule. +Since they operate on the erased runtime type as well, they must use wildcard type arguments when checked against a parameterized type (see the examples). + == How to fix it -You should add type parameters. -In the case of collections, the type parameter(s) should correspond to the type of elements that the list is intended to store. +For any usage of parameterized types, bind the type parameters with type arguments. +For example, when a function returns a list of strings, the return type is `List`, where the type parameter `E` in interface `List` is bound with the argument `String`. + +If the concrete binding is unknown, you still should not use the type raw. +Use a wildcard type argument instead, with optional lower or upper bound, such as in `List` for a list whose element type is unknown, +or `List` for a list whose element type is `Number` or a subtype of it. === Code examples @@ -25,37 +38,82 @@ In the case of collections, the type parameter(s) should correspond to the type [source,java,diff-id=1,diff-type=noncompliant] ---- +// List is supposed to store integers only List integers = new ArrayList<>(); -// It is possible to add a string to a list that is supposed to be integers only +// Yet, we can add strings, because we did not give +// this information to the compiler integers.add("Hello World!"); -Integer a = (Integer) integers.get(0); // ClassCastException! +// Type is checked during runtime and will throw a ClassCastException +Integer a = (Integer) integers.get(0); ---- ==== Compliant solution [source,java,diff-id=1,diff-type=compliant] ---- +// List is supposed to store integers, and we let the compiler know List integers = new ArrayList<>(); -// The program does not compile anymore with this mistake: -// integers.add("Hello World!"); +// Now we can add only integers. +// Adding a string results in a compile time error. integers.add(42); -Integer a = integers.get(0); // No need to cast anymore. +// No cast required anymore, and no possible ClassCastException +Integer a = integers.get(0); ---- -=== How does this work? +==== Noncompliant code example -In the noncompliant example, `List` is used as a raw type. -Even though the list stores integers, the compiler will type its elements as `Object`, -To use an element of the list as an integer, it needs to be cast first. -But elements are not garanteed to be integers. -In this case, a `String` is erroneously appended to the list, causing the cast to `Integer` to fail. +[source,java,diff-id=2,diff-type=noncompliant] +---- +String getStringFromForcedList(Object object) { + // Cast expression and instanceof can check runtime type only. + // The solution is _not_ to skip the type argument in that case. + return object instanceof List stringList ? (String) stringList.getFirst(): ""; +} +---- + +==== Compliant solution -When the type parameter is specified, this bug is detected by the compiler during type-checking. -The cast is also unncessary in this case. +[source,java,diff-id=2,diff-type=compliant] +---- +String getStringFromForcedList(Object object) { + // The solution is to use a wildcard type argument in that case. + return object instanceof List stringList ? (String) stringList.getFirst(): ""; +} +---- + +==== Noncompliant code example + +[source,java,diff-id=3,diff-type=noncompliant] +---- +String getStringFromForcedList(Object object) { + return object instanceof List stringList ? (String) stringList.getFirst(): ""; +} + +String returnString() { + Object object = List.of("Hello"); + return getStringFromForcedList(object); +} +---- + +==== Compliant solution + +[source,java,diff-id=3,diff-type=compliant] +---- +Object getObjectFromForcedList(Object object) { + // You may also choose not to make assumptions about type arguments you cannot infer. + return object instanceof List list ? list.getFirst(): ""; +} + +String returnString(Object object) { + // Instead, delegate the decision to use-site, which may have more information. + Object object = List.of("Hello"); + return (String) getObjectFromForcedList(object); +} +---- == Resources diff --git a/rules/S3743/cfamily/rule.adoc b/rules/S3743/cfamily/rule.adoc index 4e33095aad1..b07cdfb9352 100644 --- a/rules/S3743/cfamily/rule.adoc +++ b/rules/S3743/cfamily/rule.adoc @@ -91,12 +91,6 @@ void init() noexcept(true) { // compliant because ... Destructors are not handled by this rule because there is a specific rule about exceptions in destructors (see ExceptionInDestructor). - -== Resources - -* https://www.hlsl.co.uk/blog/2017/12/1/c-noexcept-and-move-constructors-effect-on-performance-in-stl-containers[{cpp} noexcept and move constructors effect on performance in STL containers] - - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3749/java/rule.adoc b/rules/S3749/java/rule.adoc index e248a8b4d0c..525e6e025e1 100644 --- a/rules/S3749/java/rule.adoc +++ b/rules/S3749/java/rule.adoc @@ -1,13 +1,17 @@ == Why is this an issue? -Spring ``++@Component++``, ``++@Controller++``, ``++@Service++``, and ``++@Repository++`` classes are singletons by default, meaning only one instance of the class is ever instantiated in the application. Typically such a class might have a few ``++static++`` members, such as a logger, but all non-``++static++`` members should be managed by Spring. +Spring ``++@Component++``, ``++@Controller++``, ``++@RestController++``,``++@Service++``, and ``++@Repository++`` classes are singletons by default, meaning only one instance of the class is ever instantiated in the application. Typically such a class might have a few ``++static++`` members, such as a logger, but all non-``++static++`` members should be managed by Spring. -This rule raises an issue when a singleton ``++@Component++``, ``++@Controller++``, ``++@Service++``, or ``++@Repository++``, not annotated with ``++@ConfigurationProperties++``, has non-``++static++`` members that are not annotated with one of: +This rule raises an issue when a singleton ``++@Component++``, ``++@Controller++``, ``++@RestController++``, ``++@Service++``, or ``++@Repository++``, not annotated with ``++@ConfigurationProperties++``, has non-``++static++`` members that are not annotated with one of: * ``++org.springframework.beans.factory.annotation.Autowired++`` * ``++org.springframework.beans.factory.annotation.Value++`` * ``++javax.annotation.Inject++`` * ``++javax.annotation.Resource++`` +* ``++javax.persistence.PersistenceContext++`` +* ``++jakarta.annotation.Resource++`` +* ``++jakarta.inject.Inject++`` +* ``++jakarta.persistence.PersistenceContext++`` == How to fix it @@ -36,12 +40,6 @@ public class HelloWorld { } ---- - -== Resources - -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure - - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3751/java/rule.adoc b/rules/S3751/java/rule.adoc index 8c3da2bb288..d2578049d62 100644 --- a/rules/S3751/java/rule.adoc +++ b/rules/S3751/java/rule.adoc @@ -29,7 +29,7 @@ public String greet(String greetee) { == Resources -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] diff --git a/rules/S3752/java/rule.adoc b/rules/S3752/java/rule.adoc index 6c4c4639e6c..3904dff8ab6 100644 --- a/rules/S3752/java/rule.adoc +++ b/rules/S3752/java/rule.adoc @@ -35,10 +35,10 @@ String delete2(@RequestParam("id") String id) { == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF) +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/352[CWE-352 - Cross-Site Request Forgery (CSRF)] * https://owasp.org/www-community/attacks/csrf[OWASP: Cross-Site Request Forgery] * https://docs.spring.io/spring-security/site/docs/5.0.x/reference/html/csrf.html#csrf-use-proper-verbs[Spring Security Official Documentation: Use proper HTTP verbs (CSRF protection)] diff --git a/rules/S3752/python/metadata.json b/rules/S3752/python/metadata.json index 17971333806..5ae88c47999 100644 --- a/rules/S3752/python/metadata.json +++ b/rules/S3752/python/metadata.json @@ -1,3 +1,7 @@ { - + "tags": [ + "cwe", + "flask", + "django" + ] } diff --git a/rules/S3752/python/rule.adoc b/rules/S3752/python/rule.adoc index 791f2d3fa22..e5c8c56d332 100644 --- a/rules/S3752/python/rule.adoc +++ b/rules/S3752/python/rule.adoc @@ -78,10 +78,10 @@ def view(): == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF) +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/352[CWE-352 - Cross-Site Request Forgery (CSRF)] * https://owasp.org/www-community/attacks/csrf[OWASP: Cross-Site Request Forgery] * https://docs.djangoproject.com/en/3.1/topics/http/decorators/#allowed-http-methods[Django] - Allowed HTTP Methods * https://flask.palletsprojects.com/en/1.1.x/quickstart/#http-methods[Flask] - HTTP Methods diff --git a/rules/S3753/java/metadata.json b/rules/S3753/java/metadata.json index eaaa5b9c15e..f0e3b573895 100644 --- a/rules/S3753/java/metadata.json +++ b/rules/S3753/java/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,12 +16,8 @@ "spring" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3753", diff --git a/rules/S3776/dart/metadata.json b/rules/S3776/dart/metadata.json new file mode 100644 index 00000000000..17971333806 --- /dev/null +++ b/rules/S3776/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S3776/dart/rule.adoc b/rules/S3776/dart/rule.adoc new file mode 100644 index 00000000000..b469a9f87d6 --- /dev/null +++ b/rules/S3776/dart/rule.adoc @@ -0,0 +1,13 @@ +include::../intro.adoc[] + +== Why is this an issue? + +include::../why.adoc[] + +=== What is the potential impact? + +include::../impact.adoc[] + +include::../resources.adoc[] + +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S3776/java/metadata.json b/rules/S3776/java/metadata.json index 6bc5ae83403..052b0f361b4 100644 --- a/rules/S3776/java/metadata.json +++ b/rules/S3776/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "Cognitive Complexity of methods should not be too high" + "title": "Cognitive Complexity of methods should not be too high", + "scope": "Main" } diff --git a/rules/S3776/javascript/rule.adoc b/rules/S3776/javascript/rule.adoc index f099aa8a5e1..f3b9def83ea 100644 --- a/rules/S3776/javascript/rule.adoc +++ b/rules/S3776/javascript/rule.adoc @@ -4,10 +4,24 @@ include::../intro.adoc[] include::../why.adoc[] +Note that the calculation of cognitive complexity at function level deviates from the documented process. Given the functional nature of JavaScript, nesting functions is a prevalent practice, especially within frameworks like React.js. Consequently, the cognitive complexity of functions remains independent from one another. This means that the complexity of a nesting function does not increase with the complexity of nested functions. + === What is the potential impact? include::../impact.adoc[] +=== Exceptions + +Cognitive complexity calculations exclude logical expressions using the `||` and `??` operators. + +[source,javascript] +---- +function greet(name) { + name = name || 'Guest'; + console.log('Hello, ' + name + '!'); +} +---- + == How to fix it include::../how-with-null-safe.adoc[] @@ -212,4 +226,4 @@ As this code is complex, ensure that you have unit tests that cover the code bef include::../resources.adoc[] -include::../rspecator.adoc[] \ No newline at end of file +include::../rspecator.adoc[] diff --git a/rules/S3776/why.adoc b/rules/S3776/why.adoc index 801c6091c52..7aa18e859e3 100644 --- a/rules/S3776/why.adoc +++ b/rules/S3776/why.adoc @@ -9,8 +9,8 @@ As a rule of thumb, high cognitive complexity is a sign that the code should be Here are the core concepts: * **Cognitive complexity is incremented each time the code breaks the normal linear reading flow.** + -This concerns, for example: Loop structures, Conditionals, Catches, Switches, Jumps to label and mixed operators in condition. -* **Each nesting level adds a malus to the breaking call.** + +This concerns, for example, loop structures, conditionals, catches, switches, jumps to labels, and conditions mixing multiple operators. +* **Each nesting level increases complexity.** + During code reading, the deeper you go through nested layers, the harder it becomes to keep the context in mind. * **Method calls are free** + A well-picked method name is a summary of multiple lines of code. diff --git a/rules/S3796/javascript/metadata.json b/rules/S3796/javascript/metadata.json index 0679497c4de..d5bfe279fe7 100644 --- a/rules/S3796/javascript/metadata.json +++ b/rules/S3796/javascript/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,12 +16,8 @@ "type-dependent" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3796", diff --git a/rules/S3801/python/metadata.json b/rules/S3801/python/metadata.json index 17971333806..43a738e1753 100644 --- a/rules/S3801/python/metadata.json +++ b/rules/S3801/python/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "design", + "confusing" + ] } diff --git a/rules/S3807/cfamily/rule.adoc b/rules/S3807/cfamily/rule.adoc index e5084db4536..7422625c3bc 100644 --- a/rules/S3807/cfamily/rule.adoc +++ b/rules/S3807/cfamily/rule.adoc @@ -146,7 +146,7 @@ wmemchr, wmemcmp, wmemcpy, wmemmove, wmemcpy, wmemset, write, writev === Standards -* CWE - https://cwe.mitre.org/data/definitions/476[476 NULL Pointer Dereference] +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 NULL Pointer Dereference] CERT - https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[EXP34-C.Do not dereference null pointers] === Related rules diff --git a/rules/S3827/metadata.json b/rules/S3827/metadata.json index fdd8b2af7b0..e86821e5380 100644 --- a/rules/S3827/metadata.json +++ b/rules/S3827/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3827", diff --git a/rules/S3827/python/metadata.json b/rules/S3827/python/metadata.json index d860fd4691d..0a888698826 100644 --- a/rules/S3827/python/metadata.json +++ b/rules/S3827/python/metadata.json @@ -1,5 +1,9 @@ { "defaultQualityProfiles": [ "Sonar way" + ], + "tags": [ + "python3", + "pitfall" ] } diff --git a/rules/S3862/metadata.json b/rules/S3862/metadata.json index 064c5f5850e..b9626bad786 100644 --- a/rules/S3862/metadata.json +++ b/rules/S3862/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3862", diff --git a/rules/S3862/python/metadata.json b/rules/S3862/python/metadata.json index 8b15f9594e1..4a950b1c000 100644 --- a/rules/S3862/python/metadata.json +++ b/rules/S3862/python/metadata.json @@ -2,5 +2,10 @@ "title": "Iterable unpacking, \"for-in\" loops and \"yield from\" should use an Iterable object", "defaultQualityProfiles": [ "Sonar way" + ], + "tags": [ + "pitfall", + "defign", + "typing" ] } diff --git a/rules/S3864/java/metadata.json b/rules/S3864/java/metadata.json index 36c1c8f0d57..83d389a6b6a 100644 --- a/rules/S3864/java/metadata.json +++ b/rules/S3864/java/metadata.json @@ -17,17 +17,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3864", "sqKey": "S3864", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3869/metadata.json b/rules/S3869/metadata.json index d16e7942974..c898d84ac16 100644 --- a/rules/S3869/metadata.json +++ b/rules/S3869/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "unpredictable" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3869", diff --git a/rules/S3871/resources-dotnet.adoc b/rules/S3871/resources-dotnet.adoc index 22170d8f1bd..dcce1283230 100644 --- a/rules/S3871/resources-dotnet.adoc +++ b/rules/S3871/resources-dotnet.adoc @@ -3,7 +3,7 @@ === Documentation -* https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[OWASP Top 10 2017 Category A10] - Insufficient Logging & Monitoring +* OWASP - https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[Top 10 2017 Category A10 - Insufficient Logging & Monitoring] * https://learn.microsoft.com/en-us/dotnet/api/system.exception[Exception] * https://learn.microsoft.com/en-us/dotnet/api/system.systemexception[SystemException] * https://learn.microsoft.com/en-us/dotnet/api/system.applicationexception[ApplicationException] diff --git a/rules/S3875/metadata.json b/rules/S3875/metadata.json index c677d701b99..7aebb8d23d6 100644 --- a/rules/S3875/metadata.json +++ b/rules/S3875/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3875", diff --git a/rules/S3877/metadata.json b/rules/S3877/metadata.json index b22a51f65ab..c6cf8dee7ae 100644 --- a/rules/S3877/metadata.json +++ b/rules/S3877/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3877", @@ -31,4 +27,4 @@ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S3878/csharp/rule.adoc b/rules/S3878/csharp/rule.adoc index 1cd2ab963fb..054979fb7c4 100644 --- a/rules/S3878/csharp/rule.adoc +++ b/rules/S3878/csharp/rule.adoc @@ -1,37 +1,61 @@ == Why is this an issue? -There's no point in creating an array solely for the purpose of passing it to a `params` parameter. Simply pass the elements directly. They will be consolidated into an array automatically. +Creating an array or using a collection expression solely for the purpose of passing it to a `params` parameter is unnecessary. Simply pass the elements directly, and they will be automatically consolidated into the appropriate collection type. -=== Noncompliant code example +== How to fix it -[source,csharp] +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- public void Base() { - Method(new string[] { "s1", "s2" }); // Noncompliant: unnecessary - Method(new string[] { }); // Noncompliant - Method(new string[12]); // Compliant + Method(new string[] { "s1", "s2" }); // Noncompliant: resolves to string[] overload + Method(new string[] { }); // Noncompliant: resolves to string[] overload + Method(["s3", "s4"]); // Noncompliant: resolves to ReadOnlySpan overload + Method(new string[12]); // Compliant: resolves to string[] overload } public void Method(params string[] args) { // ... } + +public void Method(params ReadOnlySpan args) // C# 13 params collections +{ + // C# 13 params collection +} ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- public void Base() { - Method("s1", "s2"); - Method(); - Method(new string[12]); + Method("s1", "s2"); // resolves to ReadOnlySpan overload + Method(); // resolves to ReadOnlySpan overload + Method("s3", "s4"); // resolves to ReadOnlySpan overload + Method(new string[12]); // resolves to string[] overload } public void Method(params string[] args) { - // ... + // .. +} + +public void Method(params ReadOnlySpan args) // C# 13 params collections +{ + // .. } ---- + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/method-parameters#params-modifier[`params` modifier] +* Microsoft Learn - C# 13 https://learn.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-13#params-collections[`params` collections] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/collection-expressions[Collection expressions] diff --git a/rules/S3878/java/metadata.json b/rules/S3878/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3878/java/metadata.json +++ b/rules/S3878/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3881/csharp/rule.adoc b/rules/S3881/csharp/rule.adoc index 2b13ecac1d5..afdda45a460 100644 --- a/rules/S3881/csharp/rule.adoc +++ b/rules/S3881/csharp/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -The ``++IDisposable++`` interface is a mechanism to release unmanaged resources, if not implemented correctly this could result in resource leaks or more severe bugs. +The `IDisposable` interface is a mechanism to release unmanaged resources, if not implemented correctly this could result in resource leaks or more severe bugs. This rule raises an issue when the recommended dispose pattern, as defined by Microsoft, is not adhered to. See the *Compliant Solution* section for examples. @@ -8,14 +8,13 @@ This rule raises an issue when the recommended dispose pattern, as defined by Mi Satisfying the rule's conditions will enable potential derived classes to correctly dispose the members of your class: -* ``++sealed++`` classes are not checked. -* If a base class implements ``++IDisposable++`` your class should not have ``++IDisposable++`` in the list of its interfaces. In such cases it is recommended to override the base class's ``++protected virtual void Dispose(bool)++`` method or its equivalent. -* The class should not implement ``++IDisposable++`` explicitly, e.g. the ``++Dispose()++`` method should be public. -* The class should contain ``++protected virtual void Dispose(bool)++`` method. This method allows the derived classes to correctly dispose the resources of this class. -* The content of the ``++Dispose()++`` method should be invocation of ``++Dispose(true)++`` followed by ``++GC.SuppressFinalize(this)++`` -* If the class has a finalizer, i.e. a destructor, the only code in its body should be a single invocation of ``++Dispose(false)++``. -* If the class inherits from a class that implements ``++IDisposable++`` it must call the ``++Dispose++``, or ``++Dispose(bool)++`` method of the base class from within its own implementation of ``++Dispose++`` or ``++Dispose(bool)++``, respectively. This ensures that all resources from the base class are properly released. - +* `sealed` classes are not checked. +* If a base class implements `IDisposable` your class should not have `IDisposable` in the list of its interfaces. In such cases it is recommended to override the base class's `protected virtual void Dispose(bool)` method or its equivalent. +* The class should not implement `IDisposable` explicitly, e.g. the `Dispose()` method should be public. +* The class should contain `protected virtual void Dispose(bool)` method. This method allows the derived classes to correctly dispose the resources of this class. +* The content of the `Dispose()` method should be invocation of `Dispose(true)` followed by `GC.SuppressFinalize(this)` +* If the class has a finalizer, i.e. a destructor, the only code in its body should be a single invocation of `Dispose(false)`. +* If the class inherits from a class that implements `IDisposable` it must call the `Dispose`, or `Dispose(bool)` method of the base class from within its own implementation of `Dispose` or `Dispose(bool)`, respectively. This ensures that all resources from the base class are properly released. === Noncompliant code example @@ -61,8 +60,7 @@ public class Foo3 : IDisposable { // Cleanup } -}{code} - +} ---- === Compliant solution @@ -128,7 +126,7 @@ public class Foo4 : DisposableBase == Resources -Refer to +=== Documentation * https://msdn.microsoft.com/en-us/library/498928w2.aspx[MSDN] for complete documentation on the dispose pattern. * https://blog.stephencleary.com/2009/08/how-to-implement-idisposable-and.html[Stephen Cleary] for excellent Q&A about IDisposable @@ -144,7 +142,7 @@ ifdef::env-github,rspecator-view[] === Message -Fix this implementation of ``++IDisposable++`` to conform to the dispose pattern. +Fix this implementation of `IDisposable` to conform to the dispose pattern. ''' diff --git a/rules/S3884/metadata.json b/rules/S3884/metadata.json index 4d6a417186b..e0da8353de9 100644 --- a/rules/S3884/metadata.json +++ b/rules/S3884/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,15 +12,10 @@ "func": "Constant\/Issue", "constantCost": "20min" }, - "tags": [ - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3884", @@ -43,7 +38,6 @@ "6.2.4" ] }, - "defaultQualityProfiles": [ - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3884/see.adoc b/rules/S3884/see.adoc index 976752dcc3d..783383cad57 100644 --- a/rules/S3884/see.adoc +++ b/rules/S3884/see.adoc @@ -1,5 +1,5 @@ == Resources -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/648[MITRE, CWE-648] - Incorrect Use of Privileged APIs +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/648[CWE-648 - Incorrect Use of Privileged APIs] diff --git a/rules/S3887/rule.adoc b/rules/S3887/rule.adoc index 9077ca60984..bbfb3f8c2df 100644 --- a/rules/S3887/rule.adoc +++ b/rules/S3887/rule.adoc @@ -6,7 +6,7 @@ This rule raises an issue when a non-private, `readonly` field is an array or co == How to fix it -To fix this, you should either use an https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable?view=net-7.0[Immutable collection] or remove the `readonly` field to clarify the behavior. +To fix this, you should either use an https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable[immutable] or https://learn.microsoft.com/en-us/dotnet/api/system.collections.frozen[frozen] collection or remove the `readonly` modifier to clarify the behavior. === Code examples diff --git a/rules/S3889/metadata.json b/rules/S3889/metadata.json index 5b1728476b1..c2bd0874e82 100644 --- a/rules/S3889/metadata.json +++ b/rules/S3889/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "unpredictable" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3889", diff --git a/rules/S3900/metadata.json b/rules/S3900/metadata.json index 295fc348a5b..964165f8357 100644 --- a/rules/S3900/metadata.json +++ b/rules/S3900/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - "convention" + "convention", + "symbolic-execution" ], "extra": { "replacementRules": [ diff --git a/rules/S3921/cobol/rule.adoc b/rules/S3921/cobol/rule.adoc index ad5d31fd212..db424e954bb 100644 --- a/rules/S3921/cobol/rule.adoc +++ b/rules/S3921/cobol/rule.adoc @@ -27,7 +27,7 @@ Moving a large string into a small field will result in data truncation with dat == Resources -* https://cwe.mitre.org/data/definitions/704[MITRE, CWE-704] - Incorrect Type Conversion or Cast +* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast] === Related rules diff --git a/rules/S3921/plsql/rule.adoc b/rules/S3921/plsql/rule.adoc index 7c248b305bc..6b6f01f59d3 100644 --- a/rules/S3921/plsql/rule.adoc +++ b/rules/S3921/plsql/rule.adoc @@ -2,41 +2,61 @@ Trying to assign a large character value to a smaller variable or column will raise an error. -=== Noncompliant code example +include::../../../shared_content/plsql/data_dictionary.adoc[] -[source,sql] ----- -create table persons (id number, name varchar2(4)); +== How to fix it -insert into persons (id, name) values (1, 'Alice'); -- Noncompliant, raises ORA-12899 +Ensure that the size of the variable or column is large enough to hold the value. -create or replace procedure sp1 -is - foo varchar2(2); -begin - select name into foo from persons where id = 1; -- Noncompliant, may raise ORA-06502 -end; ----- +=== Code examples -=== Compliant solution +==== Noncompliant code example -[source,sql] +[source,sql,diff-id=1,diff-type=noncompliant] +---- +CREATE TABLE Persons +( + Id NUMBER, + Name VARCHAR2(4) +); + +INSERT INTO Persons (Id, Name) VALUES (1, 'Alice'); -- Noncompliant, raises ORA-12899 + +CREATE OR REPLACE PROCEDURE sp1 +IS + foo VARCHAR2(2); +BEGIN + SELECT Name INTO foo FROM Persons WHERE Id = 1; -- Noncompliant, may raise ORA-06502 +END; ---- -create table persons (id number, name varchar2(8)); -insert into persons (id, name) values (1, 'Alice'); +==== Compliant solution -create or replace procedure sp1 -is - foo varchar2(8); -begin - select name into foo from persons where id = 1; -end; +[source,sql,diff-id=1,diff-type=compliant] +---- +CREATE TABLE Persons +( + Id NUMBER, + Name VARCHAR2(8) +); + +INSERT INTO Persons (Id, Name) VALUES (1, 'Alice'); + +CREATE OR REPLACE PROCEDURE sp1 +IS + foo VARCHAR2(8); +BEGIN + SELECT Name INTO foo FROM Persons WHERE Id = 1; +END; ---- == Resources -* https://cwe.mitre.org/data/definitions/704[MITRE, CWE-704] - Incorrect Type Conversion or Cast +=== Documentation + +* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast] +* Oracle Database - https://docs.oracle.com/en/error-help/db/ora-12899[ORA-12899] +* Oracle Database - https://docs.oracle.com/en/error-help/db/ora-06502[ORA-06502] ifdef::env-github,rspecator-view[] diff --git a/rules/S3923/cfamily/metadata.json b/rules/S3923/cfamily/metadata.json index d860fd4691d..f0d23d85aa3 100644 --- a/rules/S3923/cfamily/metadata.json +++ b/rules/S3923/cfamily/metadata.json @@ -1,4 +1,10 @@ { + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + }, "defaultQualityProfiles": [ "Sonar way" ] diff --git a/rules/S3923/cfamily/rule.adoc b/rules/S3923/cfamily/rule.adoc index c45be3615f0..7bc7ce4e2d1 100644 --- a/rules/S3923/cfamily/rule.adoc +++ b/rules/S3923/cfamily/rule.adoc @@ -1,4 +1,44 @@ -include::../rule.adoc[] +== Why is this an issue? + +Having all branches of an `if` chain, `switch` statement or ternary operator with the same implementation indicates a problem. The conditional structure is pointless, because the same code will be executed regardless of the conditions. + +In the following code: + +include::../common/code-example.adoc[] + +Either there is a copy-paste error that should be fixed; or the `if` chain, `switch` statement or ternary operator is unecessary and should be removed. + +This rule triggers when all branches, _including the default branch_, are identical. +The default branch is the one that is executed when none of the conditions of the structure are satisfied. This branch may present itself explicitly, implicitly, or by construction. + +[source,cpp] +---- +if (a == 0) b == 1; +else b == 2; // explicit default branch + +int func() { + if (a == 0) return 1; + return 2; // implicit default branch +} + +int b = a == 0 ? 1 : 2; + // ^ default branch by construction + +switch (a) { + case 0: + return 1; + default: // explicit default branch + return 2; +} + +---- + +== Resources + +=== Related rules + +* S1871 - Two branches in a conditional structure should not have exactly the same implementation + ifdef::env-github,rspecator-view[] diff --git a/rules/S3923/description.adoc b/rules/S3923/description.adoc index 94772487676..3f4947d0a32 100644 --- a/rules/S3923/description.adoc +++ b/rules/S3923/description.adoc @@ -4,4 +4,4 @@ In the following code: include::{example}[] -Either there is a copy-paste error that needs fixing or an unnecessary `switch` or `if` chain that needs removing. +Either there is a copy-paste error that needs fixing or an unnecessary `switch` or `if` chain that should be removed. diff --git a/rules/S3923/java/metadata.json b/rules/S3923/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3923/java/metadata.json +++ b/rules/S3923/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3923/jcl/metadata.json b/rules/S3923/jcl/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S3923/jcl/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S3923/jcl/rule.adoc b/rules/S3923/jcl/rule.adoc new file mode 100644 index 00000000000..f492a0447c9 --- /dev/null +++ b/rules/S3923/jcl/rule.adoc @@ -0,0 +1,32 @@ +== Why is this an issue? + +Having all branches of a `IF/THEN/ELSE/ENDIF` statement with the same implementation indicates a problem. + +In the following code: + +[source,jcl] +---- +//IFSTMT1 IF STEP01.RC = 0 THEN +//STEP1 EXEC PROC=DOTHING +// ELSE +//STEP1 EXEC PROC=DOTHING +// ENDIF +---- + +Either there is a copy-paste error that needs fixing or an unnecessary IF chain that needs removing. + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S3923/python/metadata.json b/rules/S3923/python/metadata.json index 9b623610df8..e0c8c614f97 100644 --- a/rules/S3923/python/metadata.json +++ b/rules/S3923/python/metadata.json @@ -1,3 +1,7 @@ { - "quickfix": "covered" + "quickfix": "covered", + "tags": [ + "suspicious", + "convention" + ] } diff --git a/rules/S3927/description.adoc b/rules/S3927/description.adoc index 4c38fe197ca..7661dd3fc20 100644 --- a/rules/S3927/description.adoc +++ b/rules/S3927/description.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Serialization event handlers that don't have the correct signature will not be called, bypassing augmentations to the automated de/serialization. +Serialization event handlers that don't have the correct signature will not be called, bypassing augmentations to automated serialization and deserialization events. A method is designated a serialization event handler by applying one of the following serialization event attributes: @@ -11,4 +11,4 @@ A method is designated a serialization event handler by applying one of the foll Serialization event handlers take a single parameter of type https://learn.microsoft.com/en-us/dotnet/api/system.runtime.serialization.streamingcontext[`StreamingContext`], return `void`, and have `private` visibility. -This rule raises an issue when any of these constraints are not respected. \ No newline at end of file +This rule raises an issue when any of these constraints are not respected. diff --git a/rules/S3928/csharp/rule.adoc b/rules/S3928/csharp/rule.adoc index 16e5b33b83c..ea8ae3938fa 100644 --- a/rules/S3928/csharp/rule.adoc +++ b/rules/S3928/csharp/rule.adoc @@ -3,24 +3,28 @@ Some constructors of the ``++ArgumentException++``, ``++ArgumentNullException++``, ``++ArgumentOutOfRangeException++`` and ``++DuplicateWaitObjectException++`` classes must be fed with a valid parameter name. This rule raises an issue in two cases: * When this parameter name doesn't match any existing ones. -* When a call is made to the default (parameterless) constructor +* When a call is made to the default (parameterless) constructor === Noncompliant code example [source,csharp] ---- -public void Foo(Bar a, int[] b) +public void Foo(Bar a, int[] b) { - throw new ArgumentException(); // Noncompliant - throw new ArgumentException("My error message", "c"); // Noncompliant - throw new ArgumentException("My error message", "c", innerException); // Noncompliant - throw new ArgumentNullException("c"); // Noncompliant - throw new ArgumentNullException("My error message", "c"); // Noncompliant - throw new ArgumentOutOfRangeException("c"); - throw new ArgumentOutOfRangeException("c", "My error message"); // Noncompliant - throw new ArgumentOutOfRangeException("c", b, "My error message"); // Noncompliant - throw new DuplicateWaitObjectException("c", "My error message"); // Noncompliant + throw new ArgumentException(); // Noncompliant + throw new ArgumentException("My error message", "c"); // Noncompliant + throw new ArgumentException("My error message", "c", innerException); // Noncompliant + + throw new ArgumentNullException("c"); // Noncompliant + throw new ArgumentNullException(nameof(c)); // Noncompliant + throw new ArgumentNullException("My error message", "a"); // Noncompliant + + throw new ArgumentOutOfRangeException("c"); // Noncompliant + throw new ArgumentOutOfRangeException("c", "My error message"); // Noncompliant + throw new ArgumentOutOfRangeException("c", b, "My error message"); // Noncompliant + + throw new DuplicateWaitObjectException("c", "My error message"); // Noncompliant } ---- @@ -29,16 +33,19 @@ public void Foo(Bar a, int[] b) [source,csharp] ---- -public void Foo(Bar a, Bar b) +public void Foo(Bar a, int[] b) { throw new ArgumentException("My error message", "a"); - throw new ArgumentException("My error message", "b", innerException); + throw new ArgumentException("My error message", "b", innerException); + throw new ArgumentNullException("a"); throw new ArgumentNullException(nameof(a)); throw new ArgumentNullException("a", "My error message"); + throw new ArgumentOutOfRangeException("b"); throw new ArgumentOutOfRangeException("b", "My error message"); throw new ArgumentOutOfRangeException("b", b, "My error message"); + throw new DuplicateWaitObjectException("b", "My error message"); } ---- @@ -46,7 +53,7 @@ public void Foo(Bar a, Bar b) === Exceptions -The rule won't raise an issue if the parameter name is not a constant value (inline declaration, nameof() or const variable). +The rule won't raise an issue if the parameter name is not a constant value. ifdef::env-github,rspecator-view[] diff --git a/rules/S3931/metadata.json b/rules/S3931/metadata.json index 40729933acb..93d39c14ce8 100644 --- a/rules/S3931/metadata.json +++ b/rules/S3931/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -16,12 +16,8 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3931", diff --git a/rules/S3936/cfamily/metadata.json b/rules/S3936/cfamily/metadata.json index bf1dca95128..4636202c8a2 100644 --- a/rules/S3936/cfamily/metadata.json +++ b/rules/S3936/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "gnu" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-3936", diff --git a/rules/S3937/java/metadata.json b/rules/S3937/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3937/java/metadata.json +++ b/rules/S3937/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3938/cobol/metadata.json b/rules/S3938/cobol/metadata.json index fb70b9a2389..3748c0c5011 100644 --- a/rules/S3938/cobol/metadata.json +++ b/rules/S3938/cobol/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "CONVENTIONAL" }, @@ -12,23 +12,15 @@ "func": "Constant\/Issue", "constantCost": "0min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Info", "ruleSpecification": "RSPEC-3938", "sqKey": "S3938", "scope": "All", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S3941/cfamily/rule.adoc b/rules/S3941/cfamily/rule.adoc index 6afa1be21e2..98fa38a0600 100644 --- a/rules/S3941/cfamily/rule.adoc +++ b/rules/S3941/cfamily/rule.adoc @@ -8,8 +8,6 @@ include::../compliant.adoc[] == Resources -* https://www.securecoding.cert.org/confluence/x/wQA1[CERT, FIO47-C.] - Use valid format strings -* https://www.securecoding.cert.org/confluence/x/e4EyAQ[CERT, FIO00-CPP.] - Take care when creating format strings ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3941/java/rule.adoc b/rules/S3941/java/rule.adoc index 6afa1be21e2..3f88141fba2 100644 --- a/rules/S3941/java/rule.adoc +++ b/rules/S3941/java/rule.adoc @@ -6,11 +6,6 @@ include::../noncompliant.adoc[] include::../compliant.adoc[] -== Resources - -* https://www.securecoding.cert.org/confluence/x/wQA1[CERT, FIO47-C.] - Use valid format strings -* https://www.securecoding.cert.org/confluence/x/e4EyAQ[CERT, FIO00-CPP.] - Take care when creating format strings - ifdef::env-github,rspecator-view[] ''' == Comments And Links diff --git a/rules/S3949/cfamily/metadata.json b/rules/S3949/cfamily/metadata.json index 6cb3eaa5dfb..1f454eefc6c 100644 --- a/rules/S3949/cfamily/metadata.json +++ b/rules/S3949/cfamily/metadata.json @@ -4,6 +4,7 @@ "overflow", "based-on-misra", "cert", + "symbolic-execution", "misra-c2004", "misra-c2012" ], @@ -13,6 +14,9 @@ "securityStandards": { "CERT": [ "INT30-C." + ], + "STIG ASD_V5R3": [ + "V-222612" ] } } diff --git a/rules/S3949/cfamily/rule.adoc b/rules/S3949/cfamily/rule.adoc index 0cef8f70153..dc285d77b69 100644 --- a/rules/S3949/cfamily/rule.adoc +++ b/rules/S3949/cfamily/rule.adoc @@ -20,6 +20,11 @@ void test(char c) { } ---- +== Resources + +include::../common/resources/standards.adoc[] + + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3949/common/resources/standards.adoc b/rules/S3949/common/resources/standards.adoc new file mode 100644 index 00000000000..c80df97e74c --- /dev/null +++ b/rules/S3949/common/resources/standards.adoc @@ -0,0 +1,4 @@ +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. + diff --git a/rules/S3949/csharp/rule.adoc b/rules/S3949/csharp/rule.adoc index 6da585919c0..f22ebc9cb0f 100644 --- a/rules/S3949/csharp/rule.adoc +++ b/rules/S3949/csharp/rule.adoc @@ -33,4 +33,10 @@ public long Transform(int value) } ---- + +== Resources + +include::../common/resources/standards.adoc[] + + include::../rspecator.adoc[] diff --git a/rules/S3949/metadata.json b/rules/S3949/metadata.json index d8d5a6c6287..24e2878c0fd 100644 --- a/rules/S3949/metadata.json +++ b/rules/S3949/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - "overflow" + "overflow", + "symbolic-execution" ], "extra": { "replacementRules": [ @@ -27,8 +28,13 @@ "ruleSpecification": "RSPEC-3949", "sqKey": "S3949", "scope": "All", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222612" + ] + }, "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S3949/vbnet/rule.adoc b/rules/S3949/vbnet/rule.adoc index b51d6c8dc79..b31a4df1aef 100644 --- a/rules/S3949/vbnet/rule.adoc +++ b/rules/S3949/vbnet/rule.adoc @@ -24,4 +24,10 @@ Public Function Transform(Value As Integer) As Long End Function ---- + +== Resources + +include::../common/resources/standards.adoc[] + + include::../rspecator.adoc[] diff --git a/rules/S3955/cfamily/rule.adoc b/rules/S3955/cfamily/rule.adoc index ab0b8b94dc9..1438411368d 100644 --- a/rules/S3955/cfamily/rule.adoc +++ b/rules/S3955/cfamily/rule.adoc @@ -2,7 +2,6 @@ include::../rule.adoc[] == Resources -* https://www.securecoding.cert.org/confluence/x/i4FtAg[CERT, EXP15-C.] - Do not place a semicolon on the same line as an if, for, or while statement ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3955/java/rule.adoc b/rules/S3955/java/rule.adoc index 2447d763adb..1438411368d 100644 --- a/rules/S3955/java/rule.adoc +++ b/rules/S3955/java/rule.adoc @@ -2,8 +2,6 @@ include::../rule.adoc[] == Resources -* https://www.securecoding.cert.org/confluence/x/7gCTAw[CERT, MSC51-J.] - Do not place a semicolon immediately following an if, for, or while condition -* https://www.securecoding.cert.org/confluence/x/i4FtAg[CERT, EXP15-C.] - Do not place a semicolon on the same line as an if, for, or while statement ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S3955/rule.adoc b/rules/S3955/rule.adoc index 914e583f127..0c7dbe98eef 100644 --- a/rules/S3955/rule.adoc +++ b/rules/S3955/rule.adoc @@ -7,9 +7,9 @@ There is no point in creating a branch in the code only to execute an empty stat [source,text] ---- -if(foo); //Noncompliant, the semi-colon must be removed +if(foo); // Noncompliant, the semi-colon must be removed trigger(action1); // executes unconditionally -else if (bar); //Noncompliant, the semi-colon must be removed +else if (bar); // Noncompliant, the semi-colon must be removed trigger(action2); // executes unconditionally while (condition); // Noncompliant diff --git a/rules/S3962/csharp/metadata.json b/rules/S3962/csharp/metadata.json index a3687ac84cc..0db3279e44b 100644 --- a/rules/S3962/csharp/metadata.json +++ b/rules/S3962/csharp/metadata.json @@ -1,34 +1,3 @@ { - "title": "\"static readonly\" constants should be \"const\" instead", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW" - }, - "attribute": "EFFICIENT" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "2min" - }, - "tags": [ - "performance" - ], - "extra": { - "replacementRules": [ - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-3962", - "sqKey": "S3962", - "scope": "All", - "defaultQualityProfiles": [ - - ], - "quickfix": "unknown" } diff --git a/rules/S3962/dart/metadata.json b/rules/S3962/dart/metadata.json new file mode 100644 index 00000000000..880defec175 --- /dev/null +++ b/rules/S3962/dart/metadata.json @@ -0,0 +1,6 @@ +{ + "title": "\"static final\" declarations should be \"const\" instead", + "defaultQualityProfiles": [ + "Sonar way" + ] +} diff --git a/rules/S3962/dart/rule.adoc b/rules/S3962/dart/rule.adoc new file mode 100644 index 00000000000..2a2c7d82c48 --- /dev/null +++ b/rules/S3962/dart/rule.adoc @@ -0,0 +1,49 @@ +== Why is this an issue? + +The value of a ``++final++``or `const` variable can't be changed. In Dart `const` declares a compile-time constant, which will be computed during compilation and this might improve performance. So in general it is recommended to use `const`, where possible. In Dart it is also possible to use `const` to create constant values, as well as to declare constructors that create constant values. `final` declarations initialized with such values should be `const`. + +=== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +final i = 1000; // Noncompliant +final ints = const [1, 2, 3]; // Noncompliant + +class MyClass { + static final name = "NAME"; // Noncompliant +} +---- + + +=== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +const i = 1000; +const ints = [1, 2, 3]; // const after assignment can be omitted + +class MyClass { + static const name = "NAME"; +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_const_declarations[Dart Linter rule - prefer_const_declarations] +* Dart Docs - https://dart.dev/language/variables#final-and-const[Final and const] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Use 'const' for final variables initialized to a constant value. + +=== Highlighting + +declaration + +endif::env-github,rspecator-view[] diff --git a/rules/S3962/metadata.json b/rules/S3962/metadata.json index 2c63c085104..a3687ac84cc 100644 --- a/rules/S3962/metadata.json +++ b/rules/S3962/metadata.json @@ -1,2 +1,34 @@ { + "title": "\"static readonly\" constants should be \"const\" instead", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "EFFICIENT" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "2min" + }, + "tags": [ + "performance" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-3962", + "sqKey": "S3962", + "scope": "All", + "defaultQualityProfiles": [ + + ], + "quickfix": "unknown" } diff --git a/rules/S3966/metadata.json b/rules/S3966/metadata.json index 539e1e541a4..e50bea45241 100644 --- a/rules/S3966/metadata.json +++ b/rules/S3966/metadata.json @@ -14,7 +14,8 @@ }, "tags": [ "confusing", - "pitfall" + "pitfall", + "symbolic-execution" ], "extra": { "replacementRules": [ diff --git a/rules/S3972/java/metadata.json b/rules/S3972/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3972/java/metadata.json +++ b/rules/S3972/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3973/java/metadata.json b/rules/S3973/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3973/java/metadata.json +++ b/rules/S3973/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3981/java/metadata.json b/rules/S3981/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3981/java/metadata.json +++ b/rules/S3981/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3981/metadata.json b/rules/S3981/metadata.json index f34cbace678..db938d3f00e 100644 --- a/rules/S3981/metadata.json +++ b/rules/S3981/metadata.json @@ -13,7 +13,7 @@ "constantCost": "2min" }, "tags": [ - + "confusing" ], "extra": { "replacementRules": [ diff --git a/rules/S3984/java/metadata.json b/rules/S3984/java/metadata.json index 9b623610df8..e8fd53c77a6 100644 --- a/rules/S3984/java/metadata.json +++ b/rules/S3984/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "covered" + "quickfix": "covered", + "scope": "Main" } diff --git a/rules/S3985/java/metadata.json b/rules/S3985/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S3985/java/metadata.json +++ b/rules/S3985/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S3986/java/metadata.json b/rules/S3986/java/metadata.json index 862c09c74db..0ba78b0814e 100644 --- a/rules/S3986/java/metadata.json +++ b/rules/S3986/java/metadata.json @@ -16,17 +16,13 @@ "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-3986", "sqKey": "S3986", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S3993/csharp/rule.adoc b/rules/S3993/csharp/rule.adoc index abd359d283e..4a681f0a24d 100644 --- a/rules/S3993/csharp/rule.adoc +++ b/rules/S3993/csharp/rule.adoc @@ -1,4 +1,56 @@ -include::../rule.adoc[] +== Why is this an issue? + +When defining custom attributes, https://learn.microsoft.com/en-us/dotnet/api/system.attributeusageattribute[AttributeUsageAttribute] must be used to indicate where the attribute can be applied. This will: + +* indicate how the attribute can be used +* prevent it from being used at invalid locations + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +public sealed class MyAttribute : Attribute // Noncompliant - AttributeUsage is missing +{ + private string text; + + public MyAttribute(string text) + { + this.text = text; + } + + public string Text => text; +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +[AttributeUsage(AttributeTargets.Class | AttributeTargets.Enum | AttributeTargets.Interface | AttributeTargets.Delegate)] +public sealed class MyAttribute : Attribute +{ + private string text; + + public MyAttribute(string text) + { + this.text = text; + } + + public string Text => text; +} +---- + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/advanced-topics/reflection-and-attributes/creating-custom-attributes[Create custom attributes] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.attributeusageattribute[AttributeUsageAttribute class] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.attribute[Attribute class] ifdef::env-github,rspecator-view[] diff --git a/rules/S3993/metadata.json b/rules/S3993/metadata.json index 97c321e23ba..d871d480ba3 100644 --- a/rules/S3993/metadata.json +++ b/rules/S3993/metadata.json @@ -28,7 +28,7 @@ "sqKey": "S3993", "scope": "All", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S3993/rule.adoc b/rules/S3993/rule.adoc deleted file mode 100644 index 38d5ed25281..00000000000 --- a/rules/S3993/rule.adoc +++ /dev/null @@ -1,63 +0,0 @@ -== Why is this an issue? - -When defining custom attributes, ``++System.AttributeUsageAttribute++`` must be used to indicate where the attribute can be applied. This will determine its valid locations in the code. - - -=== Noncompliant code example - -[source,text] ----- -using System; - -namespace MyLibrary -{ - - public sealed class MyAttribute :Attribute // Noncompliant - { - string text; - - public MyAttribute(string myText) - { - text = myText; - } - public string Text - { - get - { - return text; - } - } - } -} ----- - - -=== Compliant solution - -[source,text] ----- -using System; - -namespace MyLibrary -{ - - [AttributeUsage(AttributeTargets.Class | AttributeTargets.Enum | AttributeTargets.Interface | AttributeTargets.Delegate)] - public sealed class MyAttribute :Attribute - { - string text; - - public MyAttribute(string myText) - { - text = myText; - } - public string Text - { - get - { - return text; - } - } - } -} ----- - diff --git a/rules/S4027/csharp/rspecator.adoc b/rules/S4027/csharp/rspecator.adoc new file mode 100644 index 00000000000..a5cc92302d5 --- /dev/null +++ b/rules/S4027/csharp/rspecator.adoc @@ -0,0 +1,15 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Implement the missing constructors for this exception. + +=== Highlighting + +Exception class declaration + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S4027/csharp/rule.adoc b/rules/S4027/csharp/rule.adoc index 76904999b1c..d7bd90d7145 100644 --- a/rules/S4027/csharp/rule.adoc +++ b/rules/S4027/csharp/rule.adoc @@ -2,83 +2,56 @@ Exceptions types should provide the following constructors: -* ``++public MyException()++`` -* ``++public MyException(string)++`` -* ``++public MyException(string, Exception)++`` -* ``++protected++`` or ``++private MyException(SerializationInfo, StreamingContext)++`` +* `public MyException()` +* `public MyException(string)` +* `public MyException(string, Exception)` -That fourth constructor should be ``++protected++`` in unsealed classes, and ``++private++`` in sealed classes. +The absence of these constructors can complicate exception handling and limit the information that can be provided when an exception is thrown. +== How to fix it -Not having this full set of constructors can make it difficult to handle exceptions. +=== Code examples +==== Noncompliant code example -=== Noncompliant code example - -[source,csharp] +[source,csharp,diff-id=1,diff-type=noncompliant] ---- -using System; - -namespace MyLibrary +public class MyException : Exception // Noncompliant: several constructors are missing { - public class MyException // Noncompliant: several constructors are missing - { public MyException() { } - } } ---- +==== Compliant solution -=== Compliant solution - -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- -using System; -using System.Runtime.Serialization; - -namespace MyLibrary +public class MyException : Exception { - public class MyException : Exception - { - public MyException() - { - } - - public MyException(string message) - :base(message) - { - } + public MyException() + { + } - public MyException(string message, Exception innerException) - : base(message, innerException) - { - } + public MyException(string message) + : base(message) + { + } - protected MyException(SerializationInfo info, StreamingContext context) - : base(info, context) - { - } - } + public MyException(string message, Exception innerException) + : base(message, innerException) + { + } } ---- +== Resources -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Implement the missing constructors for this exception. - - -=== Highlighting - -Exception class declaration +=== Documentation +* Microsoft Learn: https://learn.microsoft.com/en-us/dotnet/standard/exceptions/how-to-create-user-defined-exceptions[How to create user-defined exceptions] +* Microsoft Learn: https://learn.microsoft.com/en-us/dotnet/api/system.exception[Exception Class] +* Microsoft Learn: https://learn.microsoft.com/en-us/dotnet/csharp/fundamentals/exceptions/creating-and-throwing-exceptions#define-exception-classes[Define exception classes] -endif::env-github,rspecator-view[] +include::./rspecator.adoc[] \ No newline at end of file diff --git a/rules/S4032/java/metadata.json b/rules/S4032/java/metadata.json index e0087a07d1e..4099366f540 100644 --- a/rules/S4032/java/metadata.json +++ b/rules/S4032/java/metadata.json @@ -16,17 +16,13 @@ "unused" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-4032", "sqKey": "S4032", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S4034/java/metadata.json b/rules/S4034/java/metadata.json index d8500cd8df9..5e4b6516687 100644 --- a/rules/S4034/java/metadata.json +++ b/rules/S4034/java/metadata.json @@ -16,17 +16,13 @@ "clumsy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-4034", "sqKey": "S4034", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S4035/csharp/rule.adoc b/rules/S4035/csharp/rule.adoc index a442d065ecc..606e5ba9c20 100644 --- a/rules/S4035/csharp/rule.adoc +++ b/rules/S4035/csharp/rule.adoc @@ -6,7 +6,7 @@ When a class implements the `IEquatable` interface, it enters a contract that Alternatively `IEqualityComparer` provides a safer interface and is used by collections or `Equals` could be made `virtual`. -This rule raises an issue when an unsealed, `public` or `protected` class implements `IEquitable` and the `Equals` is neither `virtual` nor `abstract`. +This rule raises an issue when an unsealed, `public` or `protected` class implements `IEquatable` and the `Equals` is neither `virtual` nor `abstract`. === Noncompliant code example diff --git a/rules/S4036/go/metadata.json b/rules/S4036/go/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S4036/go/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S4036/go/rule.adoc b/rules/S4036/go/rule.adoc new file mode 100644 index 00000000000..6232316b515 --- /dev/null +++ b/rules/S4036/go/rule.adoc @@ -0,0 +1,37 @@ +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +[source,go] +---- +out, _ := exec.Command("ls").CombinedOutput() // Sensitive +---- + +== Compliant Solution + +[source,go] +---- +out, _ := exec.Command("/bin/ls").CombinedOutput() +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S4036/see.adoc b/rules/S4036/see.adoc index 3f7fd3afc17..97554cb596d 100644 --- a/rules/S4036/see.adoc +++ b/rules/S4036/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[OWASP Top 10 2021 Category A8] - Software and Data Integrity Failures -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/426[MITRE, CWE-426] - Untrusted Search Path -* https://cwe.mitre.org/data/definitions/427[MITRE, CWE-427] - Uncontrolled Search Path Element \ No newline at end of file +* OWASP - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[Top 10 2021 Category A8 - Software and Data Integrity Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/426[CWE-426 - Untrusted Search Path] +* CWE - https://cwe.mitre.org/data/definitions/427[CWE-427 - Uncontrolled Search Path Element] \ No newline at end of file diff --git a/rules/S4039/csharp/rule.adoc b/rules/S4039/csharp/rule.adoc index 65399fb0755..b865c935f7f 100644 --- a/rules/S4039/csharp/rule.adoc +++ b/rules/S4039/csharp/rule.adoc @@ -1,14 +1,22 @@ == Why is this an issue? -When a base type explicitly implements a public interface method, that method is only accessible in derived types through a reference to the current instance (namely ``++this++``). If the derived type explicitly overrides that interface method, the base implementation becomes inaccessible. +When a base type explicitly implements a public interface method, property or event, that member is only accessible in derived types through a reference to the current instance (namely `this`). If the derived type explicitly overrides that interface member, the base implementation becomes inaccessible. +This rule raises an issue when an unsealed, externally visible type provides an explicit member implementation of an `interface` and does not provide an alternate, externally visible member with the same name. -This rule raises an issue when an unsealed, externally visible type provides an explicit method implementation of a ``++public interface++`` and does not provide an alternate, externally visible method with the same name. +=== Exceptions + +This rule does not report a violation for an explicit implementation of `IDisposable.Dispose` when an externally visible `Close()` or `System.IDisposable.Dispose(Boolean)` method is provided. + +== How to fix it +Make the class sealed, change the class member to a non-explicit declaration, or provide a new class member exposing the functionality of the explicit interface member. -=== Noncompliant code example +=== Code examples -[source,csharp] +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] ---- public interface IMyInterface { @@ -21,27 +29,13 @@ public class Foo : IMyInterface { MyMethod(); } - - void MyMethod() - { - // Do something ... - } -} - -public class Bar : Foo, IMyInterface -{ - public void MyMethod() - { - // Can't access base.MyMethod() - // ((IMyInterface)this).MyMethod() would be a recursive call - } } ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- public interface IMyInterface { @@ -55,26 +49,19 @@ public class Foo : IMyInterface MyMethod(); } - protected void MyMethod() // or public + // This method can be public or protected + protected void MyMethod() { // Do something ... } } - -public class Bar : Foo, IMyInterface -{ - public void MyMethod() - { - // Do something - base.MyMethod(); - } -} ---- +== Resources -=== Exceptions +=== Documentation -This rule does not report a violation for an explicit implementation of ``++IDisposable.Dispose++`` when an externally visible ``++Close()++`` or ``++System.IDisposable.Dispose(Boolean)++`` method is provided. +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/interfaces/explicit-interface-implementation[Explicit Interface Implementation] ifdef::env-github,rspecator-view[] diff --git a/rules/S4042/java/metadata.json b/rules/S4042/java/metadata.json index 55018cac71f..4bb230d4a67 100644 --- a/rules/S4042/java/metadata.json +++ b/rules/S4042/java/metadata.json @@ -17,17 +17,13 @@ "api-design" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-4042", "sqKey": "S4042", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S4050/csharp/metadata.json b/rules/S4050/csharp/metadata.json index 86c72367b31..a839d0d7945 100644 --- a/rules/S4050/csharp/metadata.json +++ b/rules/S4050/csharp/metadata.json @@ -28,7 +28,7 @@ "sqKey": "S4050", "scope": "All", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S4050/csharp/rule.adoc b/rules/S4050/csharp/rule.adoc index d1fc5be6c66..3b115b4415e 100644 --- a/rules/S4050/csharp/rule.adoc +++ b/rules/S4050/csharp/rule.adoc @@ -1,59 +1,54 @@ == Why is this an issue? -When implementing operator overloads, it is very important to make sure that all related operators and methods are consistent in their implementation. +When overloading some arithmetic operator overloads, it is very important to make sure that all related operators and methods are consistent in their implementation. The following guidelines should be followed: -* When providing ``++operator ==++`` you should also provide ``++operator !=++`` and vice-versa. -* When providing ``++operator ==++`` you should also provide ``++Equals(Object)++`` and ``++GetHashCode()++``. -* When providing ``++operator +, -, *, / or %++`` you should also provide ``++operator ==++``, respecting previous guidelines. +* When providing `operator ==, !=` you should also provide `Equals(Object)` and `GetHashCode()`. +* When providing `operator +, -, *, / or %` you should also provide `operator ==`, respecting the previous guideline. -This rule raises an issue when any of these guidelines are not followed on publicly-visible type (public, protected or protected internal). +This rule raises an issue when any of these guidelines are not followed on a publicly-visible class or struct (`public`, `protected` or `protected internal`). +== How to fix it -=== Noncompliant code example +Make sure to implement all related operators. -[source,csharp] ----- -using System; +=== Code examples + +==== Noncompliant code example -namespace MyLibrary +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +public class Foo // Noncompliant { - public class Foo // Noncompliant - { private int left; private int right; public Foo(int l, int r) { - this.left = l; - this.right = r; + this.left = l; + this.right = r; } public static Foo operator +(Foo a, Foo b) { - return new Foo(a.left + b.left, a.right + b.right); + return new Foo(a.left + b.left, a.right + b.right); } public static Foo operator -(Foo a, Foo b) { - return new Foo(a.left - b.left, a.right - b.right); + return new Foo(a.left - b.left, a.right - b.right); } - } } ---- -=== Compliant solution +==== Compliant solution -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- -using System; - -namespace MyLibrary +public class Foo { - public class Foo - { private int left; private int right; @@ -63,42 +58,48 @@ namespace MyLibrary this.right = r; } - public static Foo operator +(Foo a, Foo b) + public override bool Equals(Object obj) { - return new Foo(a.left + b.left, a.right + b.right); + var a = obj as Foo; + if (a == null) + return false; + return this == a; } - public static Foo operator -(Foo a, Foo b) + public override int GetHashCode() { - return new Foo(a.left - b.left, a.right - b.right); + return HashCode.Combine(right, left); } - public static bool operator ==(Foo a, Foo b) + public static Foo operator +(Foo a, Foo b) { - return (a.left == b.left && a.right == b.right); + return new Foo(a.left + b.left, a.right + b.right); } - public static bool operator !=(Foo a, Foo b) + public static Foo operator -(Foo a, Foo b) { - return !(a == b); + return new Foo(a.left - b.left, a.right - b.right); } - public override bool Equals(Object obj) + public static bool operator ==(Foo a, Foo b) { - Foo a = obj as Foo; - if (a == null) - return false; - return this == a; + return a.left == b.left && a.right == b.right; } - public override int GetHashCode() + public static bool operator !=(Foo a, Foo b) { - return (this.left * 10) + this.right; + return !(a == b); } - } } ---- +== Resources +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/operator-overloading[Operator overloading] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/equality-operators[Equality operators] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/arithmetic-operators[Arithmetic operators (C# reference)] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S4052/csharp/metadata.json b/rules/S4052/csharp/metadata.json index 1cffd7a6d6c..c26a2044d58 100644 --- a/rules/S4052/csharp/metadata.json +++ b/rules/S4052/csharp/metadata.json @@ -28,7 +28,7 @@ "sqKey": "S4052", "scope": "All", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S4052/csharp/rule.adoc b/rules/S4052/csharp/rule.adoc index d71ea722762..0bfeac6528f 100644 --- a/rules/S4052/csharp/rule.adoc +++ b/rules/S4052/csharp/rule.adoc @@ -1,24 +1,26 @@ == Why is this an issue? -With the advent of .NET framework version 2, certain practices have become obsolete. - -In particular, exceptions should now extend ``++System.Exception++`` instead of ``++System.ApplicationException++``. Similarly, generic collections should be used instead of the older, non-generic, ones. Finally when creating an XML view, you should not extend ``++System.Xml.XmlDocument++``. +With the advent of .NET Framework 2.0, certain practices and types have become obsolete. +In particular, exceptions should now extend `System.Exception` instead of `System.ApplicationException`. Similarly, generic collections should be used instead of the older, non-generic, ones. Finally when creating an XML view, you should not extend `System.Xml.XmlDocument`. This rule raises an issue when an externally visible type extends one of these types: -* ``++System.ApplicationException++`` -* ``++System.Xml.XmlDocument++`` -* ``++System.Collections.CollectionBase++`` -* ``++System.Collections.DictionaryBase++`` -* ``++System.Collections.Queue++`` -* ``++System.Collections.ReadOnlyCollectionBase++`` -* ``++System.Collections.SortedList++`` -* ``++System.Collections.Stack++`` +* https://learn.microsoft.com/en-us/dotnet/api/system.applicationexception[System.ApplicationException] +* https://learn.microsoft.com/en-us/dotnet/api/system.xml.xmldocument[System.Xml.XmlDocument] +* https://learn.microsoft.com/en-us/dotnet/api/system.collections.collectionbase[System.Collections.CollectionBase] +* https://learn.microsoft.com/en-us/dotnet/api/system.collections.dictionarybase[System.Collections.DictionaryBase] +* https://learn.microsoft.com/en-us/dotnet/api/system.collections.queue[System.Collections.Queue] +* https://learn.microsoft.com/en-us/dotnet/api/system.collections.readonlycollectionbase[System.Collections.ReadOnlyCollectionBase] +* https://learn.microsoft.com/en-us/dotnet/api/system.collections.sortedlist[System.Collections.SortedList] +* https://learn.microsoft.com/en-us/dotnet/api/system.collections.stack[System.Collections.Stack] + +== How to fix it +=== Code examples -=== Noncompliant code example +==== Noncompliant code example -[source,csharp] +[source,csharp,diff-id=1,diff-type=noncompliant] ---- using System; using System.Collections; @@ -31,13 +33,12 @@ namespace MyLibrary } ---- +==== Compliant solution -=== Compliant solution - -[source,csharp] +[source,csharp,diff-id=1,diff-type=compliant] ---- using System; -using System.Collections; +using System.Collections.ObjectModel; namespace MyLibrary { @@ -47,7 +48,6 @@ namespace MyLibrary } ---- - ifdef::env-github,rspecator-view[] ''' @@ -58,5 +58,4 @@ ifdef::env-github,rspecator-view[] Refactor this type not to derive from an outdated type '{0}'. - endif::env-github,rspecator-view[] diff --git a/rules/S4065/java/metadata.json b/rules/S4065/java/metadata.json index ab4ecae8e38..13d1e560a75 100644 --- a/rules/S4065/java/metadata.json +++ b/rules/S4065/java/metadata.json @@ -16,17 +16,13 @@ "java8" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-4065", "sqKey": "S4065", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S4066/java/rule.adoc b/rules/S4066/java/rule.adoc index f5ee921203d..bd64c530b05 100644 --- a/rules/S4066/java/rule.adoc +++ b/rules/S4066/java/rule.adoc @@ -44,17 +44,17 @@ class MyFilter implements ObjectInputFilter { //... FileInputStream in = new FileInputStream("obj"); - ObjectInputStream ois = new ObjectInputStream(in); - ois.setObjectInputFilter(new MyFilter()); // + ObjectInputStream ois = new ObjectInputStream(in); + ois.setObjectInputFilter(new MyFilter()); // Foo reconstitutedFoo = (foo)ois.readObject(); ---- == Resources -* https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[OWASP Top 10 2021 Category A8] - Software and Data Integrity Failures -* https://www.securecoding.cert.org/confluence/x/ZwBzCg[CERT, SER12-J.] - Prevent deserialization of untrusted data -* OWASP Top 10 2017 Category A8 - Insecure Deserialization +* CERT - https://wiki.sei.cmu.edu/confluence/display/java/SER12-J.+Prevent+deserialization+of+untrusted+data[SER12-J. Prevent deserialization of untrusted data] +* OWASP - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[Top 10 2021 Category A8 - Software and Data Integrity Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization[Top 10 2017 Category A8 - Insecure Deserialization] ifdef::env-github,rspecator-view[] diff --git a/rules/S4084/javascript/metadata.json b/rules/S4084/javascript/metadata.json new file mode 100644 index 00000000000..8b5e65b0228 --- /dev/null +++ b/rules/S4084/javascript/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "Media elements should have captions", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility", + "react" + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-4084", + "sqKey": "S4084", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "RELIABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } +} diff --git a/rules/S4084/javascript/rule.adoc b/rules/S4084/javascript/rule.adoc new file mode 100644 index 00000000000..1dbaa0707be --- /dev/null +++ b/rules/S4084/javascript/rule.adoc @@ -0,0 +1,37 @@ +== Why is this an issue? + +Captions in HTML media elements are text versions of the audio content, synchronized with the video. They are essential for individuals who are deaf or hard of hearing, as they provide a text alternative for the audio information. They can also be beneficial for individuals who are not native speakers of the language of the video, or for situations where the audio cannot be heard. + +In the context of accessibility, providing captions for media elements is a requirement under the Web Content Accessibility Guidelines (WCAG). Without captions, you are excluding a portion of your audience who rely on them to understand the content of your media. + +== How to fix it + +If captions are missing from your media elements, you can fix this by adding a ``++++`` element with the ``++kind="captions"++`` attribute inside your ``++
    • ` used for layout purpose, i.e. when it contains a `role` attribute set to `"presentation"` or `"none"`. +[source,html] +---- +
    + + + + + + + + +
    NameAge
    John Doe42
    +---- +Note that https://www.w3schools.com/html/html_layout.asp[using for layout purpose is a bad practice]. + +No issue will be raised on `
    ` containing an `aria-hidden` attribute set to `"true"`. +[source,html] +---- +
    + + + + + + + + + +---- diff --git a/rules/S5256/how.adoc b/rules/S5256/how.adoc new file mode 100644 index 00000000000..0770db64cde --- /dev/null +++ b/rules/S5256/how.adoc @@ -0,0 +1,8 @@ +== How to fix it + +The first `` of the table should contain `` elements, with the appropriate description of what the data in those columns represents. + +=== Going the extra mile + +Headers should be properly associated with the corresponding `` cells by using either a `scope` attribute or `headers` and `id` attributes. +See https://www.w3.org/WAI/tutorials/tables/tips/[W3C WAI Web Accessibility Tutorials] for more information. diff --git a/rules/S5256/html/metadata.json b/rules/S5256/html/metadata.json index dd4c641bd20..2c63c085104 100644 --- a/rules/S5256/html/metadata.json +++ b/rules/S5256/html/metadata.json @@ -1,35 +1,2 @@ { - "title": "Tables should have headers", - "type": "BUG", - "code": { - "impacts": { - "RELIABILITY": "MEDIUM" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "2min" - }, - "tags": [ - "accessibility", - "wcag2-a" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-5256", - "sqKey": "S5256", - "scope": "Main", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S5256/html/rule.adoc b/rules/S5256/html/rule.adoc index ed61ad60cf2..2bbdf632957 100644 --- a/rules/S5256/html/rule.adoc +++ b/rules/S5256/html/rule.adoc @@ -1,52 +1,10 @@ -== Why is this an issue? - -Table headers are essential to enhance the accessibility of a table's data, particularly for assistive technologies like screen readers. -These headers provide the necessary context to transform data into information. -Without headers, users get rapidly lost in the flow of data. +include::../why.adoc[] This rule raises an issue whenever a `` does not contain any `` of the table should contain `
    ` elements. -=== Exceptions +include::../exceptions.adoc[] -No issue will be raised on `` used for layout purpose, i.e. when it contains a `role` attribute set to `"presentation"` or `"none"`. -[source,html] ----- -
    - - - - - - - - -
    NameAge
    John Doe42
    ----- -Note that https://www.w3schools.com/html/html_layout.asp[using for layout purpose is a bad practice]. - -No issue will be raised on `
    ` containing an `aria-hidden` attribute set to `"true"`. -[source,html] ----- -
    - - - - - - - - - ----- - -== How to fix it - -The first `
    ` elements, with the appropriate description of what the data in those columns represents. - -=== Going the extra mile - -Headers should be properly associated with the corresponding `` cells by using either a `scope` attribute or `headers` and `id` attributes. -See https://www.w3.org/WAI/tutorials/tables/tips/[W3C WAI Web Accessibility Tutorials] for more information. +include::../how.adoc[] === Code examples @@ -91,27 +49,4 @@ See https://www.w3.org/WAI/tutorials/tables/tips/[W3C WAI Web Accessibility Tuto
    ---- -== Resources - -=== Documentation - -* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-content-structure-separation-programmatic[WCAG2, 1.3.1] - Info and Relationships -* https://www.w3.org/TR/WCAG20-TECHS/H51[WCAG2, H51] - Using table markup to present tabular information - -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Add "" headers to this "" - - -=== Highlighting - -The opening
    tag, without its content. - - -endif::env-github,rspecator-view[] +include::../resources.adoc[] diff --git a/rules/S5256/javascript/metadata.json b/rules/S5256/javascript/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5256/javascript/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5256/javascript/rule.adoc b/rules/S5256/javascript/rule.adoc new file mode 100644 index 00000000000..a26d7f48a0f --- /dev/null +++ b/rules/S5256/javascript/rule.adoc @@ -0,0 +1,51 @@ +include::../why.adoc[] + +This rule raises an issue whenever it detects a table that does not have a full row or column with `
    ` elements. + +include::../exceptions.adoc[] + +include::../how.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,javascript,diff-id=1,diff-type=noncompliant] +---- + + + + + + + + + + + + + +
    NameAge
    John Doe24
    Alice Doe54
    +---- + +==== Compliant solution + +[source,javascript,diff-id=1,diff-type=compliant] +---- + + + + + + + + + + + + + +
    NameAge
    John Doe24
    Alice Doe54
    +---- + +include::../resources.adoc[] diff --git a/rules/S5256/metadata.json b/rules/S5256/metadata.json index 2c63c085104..dd4c641bd20 100644 --- a/rules/S5256/metadata.json +++ b/rules/S5256/metadata.json @@ -1,2 +1,35 @@ { + "title": "Tables should have headers", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "2min" + }, + "tags": [ + "accessibility", + "wcag2-a" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-5256", + "sqKey": "S5256", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S5256/resources.adoc b/rules/S5256/resources.adoc new file mode 100644 index 00000000000..321357dae3e --- /dev/null +++ b/rules/S5256/resources.adoc @@ -0,0 +1,24 @@ +== Resources + +=== Documentation + +* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-content-structure-separation-programmatic[WCAG2, 1.3.1] - Info and Relationships +* https://www.w3.org/TR/WCAG20-TECHS/H51[WCAG2, H51] - Using table markup to present tabular information + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Add "    		" headers to this "" + + +=== Highlighting + +The opening
    tag, without its content. + + +endif::env-github,rspecator-view[] diff --git a/rules/S5256/why.adoc b/rules/S5256/why.adoc new file mode 100644 index 00000000000..1938b7e62fc --- /dev/null +++ b/rules/S5256/why.adoc @@ -0,0 +1,5 @@ +== Why is this an issue? + +Table headers are essential to enhance the accessibility of a table's data, particularly for assistive technologies like screen readers. +These headers provide the necessary context to transform data into information. +Without headers, users get rapidly lost in the flow of data. diff --git a/rules/S5257/html/metadata.json b/rules/S5257/html/metadata.json index baaed4ad0e0..2c63c085104 100644 --- a/rules/S5257/html/metadata.json +++ b/rules/S5257/html/metadata.json @@ -1,34 +1,2 @@ { - "title": "HTML \"
    \" should not be used for layout purposes", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "LOGICAL" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "accessibility" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-5257", - "sqKey": "S5257", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S5257/html/rule.adoc b/rules/S5257/html/rule.adoc index ff6e7ee1342..d5153ae389d 100644 --- a/rules/S5257/html/rule.adoc +++ b/rules/S5257/html/rule.adoc @@ -1,39 +1,5 @@ -== Why is this an issue? +include::../why.adoc[] -HTML
    elements should not be used for layout purpose as it can confuse screen readers. It is recommended to use CSS instead. +include::../noncompliant.adoc[] - -This rule raises an issue on every ``++
    ++`` element containing a ``++role++`` attribute set to ``++"presentation"++`` or ``++"none"++``, which is how https://www.w3.org/WAI/tutorials/tables/tips/[W3C recommends] marks layout tables. - - -=== Noncompliant code example - -[source,html] ----- -
    - -
    ----- - - -== Resources - -* https://www.w3schools.com/html/html_layout.asp[HTML Layouts] - -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Replace this layout table with a CSS layout. - - -=== Highlighting - -The opening element, without its content. - - -endif::env-github,rspecator-view[] +include::../resources.adoc[] \ No newline at end of file diff --git a/rules/S5257/javascript/metadata.json b/rules/S5257/javascript/metadata.json new file mode 100644 index 00000000000..606de52a485 --- /dev/null +++ b/rules/S5257/javascript/metadata.json @@ -0,0 +1,6 @@ +{ + "tags": [ + "accessibility", + "react" + ] +} \ No newline at end of file diff --git a/rules/S5257/javascript/rule.adoc b/rules/S5257/javascript/rule.adoc new file mode 100644 index 00000000000..d5153ae389d --- /dev/null +++ b/rules/S5257/javascript/rule.adoc @@ -0,0 +1,5 @@ +include::../why.adoc[] + +include::../noncompliant.adoc[] + +include::../resources.adoc[] \ No newline at end of file diff --git a/rules/S5257/metadata.json b/rules/S5257/metadata.json index 2c63c085104..baaed4ad0e0 100644 --- a/rules/S5257/metadata.json +++ b/rules/S5257/metadata.json @@ -1,2 +1,34 @@ { + "title": "HTML \"
    \" should not be used for layout purposes", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "accessibility" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-5257", + "sqKey": "S5257", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S5257/noncompliant.adoc b/rules/S5257/noncompliant.adoc new file mode 100644 index 00000000000..d0934b64d0f --- /dev/null +++ b/rules/S5257/noncompliant.adoc @@ -0,0 +1,8 @@ +=== Noncompliant code example + +[source,html] +---- +
    + +
    +---- \ No newline at end of file diff --git a/rules/S5257/resources.adoc b/rules/S5257/resources.adoc new file mode 100644 index 00000000000..366b1e071c8 --- /dev/null +++ b/rules/S5257/resources.adoc @@ -0,0 +1,3 @@ +== Resources + +* https://developer.mozilla.org/en-US/docs/Learn/HTML/Introduction_to_HTML/Document_and_website_structure[Document and website structure] \ No newline at end of file diff --git a/rules/S5257/why.adoc b/rules/S5257/why.adoc new file mode 100644 index 00000000000..43599c25ce6 --- /dev/null +++ b/rules/S5257/why.adoc @@ -0,0 +1,5 @@ +== Why is this an issue? + +HTML elements should not be used for layout purposes as it can confuse screen readers. It is recommended to use CSS instead. + +This rule raises an issue on every ``++
    ++`` element containing a ``++role++`` attribute set to ``++"presentation"++`` or ``++"none"++``, which is how https://www.w3.org/WAI/tutorials/tables/tips/[W3C recommends] marks layout tables. \ No newline at end of file diff --git a/rules/S5259/cfamily/metadata.json b/rules/S5259/cfamily/metadata.json index 743aca8eecd..56c382d4f13 100644 --- a/rules/S5259/cfamily/metadata.json +++ b/rules/S5259/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "Header guards should be followed by according \"#define\" macro", + "title": "Header guards should be followed by a matching \"#define\" macro", "type": "CODE_SMELL", "code": { "impacts": { diff --git a/rules/S5259/cfamily/rule.adoc b/rules/S5259/cfamily/rule.adoc index 0749ec45737..e97ae29378b 100644 --- a/rules/S5259/cfamily/rule.adoc +++ b/rules/S5259/cfamily/rule.adoc @@ -12,6 +12,7 @@ The include guard pattern is made up of four parts: The rule raises an issue when the name in the second part differs from the first (usually because of a typo or a copy/paste issue). +Because the include guard pattern is cumbersome, virtually every compiler provides a non-standard alternative: ``++#pragma once++``. This directive prevents multiple inclusions of the file that contains it without needing to invent a unique macro name for each file. Note that it relies on the notion of _same file_, which can be tricky to determine. Additionally, it will not work with build systems that copy headers in different places. === Noncompliant code example @@ -26,6 +27,8 @@ The rule raises an issue when the name in the second part differs from the first === Compliant solution +The most straightforward way is to make both macro names match: + [source,cpp,diff-id=1,diff-type=compliant] ---- #ifndef MYFILE_H @@ -34,6 +37,19 @@ The rule raises an issue when the name in the second part differs from the first #endif ---- +An alternative is to use ``++#pragma once++`` instead: +[source,cpp,diff-id=1,diff-type=compliant] +---- +#pragma once +//... +---- + +== Resources +=== External coding guidelines +// MISRA 23 : Replace by an automated mechanism M23_207 +* MISRA {cpp}:2023, 19.2.1 - Precautions shall be taken in order to prevent the contents of a header file being included more than once +* MISRA {cpp}:2008, 16.2.3 - Include guards shall be provided + ifdef::env-github,rspecator-view[] ''' @@ -49,5 +65,4 @@ Replace this macro definition with header guard macro. macro definition - endif::env-github,rspecator-view[] diff --git a/rules/S5260/html/metadata.json b/rules/S5260/html/metadata.json index 4237535371f..2c63c085104 100644 --- a/rules/S5260/html/metadata.json +++ b/rules/S5260/html/metadata.json @@ -1,35 +1,2 @@ { - "title": "Table cells should reference their headers", - "type": "BUG", - "code": { - "impacts": { - "RELIABILITY": "HIGH" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "accessibility", - "wcag2-a" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Critical", - "ruleSpecification": "RSPEC-5260", - "sqKey": "S5260", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S5260/html/rule.adoc b/rules/S5260/html/rule.adoc index 86122d38930..4d8ddfb9552 100644 --- a/rules/S5260/html/rule.adoc +++ b/rules/S5260/html/rule.adoc @@ -1,85 +1,7 @@ -== Why is this an issue? - -If a ``++
    ++`` cell has a ``++headers++`` attribute, it should reference only IDs of headers in the same column and row. - - -Note that it is usually better to use ``++scope++`` attributes of ``++++`` headers instead of ``++headers++`` attribute. ``++headers++`` attribute requires you to list every corresponding ``++++`` header's ``++id++``, which is error-prone and makes the code less maintainable. See https://www.w3.org/WAI/tutorials/tables/tips/[W3C WAI Web Accessibility Tutorials] for more information. - - -If your table is too complex, it might be better to split it into multiple small tables as it improves both readability and maintainability. - - -This rule raises an issue when the ``++headers++`` attribute of a ``++++`` cell contains IDs which don't belong to a header in the same row or column. - - -=== Noncompliant code example - -[source,html] ----- - - - - - - - - - - - - - - - - - - - - -
    - Rental price -
    - Small car - - Big Car -
    - Paris -
    - 1 day - - 11 euros - - 50 euros -
    ----- - +include::../why.adoc[] === Exceptions No issue will be raised if the ``++headers++`` attribute contains the following characters: {}()[]$. This avoids false positives on variables coming from Javascript frameworks such as Angular. - -== Resources - -* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-content-structure-separation-programmatic[WCAG2, 1.3.1] - Info and Relationships -* https://www.w3.org/TR/WCAG20-TECHS/html.html#H43[WCAG2, H43] - Using id and headers attributes to associate data cells with header cells in data tables - -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -id X in "headers" reference the header of another column/row. - -id X in "headers" does not reference any     		header. - - -=== Highlighting - -The "headers" attribute. - - -endif::env-github,rspecator-view[] +include::../resources.adoc[] diff --git a/rules/S5260/javascript/metadata.json b/rules/S5260/javascript/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5260/javascript/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5260/javascript/rule.adoc b/rules/S5260/javascript/rule.adoc new file mode 100644 index 00000000000..5be0e715f8e --- /dev/null +++ b/rules/S5260/javascript/rule.adoc @@ -0,0 +1,3 @@ +include::../why.adoc[] + +include::../resources.adoc[] diff --git a/rules/S5260/metadata.json b/rules/S5260/metadata.json index 2c63c085104..4237535371f 100644 --- a/rules/S5260/metadata.json +++ b/rules/S5260/metadata.json @@ -1,2 +1,35 @@ { + "title": "Table cells should reference their headers", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "HIGH" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility", + "wcag2-a" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Critical", + "ruleSpecification": "RSPEC-5260", + "sqKey": "S5260", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S5260/resources.adoc b/rules/S5260/resources.adoc new file mode 100644 index 00000000000..8919a1be107 --- /dev/null +++ b/rules/S5260/resources.adoc @@ -0,0 +1,25 @@ + +== Resources + +* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-content-structure-separation-programmatic[WCAG2, 1.3.1] - Info and Relationships +* https://www.w3.org/TR/WCAG20-TECHS/html.html#H43[WCAG2, H43] - Using id and headers attributes to associate data cells with header cells in data tables + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +id X in "headers" reference the header of another column/row. + +id X in "headers" does not reference any header. + + +=== Highlighting + +The "headers" attribute. + + +endif::env-github,rspecator-view[] diff --git a/rules/S5260/why.adoc b/rules/S5260/why.adoc new file mode 100644 index 00000000000..5c15814fd02 --- /dev/null +++ b/rules/S5260/why.adoc @@ -0,0 +1,55 @@ +== Why is this an issue? + +If a ``++++`` cell has a ``++headers++`` attribute, it should reference only IDs of headers in the same column and row. + + +Note that it is usually better to use ``++scope++`` attributes of ``++++`` headers instead of ``++headers++`` attribute. ``++headers++`` attribute requires you to list every corresponding ``++++`` header's ``++id++``, which is error-prone and makes the code less maintainable. See https://www.w3.org/WAI/tutorials/tables/tips/[W3C WAI Web Accessibility Tutorials] for more information. + + +If your table is too complex, it might be better to split it into multiple small tables as it improves both readability and maintainability. + + +This rule raises an issue when the ``++headers++`` attribute of a ``++++`` cell contains IDs which don't belong to a header in the same row or column. + + +=== Noncompliant code example + +[source,html] +---- + + + + + + + + + + + + + + + + + + + + +
    + Rental price +
    + Small car + + Big Car +
    + Paris +
    + 1 day + + 11 euros + + 50 euros +
    +---- + diff --git a/rules/S5264/fix.adoc b/rules/S5264/fix.adoc new file mode 100644 index 00000000000..85606f55954 --- /dev/null +++ b/rules/S5264/fix.adoc @@ -0,0 +1,16 @@ +Provide alternative content to ``++++`` elements. + +[source,html,diff-id=1,diff-type=compliant] +---- +This application shows the simulation of two particles colliding + + + Flower growing in a pot + + + + + This application shows the simulation of two particles colliding + + +---- diff --git a/rules/S5264/html/metadata.json b/rules/S5264/html/metadata.json index 7de6471f1ad..2c63c085104 100644 --- a/rules/S5264/html/metadata.json +++ b/rules/S5264/html/metadata.json @@ -1,35 +1,2 @@ { - "title": "\"\" tags should provide an alternative content", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "2min" - }, - "tags": [ - "accessibility", - "wcag2-a" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-5264", - "sqKey": "S5264", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S5264/html/rule.adoc b/rules/S5264/html/rule.adoc index 6f98a917b27..633ddf2f55c 100644 --- a/rules/S5264/html/rule.adoc +++ b/rules/S5264/html/rule.adoc @@ -1,62 +1,5 @@ -== Why is this an issue? +include::../why.adoc[] -Assistive technologies, such as screen readers, will not be able to render ``++++`` elements, in such cases it is the content of the ``++++`` which is provided to the user. This alternative content needs to be accessible or the screen readers won't be able to use it. For example, if an ``++++`` is used it must contain an ``++alt++`` attribute (see corresponding rule Web:ImgWithoutAltCheck). +include::../fix.adoc[] - -This rule raises an issue when an ``++++`` tag does not have any alternative content. - - -=== Noncompliant code example - -[source,html] ----- - - - - - ----- - - -=== Compliant solution - -[source,html] ----- -This application shows the simulation of two particles colliding - - - Flower growing in a pot - - - - - This application shows the simulation of two particles colliding - - ----- - - -== Resources - -* https://www.w3.org/TR/WCAG20-TECHS/H53.html[WCAG2, H53] - Using the body of the object element -* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-text-equiv-all[WCAG2, 1.1.1] - Non-text Content -* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-media-equiv-audio-desc[WCAG2, 1.2.3] - Audio Description or Media Alternative (Prerecorded) -* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-media-equiv-text-doc[WCAG2, 1.2.8] - Media Alternative (Prerecorded) - -ifdef::env-github,rspecator-view[] - -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Add an accessible content to this "" tag. - - -=== Highlighting - -The opening tag without its content - - -endif::env-github,rspecator-view[] +include::../resources.adoc[] \ No newline at end of file diff --git a/rules/S5264/javascript/metadata.json b/rules/S5264/javascript/metadata.json new file mode 100644 index 00000000000..3becfe910fa --- /dev/null +++ b/rules/S5264/javascript/metadata.json @@ -0,0 +1,7 @@ +{ + "tags": [ + "accessibility", + "wcag2-a", + "react" + ] +} \ No newline at end of file diff --git a/rules/S5264/javascript/rule.adoc b/rules/S5264/javascript/rule.adoc new file mode 100644 index 00000000000..633ddf2f55c --- /dev/null +++ b/rules/S5264/javascript/rule.adoc @@ -0,0 +1,5 @@ +include::../why.adoc[] + +include::../fix.adoc[] + +include::../resources.adoc[] \ No newline at end of file diff --git a/rules/S5264/metadata.json b/rules/S5264/metadata.json index 2c63c085104..7de6471f1ad 100644 --- a/rules/S5264/metadata.json +++ b/rules/S5264/metadata.json @@ -1,2 +1,35 @@ { + "title": "\"\" tags should provide an alternative content", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "2min" + }, + "tags": [ + "accessibility", + "wcag2-a" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-5264", + "sqKey": "S5264", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S5264/resources.adoc b/rules/S5264/resources.adoc new file mode 100644 index 00000000000..3501143563c --- /dev/null +++ b/rules/S5264/resources.adoc @@ -0,0 +1,10 @@ +== Resources + +* https://www.w3.org/TR/WCAG20-TECHS/H53.html[WCAG2, H53] - Using the body of the object element +* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-text-equiv-all[WCAG2, 1.1.1] - Non-text Content +* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-media-equiv-audio-desc[WCAG2, 1.2.3] - Audio Description or Media Alternative (Prerecorded) +* https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0#qr-media-equiv-text-doc[WCAG2, 1.2.8] - Media Alternative (Prerecorded) + +=== Related rules + +* Web:ImgWithoutAltCheck \ No newline at end of file diff --git a/rules/S5264/why.adoc b/rules/S5264/why.adoc new file mode 100644 index 00000000000..7e553c7fc45 --- /dev/null +++ b/rules/S5264/why.adoc @@ -0,0 +1,16 @@ +== Why is this an issue? + +The ``++++`` HTML element represents an external resource, which can be treated as an image, a nested browsing context, or a resource to be handled by a plugin. The element's children are the fallback content. This allows multiple object elements to be nested inside each other, targeting multiple user agents with different capabilities, with the user agent picking the first one it supports. + +Assistive technologies, such as screen readers, will not be able to render ``++++`` elements, in such cases it is the content of the ``++++`` which is provided to the user. This alternative content needs to be accessible or the screen readers won't be able to use it. For example, if an ``++++`` is used it must contain an ``++alt++`` attribute. + +This rule raises an issue when an ``++++`` tag does not have any alternative content. + +[source,html,diff-id=1,diff-type=noncompliant] +---- + + + + + +---- \ No newline at end of file diff --git a/rules/S5267/cfamily/metadata.json b/rules/S5267/cfamily/metadata.json index 6d2a64d0efd..ff2dffe2135 100644 --- a/rules/S5267/cfamily/metadata.json +++ b/rules/S5267/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "confusing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5267", diff --git a/rules/S5270/cfamily/rule.adoc b/rules/S5270/cfamily/rule.adoc index 05d7759d3fa..a1d028c9b72 100644 --- a/rules/S5270/cfamily/rule.adoc +++ b/rules/S5270/cfamily/rule.adoc @@ -2,16 +2,16 @@ Variadic arguments allow a function to accept any number of arguments (in this rule, we are not talking about variadic templates, but about functions with ellipses). But these arguments have to respect some criteria to be handled properly. -The standard imposes some requirements on the class types that can be passed as variadic arguments, and those requirements vary according to the C++ standard version in use: +The standard imposes some requirements on the class types that can be passed as variadic arguments, and those requirements vary according to the {cpp} standard version in use: -* Before C++11, the standard only allows POD types to be used as variadic arguments. -* In C++11, the rules are relaxed such that any class type with an eligible non-trivial copy constructor, an eligible non-trivial move constructor, or a non-trivial destructor can be used in variadic arguments. +* Before {cpp}11, the standard only allows POD types to be used as variadic arguments. +* In {cpp}11, the rules are relaxed such that any class type with an eligible non-trivial copy constructor, an eligible non-trivial move constructor, or a non-trivial destructor can be used in variadic arguments. The rule detects any violations of these requirements since they can trigger undefined behavior. Additionally, since using an incorrect type to access the passed parameter within the variadic function can lead to undefined behavior, the rule goes a step further and reports all cases when class types are passed as variadic arguments. The rationale is that, most likely, the user forgot to call a method on the object being passed (``std::string_view::data()`` for example) that would get a member of a built-in type. -When in need to pass class types to functions that take a variable number of arguments, consider using modern type-safe alternatives like C++11 parameter packs instead of variadic functions. +When in need to pass class types to functions that take a variable number of arguments, consider using modern type-safe alternatives like {cpp}11 parameter packs instead of variadic functions. === Noncompliant code example @@ -21,7 +21,7 @@ void my_log(const char* format, ...); void f() { std::string someStr = "foo"; - my_log("%s", someStr); // Noncompliant; the c++11 standard requires types passed as variadic arguments to have a trivial copy constructor. The user probably meant to pass someStr.c_str() here + my_log("%s", someStr); // Noncompliant; the C++11 standard requires types passed as variadic arguments to have a trivial copy constructor. The user probably meant to pass someStr.c_str() here std::string_view someStrView = "bar"; my_log("%s", someStrView); // Noncompliant; the user probably meant to pass someText.data() @@ -53,7 +53,7 @@ void f() { The rule doesn't report an issue in the following cases: * When the called variadic function doesn't have any non-variadic parameters. This is a common pattern when the function is used as a catch-all net for an overload set. This is also guaranteed to be safe since there is no portable to access the passed arguments. -* When the called variadic function is known to accept a class type object as a variadic argument (e.g. the ``semctl`` system call). +* When the called variadic function is known to accept a class type object as a variadic argument (e.g., the ``semctl`` system call). [source,cpp] ---- @@ -73,7 +73,7 @@ std::size_t elementsCount(const std::vector& vec) { * MISRA C:2004, 16.1 - Functions shall not be defined with a variable number of arguments. * https://wiki.sei.cmu.edu/confluence/x/5ns-BQ[CERT, DCL50-CPP.] - Do not define a C-style variadic function -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#-es34-dont-define-a-c-style-variadic-function[{cpp} Core Guidelines ES.34] Don't define a (C-style) variadic function +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#-es34-dont-define-a-c-style-variadic-function[ES.34: Don't define a (C-style) variadic function] === Related rules diff --git a/rules/S5271/cfamily/metadata.json b/rules/S5271/cfamily/metadata.json index 46d129eb9e0..8240d7a9482 100644 --- a/rules/S5271/cfamily/metadata.json +++ b/rules/S5271/cfamily/metadata.json @@ -13,15 +13,12 @@ "constantCost": "2min" }, "tags": [ - "confusing", "since-c++11" + "confusing", + "since-c++11" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-5271", @@ -30,5 +27,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S5272/cfamily/rule.adoc b/rules/S5272/cfamily/rule.adoc index 3909f1f1eac..0bfc35abcae 100644 --- a/rules/S5272/cfamily/rule.adoc +++ b/rules/S5272/cfamily/rule.adoc @@ -27,7 +27,7 @@ Trying to access an object that has been moved-from frequently ends up in a null === Exceptions -There are some C++ standard template library types such as `std::unique_ptr` for which the moved-from state is fully specified. +There are some {cpp} standard template library types, such as `std::unique_ptr`, for which the moved-from state is fully specified. === Exemplary type with move operations @@ -234,7 +234,7 @@ int bar() { === Standards -* CERT - https://www.securecoding.cert.org/confluence/x/O3s-BQ[EXP63-CPP. Do not rely on the value of a moved-from object] +* CERT - https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP63-CPP.+Do+not+rely+on+the+value+of+a+moved-from+object[EXP63-CPP. Do not rely on the value of a moved-from object] === Related rules diff --git a/rules/S5273/cfamily/metadata.json b/rules/S5273/cfamily/metadata.json index 0ea948ddfdd..43e73883eff 100644 --- a/rules/S5273/cfamily/metadata.json +++ b/rules/S5273/cfamily/metadata.json @@ -17,8 +17,12 @@ "suspicious" ], "extra": { - "replacementRules": [], - "legacyKeys": [] + "replacementRules": [ + + ], + "legacyKeys": [ + + ] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-5273", @@ -32,6 +36,9 @@ 121, 122, 676 + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5273/cfamily/rule.adoc b/rules/S5273/cfamily/rule.adoc index c1c3c37d38a..50876a925d5 100644 --- a/rules/S5273/cfamily/rule.adoc +++ b/rules/S5273/cfamily/rule.adoc @@ -133,15 +133,15 @@ void bar(const char *src) { === Conference presentations -* CppCon 2018 - https://www.youtube.com/watch?v=0S0QgQd75Sw&ab_channel=CppCon[Software Vulnerabilities in C and C++] +* CppCon 2018 - https://www.youtube.com/watch?v=0S0QgQd75Sw&ab_channel=CppCon[Software Vulnerabilities in C and {cpp}] === Standards * CERT - https://wiki.sei.cmu.edu/confluence/display/c/STR31-C.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator[STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator] -* CWE - https://cwe.mitre.org/data/definitions/121.html[121 Stack-based Buffer Overflow] -* CWE - https://cwe.mitre.org/data/definitions/122.html[122 Heap-based Buffer Overflow] -* CWE - https://cwe.mitre.org/data/definitions/676.html[676 Use of Potentially Dangerous Function] - +* CWE - https://cwe.mitre.org/data/definitions/121[CWE-121 Stack-based Buffer Overflow] +* CWE - https://cwe.mitre.org/data/definitions/122[CWE-122 Heap-based Buffer Overflow] +* CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 Use of Potentially Dangerous Function] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5274/cfamily/metadata.json b/rules/S5274/cfamily/metadata.json index 9ef17458699..907fd3f7064 100644 --- a/rules/S5274/cfamily/metadata.json +++ b/rules/S5274/cfamily/metadata.json @@ -1,11 +1,11 @@ { - "title": "\"std::move\" should only be added when necessary", + "title": "\"std::move\" should not inhibit optimizations", "type": "CODE_SMELL", "code": { "impacts": { "MAINTAINABILITY": "MEDIUM" }, - "attribute": "CLEAR" + "attribute": "EFFICIENT" }, "status": "ready", "remediation": { @@ -15,9 +15,7 @@ "tags": [ "cppcoreguidelines", "performance", - "bad-practice", - "since-c++11", - "clumsy" + "since-c++11" ], "extra": { "replacementRules": [ diff --git a/rules/S5274/cfamily/rule.adoc b/rules/S5274/cfamily/rule.adoc index 8ffc5800fdb..f4671586fdf 100644 --- a/rules/S5274/cfamily/rule.adoc +++ b/rules/S5274/cfamily/rule.adoc @@ -1,29 +1,174 @@ +This rule reports an issue when the use of ``++std::move++`` prevents the copy elision optimizations from happening. + == Why is this an issue? -Usually, when copying an object, the source object is unchanged, meaning all resources owned by the source objects must be duplicated during the copy operation. If the source object is no longer used, this duplication is inefficient. Since {cpp}11, a move semantic mechanism has been added to detect such cases and replace the expensive copy with a much cheaper move operation that will transfer resources. +Usually, when copying an object, the source object is unchanged, +meaning all resources owned by the source objects must be duplicated during the copy operation. +If the source object is no longer used, this duplication is inefficient. +Since {cpp}11, a move semantic mechanism has been added to detect such cases and replace the expensive copy with a much cheaper move operation that will transfer resources. + +The cornerstone of move semantics is detecting during a "copy" whether the source object will be reused or not. +This can be done explicitly by the user, by invoking `std::move` (or different casts to rvalue) on the object. +In such case the user promises to the compiler that they won't care for the object's current value any longer. +In addition, the compiler will implicitly use a move operation or skip copying the object in some situations. + +One case of optimization is that the copy will be elided or automatically turned into a move operation +when a temporary object of type `T`: + +* is used to initialize a parameter or variable of type `T` or `const T` +* is returned from the function that declares `T` or `const T` as return type + +[source,cpp] +---- +class A {/* ... */}; +A create(); + +void asParam(A a); + +A returnedFromFunc() { + // For all examples below, the object will not be copied. + // Either no copy or move will be performed (as guaranteed optimization since C++17) + // or a move operation will be used. + A a = create(); + asParam(createA()); + return A(); +} +---- + +Calling `std::move` on such an object is not only unnecessary but will also prevent the compiler from performing copy elision, +and the rule raises issues in that case. +[source,cpp] +---- +class A {/* ... */}; +A create(); + +void asParam(A a); + +A returnedFromFunc() { + // Move operations need to be performed, and cannot be elided. + A a = std::move(create()); // Noncompliant + asParam(std::move(createA())); // Noncompliant + return std::move(A()); // Noncompliant +} +---- + +Another case of optimization is that under certain conditions, the local variable or function parameter is implicitly moved +if it is directly returned (`return x`) from the function. + +In particular, when a variable of type `T` is returned directly from the function that declares `T` or `const T` +as a return type: +[source,cpp] +---- +class A {/* ... */}; + +A returnedLocalVar() { + A a = create(); + // Variable a is automatically moved here + return a; +} +---- + +These conditions overlap with the conditions under which copy elision optimization, +referred to as Named Return Value Optimization (NRVO) can be performed by the compiler. +When this optimization is applied the local variable is returned without any copy or move operation being performed. + +In this case, adding `std::move` to the return statement will inhibit this optimization, +and the rule raises an issue. +[source,cpp] +---- +class A {/* ... */}; + +A returnedLocalVar() { + A a = create(); + // Variable a is moved, but NRVO cannot be performed + return std::move(a); // Noncompliant +} +---- + + +=== Why is the issue raised if my class does not have a move constructor? + +A move itself is not performing any object operation, and casting a source to `rvalue`. +This leads to the constructor and assignment operator that accepts rvalue reference as a parameter - +also referred to as move constructor and move assignment - to be selected by the overload resolution. +However, when the class does not provide such a constructor, +a copy constructor/assignment will be invoked respectively. + +Such invocation of copy constructor may still be eliminated by copy elision optimizations, +and thus redundant `std::move` calls, that inhibit such optimization, have a performance impact in such situations. + +[source,cpp] +---- +class OnlyCopyable { + OnlyCopyable(OnlyCopyable const&); + /* No move constructor */ +}; +OnlyCopyable create(); + +void test() { + // Forces a move operation, that invokes copy constructor + OnlyCopyable c1 = std::move(create()); // Noncompliant + // Copy elision eliminates invocation of the copy constructor + OnlyCopyable c2 = create(); // Compliant +} +---- + +=== Why is an issue raised when passing an argument to a reference parameter? +The copy elision optimization happens only if a new value is produced from the source, +not if the parameter is a reference to the same type: -The cornerstone of move semantics is detecting during a "copy" whether the source object will be reused or not. There are three situations: +[source,cpp] +---- +void process(A&& sink); -* The object is a temporary object with no name, and if it can't be named, it can't be used -* The object is used in some specific places, such as a return statement -* The user explicitly promises to the compiler that they won't care for the object's current value any longer. They do so by using the specific cast operation named ``++std::move++``. +void passArgument() { + // No move operation is triggered, as the parameter is a reference to A + process(std::move(create())); // Noncompliant + process(create()); // Compliant +} +---- -If the user writes ``++std::move++`` in one situation that is already handled by the first two cases, it has two drawbacks: +Such redundant calls to `std::move` are not inhibiting optimization at this point. +However, when the `process` function is modified to accept `A` by value, +it will prevent the compiler from eliminating the move operation altogether. +To fully benefit from the performance impact of this change, +the maintainers would need to review and update all call sites and process functions, +reducing the maintainability of the code. -* It is clumsy, useless code, which makes understanding the code more complex -* In some cases, it can decrease performances because this can deactivate another optimization of the compiler, named copy elision. +Moreover, if the parameter is a reference to a type to which the argument is converted, +then copy elision may still happen when calling the converting constructor. +[source,cpp] +---- +class B { + // Converting constructor takes object B by value + B(A a); +}; +void processB(B&& sink); + +void passArgument() { + processB(create()); // Compliant + processB(std::move(create())); // Noncompliant, inhibits copy elision when initializing constructor parameter + // This call is equivalent to: + processB(B(std::move(create()))); // Noncompliant, inhibits copy elision when initializing constructor parameter +} +---- -When copy elision occurs, the object is neither copied nor moved (even if the copy/move constructors have side effects). The two objects are collapsed into only one memory location. The moment when copy elision occurs is compiler-dependent but is mandatory in the following cases: +=== Why issues are not raised for all redundant moves? +The requirements from performing an implicit move were relaxed in {cpp}20 and {cpp}23 standards, +with some of them being applied retroactively. +As a consequence depending on the standard and compiler versions, +a call to `std::move` may or may not be redundant in the return statement, +and thus required for the code to be portable accross compilers. -* in a return statement, if the returned object is a prvalue of the same class type as the function return type -* in the initialization of a variable, if the initializer expression is a prvalue of the same class type as the variable type +== How to fix it -This rule reports an issue when the use of ``++std::move++`` prevents the copy elision from happening. +Remove the call to `std::move` flagged by the rule. +=== Code examples -=== Noncompliant code example +==== Noncompliant code example [source,cpp,diff-id=1,diff-type=noncompliant] ---- @@ -32,14 +177,12 @@ A getA(); A f() { A a = std::move(getA()); // Noncompliant, prevents copy elision - std::vector v; - v.push_back(std::move(getA())); // Noncompliant return std::move(a); // Noncompliant } ---- -=== Compliant solution +==== Compliant solution [source,cpp,diff-id=1,diff-type=compliant] ---- @@ -48,9 +191,35 @@ A getA(); A f() { A a = getA(); // Compliant + return a; // Compliant +} +---- + + +==== Noncompliant code example + +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +class A {}; +A getA(); + +void f() { + std::vector v; + v.push_back(std::move(getA())); // Noncompliant +} +---- + + +==== Compliant solution + +[source,cpp,diff-id=2,diff-type=compliant] +---- +class A {}; +A getA(); + +void f() { std::vector v; v.push_back(getA()); // Compliant - return a; // Compliant } ---- @@ -64,7 +233,7 @@ A f() { === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#reason-62[F.48: Don’t return std::move(local)] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f48-dont-return-stdmovelocal[F.48: Don't `return std::move(local)`] ifdef::env-github,rspecator-view[] diff --git a/rules/S5275/cfamily/metadata.json b/rules/S5275/cfamily/metadata.json index 5b71874eb05..ebf5d664184 100644 --- a/rules/S5275/cfamily/metadata.json +++ b/rules/S5275/cfamily/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S5276/cfamily/metadata.json b/rules/S5276/cfamily/metadata.json index 38d5529b5f9..7c32729b3ac 100644 --- a/rules/S5276/cfamily/metadata.json +++ b/rules/S5276/cfamily/metadata.json @@ -30,5 +30,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S5281/cfamily/rule.adoc b/rules/S5281/cfamily/rule.adoc index edf1f6d5ec7..262a348e9b6 100644 --- a/rules/S5281/cfamily/rule.adoc +++ b/rules/S5281/cfamily/rule.adoc @@ -1,10 +1,11 @@ == Why is this an issue? -It is a security vulnerability to call ``++printf++`` with a unique string argument which is not a string literal. Indeed, if this argument comes from a user input, this user can : +It is a security vulnerability to call `printf` with a unique string argument that is not a string literal. Indeed, if this argument comes from a user input, this user can: -* make the program crash, by executing code equivalent to: ``++printf("%s%s%s%s%s%s%s%s")++`` -* view the stack or a memory at any location, by executing code equivalent to: ``++printf("%08x %08x %08x %08x %08x\n")++`` +* make the program crash by executing code equivalent to: ``++printf("%s%s%s%s%s%s%s%s")++`` +* view the stack or memory at any location by executing code equivalent to: ``++printf("%08x %08x %08x %08x %08x\n")++`` +Starting with {cpp}23, `std::print` should be preferred: its arguments are validated at compile-time, making it more secure. === Noncompliant code example @@ -28,7 +29,18 @@ void f(char* userInput) { == Resources -* https://owasp.org/www-community/attacks/Format_string_attack[Owasp: format string attack] +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/io/c/fprintf[`printf`] + +=== Standards + +* OWASP - https://owasp.org/www-community/attacks/Format_string_attack[Format string attack] + +=== Related rules + +* S2275 - Printf-style format strings should not lead to unexpected behavior at runtime +* S6494 - {cpp} formatting functions should be used instead of C printf-like functions ifdef::env-github,rspecator-view[] diff --git a/rules/S5283/cfamily/metadata.json b/rules/S5283/cfamily/metadata.json index e80436d5bd6..377645dd425 100644 --- a/rules/S5283/cfamily/metadata.json +++ b/rules/S5283/cfamily/metadata.json @@ -31,9 +31,11 @@ "securityStandards": { "CERT": [ "ARR32-C." + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, - "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5283/cfamily/rule.adoc b/rules/S5283/cfamily/rule.adoc index 0c527edd16e..b0156446fac 100644 --- a/rules/S5283/cfamily/rule.adoc +++ b/rules/S5283/cfamily/rule.adoc @@ -208,6 +208,8 @@ and the {cpp} standard never supported it, however, they are commonly accepted a === Standards * CERT - https://wiki.sei.cmu.edu/confluence/display/c/ARR32-C.+Ensure+size+arguments+for+variable+length+arrays+are+in+a+valid+range[ARR32-C. Ensure size arguments for variable length arrays are in a valid range] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. + ifdef::env-github,rspecator-view[] diff --git a/rules/S5300/python/metadata.json b/rules/S5300/python/metadata.json index 17971333806..dca761a71ca 100644 --- a/rules/S5300/python/metadata.json +++ b/rules/S5300/python/metadata.json @@ -1,3 +1,5 @@ { - + "tags": [ + "deprecated" + ] } diff --git a/rules/S5300/see.adoc b/rules/S5300/see.adoc index ea0ae4df17c..144684fa4d6 100644 --- a/rules/S5300/see.adoc +++ b/rules/S5300/see.adoc @@ -1,6 +1,6 @@ == See * https://www.damonkohler.com/2008/12/email-injection.html[Email Injection] -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/93[MITRE, CWE-93] - Improper Neutralization of CRLF Sequences ('CRLF Injection') -* https://cwe.mitre.org/data/definitions/80[MITRE, CWE-80] - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/93[CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')] +* CWE - https://cwe.mitre.org/data/definitions/80[CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)] diff --git a/rules/S5302/cfamily/metadata.json b/rules/S5302/cfamily/metadata.json index 24d63162ad3..36070fe8beb 100644 --- a/rules/S5302/cfamily/metadata.json +++ b/rules/S5302/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "misra-c++2008" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5302", diff --git a/rules/S5304/java/rule.adoc b/rules/S5304/java/rule.adoc index 4e43342f423..61e83c8f07d 100644 --- a/rules/S5304/java/rule.adoc +++ b/rules/S5304/java/rule.adoc @@ -55,8 +55,8 @@ public class Main { == See -* https://cwe.mitre.org/data/definitions/526[MITRE, CWE-526] - Information Exposure Through Environmental Variables -* https://cwe.mitre.org/data/definitions/74[MITRE, CWE-74] - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') +* CWE - https://cwe.mitre.org/data/definitions/526[CWE-526 - Information Exposure Through Environmental Variables] +* CWE - https://cwe.mitre.org/data/definitions/74[CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')] ifdef::env-github,rspecator-view[] diff --git a/rules/S5308/cfamily/rule.adoc b/rules/S5308/cfamily/rule.adoc index dfcf676c036..9f3194857f0 100644 --- a/rules/S5308/cfamily/rule.adoc +++ b/rules/S5308/cfamily/rule.adoc @@ -110,7 +110,7 @@ int main(void) { ---- -== Hot to fix it +== How to fix it Always check the return values of the ``++setuid++``-family functions and handle any potential error appropriately. @@ -176,5 +176,5 @@ void undo_setuid(void) { * CERT - https://wiki.sei.cmu.edu/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges[POS36-C. Ensure that privilege relinquishment is successful] * CERT - https://wiki.sei.cmu.edu/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful[POS37-C. Observe correct revocation order while relinquishing privileges] -* CWE - https://cwe.mitre.org/data/definitions/252.html[252 Unchecked Return Value] -* CWE - https://cwe.mitre.org/data/definitions/272.html[272 Least Privilege Violation] +* CWE - https://cwe.mitre.org/data/definitions/252[CWE-252 Unchecked Return Value] +* CWE - https://cwe.mitre.org/data/definitions/272[CWE-272 Least Privilege Violation] diff --git a/rules/S5312/cfamily/rule.adoc b/rules/S5312/cfamily/rule.adoc index 3e75c7185d6..4ad020d7a4b 100644 --- a/rules/S5312/cfamily/rule.adoc +++ b/rules/S5312/cfamily/rule.adoc @@ -3,9 +3,6 @@ This rule is a strict implementation of a MISRA (Motor Industry Software Reliability Association) rule. MISRA defines best practices for developing safety-critical software. You can learn more about this rule in the MISRA documents referenced below. -If you are not concerned with MISRA compliance or with safety-critical software, you might consider using rule S888 instead ; it targets the same kind of issue for general-purpose software. - - == Resources * MISRA {cpp}2008, 6-5-2 @@ -16,6 +13,6 @@ ifdef::env-github,rspecator-view[] == Comments And Links (visible only on this page) -=== is related to: S888 +=== is related to: S888 (not for C/{cpp}) endif::env-github,rspecator-view[] diff --git a/rules/S5314/cfamily/metadata.json b/rules/S5314/cfamily/metadata.json index b630715dc71..82ad40e3469 100644 --- a/rules/S5314/cfamily/metadata.json +++ b/rules/S5314/cfamily/metadata.json @@ -32,6 +32,9 @@ "securityStandards": { "CWE": [ 367 + ], + "STIG ASD_V5R3": [ + "V-222567" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5314/cfamily/rule.adoc b/rules/S5314/cfamily/rule.adoc index f55cff49940..02ce11d7425 100644 --- a/rules/S5314/cfamily/rule.adoc +++ b/rules/S5314/cfamily/rule.adoc @@ -198,9 +198,13 @@ the ABA problem, where `A` and `B` refers to the values of the resource. == Resources +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#cp43-minimize-time-spent-in-a-critical-section[CP.43: Minimize time spent in a critical section] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp43-minimize-time-spent-in-a-critical-section[CP.43: Minimize time spent in a critical section] === Related rules @@ -213,7 +217,7 @@ the ABA problem, where `A` and `B` refers to the values of the resource. * {cpp} reference - https://en.cppreference.com/w/cpp/thread/mutex[`std::mutex`] * {cpp} reference - https://en.cppreference.com/w/cpp/thread/scoped_lock[`std::scoped_lock`] -* https://cwe.mitre.org/data/definitions/367[MITRE, CWE-367] - Time-of-check Time-of-use (TOCTOU) Race Condition +* CWE - https://cwe.mitre.org/data/definitions/367[CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition] * Wikipedia - https://en.wikipedia.org/wiki/ABA_problem[ABA problem] ifdef::env-github,rspecator-view[] diff --git a/rules/S5320/see.adoc b/rules/S5320/see.adoc index a0a45666b61..64ba054c5d7 100644 --- a/rules/S5320/see.adoc +++ b/rules/S5320/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard] - Platform Interaction Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper Platform Usage -* https://cwe.mitre.org/data/definitions/927[MITRE, CWE-927] - Use of Implicit Intent for Sensitive Communication +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Mobile AppSec Verification Standard - Platform Interaction Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper Platform Usage] +* CWE - https://cwe.mitre.org/data/definitions/927[CWE-927 - Use of Implicit Intent for Sensitive Communication] * https://developer.android.com/guide/components/broadcasts.html#restricting_broadcasts_with_permissions[Android documentation] - Broadcast Overview - Security considerations and best practices \ No newline at end of file diff --git a/rules/S5322/see.adoc b/rules/S5322/see.adoc index 6cbe993cdcd..49b06ee7f36 100644 --- a/rules/S5322/see.adoc +++ b/rules/S5322/see.adoc @@ -1,7 +1,7 @@ == See -* https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard] - Platform Interaction Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper Platform Usage -* https://cwe.mitre.org/data/definitions/925[MITRE, CWE-925] - Improper Verification of Intent by Broadcast Receiver -* https://cwe.mitre.org/data/definitions/926[MITRE, CWE-926] - Improper Export of Android Application Components +* OWASP - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Mobile AppSec Verification Standard - Platform Interaction Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper Platform Usage] +* CWE - https://cwe.mitre.org/data/definitions/925[CWE-925 - Improper Verification of Intent by Broadcast Receiver] +* CWE - https://cwe.mitre.org/data/definitions/926[CWE-926 - Improper Export of Android Application Components] * https://developer.android.com/guide/components/broadcasts.html#restricting_broadcasts_with_permissions[Android documentation] - Broadcast Overview - Security considerations and best practices diff --git a/rules/S5324/see.adoc b/rules/S5324/see.adoc index 9710691d012..48d8b28276a 100644 --- a/rules/S5324/see.adoc +++ b/rules/S5324/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] * https://developer.android.com/privacy-and-security/security-tips#ExternalStorage[Android Security tips on external file storage] -* https://mobile-security.gitbook.io/masvs/security-requirements/0x07-v2-data_storage_and_privacy_requirements[Mobile AppSec Verification Standard] - Data Storage and Privacy Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[OWASP Mobile Top 10 2016 Category M2] - Insecure Data Storage -* https://cwe.mitre.org/data/definitions/312[MITRE, CWE-312] - Cleartext Storage of Sensitive Information +* OWASP - https://mas.owasp.org/checklists/MASVS-STORAGE/[Mobile AppSec Verification Standard - Data Storage and Privacy Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[Mobile Top 10 2016 Category M2 - Insecure Data Storage] +* CWE - https://cwe.mitre.org/data/definitions/312[CWE-312 - Cleartext Storage of Sensitive Information] diff --git a/rules/S5326/java/rule.adoc b/rules/S5326/java/rule.adoc index ef1d66b6f86..4e508fb80ec 100644 --- a/rules/S5326/java/rule.adoc +++ b/rules/S5326/java/rule.adoc @@ -61,9 +61,9 @@ public class SSLTLSValidation extends WebViewClient { == See -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/295[MITRE, CWE-295] - Improper Certificate Validation +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation] ifdef::env-github,rspecator-view[] diff --git a/rules/S5328/php/metadata.json b/rules/S5328/php/metadata.json index 023887eceef..ece2bafe32c 100644 --- a/rules/S5328/php/metadata.json +++ b/rules/S5328/php/metadata.json @@ -49,6 +49,10 @@ "2.3.1", "2.6.2", "2.9.2" + ], + "STIG ASD_V5R3": [ + "V-222579", + "V-222582" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5328/php/rule.adoc b/rules/S5328/php/rule.adoc index dc97eea7f85..ac348c535b4 100644 --- a/rules/S5328/php/rule.adoc +++ b/rules/S5328/php/rule.adoc @@ -35,14 +35,16 @@ session_id(bin2hex(random_bytes(16))); // Compliant == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * https://owasp.org/www-community/attacks/Session_fixation[OWASP Sesssion Fixation] -* https://cwe.mitre.org/data/definitions/330[MITRE, CWE-330] - Use of Insufficiently Random Values -* https://cwe.mitre.org/data/definitions/340[MITRE, CWE-340] - Generation of Predictable Numbers or Identifiers +* CWE - https://cwe.mitre.org/data/definitions/330[CWE-330 - Use of Insufficiently Random Values] +* CWE - https://cwe.mitre.org/data/definitions/340[CWE-340 - Generation of Predictable Numbers or Identifiers] * https://www.php.net/random-bytes[PHP: random_bytes()] * https://www.php.net/session-regenerate-id[PHP: session_regenerate_id()] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222579[Application Security and Development: V-222579] - Applications must use system-generated session identifiers that protect against session fixation. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. ifdef::env-github,rspecator-view[] diff --git a/rules/S5329/java/metadata.json b/rules/S5329/java/metadata.json index eddfb3d328d..32e490bcb34 100644 --- a/rules/S5329/java/metadata.json +++ b/rules/S5329/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-5329", "sqKey": "S5329", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5332/ansible/metadata.json b/rules/S5332/ansible/metadata.json new file mode 100644 index 00000000000..b290eb96d5b --- /dev/null +++ b/rules/S5332/ansible/metadata.json @@ -0,0 +1,42 @@ +{ + "securityStandards": { + "CWE": [ + 200, + 319 + ], + "OWASP": [ + + ], + "OWASP Mobile": [ + + ], + "MASVS": [ + + ], + "OWASP Top 10 2021": [ + + ], + "PCI DSS 3.2": [ + "4.1", + "6.5.4" + ], + "PCI DSS 4.0": [ + "4.2.1", + "6.2.4" + ], + "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222397", + "V-222534", + "V-222562", + "V-222563", + "V-222577", + "V-222596", + "V-222597", + "V-222598", + "V-222599" + ] + } + } \ No newline at end of file diff --git a/rules/S5332/ansible/rule.adoc b/rules/S5332/ansible/rule.adoc new file mode 100644 index 00000000000..367891c4d12 --- /dev/null +++ b/rules/S5332/ansible/rule.adoc @@ -0,0 +1,69 @@ +include::../description.adoc[] + +== Ask Yourself Whether + +* Application data needs to be protected against tampering or leaks when transiting over the network. +* Application data transits over an untrusted network. +* Compliance rules require the service to encrypt data in transit. +* OS-level protections against clear-text traffic are deactivated. + +There is a risk if you answered yes to any of those questions. + +== Recommended Secure Coding Practices + +* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols: +** Use ``++sftp++``, ``++scp++``, or ``++ftps++`` instead of ``++ftp++``. +** Use ``++https++`` instead of ``++http++``. + +It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire application or system. + +== Sensitive Code Example + +[source,yaml] +---- +- name: HTTP request + hosts: all + tasks: + - name: Noncompliant + uri: + url: http://example.com # Sensitive +---- + +== Compliant Solution + +[source,yaml] +---- +- name: HTTPS request + hosts: all + tasks: + - name: Noncompliant + uri: + url: https://example.com +---- + +== See + +include::../common/resources/documentation.adoc[] + +include::../common/resources/articles.adoc[] + +include::../common/resources/standards-iac.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +== Message + +* Make sure that using clear-text protocols is safe here. + +== Highlighting + +Highlight the URL. + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S5332/apex/rule.adoc b/rules/S5332/apex/rule.adoc index 4bf66abd07b..bb53c790e3f 100644 --- a/rules/S5332/apex/rule.adoc +++ b/rules/S5332/apex/rule.adoc @@ -32,11 +32,9 @@ public class MyClient { include::../exceptions.adoc[] -== See +include::../see.adoc[] + -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Information Exposure ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/azureresourcemanager/metadata.json b/rules/S5332/azureresourcemanager/metadata.json index 6908a72ec74..ede079338cd 100644 --- a/rules/S5332/azureresourcemanager/metadata.json +++ b/rules/S5332/azureresourcemanager/metadata.json @@ -1,29 +1,45 @@ { - "tags": [ - "cwe" - ], - "securityStandards": { - "CWE": [ - 200, - 319 - ], - "OWASP": [ - ], - "OWASP Mobile": [ - ], - "MASVS": [ - ], - "OWASP Top 10 2021": [ - ], - "PCI DSS 3.2": [ - "4.1", - "6.5.4" - ], - "PCI DSS 4.0": [ - "4.2.1", - "6.2.4" - ], - "ASVS 4.0": [ - ] - } + "tags": [ + "cwe" + ], + "securityStandards": { + "CWE": [ + 200, + 319 + ], + "OWASP": [ + + ], + "OWASP Mobile": [ + + ], + "MASVS": [ + + ], + "OWASP Top 10 2021": [ + + ], + "PCI DSS 3.2": [ + "4.1", + "6.5.4" + ], + "PCI DSS 4.0": [ + "4.2.1", + "6.2.4" + ], + "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222397", + "V-222534", + "V-222562", + "V-222563", + "V-222577", + "V-222596", + "V-222597", + "V-222598", + "V-222599" + ] + } } diff --git a/rules/S5332/azureresourcemanager/rule.adoc b/rules/S5332/azureresourcemanager/rule.adoc index d18db095380..76faf748d86 100644 --- a/rules/S5332/azureresourcemanager/rule.adoc +++ b/rules/S5332/azureresourcemanager/rule.adoc @@ -421,7 +421,14 @@ resource symbolicname 'Microsoft.DBforMySQL/servers@2017-12-01' = { ---- -include::see.adoc[] +== See + +include::../common/resources/documentation.adoc[] + +include::../common/resources/articles.adoc[] + +include::../common/resources/standards-iac.adoc[] + ifdef::env-github,rspecator-view[] diff --git a/rules/S5332/azureresourcemanager/see.adoc b/rules/S5332/azureresourcemanager/see.adoc deleted file mode 100644 index d9786e743d9..00000000000 --- a/rules/S5332/azureresourcemanager/see.adoc +++ /dev/null @@ -1,6 +0,0 @@ -== See - -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor -* https://cwe.mitre.org/data/definitions/319[MITRE, CWE-319] - Cleartext Transmission of Sensitive Information -* https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html[Google, Moving towards more secure web] -* https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/[Mozilla, Deprecating non secure http] diff --git a/rules/S5332/cfamily/rule.adoc b/rules/S5332/cfamily/rule.adoc index da41f3e947c..77f3f63803a 100644 --- a/rules/S5332/cfamily/rule.adoc +++ b/rules/S5332/cfamily/rule.adoc @@ -50,6 +50,7 @@ include::../exceptions.adoc[] include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/cloudformation/metadata.json b/rules/S5332/cloudformation/metadata.json index f44d6ea83fb..8a14dd8d540 100644 --- a/rules/S5332/cloudformation/metadata.json +++ b/rules/S5332/cloudformation/metadata.json @@ -1,4 +1,4 @@ -{ +{ "tags": [ "aws", "cwe" @@ -9,12 +9,16 @@ 319 ], "OWASP": [ + ], "OWASP Mobile": [ + ], "MASVS": [ + ], "OWASP Top 10 2021": [ + ], "PCI DSS 3.2": [ "4.1", @@ -25,6 +29,18 @@ "6.2.4" ], "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222397", + "V-222534", + "V-222562", + "V-222563", + "V-222577", + "V-222596", + "V-222597", + "V-222598", + "V-222599" ] } } diff --git a/rules/S5332/cloudformation/rule.adoc b/rules/S5332/cloudformation/rule.adoc index c1609c79829..19888f42001 100644 --- a/rules/S5332/cloudformation/rule.adoc +++ b/rules/S5332/cloudformation/rule.adoc @@ -193,7 +193,15 @@ Resources: InCluster: true ---- -include::../see.adoc[] + +== See + +include::../common/resources/documentation.adoc[] + +include::../common/resources/articles.adoc[] + +include::../common/resources/standards-iac.adoc[] + ifdef::env-github,rspecator-view[] diff --git a/rules/S5332/common/resources/articles.adoc b/rules/S5332/common/resources/articles.adoc new file mode 100644 index 00000000000..b79594625da --- /dev/null +++ b/rules/S5332/common/resources/articles.adoc @@ -0,0 +1,4 @@ +=== Articles & blog posts + +* Google - https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html[Moving towards more secure web] +* Mozilla - https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/[Deprecating non secure http] diff --git a/rules/S5332/common/resources/documentation.adoc b/rules/S5332/common/resources/documentation.adoc new file mode 100644 index 00000000000..9868f6083d5 --- /dev/null +++ b/rules/S5332/common/resources/documentation.adoc @@ -0,0 +1,4 @@ +=== Documentation + +* AWS Documentation - https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html[Listeners for your Application Load Balancers] +* AWS Documentation - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesis-stream-streamencryption.html[Stream Encryption] diff --git a/rules/S5332/common/resources/standards-iac.adoc b/rules/S5332/common/resources/standards-iac.adoc new file mode 100644 index 00000000000..6515aaea448 --- /dev/null +++ b/rules/S5332/common/resources/standards-iac.adoc @@ -0,0 +1,13 @@ +=== Standards + +* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] +* CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception. diff --git a/rules/S5332/common/resources/standards.adoc b/rules/S5332/common/resources/standards.adoc new file mode 100644 index 00000000000..47c10b53a17 --- /dev/null +++ b/rules/S5332/common/resources/standards.adoc @@ -0,0 +1,17 @@ +=== Standards + +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication] +* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] +* CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception. diff --git a/rules/S5332/docker/metadata.json b/rules/S5332/docker/metadata.json index adb9b0cae35..eea9e472203 100644 --- a/rules/S5332/docker/metadata.json +++ b/rules/S5332/docker/metadata.json @@ -1,31 +1,46 @@ { - "tags": [ - "dockerfile", - "cwe" - ], - "securityStandards": { - "CWE": [ - 200, - 319 - ], - "OWASP": [ - ], - "OWASP Mobile": [ - ], - "MASVS": [ - ], - "OWASP Top 10 2021": [ - ], - "PCI DSS 3.2": [ - "4.1", - "6.5.4" - ], - "PCI DSS 4.0": [ - "4.2.1", - "6.2.4" - ], - "ASVS 4.0": [ - ] - } + "tags": [ + "dockerfile", + "cwe" + ], + "securityStandards": { + "CWE": [ + 200, + 319 + ], + "OWASP": [ + + ], + "OWASP Mobile": [ + + ], + "MASVS": [ + + ], + "OWASP Top 10 2021": [ + + ], + "PCI DSS 3.2": [ + "4.1", + "6.5.4" + ], + "PCI DSS 4.0": [ + "4.2.1", + "6.2.4" + ], + "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222397", + "V-222534", + "V-222562", + "V-222563", + "V-222577", + "V-222596", + "V-222597", + "V-222598", + "V-222599" + ] + } } - \ No newline at end of file diff --git a/rules/S5332/docker/rule.adoc b/rules/S5332/docker/rule.adoc index d6e66f7b76d..c53149edfd6 100644 --- a/rules/S5332/docker/rule.adoc +++ b/rules/S5332/docker/rule.adoc @@ -34,12 +34,15 @@ RUN curl http://www.example.com/ RUN curl https://www.example.com/ ---- + == See -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor -* https://cwe.mitre.org/data/definitions/319[MITRE, CWE-319] - Cleartext Transmission of Sensitive Information -* https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html[Google, Moving towards more secure web] -* https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/[Mozilla, Deprecating non secure http] +include::../common/resources/documentation.adoc[] + +include::../common/resources/articles.adoc[] + +include::../common/resources/standards-iac.adoc[] + ifdef::env-github,rspecator-view[] diff --git a/rules/S5332/go/rule.adoc b/rules/S5332/go/rule.adoc index 06c1702040c..c3e69d0d25f 100644 --- a/rules/S5332/go/rule.adoc +++ b/rules/S5332/go/rule.adoc @@ -54,6 +54,7 @@ include::../exceptions.adoc[] include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/java/metadata.json b/rules/S5332/java/metadata.json index 6afd55ee1cb..765feecc849 100644 --- a/rules/S5332/java/metadata.json +++ b/rules/S5332/java/metadata.json @@ -1,3 +1,7 @@ { - "quickfix": "unknown" + "quickfix": "unknown", + "tags": [ + "cwe", + "android" + ] } diff --git a/rules/S5332/java/rule.adoc b/rules/S5332/java/rule.adoc index 6ddd1d2fcfe..70e14c40c01 100644 --- a/rules/S5332/java/rule.adoc +++ b/rules/S5332/java/rule.adoc @@ -85,6 +85,7 @@ include::../exceptions.adoc[] include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/javascript/rule.adoc b/rules/S5332/javascript/rule.adoc index cb44dd7e9ac..9c73957b8cd 100644 --- a/rules/S5332/javascript/rule.adoc +++ b/rules/S5332/javascript/rule.adoc @@ -471,6 +471,7 @@ include::../exceptions.adoc[] include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/kotlin/metadata.json b/rules/S5332/kotlin/metadata.json index 6afd55ee1cb..765feecc849 100644 --- a/rules/S5332/kotlin/metadata.json +++ b/rules/S5332/kotlin/metadata.json @@ -1,3 +1,7 @@ { - "quickfix": "unknown" + "quickfix": "unknown", + "tags": [ + "cwe", + "android" + ] } diff --git a/rules/S5332/kotlin/rule.adoc b/rules/S5332/kotlin/rule.adoc index ce0d68895d5..b799c268041 100644 --- a/rules/S5332/kotlin/rule.adoc +++ b/rules/S5332/kotlin/rule.adoc @@ -85,6 +85,7 @@ include::../exceptions.adoc[] include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/kubernetes/metadata.json b/rules/S5332/kubernetes/metadata.json new file mode 100644 index 00000000000..ede079338cd --- /dev/null +++ b/rules/S5332/kubernetes/metadata.json @@ -0,0 +1,45 @@ +{ + "tags": [ + "cwe" + ], + "securityStandards": { + "CWE": [ + 200, + 319 + ], + "OWASP": [ + + ], + "OWASP Mobile": [ + + ], + "MASVS": [ + + ], + "OWASP Top 10 2021": [ + + ], + "PCI DSS 3.2": [ + "4.1", + "6.5.4" + ], + "PCI DSS 4.0": [ + "4.2.1", + "6.2.4" + ], + "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222397", + "V-222534", + "V-222562", + "V-222563", + "V-222577", + "V-222596", + "V-222597", + "V-222598", + "V-222599" + ] + } +} diff --git a/rules/S5332/kubernetes/rule.adoc b/rules/S5332/kubernetes/rule.adoc new file mode 100644 index 00000000000..314f8d540c4 --- /dev/null +++ b/rules/S5332/kubernetes/rule.adoc @@ -0,0 +1,82 @@ +include::../description.adoc[] + +== Ask Yourself Whether + +* Application data needs to be protected against tampering or leaks when transiting over the network. +* Application data transits over an untrusted network. +* Compliance rules require the service to encrypt data in transit. +* OS-level protections against clear-text traffic are deactivated. + +There is a risk if you answered yes to any of those questions. + +== Recommended Secure Coding Practices + +* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols: +** Use ``++sftp++``, ``++scp++``, or ``++ftps++`` instead of ``++ftp++``. +** Use ``++https++`` instead of ``++http++``. + +It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire application or system. + +== Sensitive Code Example + +[source,yaml] +---- +apiVersion: batch/v1 +kind: Job +metadata: + name: curl +spec: + template: + spec: + containers: + - name: curl + image: curlimages/curl + command: ["curl"] + args: ["http://example.com/"] # Sensitive +---- + +== Compliant Solution + +[source,yaml] +---- +apiVersion: batch/v1 +kind: Job +metadata: + name: curl +spec: + template: + spec: + containers: + - name: curl + image: curlimages/curl + command: ["curl"] + args: ["https://example.com/"] +---- + + +== See + +include::../common/resources/documentation.adoc[] + +include::../common/resources/articles.adoc[] + +include::../common/resources/standards-iac.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +== Message + +* Make sure that using clear-text protocols is safe here. + +== Highlighting + +Highlight the URL. + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S5332/metadata.json b/rules/S5332/metadata.json index 8713039f0ca..1c4aa906db2 100644 --- a/rules/S5332/metadata.json +++ b/rules/S5332/metadata.json @@ -52,6 +52,17 @@ "1.9.1", "9.1.1", "9.2.2" + ], + "STIG ASD_V5R3": [ + "V-222397", + "V-222534", + "V-222562", + "V-222563", + "V-222577", + "V-222596", + "V-222597", + "V-222598", + "V-222599" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5332/php/rule.adoc b/rules/S5332/php/rule.adoc index e10f9fb7ce7..11c909e49de 100644 --- a/rules/S5332/php/rule.adoc +++ b/rules/S5332/php/rule.adoc @@ -47,6 +47,7 @@ include::../exceptions.adoc[] include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/python/rule.adoc b/rules/S5332/python/rule.adoc index 6c346b32a72..ef62497939f 100644 --- a/rules/S5332/python/rule.adoc +++ b/rules/S5332/python/rule.adoc @@ -636,6 +636,7 @@ include::../exceptions.adoc[] include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/see.adoc b/rules/S5332/see.adoc index c2beb0b3650..43075beb207 100644 --- a/rules/S5332/see.adoc +++ b/rules/S5332/see.adoc @@ -1,12 +1,7 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://mobile-security.gitbook.io/masvs/security-requirements/0x10-v5-network_communication_requirements[Mobile AppSec Verification Standard] - Network Communication Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[OWASP Mobile Top 10 2016 Category M3] - Insecure Communication -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor -* https://cwe.mitre.org/data/definitions/319[MITRE, CWE-319] - Cleartext Transmission of Sensitive Information -* https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html[Google, Moving towards more secure web] -* https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/[Mozilla, Deprecating non secure http] -* https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html[AWS Documentation] - Listeners for your Application Load Balancers -* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesis-stream-streamencryption.html[AWS Documentation] - Stream Encryption +include::common/resources/documentation.adoc[] + +include::common/resources/articles.adoc[] + +include::common/resources/standards.adoc[] diff --git a/rules/S5332/terraform/metadata.json b/rules/S5332/terraform/metadata.json index d53d8bf22df..87d4f17df23 100644 --- a/rules/S5332/terraform/metadata.json +++ b/rules/S5332/terraform/metadata.json @@ -1,22 +1,26 @@ { - "tags": [ - "aws", - "azure", - "gcp", - "cwe" - ], + "tags": [ + "aws", + "azure", + "gcp", + "cwe" + ], "securityStandards": { "CWE": [ 200, 319 ], "OWASP": [ + ], "OWASP Mobile": [ + ], "MASVS": [ + ], "OWASP Top 10 2021": [ + ], "PCI DSS 3.2": [ "4.1", @@ -27,6 +31,18 @@ "6.2.4" ], "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222397", + "V-222534", + "V-222562", + "V-222563", + "V-222577", + "V-222596", + "V-222597", + "V-222598", + "V-222599" ] } } diff --git a/rules/S5332/terraform/rule.adoc b/rules/S5332/terraform/rule.adoc index f210b13e205..2c7063b2111 100644 --- a/rules/S5332/terraform/rule.adoc +++ b/rules/S5332/terraform/rule.adoc @@ -210,7 +210,15 @@ resource "google_compute_region_backend_service" "example" { include::../exceptions.adoc[] -include::../see.adoc[] + +== See + +include::../common/resources/documentation.adoc[] + +include::../common/resources/articles.adoc[] + +include::../common/resources/standards-iac.adoc[] + ifdef::env-github,rspecator-view[] diff --git a/rules/S5332/vbnet/rule.adoc b/rules/S5332/vbnet/rule.adoc index 15d5366a6cf..6926bef17cb 100644 --- a/rules/S5332/vbnet/rule.adoc +++ b/rules/S5332/vbnet/rule.adoc @@ -42,6 +42,7 @@ include::../exceptions.adoc[] include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5332/xml/metadata.json b/rules/S5332/xml/metadata.json index 6afd55ee1cb..765feecc849 100644 --- a/rules/S5332/xml/metadata.json +++ b/rules/S5332/xml/metadata.json @@ -1,3 +1,7 @@ { - "quickfix": "unknown" + "quickfix": "unknown", + "tags": [ + "cwe", + "android" + ] } diff --git a/rules/S5332/xml/rule.adoc b/rules/S5332/xml/rule.adoc index ec09b844688..c828a96be9c 100644 --- a/rules/S5332/xml/rule.adoc +++ b/rules/S5332/xml/rule.adoc @@ -33,6 +33,7 @@ is implicitely set to ``++true++``. include::../see.adoc[] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5334/common/resources/standards.adoc b/rules/S5334/common/resources/standards.adoc index b6c43509c52..b9c1a912cec 100644 --- a/rules/S5334/common/resources/standards.adoc +++ b/rules/S5334/common/resources/standards.adoc @@ -1,6 +1,8 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/95[MITRE, CWE-95] - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/95[CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S5334/csharp/how-to-fix-it/dotnet.adoc b/rules/S5334/csharp/how-to-fix-it/dotnet.adoc index 6256302c753..b566291f058 100644 --- a/rules/S5334/csharp/how-to-fix-it/dotnet.adoc +++ b/rules/S5334/csharp/how-to-fix-it/dotnet.adoc @@ -28,7 +28,8 @@ public class ExampleController : Controller var provider = CodeDomProvider.CreateProvider("CSharp"); var compilerParameters = new CompilerParameters { ReferencedAssemblies = { "System.dll", "System.Runtime.dll" } }; - var compilerResults = provider.CompileAssemblyFromSource(compilerParameters, code); + var compilerResults = provider.CompileAssemblyFromSource(compilerParameters, code); // Noncompliant + object myInstance = compilerResults.CompiledAssembly.CreateInstance("MyClass"); myInstance.GetType().GetMethod("MyMethod").Invoke(myInstance, new object[0]); } diff --git a/rules/S5334/java/how-to-fix-it/jsp.adoc b/rules/S5334/java/how-to-fix-it/jsp.adoc new file mode 100644 index 00000000000..3e59f5ac8f8 --- /dev/null +++ b/rules/S5334/java/how-to-fix-it/jsp.adoc @@ -0,0 +1,53 @@ +== How to fix it in JSP + +=== Code examples + +The following code is vulnerable to arbitrary code execution because it compiles +and runs HTTP data. + +==== Noncompliant code example + +[source,java,diff-id=21,diff-type=noncompliant] +---- +<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> + +---- + +==== Compliant solution + +It is not possible to securely include user input in a SpEL expression inside of +the template. Evaluate the expression in the controller and pass the result to +the template instead. + +[source,java,diff-id=21,diff-type=compliant] +---- +import org.springframework.expression.Expression; +import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; +import org.springframework.ui.Model; + +@Controller +public class ExampleController +{ + @GetMapping(value = "/") + public void exec(@RequestParam("message") String message, Model model) { + StandardEvaluationContext evaluationContext = new StandardEvaluationContext(); + evaluationContext.setVariable("msg", message); + + ExpressionParser parser = new SpelExpressionParser(); + Expression exp = parser.parseExpression("#msg"); + String result = (String) exp.getValue(evaluationContext); + model.addAttribute("result", result); + } +} +---- + +=== How does this work? + +include::../../common/fix/introduction.adoc[] + +include::../../common/fix/parameters.adoc[] + +The compliant code example uses such an approach. + +include::../../common/fix/allowlist.adoc[] diff --git a/rules/S5334/java/how-to-fix-it/spring.adoc b/rules/S5334/java/how-to-fix-it/spring.adoc new file mode 100644 index 00000000000..ce7a044278f --- /dev/null +++ b/rules/S5334/java/how-to-fix-it/spring.adoc @@ -0,0 +1,58 @@ +== How to fix it in Spring + +=== Code examples + +The following code is vulnerable to arbitrary code execution because it compiles +and runs HTTP data. + +==== Noncompliant code example + +[source,java,diff-id=11,diff-type=noncompliant] +---- +import org.springframework.expression.Expression; +import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; + +@Controller +public class ExampleController +{ + @GetMapping(value = "/") + public void exec(@RequestParam("message") String message) { + ExpressionParser parser = new SpelExpressionParser(); + Expression exp = parser.parseExpression(message); + } +} +---- + +==== Compliant solution + +[source,java,diff-id=11,diff-type=compliant] +---- +import org.springframework.expression.Expression; +import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; + +@Controller +public class ExampleController +{ + @GetMapping(value = "/") + public void exec(@RequestParam("message") String message) { + StandardEvaluationContext evaluationContext = new StandardEvaluationContext(); + evaluationContext.setVariable("msg", message); + + ExpressionParser parser = new SpelExpressionParser(); + Expression exp = parser.parseExpression("#msg"); + String result = (String) exp.getValue(evaluationContext); + } +} +---- + +=== How does this work? + +include::../../common/fix/introduction.adoc[] + +include::../../common/fix/parameters.adoc[] + +The compliant code example uses such an approach. + +include::../../common/fix/allowlist.adoc[] diff --git a/rules/S5334/java/metadata.json b/rules/S5334/java/metadata.json index 17971333806..0fa3ccd335d 100644 --- a/rules/S5334/java/metadata.json +++ b/rules/S5334/java/metadata.json @@ -1,3 +1,30 @@ { - + "securityStandards": { + "CWE": [ + 20, + 95, + 917 + ], + "OWASP": [ + "A1" + ], + "OWASP Top 10 2021": [ + "A3" + ], + "PCI DSS 3.2": [ + "6.5.1" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "5.1.3", + "5.1.4", + "5.2.4", + "5.5.4" + ], + "STIG ASD_V5R3": [ + "V-222609" + ] + } } diff --git a/rules/S5334/java/rule.adoc b/rules/S5334/java/rule.adoc index c50eb45077e..e7c980d651d 100644 --- a/rules/S5334/java/rule.adoc +++ b/rules/S5334/java/rule.adoc @@ -8,12 +8,18 @@ include::../impact.adoc[] include::how-to-fix-it/commons-compiler.adoc[] +include::how-to-fix-it/jsp.adoc[] + +include::how-to-fix-it/spring.adoc[] + == Resources include::../common/resources/articles.adoc[] include::../common/resources/standards.adoc[] +* CWE - https://cwe.mitre.org/data/definitions/917[CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')] + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5334/metadata.json b/rules/S5334/metadata.json index 09ecfc45030..4d5bca00a2c 100644 --- a/rules/S5334/metadata.json +++ b/rules/S5334/metadata.json @@ -49,6 +49,9 @@ "5.1.4", "5.2.4", "5.5.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5335/php/metadata.json b/rules/S5335/php/metadata.json index 03f84d26024..5c8b921548c 100644 --- a/rules/S5335/php/metadata.json +++ b/rules/S5335/php/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,12 +16,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5335", @@ -52,6 +48,9 @@ "12.3.6", "5.1.3", "5.3.9" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5335/php/rule.adoc b/rules/S5335/php/rule.adoc index 0bf79bb5e4c..877e948207d 100644 --- a/rules/S5335/php/rule.adoc +++ b/rules/S5335/php/rule.adoc @@ -96,13 +96,16 @@ client-side front-ends. == Resources -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[OWASP Top 10 2021 Category A8] - Software and Data Integrity Failures -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/97[MITRE, CWE-97] - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page -* https://cwe.mitre.org/data/definitions/98[MITRE, CWE-98] - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') -* https://cwe.mitre.org/data/definitions/829[MITRE, CWE-829] - Inclusion of Functionality from Untrusted Control Sphere +=== Standards + +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[Top 10 2021 Category A8 - Software and Data Integrity Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/97[CWE-97 - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page] +* CWE - https://cwe.mitre.org/data/definitions/98[CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')] +* CWE - https://cwe.mitre.org/data/definitions/829[CWE-829 - Inclusion of Functionality from Untrusted Control Sphere] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. ifdef::env-github,rspecator-view[] diff --git a/rules/S5344/common/extra-mile/argon-cli.adoc b/rules/S5344/common/extra-mile/argon-cli.adoc new file mode 100644 index 00000000000..d679efc8c94 --- /dev/null +++ b/rules/S5344/common/extra-mile/argon-cli.adoc @@ -0,0 +1,13 @@ +==== Selecting safe custom parameters for Argon2 + +To determine which one is the most appropriate for your application, you can use +the argon2 CLI, for example with OWASP's first recommendation: + +[source,shell] +---- +$ pip install argon2 +$ python -m argon2 -t 1 -m 47104 -p 1 -l 32 +---- + +https://argon2-cffi.readthedocs.io/en/stable/api.html#module-argon2.profiles[Learn more here]. + diff --git a/rules/S5344/common/extra-mile/peppering.adoc b/rules/S5344/common/extra-mile/peppering.adoc new file mode 100644 index 00000000000..2a5abaf6350 --- /dev/null +++ b/rules/S5344/common/extra-mile/peppering.adoc @@ -0,0 +1,9 @@ +==== Pepper + +In a defense-in-depth security approach, **peppering** can also be used. This is +a security technique where an external secret value is added to a password +before it is hashed. + +This makes it more difficult for an attacker to crack the hashed passwords, as +they would need to know the secret value to generate the correct hash. + +https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#peppering[Learn more here]. + diff --git a/rules/S5344/common/fix/argon-parameters.adoc b/rules/S5344/common/fix/argon-parameters.adoc new file mode 100644 index 00000000000..d5d9694f057 --- /dev/null +++ b/rules/S5344/common/fix/argon-parameters.adoc @@ -0,0 +1,55 @@ +==== Select the correct Argon2 parameters + +In general, the default values of the Argon2 library are considered safe. If you +need to change the parameters, you should note the following: + +First, Argon2 comes in three forms: Argon2i, Argon2d and Argon2id. +Argon2i is optimized for hashing passwords and uses data-independent memory +access. Argon2d is faster and uses data-dependent memory access, making it +suitable for applications where there is no risk of side-channel attacks. + +Argon2id is a mixture of Argon2i and Argon2d and is recommended for most applications. + +Argon2id has three different parameters that can be configured: the basic +minimum memory size (m), the minimum number of iterations (t) and the degree of +parallelism (p). + +The higher the values of m, t and p result in safer hashes, but come at the cost of higher +resource usage. There exist general recommendations that balance security and speed in an +optimal way. + +Hashes should be at least 32 bytes long and salts should be at least 16 bytes long. + +Next, the recommended parameters for Argon2id are: + +[options="header",cols="a,a,a,a"] +|=== +|Recommendation type |Time Cost |Memory Cost |Parallelism +|Argon2 Creators +|1 +|2097152 (2 GiB) +|4 +|Argon2 Creators +|3 +|65536 (64 MiB) +|4 +|OWASP +|1 +|47104 (46 MiB) +|1 +|OWASP +|2 +|19456 (19 MiB) +|1 +|OWASP +|3 +|12288 (12 MiB) +|1 +|OWASP +|4 +|9216 (9 MiB) +|1 +|OWASP +|5 +|7168 (7 MiB) +|1 +|=== + diff --git a/rules/S5344/common/fix/bcrypt-parameters.adoc b/rules/S5344/common/fix/bcrypt-parameters.adoc new file mode 100644 index 00000000000..98ff49e0d11 --- /dev/null +++ b/rules/S5344/common/fix/bcrypt-parameters.adoc @@ -0,0 +1,12 @@ +==== Select the correct Bcrypt parameters + +When bcrypt's hashing function is used, it is important to select a round count +that is high enough to make the function slow enough to prevent brute force: +More than 12 rounds. + +For bcrypt's key derivation function, the number of rounds should likewise be +high enough to make the function slow enough to prevent brute force: More than +4096 rounds `+(2^12)+`. + +This number is not the same coefficient as the first one because it uses +a different algorithm. + diff --git a/rules/S5344/common/fix/password-hashing.adoc b/rules/S5344/common/fix/password-hashing.adoc new file mode 100644 index 00000000000..041237aaeb8 --- /dev/null +++ b/rules/S5344/common/fix/password-hashing.adoc @@ -0,0 +1,26 @@ +==== Use secure password hashing algorithms + +In general, you should rely on an algorithm that has no known security +vulnerabilities. The MD5 and SHA-1 algorithms should not be used. + +Some algorithms, such as the SHA family functions, are considered strong for +some use cases, but are too fast in computation and therefore vulnerable to +brute force attacks, especially with bruteforce-attack-oriented hardware. + +To protect passwords, it is therefore important to choose modern, slow +password-hashing algorithms. The following algorithms are, in order of strength, +the most secure password hashing algorithms to date: + +. Argon2 +. scrypt +. bcrypt +. PBKDF2 + +Argon2 should be the best choice, and others should be used when the previous +one is not available. For systems that must use FIPS-140-certified algorithms, +PBKDF2 should be used. + +Whenever possible, choose the strongest algorithm available. If the algorithm +currently used by your system should be upgraded, OWASP documents possible +upgrade methods here: +https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#upgrading-legacy-hashes[Upgrading Legacy Hashes]. diff --git a/rules/S5344/common/fix/pbkdf2-parameters.adoc b/rules/S5344/common/fix/pbkdf2-parameters.adoc new file mode 100644 index 00000000000..e00849bdc2a --- /dev/null +++ b/rules/S5344/common/fix/pbkdf2-parameters.adoc @@ -0,0 +1,18 @@ +==== Select the correct PBKDF2 parameters + +If PBKDF2 must be used, be aware that default values might not be considered +secure. + +Depending on the algorithm used, the number of iterations should be adjusted to +ensure that the derived key is secure. The following are the recommended number +of iterations for PBKDF2: + +* PBKDF2-HMAC-SHA1: 1,300,000 iterations +* PBKDF2-HMAC-SHA256: 600,000 iterations +* PBKDF2-HMAC-SHA512: 210,000 iterations + +Note that PBKDF2-HMAC-SHA256 is recommended by NIST. + +Iterations are also called "rounds" depending on the library used. + +When recommended cost factors are too high in the context of the application or +if the performance cost is unacceptable, a cost factor reduction might be +considered. In that case, it should not be chosen under 100,000. diff --git a/rules/S5344/common/fix/plaintext-password.adoc b/rules/S5344/common/fix/plaintext-password.adoc new file mode 100644 index 00000000000..4dc5149fd23 --- /dev/null +++ b/rules/S5344/common/fix/plaintext-password.adoc @@ -0,0 +1,12 @@ +==== Never store passwords in plaintext + +A user password should never be stored in plaintext. Instead, a hash should be +produced from it using a secure algorithm. When dealing with password storage +security, best practices recommend relying on a slow hashing algorithm, that +will make brute force attacks more difficult. Using a hashing function with +adaptable computation and memory complexity also is recommended to be able to +increase the security level with time. + +Adding a salt to the digest computation is also recommended to prevent +pre-computed table attacks (see rule S2053). + diff --git a/rules/S5344/common/fix/scrypt-parameters.adoc b/rules/S5344/common/fix/scrypt-parameters.adoc new file mode 100644 index 00000000000..6fc268b1fb0 --- /dev/null +++ b/rules/S5344/common/fix/scrypt-parameters.adoc @@ -0,0 +1,32 @@ +==== Select the correct Scrypt parameters + +If scrypt must be used, the default values of scrypt are considered secure. + +Like Argon2id, scrypt has three different parameters that can be configured. N is the CPU/memory cost parameter and must be a power of two. r is the block size and p is the parallelization factor. + +All three parameters affect the memory and CPU usage of the algorithm. +Higher values of N, r and p result in safer hashes, but come at the cost of higher resource usage. + +For scrypt, OWASP recommends to have a hash length of at least 64 bytes, and to set N, p and r to the values of one of the following rows: + +[options="header",cols="a,a,a"] +|=== +|N (cost parameter) |p (parallelization factor) |r (block size) +|2^17^ (`1 << 17`) +|1 +|8 +|2^16^ (`1 << 16`) +|2 +|8 +|2^15^ (`1 << 15`) +|3 +|8 +|2^14^ (`1 << 14`) +|5 +|8 +|2^13^ (`1 << 13`) +|10 +|8 +|=== + +Every row provides the same level of defense. They only differ in the amount of CPU and RAM used: the top row has low CPU usage and high memory usage, while the bottom row has high CPU usage and low memory usage. \ No newline at end of file diff --git a/rules/S5344/common/pitfalls/pre-hashing.adoc b/rules/S5344/common/pitfalls/pre-hashing.adoc new file mode 100644 index 00000000000..fcdb1b8ac05 --- /dev/null +++ b/rules/S5344/common/pitfalls/pre-hashing.adoc @@ -0,0 +1,13 @@ +==== Pre-hashing passwords + +As bcrypt has a maximum length input length of 72 bytes for most +implementations, some developers may be tempted to pre-hash the password with a +stronger algorithm before hashing it with bcrypt. + +Pre-hashing passwords with bcrypt is not recommended as it can lead to +a specific range of issues. Using a strong salt and a high number of rounds is +enough to protect the password. + +More information about this can be found here: +https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords-with-bcrypt[Pre-hashing Passwords with Bcrypt]. + diff --git a/rules/S5344/common/resources/documentation.adoc b/rules/S5344/common/resources/documentation.adoc new file mode 100644 index 00000000000..b0498ff9cac --- /dev/null +++ b/rules/S5344/common/resources/documentation.adoc @@ -0,0 +1,3 @@ +=== Documentation + +* OWASP CheatSheet - https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html[Password Storage Cheat Sheet] diff --git a/rules/S5344/common/resources/standards.adoc b/rules/S5344/common/resources/standards.adoc new file mode 100644 index 00000000000..ee360d15d97 --- /dev/null +++ b/rules/S5344/common/resources/standards.adoc @@ -0,0 +1,9 @@ +=== Standards + +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/256[CWE-256 - Plaintext Storage of a Password] +* CWE - https://cwe.mitre.org/data/definitions/916[CWE-916 - Use of Password Hash With Insufficient Computational Effort] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords. + diff --git a/rules/S5344/csharp/highlighting.adoc b/rules/S5344/csharp/highlighting.adoc new file mode 100644 index 00000000000..2013eb8dc76 --- /dev/null +++ b/rules/S5344/csharp/highlighting.adoc @@ -0,0 +1,36 @@ +=== Highlighting + +==== .NET Core + +For `Microsoft.AspNetCore.Identity`: +When `PasswordHasherOptions.IterationCount` is < 100,000, highlight the IterationCount attribute. +When `PasswordHasherOptions.CompatibilityMode` is set to `PasswordHasherCompatibilityMode.IdentityV2`, highlight the +corresponding attribute. + +For `Microsoft.AspNetCore.Cryptography.KeyDerivation`: +When `KeyDerivation.Pbkdf2` is called with `iterationCount` < 100,000, highlight the iterationCount parameter. + +For `System.Security.Cryptography`: +When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000, highlight the iterations parameter. +When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter highlight the whole constructor call. + +==== .NET framework + +For `Microsoft.AspNet.Identity`: +When a `PasswordHasher` is instantiated highlight the constructor. + +For `System.Security.Cryptography`: +When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000 or +when Rfc2898DeriveBytes.Pbkdf2 is called with an `iterations` parameter < 100,000, highlight the iterations parameter. +When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter highlight the whole constructor call. + +==== BouncyCastle + +For `Org.BouncyCastle.Crypto.Generators.OpenBsdBCrypt`, or `Org.BouncyCastle.Crypto.Generators.BCrypt`: +When `Generate` is called with cost < 12, highlight the cost parameter. + +For `Org.BouncyCastle.Crypto.PbeParametersGenerator`: +When `Init` is called with `iterationCount` < 100,000, highlight the iteration count parameter. + +For `Org.BouncyCastle.Crypto.Generators.SCrypt`: +When `Generate` is called with N < 2^12, r < 8, or dklen < 32, highlight the weak parameter. \ No newline at end of file diff --git a/rules/S5344/csharp/how-to-fix-it/aspnetcore.adoc b/rules/S5344/csharp/how-to-fix-it/aspnetcore.adoc new file mode 100644 index 00000000000..1a562eb938e --- /dev/null +++ b/rules/S5344/csharp/how-to-fix-it/aspnetcore.adoc @@ -0,0 +1,97 @@ +== How to fix it in ASP.NET Core + +=== Code examples + +==== Noncompliant code example + +Using `Microsoft.AspNetCore.Cryptography.KeyDerivation`: +[source,csharp,diff-id=101,diff-type=noncompliant] +---- +using Microsoft.AspNetCore.Cryptography.KeyDerivation; +using System.Security.Cryptography; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); + +string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2( + password: password!, + salt: salt, + prf: KeyDerivationPrf.HMACSHA256, + iterationCount: 1, // Noncompliant + numBytesRequested: 256 / 8)); +---- + +Using `System.Security.Cryptography`: +[source,csharp,diff-id=102,diff-type=noncompliant] +---- +using System.Security.Cryptography; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); +Rfc2898DeriveBytes kdf = new Rfc2898DeriveBytes(password, 128/8); // Noncompliant +string hashed = Convert.ToBase64String(kdf.GetBytes(256 / 8)); +---- + +Using `Microsoft.AspNetCore.Identity`: +[source,csharp,diff-id=103,diff-type=noncompliant] +---- +using Microsoft.AspNetCore.Identity; +using Microsoft.Extensions.Options; + +string password = Request.Query["password"]; +IOptions options = Options.Create(new PasswordHasherOptions() { + IterationCount = 1 // Noncompliant +}); +PasswordHasher hasher = new PasswordHasher(options); +string hash = hasher.HashPassword(new User("test"), password); +---- + +==== Compliant solution + +Using `Microsoft.AspNetCore.Cryptography.KeyDerivation`: +[source,csharp,diff-id=101,diff-type=compliant] +---- +using Microsoft.AspNetCore.Cryptography.KeyDerivation; +using System.Security.Cryptography; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); + +string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2( + password: password!, + salt: salt, + prf: KeyDerivationPrf.HMACSHA256, + iterationCount: 100_000, + numBytesRequested: 256 / 8)); +---- + +Using `System.Security.Cryptography` +[source,csharp,diff-id=102,diff-type=compliant] +---- +using System.Security.Cryptography; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); +Rfc2898DeriveBytes kdf = new Rfc2898DeriveBytes(password, salt, 100_000, HashAlgorithmName.SHA256); +string hashed = Convert.ToBase64String(kdf.GetBytes(256 / 8)); +---- + +Using `Microsoft.AspNetCore.Identity`: +[source,csharp,diff-id=103,diff-type=compliant] +---- +using Microsoft.AspNetCore.Identity; +using Microsoft.Extensions.Options; + +string password = Request.Query["password"]; +PasswordHasher hasher = new PasswordHasher(); +string hash = hasher.HashPassword(new User("test"), password); +---- + +=== How does this work? + +include::../../common/fix/pbkdf2-parameters.adoc[] + +=== Going the extra mile + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/csharp/how-to-fix-it/aspnetframework.adoc b/rules/S5344/csharp/how-to-fix-it/aspnetframework.adoc new file mode 100644 index 00000000000..26a3b3a737f --- /dev/null +++ b/rules/S5344/csharp/how-to-fix-it/aspnetframework.adoc @@ -0,0 +1,48 @@ +== How to fix it in ASP.NET + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=201,diff-type=noncompliant] +---- +using System.Security.Cryptography; + +RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider(); +byte[] salt = new byte[32]; +rngCsp.GetBytes(salt); +Rfc2898DeriveBytes kdf = new Rfc2898DeriveBytes(password, salt, 100, HashAlgorithmName.SHA256); // Noncompliant +string hashed = Convert.ToBase64String(kdf.GetBytes(256 / 8)); +---- + +Using `using Microsoft.AspNet.Identity`: +[source,csharp] +---- +using Microsoft.AspNet.Identity; + +string password = "NotSoSecure"; +PasswordHasher hasher = new PasswordHasher(); +string hash = hasher.HashPassword(password); // Noncompliant +---- + +==== Compliant solution + +[source,csharp,diff-id=201,diff-type=compliant] +---- +using System.Security.Cryptography; + +RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider(); +byte[] salt = new byte[32]; +rngCsp.GetBytes(salt); +Rfc2898DeriveBytes kdf = new Rfc2898DeriveBytes(password, salt, 100_000, HashAlgorithmName.SHA256); // Compliant +string hashed = Convert.ToBase64String(kdf.GetBytes(256 / 8)); +---- + +=== How does this work? + +include::../../common/fix/pbkdf2-parameters.adoc[] + +=== Going the extra mile + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/csharp/how-to-fix-it/bouncycastle.adoc b/rules/S5344/csharp/how-to-fix-it/bouncycastle.adoc new file mode 100644 index 00000000000..5af33cbd909 --- /dev/null +++ b/rules/S5344/csharp/how-to-fix-it/bouncycastle.adoc @@ -0,0 +1,96 @@ +== How to fix it in BouncyCastle + +=== Code examples + +==== Noncompliant code example + +Using SCrypt: +[source,csharp,diff-id=301,diff-type=noncompliant] +---- +using Org.BouncyCastle.Crypto.Generators; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); // divide by 8 to convert bits to bytes + +string hashed = Convert.ToBase64String(SCrypt.Generate(Encoding.Unicode.GetBytes(password), salt, 4, 2, 1, 32)); // Noncompliant +---- + +Using BCrypt: +[source,csharp,diff-id=302,diff-type=noncompliant] +---- +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Parameters; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); + +string hashed = OpenBsdBCrypt.Generate(password.ToCharArray(), salt, 4); // Noncompliant +---- + +Using PBKDF2: +[source,csharp,diff-id=303,diff-type=noncompliant] +---- +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Parameters; +using System.Security.Cryptography; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); +Pkcs5S2ParametersGenerator gen = new Pkcs5S2ParametersGenerator(); +gen.Init(Encoding.Unicode.GetBytes(password), salt, 100); // Noncompliant +KeyParameter keyParam = (KeyParameter) gen.GenerateDerivedMacParameters(256); +string hashed = Convert.ToBase64String(keyParam.GetKey()); +---- + +==== Compliant solution + +Using SCrypt: +[source,csharp,diff-id=301,diff-type=compliant] +---- +using Org.BouncyCastle.Crypto.Generators; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); // divide by 8 to convert bits to bytes + +string hashed = Convert.ToBase64String(SCrypt.Generate(Encoding.Unicode.GetBytes(password), salt, 1<<12, 8, 1, 32)); // Noncompliant +---- + +Using BCrypt: +[source,csharp,diff-id=302,diff-type=compliant] +---- +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Parameters; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); + +string hashed = OpenBsdBCrypt.Generate(password.ToCharArray(), salt, 14); // Noncompliant +---- + +Using PBKDF2: +[source,csharp,diff-id=303,diff-type=compliant] +---- +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Parameters; +using System.Security.Cryptography; + +string password = Request.Query["password"]; +byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); +Pkcs5S2ParametersGenerator gen = new Pkcs5S2ParametersGenerator(); +gen.Init(Encoding.Unicode.GetBytes(password), salt, 100_000); // Noncompliant +KeyParameter keyParam = (KeyParameter) gen.GenerateDerivedMacParameters(256); +string hashed = Convert.ToBase64String(keyParam.GetKey()); +---- + +=== How does this work? + +include::../../common/fix/bcrypt-parameters.adoc[] + +include::../../common/fix/scrypt-parameters.adoc[] + +include::../../common/fix/pbkdf2-parameters.adoc[] + +=== Going the extra mile + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/csharp/message.adoc b/rules/S5344/csharp/message.adoc new file mode 100644 index 00000000000..9d2d50ff988 --- /dev/null +++ b/rules/S5344/csharp/message.adoc @@ -0,0 +1,71 @@ +=== Message + +==== .NET Core + +For `Microsoft.AspNetCore.Identity`: +When `PasswordHasherOptions.IterationCount` is < 100,000: + +> Use at least 10 000 iterations here. + +When `PasswordHasherOptions.CompatibilityMode` is set to `PasswordHasherCompatibilityMode.IdentityV2`: + +> Identity v2 uses only 1000 iterations. Considers changing to identity V3. + + +For `Microsoft.AspNetCore.Cryptography.KeyDerivation`: +When `KeyDerivation.Pbkdf2` is called with `iterationCount` < 100,000: + +> Use at least 100,000 iterations here. + +For `System.Security.Cryptography`: + +When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000. +When Rfc2898DeriveBytes.Pbkdf2 is called with an `iterations` parameter < 100,000. + +> Use at least 100,000 iterations here. + +When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter. + +> Use at least 100,000 iterations and a state-of-the-art digest algorithm here. + +=== .NET framework + +For `Microsoft.AspNet.Identity`: +When a `PasswordHasher` is instantiated. + +> PasswordHasher does not support state-of-the-art parameters. Use Rfc2898DeriveBytes instead. + +When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000. + +> Use at least 100,000 iterations here. + +When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter. + +> Use at least 100,000 iterations and a state-of-the-art digest algorithm here. + +=== BouncyCastle + +For `Org.BouncyCastle.Crypto.Generators.OpenBsdBCrypt`, or `Org.BouncyCastle.Crypto.Generators.BCrypt`: +When `Generate` is called with cost < 12: + +> Use a cost factor of at least 12 here. + +For `Org.BouncyCastle.Crypto.PbeParametersGenerator`: +When `Init` is called with `iterationCount` < 100,000: + +> Use at least 100,000 iterations here. + +For `Org.BouncyCastle.Crypto.Generators.SCrypt`: + +* When `Generate` is called with N < 2^12: + +> Use a cost factor of at least 2^12 for N here. + +* When `Generate` is called with r < 8: + +> Use a memory factor of at least 8 for r here. + +* When `Generate` is called with dkLen < 32: + +> Use an output length of at least 32 for dkLen here. + diff --git a/rules/S5344/csharp/metadata.json b/rules/S5344/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5344/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5344/csharp/rule.adoc b/rules/S5344/csharp/rule.adoc new file mode 100644 index 00000000000..c8989ead277 --- /dev/null +++ b/rules/S5344/csharp/rule.adoc @@ -0,0 +1,36 @@ +include::../summary.adoc[] + +== Why is this an issue? + +include::../rationale.adoc[] + +include::../impact.adoc[] + +// How to fix it section + +include::how-to-fix-it/aspnetcore.adoc[] + +include::how-to-fix-it/aspnetframework.adoc[] + +include::how-to-fix-it/bouncycastle.adoc[] + + +== Resources + +include::../common/resources/documentation.adoc[] + +include::../common/resources/standards.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::message.adoc[] + +include::highlighting.adoc[] + +endif::env-github,rspecator-view[] + diff --git a/rules/S5344/impact.adoc b/rules/S5344/impact.adoc new file mode 100644 index 00000000000..3bfc3c2ea99 --- /dev/null +++ b/rules/S5344/impact.adoc @@ -0,0 +1,30 @@ +=== What is the potential impact? + +Plaintext or weakly hashed password storage poses a significant security risk +to software applications. + +==== Unauthorized Access + +When passwords are stored in plaintext or with weak hashing algorithms, an +attacker who gains access to the password database can easily retrieve and use +the passwords to gain unauthorized access to user accounts. This can lead to +various malicious activities, such as unauthorized data access, identity theft, +or even financial fraud. + +==== Credential Reuse + +Many users tend to reuse passwords across multiple platforms. If an attacker +obtains plaintext or weakly hashed passwords, they can potentially use these +credentials to gain unauthorized access to other accounts held by the same +user. This can have far-reaching consequences, as sensitive personal +information or critical systems may be compromised. + +==== Regulatory Compliance + +Many industries and jurisdictions have specific regulations and standards to +protect user data and ensure its confidentiality. Storing passwords in +plaintext or with weak hashing algorithms can lead to non-compliance with +these regulations, potentially resulting in legal consequences, financial +penalties, and damage to the reputation of the software application and its +developers. + diff --git a/rules/S5344/java/rule.adoc b/rules/S5344/java/rule.adoc index 9c5be09149f..cd62d8fad25 100644 --- a/rules/S5344/java/rule.adoc +++ b/rules/S5344/java/rule.adoc @@ -1,41 +1,19 @@ -The improper storage of passwords poses a significant security risk to software applications. This vulnerability arises when passwords are stored in plain-text or with a fast hashing algorithm. To exploit this vulnerability, an attacker typically requires access to the stored passwords. +include::../summary.adoc[] == Why is this an issue? -Attackers who would get access to the stored passwords could reuse them without further attacks or with little additional effort. Obtaining the clear-text passwords, they could then gain unauthorized access to user accounts, potentially leading to various malicious activities. - -=== What is the potential impact? - -Plain-text or weakly hashed password storage poses a significant security risk to software applications. - -==== Unauthorized Access - -When passwords are stored in plain-text or with weak hashing algorithms, an attacker who gains access to the password database can easily retrieve and use the passwords to gain unauthorized access to user accounts. This can lead to various malicious activities, such as unauthorized data access, identity theft, or even financial fraud. - -==== Credential Reuse - -Many users tend to reuse passwords across multiple platforms. If an attacker obtains plain-text or weakly hashed passwords, they can potentially use these credentials to gain unauthorized access to other accounts held by the same user. This can have far-reaching consequences, as sensitive personal information or critical systems may be compromised. - -==== Regulatory Compliance - -Many industries and jurisdictions have specific regulations and standards to protect user data and ensure its confidentiality. Storing passwords in plain-text or with weak hashing algorithms can lead to non-compliance with these regulations, potentially resulting in legal consequences, financial penalties, and damage to the reputation of the software application and its developers. +include::../rationale.adoc[] +include::../impact.adoc[] == How to fix it in Spring -A user password should never be stored in clear text. Instead, a hash should be produced from it using a secure algorithm. When dealing with password storage security, best practices recommend relying on a slow hashing algorithm, that will make brute force attacks more difficult. Using a hashing function with adaptable computation and memory complexity also is recommended to be able to increase the security level with time. - -Adding a salt to the digest computation is also recommended to prevent pre-computed table attacks (see rule S2053). - -In general, relying on an algorithm with no known weaknesses is also a requirement. This prevents the use of the MD5 or SHA-1 algorithms. - -While considered strong for some use cases, some algorithms, like SHA-family functions, are too fast to compute and therefore susceptible to brute force attacks, especially with attack-dedicated hardware. Modern, slow, password hashing algorithms such as bcrypt, PBKDF2 or argon2 are recommended. - === Code examples ==== Noncompliant code example -The following code is vulnerable because it uses a legacy digest-based password encoding that is not considered secure. +The following code is vulnerable because it uses a legacy digest-based password +encoding that is not considered secure. [source,java,diff-id=1,diff-type=noncompliant] ---- @@ -56,30 +34,35 @@ public void configureGlobal(AuthenticationManagerBuilder auth, DataSource dataSo public void configureGlobal(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception { auth.jdbcAuthentication() .dataSource(dataSource) - .usersByUsernameQuery("Select * from users where username=?") + .usersByUsernameQuery("SELECT * FROM users WHERE username = ?") .passwordEncoder(new BCryptPasswordEncoder()); } ---- === How does this work? -The ``BCryptPasswordEncoder`` is a password hashing function in Java that is designed to be secure and resistant to various types of attacks, including brute-force and rainbow table attacks. It is slow, adaptative, and automatically implements a salt. +include::../common/fix/password-hashing.adoc[] + +In the previous example, the ``BCryptPasswordEncoder`` is a password hashing +function in Java that is designed to be secure and resistant to various types +of attacks, including brute-force and rainbow table attacks. It is slow, +adaptative, and automatically implements a salt. + +include::../common/fix/plaintext-password.adoc[] + +=== Pitfalls + +include::../common/pitfalls/pre-hashing.adoc[] + == Resources === Documentation * Spring Framework Security Documentation - https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html[Class BCryptPasswordEncoder] -* https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html[OWASP CheatSheet] - Password Storage Cheat Sheet - -=== Standards - -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/256[MITRE, CWE-256] - Plaintext Storage of a Password -* https://cwe.mitre.org/data/definitions/916[MITRE, CWE-916] - Use of Password Hash With Insufficient Computational Effort +* OWASP CheatSheet - https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html[Password Storage Cheat Sheet] +include::../common/resources/standards.adoc[] ifdef::env-github,rspecator-view[] diff --git a/rules/S5344/metadata.json b/rules/S5344/metadata.json index 54f939f43ed..cb9fa71fb03 100644 --- a/rules/S5344/metadata.json +++ b/rules/S5344/metadata.json @@ -1,5 +1,5 @@ { - "title": "Passwords should not be stored in plain-text or with a fast hashing algorithm", + "title": "Passwords should not be stored in plaintext or with a fast hashing algorithm", "type": "VULNERABILITY", "code": { "impacts": { @@ -34,8 +34,6 @@ 916 ], "OWASP": [ - "A2", - "A6", "A3" ], "OWASP Top 10 2021": [ @@ -55,6 +53,9 @@ "2.4.3", "2.4.4", "2.4.5" + ], + "STIG ASD_V5R3": [ + "V-222542" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5344/python/highlighting.adoc b/rules/S5344/python/highlighting.adoc new file mode 100644 index 00000000000..9aab73412d3 --- /dev/null +++ b/rules/S5344/python/highlighting.adoc @@ -0,0 +1,9 @@ +=== Highlighting + +For hashlib: + +* Primary highlight on the incorrect hashing parameter(s) + +For Django: + +* Primary highlight on the hashing algorithm that caused the issue \ No newline at end of file diff --git a/rules/S5344/python/how-to-fix-it/argon2.adoc b/rules/S5344/python/how-to-fix-it/argon2.adoc new file mode 100644 index 00000000000..32374c391fa --- /dev/null +++ b/rules/S5344/python/how-to-fix-it/argon2.adoc @@ -0,0 +1,62 @@ +== How to fix it in Argon2-cffi + +=== Code examples + +==== Noncompliant code example + +[source,python,diff-id=200,diff-type=noncompliant] +---- +from argon2 import PasswordHasher, profiles + +def hash_password(password): + ph = PasswordHasher.from_parameters(profiles.CHEAPEST) # Noncompliant + return ph.hash(password) +---- + +==== Compliant solution + +[source,python,diff-id=200,diff-type=compliant] +---- +from argon2 import PasswordHasher + +def hash_password(password): + ph = PasswordHasher() + return ph.hash(password) +---- + +=== How does this work? + +include::../../common/fix/argon-parameters.adoc[] + +To use values recommended by the Argon2 authors, you can use the following objects: + +* https://argon2-cffi.readthedocs.io/en/stable/api.html#argon2.profiles.RFC_9106_HIGH_MEMORY[argon2.profiles.RFC_9106_HIGH_MEMORY] +* https://argon2-cffi.readthedocs.io/en/stable/api.html#argon2.profiles.RFC_9106_LOW_MEMORY[argon2.profiles.RFC_9106_LOW_MEMORY] + +To use values recommended by the OWASP you can craft objects as follows: + +[source, python] +---- +from argon2 import Parameters +from argon2.low_level import ARGON2_VERSION, Type + +OWASP_1 = argon2.Parameters( + type=Type.ID, + version=ARGON2_VERSION, + salt_len=16, + hash_len=32, + time_cost=1, + memory_cost=47104, # 46 MiB + parallelism=1) + +def hash_password(password): + ph = PasswordHasher.from_parameters(OWASP_1) + return ph.hash(password) +---- + +=== Going the extra mile + +include::../../common/extra-mile/argon-cli.adoc[] + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/python/how-to-fix-it/bcrypt.adoc b/rules/S5344/python/how-to-fix-it/bcrypt.adoc new file mode 100644 index 00000000000..262be4205a7 --- /dev/null +++ b/rules/S5344/python/how-to-fix-it/bcrypt.adoc @@ -0,0 +1,73 @@ +== How to fix it in Bcrypt + +=== Code examples + +==== Noncompliant code example + +For password hashing: +[source,python,diff-id=201,diff-type=noncompliant] +---- +import bcrypt + +def hash_password(password): + return bcrypt.hashpw(password, bcrypt.gensalt(2)) # Noncompliant +---- + +For key derivation: +[source,python,diff-id=291,diff-type=noncompliant] +---- +import bcrypt + +def kdf(password, salt): + return bcrypt.kdf( + password=password, + salt=salt, + desired_key_bytes=32, + rounds=12, # Noncompliant + ignore_few_rounds=True) +---- + +==== Compliant solution + +For password hashing: + +[source,python,diff-id=201,diff-type=compliant] +---- +import bcrypt + +def hash_password(password): + return bcrypt.hashpw(password, bcrypt.gensalt()) +---- + +For key derivation: +[source,python,diff-id=291,diff-type=compliant] +---- +import bcrypt + +def kdf(password, salt): + return bcrypt.kdf( + password=password, + salt=salt, + desired_key_bytes=32, + rounds=4096) +---- + +=== How does this work? + +include::../../common/fix/password-hashing.adoc[] + +include::../../common/fix/bcrypt-parameters.adoc[] + +In the python bcrypt library, the default number of rounds is 12, which is +a good default value. + +For the `bcrypt.kdf` function, at least 50 rounds should be set, and the +`ignore_few_rounds` parameter should be avoided, as it allows fewer rounds. + +=== Pitfalls + +include::../../common/pitfalls/pre-hashing.adoc[] + +=== Going the extra mile + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/python/how-to-fix-it/django.adoc b/rules/S5344/python/how-to-fix-it/django.adoc new file mode 100644 index 00000000000..2ddf8cb45d0 --- /dev/null +++ b/rules/S5344/python/how-to-fix-it/django.adoc @@ -0,0 +1,73 @@ +== How to fix it in Django + +=== Code examples + +==== Noncompliant code example + +Django uses the first item in the `PASSWORD_HASHERS` list to store new passwords. +In this example, SHA-1 is used, which is too fast to store passwords. + +[source,python,diff-id=203,diff-type=noncompliant] +---- +# settings.py +PASSWORD_HASHERS = [ + 'django.contrib.auth.hashers.SHA1PasswordHasher', # Noncompliant + 'django.contrib.auth.hashers.CryptPasswordHasher', + 'django.contrib.auth.hashers.Argon2PasswordHasher', + 'django.contrib.auth.hashers.ScryptPasswordHasher', +] +---- + +==== Compliant solution + +This example requires `argon2-cffi` to be installed, which can be done using `pip install django[argon2]`. + +[source,python,diff-id=203,diff-type=compliant] +---- +# settings.py +PASSWORD_HASHERS = [ + 'django.contrib.auth.hashers.Argon2PasswordHasher', + 'django.contrib.auth.hashers.ScryptPasswordHasher', + 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher', + 'django.contrib.auth.hashers.PBKDF2PasswordHasher', + 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', +] +---- + +=== How does this work? + +include::../../common/fix/password-hashing.adoc[] + +In the previous example, Argon2 is used as the default password hashing function +by Django. Use the `PASSWORD_HASHERS` variable carefuly. If there is a need to +upgrade, use +https://docs.djangoproject.com/en/5.0/topics/auth/passwords/#password-upgrading[Django's password upgrade documentation]. + +=== Going the extra mile + +==== Tweaking password hashing parameters + +It is possible to change the parameters of the password hashing algorithm to +make it more secure. For example, you can increase the number of iterations or +the length of the salt. + +https://docs.djangoproject.com/en/5.0/topics/auth/passwords/[The Django documentation contains more details about these parameters]. + +==== Preventing user enumeration attacks + +Django uses the first item in `PASSWORD_HASHERS` to store passwords, but uses every hashing algorithm in the `PASSWORD_HASHERS` +list to check passwords during user login. If a user password was not hashed using the first algorithm, then Django upgrades +the hashed password after a user logs in. + +This process is convenient to keep users up to date, but is also vulnerable to enumeration. If an +attacker wants to know whether an account exists, they can attempt a login with that account. By +tracking how long it took to get a response, they can know if an older hashing algorithm was used +(so the account exists) or the new hashing algorithm was used (the default is an account does not +exist.) + +To fix this, https://docs.djangoproject.com/en/5.0/topics/auth/passwords/#password-upgrading-without-requiring-a-login[the Django documentation] +defines how to upgrade passwords without needing to log in. In this case, a custom hasher has to +be created that wraps the old hash. + + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/python/how-to-fix-it/flask.adoc b/rules/S5344/python/how-to-fix-it/flask.adoc new file mode 100644 index 00000000000..314dc7304b2 --- /dev/null +++ b/rules/S5344/python/how-to-fix-it/flask.adoc @@ -0,0 +1,99 @@ +== How to fix it in Flask + +=== Code examples + +==== Noncompliant code example + +[source,python,diff-id=204,diff-type=noncompliant] +---- +from flask import Flask, request +from flask_bcrypt import Bcrypt + +app = Flask(__name__) +bcrypt = Bcrypt(app) + +@app.get("/") +def hash(): + password = request.args.get('password', '') + hashed_password = bcrypt.generate_password_hash(password, rounds=2) # Noncompliant + + return f"

    {hashed_password.decode('utf-8')}

    " +---- + +==== Compliant solution + +[source,python,diff-id=204,diff-type=compliant] +---- +from flask import Flask, request +from flask_bcrypt import Bcrypt + +app = Flask(__name__) +bcrypt = Bcrypt(app) + +@app.get("/") +def hash(): + password = request.args.get('password', '') + hashed_password = bcrypt.generate_password_hash(password) + + return f"

    {hashed_password.Decode('utf-8')}

    " +---- + +=== How does this work? + +include::../../common/fix/password-hashing.adoc[] + +include::../../common/fix/bcrypt-parameters.adoc[] + +include::../../common/fix/argon-parameters.adoc[] + +To use values recommended by the Argon2 authors, you can use the two following objects: + +* https://argon2-cffi.readthedocs.io/en/stable/api.html#argon2.profiles.RFC_9106_HIGH_MEMORY[argon2.profiles.RFC_9106_HIGH_MEMORY] +* https://argon2-cffi.readthedocs.io/en/stable/api.html#argon2.profiles.RFC_9106_LOW_MEMORY[argon2.profiles.RFC_9106_LOW_MEMORY] + +To use values recommended by the OWASP, you can craft objects as follows: + +[source, python] +---- +import argon2 +from argon2.low_level import ARGON2_VERSION, Type + +OWASP_1 = argon2.Parameters( + type=Type.ID, + version=ARGON2_VERSION, + salt_len=16, + hash_len=32, + time_cost=1, + memory_cost=47104, # 46 MiB + parallelism=1) + +# To apply the parameters to the Flask app: +def set_flask_argon2_parameters(app, parameters: argon2.Parameters): + app.config['ARGON2_SALT_LENGTH'] = parameters.salt_len + app.config['ARGON2_HASH_LENGTH'] = parameters.hash_len + app.config['ARGON2_TIME_COST'] = parameters.time_cost + app.config['ARGON2_MEMORY_COST'] = parameters.memory_cost + app.config['ARGON2_PARALLELISM'] = parameters.parallelism + +# ---- +# Or the unofficial way: +from flask import Flask +from flask_argon2 import Argon2 + +app = Flask(__name__) +argon2 = Argon2(app) +argon2.ph = OWASP_1 + +set_flask_argon2_parameters(app, OWASP_1) +---- + +=== Pitfalls + +include::../../common/pitfalls/pre-hashing.adoc[] + +=== Going the extra mile + +include::../../common/extra-mile/argon-cli.adoc[] + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/python/how-to-fix-it/hashlib.adoc b/rules/S5344/python/how-to-fix-it/hashlib.adoc new file mode 100644 index 00000000000..08447cae9b8 --- /dev/null +++ b/rules/S5344/python/how-to-fix-it/hashlib.adoc @@ -0,0 +1,91 @@ +== How to fix it in Python Standard Library + +=== Code examples + +==== Noncompliant code example + +Code targeting scrypt: + +[source,python,diff-id=206,diff-type=noncompliant] +---- +from hashlib import scrypt + +def hash_password(password, salt): + return scrypt( + password, + salt, + n=1 << 10, # Noncompliant: N is too low + r=8, + p=2, + dklen=64 + ) +---- + +Code targeting PBKDF2: + +[source,python,diff-id=266,diff-type=noncompliant] +---- +from hashlib import pbkdf2_hmac + +def hash_password(password, salt): + return pbkdf2_hmac( + 'sha1', + password, + salt, + 500_000 # Noncompliant: not enough iterations for SHA-1 + ) +---- + + +==== Compliant solution + +Code targeting scrypt: + +[source,python,diff-id=206,diff-type=compliant] +---- +from hashlib import scrypt + +def hash_password(password, salt): + return scrypt( + password, + salt, + n=1 << 14, + r=8, + p=5, + dklen=64, + maxmem=85_000_000 # Needs ~85MB of memory + ) +---- + +Code targeting PBKDF2: + +[source,python,diff-id=266,diff-type=compliant] +---- +from hashlib import pbkdf2_hmac + +def hash_password(password, salt): + return pbkdf2_hmac( + 'sha256', + password, + salt, + 600_000 + ) +---- + + +=== How does this work? +The following sections provide guidance on the usage of these secure +password-hashing algorithms as provided by hashlib. + +include::../../common/fix/scrypt-parameters.adoc[] + +include::../../common/fix/pbkdf2-parameters.adoc[] + +=== Pitfalls + +include::../../common/pitfalls/pre-hashing.adoc[] + +=== Going the extra mile + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/python/how-to-fix-it/pyca.adoc b/rules/S5344/python/how-to-fix-it/pyca.adoc new file mode 100644 index 00000000000..5450ce2eb5e --- /dev/null +++ b/rules/S5344/python/how-to-fix-it/pyca.adoc @@ -0,0 +1,114 @@ +== How to fix it in pyca + +=== Code examples + +==== Noncompliant code example + +Code targeting scrypt: + +[source,python,diff-id=207,diff-type=noncompliant] +---- +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.scrypt import Scrypt + +def hash_password(password, salt): + scrypt = Scrypt( + salt=salt, + length=32, + n=1 << 10, + r=8, + p=1) # Noncompliant + + return scrypt.derive(password) +---- + +Code targeting PBKDF2: + +[source,python,diff-id=277,diff-type=noncompliant] +---- +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC + +def hash_password(password, salt): + pbkdf = PBKDF2HMAC( + algorithm=hashes.SHA256(), + length=32, + salt=salt, + iterations=480000) # Noncompliant + + return pbkdf.derive(password) +---- + + +==== Compliant solution + +Code targeting scrypt: + +[source,python,diff-id=207,diff-type=compliant] +---- +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.scrypt import Scrypt + +def hash_password(password, salt): + scrypt = Scrypt( + salt=salt, + length=64, + n=1 << 17, + r=8, + p=1) + + return scrypt.derive(password) +---- + +Code targeting PBKDF2: + +[source,python,diff-id=277,diff-type=compliant] +---- +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC + +def hash_password(password, salt): + pbkdf = PBKDF2HMAC( + algorithm=hashes.SHA256(), + length=32, + salt=salt, + iterations=600_000) # Noncompliant + + return pbkdf.derive(password) +---- + + +=== How does this work? + +include::../../common/fix/password-hashing.adoc[] + +The following sections provide guidance on the usage of these secure +password-hashing algorithms as provided by pyca/cryptography. + +include::../../common/fix/scrypt-parameters.adoc[] + +To use values recommended by OWASP, you can use an object crafted as follows: + +[source,python] +---- +OWASP_1 = { + "n": 1 << 17, + "r": 8, + "p": 1, + "length": 64, +} + +# To use this example, you can use the dictionary as a ``**kwargs`` variable: +scrypt(password, salt, **OWASP_1) +---- + +include::../../common/fix/pbkdf2-parameters.adoc[] + +=== Pitfalls + +include::../../common/pitfalls/pre-hashing.adoc[] + +=== Going the extra mile + +include::../../common/extra-mile/peppering.adoc[] + diff --git a/rules/S5344/python/message.adoc b/rules/S5344/python/message.adoc new file mode 100644 index 00000000000..2efc5ae3f2a --- /dev/null +++ b/rules/S5344/python/message.adoc @@ -0,0 +1,8 @@ +=== Message + +For hashlib: + +* For scrypt: "Use strong scrypt parameters" +* For pbkdf2_hmac: "Use at least 100,000 PBKDF2 iterations" + +For Django: "Use a secure hashing algorithm to store passwords" diff --git a/rules/S5344/python/metadata.json b/rules/S5344/python/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5344/python/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5344/python/rule.adoc b/rules/S5344/python/rule.adoc new file mode 100644 index 00000000000..26f45f856db --- /dev/null +++ b/rules/S5344/python/rule.adoc @@ -0,0 +1,41 @@ +include::../summary.adoc[] + +== Why is this an issue? + +include::../rationale.adoc[] + +include::../impact.adoc[] + +// How to fix it section + +include::how-to-fix-it/argon2.adoc[] + +include::how-to-fix-it/bcrypt.adoc[] + +include::how-to-fix-it/hashlib.adoc[] + +include::how-to-fix-it/pyca.adoc[] + +include::how-to-fix-it/django.adoc[] + +include::how-to-fix-it/flask.adoc[] + +== Resources + +include::../common/resources/documentation.adoc[] + +include::../common/resources/standards.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::message.adoc[] + +include::highlighting.adoc[] + +endif::env-github,rspecator-view[] + diff --git a/rules/S5344/rationale.adoc b/rules/S5344/rationale.adoc new file mode 100644 index 00000000000..4cefe46034f --- /dev/null +++ b/rules/S5344/rationale.adoc @@ -0,0 +1,5 @@ +Attackers who would get access to the stored passwords could reuse them without +further attacks or with little additional effort. + +Obtaining the plaintext passwords, they could then gain unauthorized access to +user accounts, potentially leading to various malicious activities. + diff --git a/rules/S5344/summary.adoc b/rules/S5344/summary.adoc new file mode 100644 index 00000000000..b1fa13ae47d --- /dev/null +++ b/rules/S5344/summary.adoc @@ -0,0 +1,5 @@ +The improper storage of passwords poses a significant security risk to software +applications. This vulnerability arises when passwords are stored in plaintext +or with a fast hashing algorithm. To exploit this vulnerability, an attacker +typically requires access to the stored passwords. + diff --git a/rules/S5344/xml/metadata.json b/rules/S5344/xml/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5344/xml/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5344/xml/rule.adoc b/rules/S5344/xml/rule.adoc new file mode 100644 index 00000000000..0fc6b01fb8a --- /dev/null +++ b/rules/S5344/xml/rule.adoc @@ -0,0 +1,70 @@ +include::../summary.adoc[] + +== Why is this an issue? + +include::../rationale.adoc[] + +include::../impact.adoc[] + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,xml] +---- + + + + + + + + + + + +---- + +==== Compliant solution + +The ``Form`` mode of authentication supports only Clear, SHA1, and MD5. None of them +are secure, so their use is highly discouraged. + +Instead, it is recommended to use another, modern authentication mechanism such as https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-8.0&tabs=visual-studio[ASP.Net Identity]. + + +=== How does this work? + +include::../common/fix/password-hashing.adoc[] + +Fortunately, ASP.Net Identity supports PBKDF2 and uses it by default. + +include::../common/fix/plaintext-password.adoc[] + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/e01fc50a%28v%3Dvs.100%29[credentials Element for forms for authentication] + +include::../common/resources/standards.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Use a secure password hashing algorithm. + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S5361/java/metadata.json b/rules/S5361/java/metadata.json index f1b0000f8c2..a22a8135338 100644 --- a/rules/S5361/java/metadata.json +++ b/rules/S5361/java/metadata.json @@ -1,3 +1,4 @@ { - "title": "\"String#replace\" should be preferred to \"String#replaceAll\"" + "title": "\"String#replace\" should be preferred to \"String#replaceAll\"", + "scope": "Main" } diff --git a/rules/S5376/apex/metadata.json b/rules/S5376/apex/metadata.json index 76478a47725..4ceabf80854 100644 --- a/rules/S5376/apex/metadata.json +++ b/rules/S5376/apex/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5376", diff --git a/rules/S5377/apex/metadata.json b/rules/S5377/apex/metadata.json index de9574d2d84..96baf4f8443 100644 --- a/rules/S5377/apex/metadata.json +++ b/rules/S5377/apex/metadata.json @@ -1,9 +1,9 @@ { - "title": "Sharing level should be specified in Apex Classes with SOQL\/SOSL Queries or DML Statements", + "title": "Sharing level should be specified in Apex Classes with SOQL/SOSL Queries or DML Statements", "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5377", diff --git a/rules/S5379/apex/metadata.json b/rules/S5379/apex/metadata.json index 07527e38428..f7ed32fdbb2 100644 --- a/rules/S5379/apex/metadata.json +++ b/rules/S5379/apex/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5379", diff --git a/rules/S5382/apex/metadata.json b/rules/S5382/apex/metadata.json index e312118aa9e..c463926f207 100644 --- a/rules/S5382/apex/metadata.json +++ b/rules/S5382/apex/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -16,12 +16,8 @@ "governor-limits" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5382", diff --git a/rules/S5389/apex/metadata.json b/rules/S5389/apex/metadata.json index 03ecadc5358..321c2e30204 100644 --- a/rules/S5389/apex/metadata.json +++ b/rules/S5389/apex/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5389", diff --git a/rules/S5392/apex/rule.adoc b/rules/S5392/apex/rule.adoc index b26c4db47af..13c9eb33852 100644 --- a/rules/S5392/apex/rule.adoc +++ b/rules/S5392/apex/rule.adoc @@ -51,11 +51,11 @@ public class My { == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * https://trailhead.salesforce.com/en/content/learn/modules/secure-serverside-development/mitigate-soql-injection[Prevent SOQL Injection in Your Code] -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command] ifdef::env-github,rspecator-view[] diff --git a/rules/S5402/cfamily/rule.adoc b/rules/S5402/cfamily/rule.adoc index 88328353399..eeb2480e929 100644 --- a/rules/S5402/cfamily/rule.adoc +++ b/rules/S5402/cfamily/rule.adoc @@ -102,7 +102,7 @@ Exceptions classes must be copyable. Hence, this rule does not apply to exceptio == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c67-a-polymorphic-class-should-suppress-copying[{cpp} Core Guidelines C.67] - A polymorphic class should suppress copying +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c67-a-polymorphic-class-should-suppress-public-copymove[C.67: A polymorphic class should suppress public copy/move] ifdef::env-github,rspecator-view[] diff --git a/rules/S5404/cfamily/metadata.json b/rules/S5404/cfamily/metadata.json index d970703ffd1..1ba35597450 100644 --- a/rules/S5404/cfamily/metadata.json +++ b/rules/S5404/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -19,12 +19,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5404", diff --git a/rules/S5404/cfamily/rule.adoc b/rules/S5404/cfamily/rule.adoc index e05e0f2bd55..09e4a8bd64f 100644 --- a/rules/S5404/cfamily/rule.adoc +++ b/rules/S5404/cfamily/rule.adoc @@ -80,7 +80,7 @@ int main(){ == Resources * https://www.modernescpp.com/index.php/c-core-guidelines-be-aware-of-the-traps-of-condition-variables[The traps of condition variables] -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#cp42-dont-wait-without-a-condition[{cpp} Core Guidelines - CP.42] - Don't wait without a condition +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp42-dont-wait-without-a-condition[CP.42: Don't `wait` without a condition] ifdef::env-github,rspecator-view[] diff --git a/rules/S5405/cfamily/rule.adoc b/rules/S5405/cfamily/rule.adoc index ba5956c818d..447615f3b7d 100644 --- a/rules/S5405/cfamily/rule.adoc +++ b/rules/S5405/cfamily/rule.adoc @@ -57,7 +57,7 @@ int main() { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c152-never-assign-a-pointer-to-an-array-of-derived-class-objects-to-a-pointer-to-its-base[{cpp} Core Guidelines C.152] - Never assign a pointer to an array of derived class objects to a pointer to its base +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c152-never-assign-a-pointer-to-an-array-of-derived-class-objects-to-a-pointer-to-its-base[C.152: Never assign a pointer to an array of derived class objects to a pointer to its base] ifdef::env-github,rspecator-view[] diff --git a/rules/S5408/cfamily/rule.adoc b/rules/S5408/cfamily/rule.adoc index 9263981a1bd..ccb41322be8 100644 --- a/rules/S5408/cfamily/rule.adoc +++ b/rules/S5408/cfamily/rule.adoc @@ -1,7 +1,6 @@ == Why is this an issue? -Declaring a function or a static member variable ``++constexpr++`` makes it implicitly inline. - +Declaring a function ``++constexpr++`` makes it implicitly inline. In that situation, explicitly using the ``++inline++`` keyword would be redundant, and might lead to confusion if it's used in some cases but not others. It's better to simply omit it. @@ -11,22 +10,14 @@ In that situation, explicitly using the ``++inline++`` keyword would be redundan [source,cpp] ---- inline constexpr int addOne(int n) { return n+1; } // Noncompliant -struct A { -inline constexpr static int secretNumber = 0; // Noncompliant -}; ---- - === Compliant solution [source,cpp] ---- constexpr int addOne(int n) { return n+1; } -struct A { -constexpr static int secretNumber = 0; -}; ---- -  ifdef::env-github,rspecator-view[] diff --git a/rules/S5409/cfamily/rule.adoc b/rules/S5409/cfamily/rule.adoc index 7d7c371b9b9..cb802ecf17e 100644 --- a/rules/S5409/cfamily/rule.adoc +++ b/rules/S5409/cfamily/rule.adoc @@ -40,7 +40,7 @@ std::unordered_set mySet; == Resources -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c89-make-a-hash-noexcept[C.89 - Make a hash noexcept] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c89-make-a-hash-noexcept[C.89: Make a `hash` `noexcept`] ifdef::env-github,rspecator-view[] diff --git a/rules/S5411/java/metadata.json b/rules/S5411/java/metadata.json index abd4e3a35f3..8534e466577 100644 --- a/rules/S5411/java/metadata.json +++ b/rules/S5411/java/metadata.json @@ -16,17 +16,13 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-5411", "sqKey": "S5411", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5411/java/rule.adoc b/rules/S5411/java/rule.adoc index 0d0c77d192e..be32216d2f5 100644 --- a/rules/S5411/java/rule.adoc +++ b/rules/S5411/java/rule.adoc @@ -5,7 +5,7 @@ When boxed type `java.lang.Boolean` is used as an expression to determine the co It is safer to avoid such conversion altogether and handle the `null` value explicitly. -Note, however, that no issues will be raised for Booleans that have already been null-checked. +Note, however, that no issues will be raised for Booleans that have already been null-checked or are marked `@NonNull/@NotNull`. === Noncompliant code example @@ -38,6 +38,34 @@ if(b != null){ } ---- +=== Exceptions + +The issue is not raised if the expression is annotated `@NonNull` / `@NotNull`. +This is useful if a boxed type is an instantiation of a generic type parameter and cannot be avoided. + +[source,java] +---- +List list = new ArrayList<>(); +list.add(true); +list.add(false); +list.forEach((@NonNull Boolean value) -> { + // Compliant + if(value) { + System.out.println("yes"); + } +}); + +@NonNull Boolean someMethod() { /* ... */ } + +// Compliant +if(someMethod()) { /* ... */ } + +@NonNull Boolean boxedNonNull = Boolean.TRUE; + +// Compliant +if(boxedNonNull) { /* ... */ } +---- + == Resources * https://docs.oracle.com/javase/specs/jls/se8/html/jls-5.html#jls-5.1.8[Java Language Specification §5.1.8 Unboxing Conversion] diff --git a/rules/S5413/java/metadata.json b/rules/S5413/java/metadata.json index 81c0dbc7e8e..05ecba6f602 100644 --- a/rules/S5413/java/metadata.json +++ b/rules/S5413/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-5413", "sqKey": "S5413", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5414/cfamily/rule.adoc b/rules/S5414/cfamily/rule.adoc index e568522e06d..11f3e9e3ef0 100644 --- a/rules/S5414/cfamily/rule.adoc +++ b/rules/S5414/cfamily/rule.adoc @@ -58,8 +58,8 @@ private: === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c134-ensure-all-non-const-data-members-have-the-same-access-level[C.134: Ensure all non-const data members have the same access level] -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c9-minimize-exposure-of-members[C.9: Minimize exposure of members] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c134-ensure-all-non-const-data-members-have-the-same-access-level[C.134: Ensure all non-`const` data members have the same access level] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c9-minimize-exposure-of-members[C.9: Minimize exposure of members] ifdef::env-github,rspecator-view[] diff --git a/rules/S5415/cfamily/rule.adoc b/rules/S5415/cfamily/rule.adoc index ef4e6f9b595..911313d8964 100644 --- a/rules/S5415/cfamily/rule.adoc +++ b/rules/S5415/cfamily/rule.adoc @@ -67,7 +67,7 @@ void test() { == Resources -* https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#es56-write-stdmove-only-when-you-need-to-explicitly-move-an-object-to-another-scope[{cpp} Core Guidelines ES.56] - Write "std::move()" only when you need to explicitly move an object to another scope +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es56-write-stdmove-only-when-you-need-to-explicitly-move-an-object-to-another-scope[ES.56: Write `std::move()` only when you need to explicitly move an object to another scope] ifdef::env-github,rspecator-view[] diff --git a/rules/S5416/cfamily/metadata.json b/rules/S5416/cfamily/metadata.json index 9348ce0f85c..944566a399d 100644 --- a/rules/S5416/cfamily/metadata.json +++ b/rules/S5416/cfamily/metadata.json @@ -1,36 +1,3 @@ { - "title": "\"using\" should be preferred for type aliasing", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW" - }, - "attribute": "CONVENTIONAL" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "cppcoreguidelines", - "design", - "since-c++11" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-5416", - "sqKey": "S5416", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], "quickfix": "partial" } diff --git a/rules/S5416/cfamily/rule.adoc b/rules/S5416/cfamily/rule.adoc index 0ae98b7f916..1d8cdfa131b 100644 --- a/rules/S5416/cfamily/rule.adoc +++ b/rules/S5416/cfamily/rule.adoc @@ -23,7 +23,7 @@ using FunctionPointerType = void (*)(int); == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#t43-prefer-using-over-typedef-for-defining-aliases[{cpp} Core Guidelines - T.43] - Prefer using over typedef for defining aliases +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#t43-prefer-using-over-typedef-for-defining-aliases[T.43: Prefer `using` over `typedef` for defining aliases] ifdef::env-github,rspecator-view[] diff --git a/rules/S5416/dart/metadata.json b/rules/S5416/dart/metadata.json new file mode 100644 index 00000000000..8a001116962 --- /dev/null +++ b/rules/S5416/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Generic function type aliases should be preferred" +} diff --git a/rules/S5416/dart/rule.adoc b/rules/S5416/dart/rule.adoc new file mode 100644 index 00000000000..8875523b3e6 --- /dev/null +++ b/rules/S5416/dart/rule.adoc @@ -0,0 +1,49 @@ +== Why is this an issue? + +In Dart type aliases can be declared via function type aliases `typedef void F()` or generic function type aliases `typedef F = void Function()`. Generic function type aliases can be parametrized `typedef Compare = int Function(T a, T b);`. Function type aliases miss this feature. + +While it's not always needed to have them parametrized, for the sake of readability it's recommended to use consistent way of declaring type aliases. + +Thus, generic function type aliases should be preferred. + +=== Noncompliant code example + +[source,dart] +---- +typedef void F(int a); +---- + + +=== Compliant solution + +[source,dart] +---- +typedef F = void Function(int a) +---- + + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_generic_function_type_aliases[Dart Linter rule - prefer_generic_function_type_aliases] +* Dart Docs - https://dart.dev/language/typedefs[Typedefs] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Use the generic function type syntax in 'typedef's. + +=== Highlighting + +The `typedef` name: e.g. `F` in `typedef void F();` + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] + diff --git a/rules/S5416/metadata.json b/rules/S5416/metadata.json index 2c63c085104..c29d4ccc3a9 100644 --- a/rules/S5416/metadata.json +++ b/rules/S5416/metadata.json @@ -1,2 +1,36 @@ { + "title": "\"using\" should be preferred for type aliasing", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "cppcoreguidelines", + "design", + "since-c++11" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-5416", + "sqKey": "S5416", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S5417/cfamily/metadata.json b/rules/S5417/cfamily/metadata.json index ff7c23468e8..c3a4c41ec72 100644 --- a/rules/S5417/cfamily/metadata.json +++ b/rules/S5417/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -18,12 +18,8 @@ "since-c++11" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5417", diff --git a/rules/S5417/cfamily/rule.adoc b/rules/S5417/cfamily/rule.adoc index 4709638c9e2..fed4e1b7ed9 100644 --- a/rules/S5417/cfamily/rule.adoc +++ b/rules/S5417/cfamily/rule.adoc @@ -87,8 +87,8 @@ struct C { * {cpp} reference - https://en.cppreference.com/w/cpp/utility/move[std::move] * {cpp} reference - https://en.cppreference.com/w/cpp/utility/forward[std::forward] * {cpp} reference - https://en.cppreference.com/w/cpp/language/reference#Forwarding_references[Forwarding references] -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#f18-for-will-move-from-parameters-pass-by-x-and-stdmove-the-parameter[{cpp} Core Guidelines F.18] - For “will-move-from” parameters, pass by ``++X&&++`` and ``++std::move++`` the parameter -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#f19-for-forward-parameters-pass-by-tp-and-only-stdforward-the-parameter[{cpp} Core Guidelines F.19] - For “forward” parameters, pass by ``++TP&&++`` and only ``++std::forward++`` the parameter +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f18-for-will-move-from-parameters-pass-by-x-and-stdmove-the-parameter[F.18: For "will-move-from" parameters, pass by `X&&` and `std::move` the parameter] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f19-for-forward-parameters-pass-by-tp-and-only-stdforward-the-parameter[F.19: For "forward" parameters, pass by `TP&&` and only `std::forward` the parameter] ifdef::env-github,rspecator-view[] diff --git a/rules/S5419/cfamily/rule.adoc b/rules/S5419/cfamily/rule.adoc index c8bb6b93fc6..17dcf8ca536 100644 --- a/rules/S5419/cfamily/rule.adoc +++ b/rules/S5419/cfamily/rule.adoc @@ -54,7 +54,7 @@ double f() { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#i4-make-interfaces-precisely-and-strongly-typed[{cpp} Core Guidelines I.4] - Make interfaces precisely and strongly typed +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#i4-make-interfaces-precisely-and-strongly-typed[I.4: Make interfaces precisely and strongly typed] ifdef::env-github,rspecator-view[] diff --git a/rules/S5421/cfamily/metadata.json b/rules/S5421/cfamily/metadata.json index b756f25f132..9ddde50a548 100644 --- a/rules/S5421/cfamily/metadata.json +++ b/rules/S5421/cfamily/metadata.json @@ -29,8 +29,13 @@ "ruleSpecification": "RSPEC-5421", "sqKey": "S5421", "scope": "Main", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222567" + ] + }, "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S5421/cfamily/rule.adoc b/rules/S5421/cfamily/rule.adoc index 44bfaebc682..367c522406c 100644 --- a/rules/S5421/cfamily/rule.adoc +++ b/rules/S5421/cfamily/rule.adoc @@ -1,15 +1,24 @@ == Why is this an issue? -A global variable can be modified from anywhere in the program. At first, this might look convenient, but it makes programs harder to understand. When you see a function call, you cannot know if the function will affect the value of the variable or not. You have lost the ability to reason locally about your code and must always have the whole program in mind. +A global variable can be modified from anywhere in the program. At first, this might look convenient. However, it makes programs harder to understand and maintain. When you see a function call, you cannot know if the function will affect the value of the global variable or not. You have lost the ability to reason locally about your code and must always have the whole program in mind. Additionally, global variables are often subject to race conditions in multi-threaded environments. +These issues are related to modification and cannot occur when the global variable is `const` (or, in the case of a pointer, if it is `const` at every level). -Some global variables defined in external libraries (such as ``++std::cout++``, ``++std::cin++``, ``++std::cerr++``) are acceptable to use, but you should have a good reason to create your own. If you use a global variable, ensure they can be safely accessed concurrently. +[source,cpp] +---- +unsigned** noncompliantPtr; +unsigned const* const* const compliantPtr = ...; +---- + +Some global variables defined in external libraries (such as ``++std::cout++``, ``++std::cin++``, ``++std::cerr++``) are acceptable to use, but you should have a good reason to create your own. +If you use a global variable, ensure they can be safely accessed concurrently, and there are no issues related to order of their initialization (see S7119). +Remember that it is much easier to maintain software without globals. Instead of such variables, it is better to design functions to take as input all the required variables. In addition to serving documentation, this also helps future refactoring and the evolution of the code. -This rule detects all declarations of global variables (in the global namespace or any namespace) that are not constant. +This rule detects all declarations of global variables (at file scope or in any namespace) that are not constant. === Noncompliant code example @@ -18,6 +27,7 @@ This rule detects all declarations of global variables (in the global namespace ---- double oneFoot = 0.3048; // Noncompliant double userValue; // Noncompliant + void readValue(); void writeResult(); @@ -34,20 +44,42 @@ int main() { ---- constexpr double footToMeter = 0.3048; -double readValue(); -void writeResult(double); +double readValueInFeet(); +void writeResult(double valueInMeters); int main() { - auto userValue = readValue(); + auto userValue = readValueInFeet(); writeResult(userValue * footToMeter); } ---- +=== Exceptions + +`volatile` is used to indicate that some piece of memory can be mutated by external factors. For embedded software, some hardware inputs/outputs can be mapped to specific memory addresses, and accessing these bound data is usually done through a global pointer to `volatile` data. + +In that situation, the pointer itself should be const, but the pointee can be non-const if the memory maps an output register that is supposed to be written to. + +[source,cpp] +---- +unsigned volatile * gpio1; // Noncompliant +unsigned volatile * const gpio2 = ...; // Compliant, used for input & output +unsigned volatile const* const gpio3 = ...; // Compliant, used for input only +---- == Resources -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#i2-avoid-non-const-global-variables[I.2 - Avoid non-const global variables] +=== Standards + +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#i2-avoid-non-const-global-variables[I.2: Avoid non-`const` global variables] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + +=== Related rules + +* S7119 detects order of initialization issues between global variables. + +=== Articles & blog posts +* Stack Overflow - Answer by Gabriel Staples for https://stackoverflow.com/a/73027793/24103368[What is the point of declaring "const volatile int *p"?] ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5424/cfamily/rule.adoc b/rules/S5424/cfamily/rule.adoc index 612853b7a40..2e85f304bdf 100644 --- a/rules/S5424/cfamily/rule.adoc +++ b/rules/S5424/cfamily/rule.adoc @@ -58,8 +58,8 @@ public: == Resources -* http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c48-prefer-in-class-initializers-to-member-initializers-in-constructors-for-constant-initializers[{cpp} core guidelines C.48]: Prefer in-class initializers to member initializers in constructors for constant initializers -* http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c49-prefer-initialization-to-assignment-in-constructors[{cpp} core guidelines C.49]: Prefer initialization to assignment in constructors +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c48-prefer-in-class-initializers-to-member-initializers-in-constructors-for-constant-initializers[C.48: Prefer in-class initializers to member initializers in constructors for constant initializers] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c49-prefer-initialization-to-assignment-in-constructors[C.49: Prefer initialization to assignment in constructors] diff --git a/rules/S5425/cfamily/rule.adoc b/rules/S5425/cfamily/rule.adoc index 13c88c27569..837a0dc5c79 100644 --- a/rules/S5425/cfamily/rule.adoc +++ b/rules/S5425/cfamily/rule.adoc @@ -1,57 +1,84 @@ == Why is this an issue? -_Forwarding references_ are a special kind of references that both ignore and preserve the _value category_ of a function argument, making it possible to forward it by means of ``++std::forward++``. +_Forwarding references_ are a special kind of references that both ignore and preserve the _value category_ of a function argument, making it possible to forward it by using ``++std::forward++`` or ``++std::forward_like++``. -Any code using such a reference for any other purpose than forwarding is actually ignoring rvalue-ness and const-ness of the associated parameter. +Any code using such a reference for any purpose other than forwarding is actually ignoring the rvalue-ness and const-ness of the associated parameter. === Noncompliant code example -[source,cpp] +[source,cpp,diff-id=1,diff-type=noncompliant] ---- -#include -#include -#include - -template void f( TP&& arg ) { - std::string s(arg); -} - -int main() { - std::string s("test"); - f(std::move(s)); - std::cout<<"f:"< names; + + public: + template + void addName(StringLike&& arg) { + names.emplace_back(arg); // Not forwarded + } +}; + +void example() { + Registry r; + + std::string name = "example"; + r.addName(std::move(name)); + std::cout << "name:" << name << std::endl; + // output is "name:example" } ---- +In this example, the intent is to move the content of `name` into the vector, but instead a copy is made. === Compliant solution -[source,cpp] +[source,cpp,diff-id=1,diff-type=compliant] ---- -#include -#include -#include - -template void f( TP&& arg ) { - std::string s(std::forward(arg)); +class Registry { + std::vector names; + + public: + template + void addName(StringLike&& arg) { + names.emplace_back(std::forward(arg)); + } +}; + +void example() { + Registry r; + + std::string name = "example"; + r.addName(std::move(name)); + std::cout << "name:" << name << std::endl; + // output can be anything: name has been moved-from } +---- -int main() { - std::string s("test"); - f(std::move(s)); - std::cout<<"f:"< + void addNames(PairOfStrings&& arg) { + addName(std::forward_like(arg.second)); // We don't care about arg.first + } +}; ---- == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#f19-for-forward-parameters-pass-by-tp-and-only-stdforward-the-parameter[{cpp} Core Guidelines F.19] - For “forward” parameters, pass by TP&& and only std::forward the parameter +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/forward[`std::forward`] +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/forward_like[``++std::forward_like++``] + +=== External coding guidelines + +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f19-for-forward-parameters-pass-by-tp-and-only-stdforward-the-parameter[F.19: For "forward" parameters, pass by `TP&&` and only `std::forward` the parameter] ifdef::env-github,rspecator-view[] diff --git a/rules/S5435/python/rule.adoc b/rules/S5435/python/rule.adoc index 7b88bdbbb9e..1b8f2679b9c 100644 --- a/rules/S5435/python/rule.adoc +++ b/rules/S5435/python/rule.adoc @@ -26,11 +26,11 @@ You are at risk if you answered yes to all those questions. == See -* https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[OWASP Top 10 2021 Category A6] - Vulnerable and Outdated Components -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities -* https://cwe.mitre.org/data/definitions/295[MITRE, CWE-295] - Improper Certificate Validation +* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation] * https://www.python.org/dev/peps/pep-0476/[PEP-476] * https://www.youtube.com/watch?v=4o-xqqidvKA[Benjamin Peterson - A Dive into TLS - PyCon 2015] * https://wiki.openstack.org/wiki/OSSN/OSSN-0033[OSSN/OSSN-0033] diff --git a/rules/S5439/python/metadata.json b/rules/S5439/python/metadata.json index 8fa1873278b..0e148b438eb 100644 --- a/rules/S5439/python/metadata.json +++ b/rules/S5439/python/metadata.json @@ -7,7 +7,7 @@ "constantCost": "5min" }, "tags": [ - + "deprecated" ], "extra": { "replacementRules": [ diff --git a/rules/S5439/python/rule.adoc b/rules/S5439/python/rule.adoc index 562f879075d..460c38844b1 100644 --- a/rules/S5439/python/rule.adoc +++ b/rules/S5439/python/rule.adoc @@ -43,17 +43,17 @@ env = Environment(autoescape=True) # Compliant == Resources * https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md[OWASP Cheat Sheet] - XSS Prevention Cheat Sheet -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') -* https://cwe.mitre.org/data/definitions/80[MITRE, CWE-80] - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) -* https://cwe.mitre.org/data/definitions/81[MITRE, CWE-81] - Improper Neutralization of Script in an Error Message Web Page -* https://cwe.mitre.org/data/definitions/82[MITRE, CWE-82] - Improper Neutralization of Script in Attributes of IMG Tags in a Web Page -* https://cwe.mitre.org/data/definitions/83[MITRE, CWE-83] - Improper Neutralization of Script in Attributes in a Web Page -* https://cwe.mitre.org/data/definitions/84[MITRE, CWE-84] - Improper Neutralization of Encoded URI Schemes in a Web Page -* https://cwe.mitre.org/data/definitions/85[MITRE, CWE-85] - Doubled Character XSS Manipulations -* https://cwe.mitre.org/data/definitions/86[MITRE, CWE-86] - Improper Neutralization of Invalid Characters in Identifiers in Web Pages -* https://cwe.mitre.org/data/definitions/87[MITRE, CWE-87] - Improper Neutralization of Alternate XSS Syntax +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] +* CWE - https://cwe.mitre.org/data/definitions/80[CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)] +* CWE - https://cwe.mitre.org/data/definitions/81[CWE-81 - Improper Neutralization of Script in an Error Message Web Page] +* CWE - https://cwe.mitre.org/data/definitions/82[CWE-82 - Improper Neutralization of Script in Attributes of IMG Tags in a Web Page] +* CWE - https://cwe.mitre.org/data/definitions/83[CWE-83 - Improper Neutralization of Script in Attributes in a Web Page] +* CWE - https://cwe.mitre.org/data/definitions/84[CWE-84 - Improper Neutralization of Encoded URI Schemes in a Web Page] +* CWE - https://cwe.mitre.org/data/definitions/85[CWE-85 - Doubled Character XSS Manipulations] +* CWE - https://cwe.mitre.org/data/definitions/86[CWE-86 - Improper Neutralization of Invalid Characters in Identifiers in Web Pages] +* CWE - https://cwe.mitre.org/data/definitions/87[CWE-87 - Improper Neutralization of Alternate XSS Syntax] diff --git a/rules/S5443/go/metadata.json b/rules/S5443/go/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5443/go/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5443/go/rule.adoc b/rules/S5443/go/rule.adoc new file mode 100644 index 00000000000..24a395ba014 --- /dev/null +++ b/rules/S5443/go/rule.adoc @@ -0,0 +1,65 @@ +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +Examples of sensitive file creation: + +[source,go] +---- +file, _ = os.Create("/tmp/tempfile.txt") // Sensitive + +file, _ = os.Create(os.TempDir()+"/tempfile.txt") // Sensitive + +file, _ := os.OpenFile("/tmp/tempfile.txt", os.O_CREATE, 0755) // Sensitive + +os.WriteFile("/tmp/tempfile.txt", []byte{"sensitive"}, 0755) // Sensitive +---- + +Example of sensitive directory creation: + +[source,go] +---- +tempdir := "/tmp/tempdir/" +os.Mkdir(tempdir, 0755) // Sensitive +file, _ := os.Create("/tmp/tempdir/tempfile.txt") +---- + +== Compliant Solution + +Compliant temporary file creation: + +[source,go] +---- +file, _ := os.CreateTemp("", "example-pattern") +---- + +Compliant temporary directory creation: + +[source,go] +---- +dir, _ := os.MkdirTemp("", "example-directory") +filename := filepath.Join(dir, "tempfile.txt") +file, _ := os.Create(filename) +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S5443/metadata.json b/rules/S5443/metadata.json index 33d4492cb3e..7368a75c3fd 100644 --- a/rules/S5443/metadata.json +++ b/rules/S5443/metadata.json @@ -40,6 +40,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222567" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5443/python/rule.adoc b/rules/S5443/python/rule.adoc index 77978a86c52..bdd80bd2f16 100644 --- a/rules/S5443/python/rule.adoc +++ b/rules/S5443/python/rule.adoc @@ -26,13 +26,15 @@ file = tempfile.TemporaryFile(dir="/tmp/my_subdirectory", mode='"w+") # Complian == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/377[MITRE, CWE-377] - Insecure Temporary File -* https://cwe.mitre.org/data/definitions/379[MITRE, CWE-379] - Creation of Temporary File in Directory with Incorrect Permissions +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] +* CWE - https://cwe.mitre.org/data/definitions/379[CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions] * https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File[OWASP, Insecure Temporary File] * https://docs.python.org/3/library/tempfile.html[Python tempfile module] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + ifdef::env-github,rspecator-view[] diff --git a/rules/S5443/see.adoc b/rules/S5443/see.adoc index 58632693b91..5db191a61de 100644 --- a/rules/S5443/see.adoc +++ b/rules/S5443/see.adoc @@ -1,8 +1,10 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/377[MITRE, CWE-377] - Insecure Temporary File -* https://cwe.mitre.org/data/definitions/379[MITRE, CWE-379] - Creation of Temporary File in Directory with Incorrect Permissions -* https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File[OWASP, Insecure Temporary File] \ No newline at end of file +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] +* CWE - https://cwe.mitre.org/data/definitions/379[CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions] +* https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File[OWASP, Insecure Temporary File] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + diff --git a/rules/S5445/common/resources/standards.adoc b/rules/S5445/common/resources/standards.adoc index 1088b041458..36de23d3859 100644 --- a/rules/S5445/common/resources/standards.adoc +++ b/rules/S5445/common/resources/standards.adoc @@ -1,6 +1,8 @@ === Standards -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP] - Top 10 2021 - A01:2021 - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP] - Top 10 2017 - A9:2017 - Using Components with Known Vulnerabilities -* https://cwe.mitre.org/data/definitions/377[MITRE] - CWE-377: Insecure Temporary File -* https://cwe.mitre.org/data/definitions/379[MITRE] - CWE-379: Creation of Temporary File in Directory with Incorrect Permissions +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] +* CWE - https://cwe.mitre.org/data/definitions/379[CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + diff --git a/rules/S5445/metadata.json b/rules/S5445/metadata.json index ff1315c89b7..7cb2bdc8898 100644 --- a/rules/S5445/metadata.json +++ b/rules/S5445/metadata.json @@ -43,6 +43,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222567" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5485/cfamily/rule.adoc b/rules/S5485/cfamily/rule.adoc index 85fa6591f57..a098daf4dd9 100644 --- a/rules/S5485/cfamily/rule.adoc +++ b/rules/S5485/cfamily/rule.adoc @@ -38,7 +38,7 @@ Besides affecting the application's availability, NULL pointer dereferences may If NULL is equivalent to the 0x0 memory address that can be accessed by privileged code, writing and reading memory is possible, which compromises the integrity and confidentiality of the application. -== Hot to fix it +== How to fix it Ensure that the ``++FILE*++``-typed pointer parameters passed to the standard C library's I/O stream handling functions are non-``++NULL++`` and also any other parameters such as the third argument of ``++fseek++`` carry appropriate values, namely any of ``++SEEK_SET++``, ``++SEEK_END++``, or ``++SEEK_CUR++``. @@ -133,7 +133,7 @@ int process_tmp_file() { === Standards -* CWE - https://cwe.mitre.org/data/definitions/476[476 NULL Pointer Dereference] +* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 NULL Pointer Dereference] === Related rules diff --git a/rules/S5486/cfamily/metadata.json b/rules/S5486/cfamily/metadata.json index 64db0b317c5..849d0d56f30 100644 --- a/rules/S5486/cfamily/metadata.json +++ b/rules/S5486/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -18,12 +18,8 @@ "multi-threading" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5486", @@ -32,6 +28,9 @@ "securityStandards": { "CWE": [ 764 + ], + "STIG ASD_V5R3": [ + "V-222567" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5486/cfamily/rule.adoc b/rules/S5486/cfamily/rule.adoc index 6c7f591c058..c09be4ca2be 100644 --- a/rules/S5486/cfamily/rule.adoc +++ b/rules/S5486/cfamily/rule.adoc @@ -167,8 +167,9 @@ void locks(bool calcFib, int n) { === Standards -* CWE - https://cwe.mitre.org/data/definitions/764[764 Multiple Locks of a Critical Resource] -* CWE - https://cwe.mitre.org/data/definitions/362[362 Multiple Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')] +* CWE - https://cwe.mitre.org/data/definitions/764[CWE-764 Multiple Locks of a Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/362[CWE-362 Multiple Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. === Related rules diff --git a/rules/S5487/cfamily/metadata.json b/rules/S5487/cfamily/metadata.json index 3cc799da76f..d990b0b698d 100644 --- a/rules/S5487/cfamily/metadata.json +++ b/rules/S5487/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,17 +17,18 @@ "multi-threading" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5487", "sqKey": "S5487", "scope": "All", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222567" + ] + }, "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5487/cfamily/rule.adoc b/rules/S5487/cfamily/rule.adoc index b5f09dbefc9..ee44574be31 100644 --- a/rules/S5487/cfamily/rule.adoc +++ b/rules/S5487/cfamily/rule.adoc @@ -211,7 +211,11 @@ void use_and_destroy_initialized() === Conference presentations -* CppCon 2020 - https://youtu.be/A7sVFJLJM-A?si=v76jhmv3XnHExZYU[An Introduction to Multithreading in C++20] +* CppCon 2020 - https://youtu.be/A7sVFJLJM-A?si=v76jhmv3XnHExZYU[An Introduction to Multithreading in {cpp}20] + +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. === Related rules @@ -227,7 +231,7 @@ ifdef::env-github,rspecator-view[] === on 13 Oct 2023, Arseniy Zaostrovnykh wrote: (Tomek's suggestion)As a further improvement possibility -"Going the extra mile" could explain how the modern ({cpp}17, {cpp}20) std::locks are implemented so that people could reimplement them in C++11 if necessary. +"Going the extra mile" could explain how the modern ({cpp}17, {cpp}20) std::locks are implemented so that people could reimplement them in {cpp}11 if necessary. === relates to: S5486 diff --git a/rules/S5489/cfamily/metadata.json b/rules/S5489/cfamily/metadata.json index a6cb67e5e92..63cd5a73520 100644 --- a/rules/S5489/cfamily/metadata.json +++ b/rules/S5489/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,12 +17,8 @@ "multi-threading" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5489", diff --git a/rules/S5495/cfamily/rule.adoc b/rules/S5495/cfamily/rule.adoc index a61ef799998..a59bc89ddc1 100644 --- a/rules/S5495/cfamily/rule.adoc +++ b/rules/S5495/cfamily/rule.adoc @@ -52,6 +52,6 @@ Vec applyPermutation(const Vec& v, const Vec& permutation) { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#f52-prefer-capturing-by-reference-in-lambdas-that-will-be-used-locally-including-passed-to-algorithms[{cpp} Core Guidelines F.52] - Prefer capturing by reference in lambdas that will be used locally, including passed to algorithms +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f52-prefer-capturing-by-reference-in-lambdas-that-will-be-used-locally-including-passed-to-algorithms[F.52: Prefer capturing by reference in lambdas that will be used locally, including passed to algorithms] diff --git a/rules/S5496/impact.adoc b/rules/S5496/impact.adoc new file mode 100644 index 00000000000..e8148918c85 --- /dev/null +++ b/rules/S5496/impact.adoc @@ -0,0 +1,40 @@ +=== What is the potential impact? + +An attacker exploiting a server-side template injection vulnerability will be +able to execute arbitrary commands on the underlying operating system. + +The impact depends on the access control measures taken on the target system +OS. In the worst-case scenario, the process runs with root privileges, and +therefore any OS commands or programs may be affected. + +Below are some real-world scenarios that illustrate some impacts of an attacker +exploiting the vulnerability. + +==== Denial of service and data leaks + +In this scenario, the attack aims to disrupt the organization's activities and +profit from data leaks. + +An attacker could, for example: + +* download the internal server's data, most likely to sell it +* modify data, send malware +* stop services or exhaust resources (with fork bombs for example) + +This threat is particularly insidious if the attacked organization does not +maintain a disaster recovery plan (DRP). + +==== Root privilege escalation and pivot + +In this scenario, the attacker can do everything described in the previous +section. The difference is that the attacker also manages to elevate their +privileges to an administrative level and attacks other servers. + +Here, the impact depends on how much the target company focuses on its Defense +In Depth. For example, the entire infrastructure can be compromised by a +combination of OS injections and *misconfiguration* of: + +* Docker or Kubernetes clusters +* cloud services +* network firewalls and routing +* OS access control \ No newline at end of file diff --git a/rules/S5496/java/how-to-fix-it/groovy.adoc b/rules/S5496/java/how-to-fix-it/groovy.adoc new file mode 100644 index 00000000000..6f1148ccb7a --- /dev/null +++ b/rules/S5496/java/how-to-fix-it/groovy.adoc @@ -0,0 +1,47 @@ +== How to fix it in Groovy + +=== Code examples + +==== Noncompliant code example + +The following code example is vulnerable to a Server-Side Template Injection +attack because it builds a template string from a user input without control or +sanitation. + +[source,java,diff-id=21,diff-type=noncompliant] +---- +@GetMapping("/example") +public String example(@RequestParam("title") String title) throws CompilationFailedException, ClassNotFoundException, IOException { + String templateString = "h1('" + title + "')"; + TemplateConfiguration config = new TemplateConfiguration(); + MarkupTemplateEngine engine = new MarkupTemplateEngine(config); + Template template = engine.createTemplate(templateString); // Noncompliant + Writable out = template.make(); + return out.toString(); +} +---- + +==== Compliant solution + +[source,java,diff-id=21,diff-type=compliant] +---- +@GetMapping("/example") +public String example(@RequestParam("title") String title) throws CompilationFailedException, ClassNotFoundException, IOException { + String templateString = "h1(title)"; + + Map ctx = new HashMap<>(); + ctx.put("title", title); + + TemplateConfiguration config = new TemplateConfiguration(); + MarkupTemplateEngine engine = new MarkupTemplateEngine(config); + Template template = engine.createTemplate(templateString); + Writable out = template.make(ctx); + return out.toString(); +} +---- + +=== How does this work? + +The compliant code example uses a template binding to pass user information to +the template. The rendering engine then ensures that this tainted data is +processed in a way that will not change the template semantics. diff --git a/rules/S5496/java/how-to-fix-it/spring.adoc b/rules/S5496/java/how-to-fix-it/spring.adoc new file mode 100644 index 00000000000..e9f9a8fa67d --- /dev/null +++ b/rules/S5496/java/how-to-fix-it/spring.adoc @@ -0,0 +1,49 @@ +== How to fix it in Spring + +=== Code examples + +The following code examples assume that the `tainted` variable is controlled by an attacker and is not sanitized before being used in the template. For instance, consider the following endpoint that could be defined within a Spring controller: +[source,java] +---- +@GetMapping("/example") +public String noncompliant(@RequestParam String tainted, Map model) { + model.put("tainted", tainted); + return "template"; +} +---- + +==== Noncompliant code example + +The following code example is vulnerable to a Server-Side Template Injection (SSTI) attack if the `tainted` variable is not sanitized before being used in the `th:text` attribute. The `__${...}__` syntax indicates that this variable should be preprocessed by Thymeleaf before being used in the template. If the `tainted` variable is controlled by an attacker, they can inject arbitrary code into the template. + +[source,html,diff-id=11,diff-type=noncompliant] +---- + + + + + + + +---- + +==== Compliant solution + +[source,html,diff-id=11,diff-type=compliant] +---- + + + + + + + +---- + +=== How does this work? + +The compliant code example does not use preprocessing so that the `tainted` variable will be directly inserted into the template, which prevents an attacker from injecting arbitrary code into the template. + +==== Thymeleaf's Built-in Security Measures + +It is worth noting that since Thymeleaf version 3.0.12, expressions are executed in a sandboxed environment where only a limited set of classes and methods are available. While this might make it harder to exploit SSTI vulnerabilities, it does not make it impossible and there might be unknown bypasses which could still allow attackers to execute arbitrary code. \ No newline at end of file diff --git a/rules/S5496/java/metadata.json b/rules/S5496/java/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5496/java/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5496/java/rule.adoc b/rules/S5496/java/rule.adoc new file mode 100644 index 00000000000..5bd3608afd2 --- /dev/null +++ b/rules/S5496/java/rule.adoc @@ -0,0 +1,34 @@ +== Why is this an issue? + +include::../rationale.adoc[] + +include::../impact.adoc[] + +// How to fix it section + +include::how-to-fix-it/spring.adoc[] + +include::how-to-fix-it/groovy.adoc[] + + +== Resources + +=== Articles & blog posts + +* https://www.acunetix.com/blog/web-security-zone/exploiting-ssti-in-thymeleaf/[Exploiting SSTI in Thymeleaf] + +include::../standards.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +include::../message.adoc[] + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S5496/message.adoc b/rules/S5496/message.adoc new file mode 100644 index 00000000000..fda1c872f70 --- /dev/null +++ b/rules/S5496/message.adoc @@ -0,0 +1 @@ +Change this code to not construct template content directly from user-controlled data. \ No newline at end of file diff --git a/rules/S5496/metadata.json b/rules/S5496/metadata.json index 2c63c085104..8974b5e8b44 100644 --- a/rules/S5496/metadata.json +++ b/rules/S5496/metadata.json @@ -1,2 +1,60 @@ { + "title": "Server-side templates should not be vulnerable to injection attacks", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "BLOCKER" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe", + "python3" + ], + "extra": { + "replacementRules": [], + "legacyKeys": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-5496", + "sqKey": "S5496", + "scope": "Main", + "securityStandards": { + "CWE": [ + 77, + 94 + ], + "OWASP": [ + "A1" + ], + "OWASP Top 10 2021": [ + "A3" + ], + "PCI DSS 3.2": [ + "6.5.1" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "5.2.5", + "5.2.8" + ], + "STIG ASD_V5R3": [ + "V-222609" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "educationPrinciples": [ + "defense_in_depth", + "never_trust_user_input" + ], + "quickfix": "unknown" } diff --git a/rules/S5496/python/metadata.json b/rules/S5496/python/metadata.json index 0393965dde1..2c63c085104 100644 --- a/rules/S5496/python/metadata.json +++ b/rules/S5496/python/metadata.json @@ -1,61 +1,2 @@ { - "title": "Server-side templates should not be vulnerable to injection attacks", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe", - "python3" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-5496", - "sqKey": "S5496", - "scope": "Main", - "securityStandards": { - "CWE": [ - 77, - 94 - ], - "OWASP": [ - "A1" - ], - "OWASP Top 10 2021": [ - "A3" - ], - "PCI DSS 3.2": [ - "6.5.1" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "5.2.5", - "5.2.8" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" - ], - "educationPrinciples": [ - "defense_in_depth", - "never_trust_user_input" - ], - "quickfix": "unknown" } diff --git a/rules/S5496/python/rule.adoc b/rules/S5496/python/rule.adoc index dbec80c465e..6c75cbd379c 100644 --- a/rules/S5496/python/rule.adoc +++ b/rules/S5496/python/rule.adoc @@ -1,60 +1,9 @@ == Why is this an issue? -Server-side template injections occur in an application when the application -retrieves data from a user or a third-party service and inserts it into a -template, without sanitizing it first. - -If an application contains a template that is vulnerable to injections, -it is exposed to attacks that target the underlying rendering server. - -A user with malicious intent can create requests that will cause -the template to change its logic into unwanted behavior. - -After creating the malicious request, the attacker can attack the servers -affected by this vulnerability without relying on any prerequisites. - -=== What is the potential impact? - -An attacker exploiting a server-side template injection vulnerability will be -able to execute arbitrary commands on the underlying operating system. - -The impact depends on the access control measures taken on the target system -OS. In the worst-case scenario, the process runs with root privileges, and -therefore any OS commands or programs may be affected. - -Below are some real-world scenarios that illustrate some impacts of an attacker -exploiting the vulnerability. - -==== Denial of service and data leaks - -In this scenario, the attack aims to disrupt the organization's activities and -profit from data leaks. - -An attacker could, for example: - -* download the internal server's data, most likely to sell it -* modify data, send malware -* stop services or exhaust resources (with fork bombs for example) - -This threat is particularly insidious if the attacked organization does not -maintain a disaster recovery plan (DRP). - -==== Root privilege escalation and pivot - -In this scenario, the attacker can do everything described in the previous -section. The difference is that the attacker also manages to elevate their -privileges to an administrative level and attacks other servers. - -Here, the impact depends on how much the target company focuses on its Defense -In Depth. For example, the entire infrastructure can be compromised by a -combination of OS injections and *misconfiguration* of: - -* Docker or Kubernetes clusters -* cloud services -* network firewalls and routing -* OS access control +include::../rationale.adoc[] +include::../impact.adoc[] == How to fix it @@ -110,11 +59,8 @@ of the initially intended template logic. * https://medium.com/@nyomanpradipta120/ssti-in-flask-jinja2-20b068fdaeee[SSTI in Flask/Jinja2] -=== Standards +include::../standards.adoc[] -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/94[MITRE, CWE-94] - Improper Control of Generation of Code ifdef::env-github,rspecator-view[] @@ -124,7 +70,7 @@ ifdef::env-github,rspecator-view[] === Message -Change this code to not construct HTML content directly from user-controlled data. +include::../message.adoc[] === Highlighting diff --git a/rules/S5496/rationale.adoc b/rules/S5496/rationale.adoc new file mode 100644 index 00000000000..b0484a82c29 --- /dev/null +++ b/rules/S5496/rationale.adoc @@ -0,0 +1,9 @@ +Server-side template injections occur when an application +retrieves data from a user or a third-party service and inserts it into a +template, without sanitizing it first. + +If an application contains a template that is vulnerable to injections, +it is exposed to attacks that target the underlying rendering server. + +A user with malicious intent can create requests that will cause +the template to change its logic into unwanted behavior. \ No newline at end of file diff --git a/rules/S5496/standards.adoc b/rules/S5496/standards.adoc new file mode 100644 index 00000000000..861a87a7f9a --- /dev/null +++ b/rules/S5496/standards.adoc @@ -0,0 +1,7 @@ +=== Standards + +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/94[CWE-94 - Improper Control of Generation of Code] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S5500/cfamily/metadata.json b/rules/S5500/cfamily/metadata.json index f24bb2fe81e..40ee2690862 100644 --- a/rules/S5500/cfamily/metadata.json +++ b/rules/S5500/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "Functions having rvalue reference arguments should \"std::move\" those arguments", + "title": "Function parameters that are rvalue references should be moved", "type": "CODE_SMELL", "code": { "impacts": { @@ -33,5 +33,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S5500/cfamily/rule.adoc b/rules/S5500/cfamily/rule.adoc index 174ed1969e9..9dc258542bd 100644 --- a/rules/S5500/cfamily/rule.adoc +++ b/rules/S5500/cfamily/rule.adoc @@ -1,66 +1,256 @@ == Why is this an issue? -Rvalue reference arguments allow to transfer ownership of objects. +Rvalue reference arguments allow the efficient transfer of the ownership of objects. +Therefore, it is expected that rvalue arguments or their subobjects are, conditionally or not, moved into their destination variables. -When a function has an argument of type rvalue reference, it is expected to call ``++std::move++`` to take ownership of the corresponding parameter when it is called. +The ownership is unclear when an rvalue argument, including its subobject or elements, is never moved. +This might lead to bugs and performance issues. -If it does not do it or if it does it conditionally, ownership is unclear and this might lead to bugs. +This rule does not apply when the argument is a forwarding reference. +=== Exceptions -This rule does not apply when the argument is a forwarding reference. +For the {cpp}23 or later standard, this rule does not raise issues if the function returns the rvalue reference parameter. +In such cases, the parameter is implicitly moved, and an explicit call to `std::move` is not required: +[source,cpp] +---- +Shape updateShape(Shape&& shape) { + /* ... */ + return shape; // Compliant: implicitly moves shape +} +---- + +When returning a parameter or variable of rvalue reference type, an implicit move +was introduced in {cpp}20 and retroactively applied to previous standards. +As a consequence, the behavior of such return statements is not consistent across compilers +and standard versions. + +Furthermore, with the {cpp}20 rules, the implicit move is not triggered if the function +returns a reference: +[source,cpp] +---- +Shape&& updateShape(Shape&& shape) { + /* ... */ + // C++23: Implicit move, equivalent to `std::move(shape)` + // C++20: No move and ill-formed as Shape&& reference cannot bound to Shape& + return shape; +} +---- +Due to all of the above, this rule does not treat `return p` as an exception in {cpp} standard before {cpp}23, +and requires the explicit move `return std::move(p)`. -=== Noncompliant code example +In contrast to returning local (stack) variables, named return value optimization (NRVO) +does not apply to function parameters, so an explicit `std::move` call has no impact on optimizations. + +== How to fix it + +This issue can be resolved in multiple ways: + +// We do not mention std::move_backward or std::ranges::move_backward to keep things simple. +// Those functions are assumed to be less frequently needed. + +* Generally, `std::move` can be used to move such arguments; +* For containers, {cpp}20 `std::ranges::move` or {cpp}23 `std::views::as_rvalue` can be used to move their elements; +* It is also possible to use a range-based for loop to move elements. + +We illustrate these solutions in the examples below based on the following definitions. [source,cpp] ---- -enum class Shape { - empty, circle, square +class Shape { +public: + Shape(Shape const& shape); // Copy constructor + Shape(Shape&& shape); // Move constructor + // More code... + + bool isVisible() const; }; class DrawingStore { std::vector store; + public: - void insertShape(Shape &&shape) { - store.emplace_back(shape); // Noncompliant, call to std::move is expected - } - - void insertIfCircle(Shape &&shape) { - if (shape == Shape::circle) { - store.emplace_back(std::move(shape)); // Noncompliant, std::move is not always called, ownership of shape is not clear - } - } + void insertVisibleShape(Shape&& shape); + void insertAllShapes(std::vector&& shapes); + void insertAllVisibleShapes(std::vector&& shapes); }; ---- +=== How to move an rvalue parameter -=== Compliant solution +==== Noncompliant code example + +When the parameter represents a single object you want to move, it is not sufficient to use `&&` after its type in the parameter list. + +[source,cpp,diff-id=1,diff-type=noncompliant] +---- +void DrawingStore::insertVisibleShape(Shape&& shape) { + if (shape.isVisible()) { + store.emplace_back(shape); // Noncompliant, call to std::move is expected. + } +} +---- + +With the above implementation, the `Shape` object appended in `store` is created using ``Shape``'s _copy_ constructor. + +==== Compliant solution + +To ensure the object's content is moved, you have to call `std::move()` like this: + +[source,cpp,diff-id=1,diff-type=compliant] +---- +void DrawingStore::insertVisibleShape(Shape&& shape) { + if (shape.isVisible()) { + store.emplace_back(std::move(shape)); // Compliant + } +} +---- + +With this fix, the _move_ constructor of `Shape` is used and the content of the parameter `shape` can be transferred to the newly created object in `store`. + +=== How to move elements of a container using for-loops + +When you want to transfer the content of multiple objects into another container, it also makes sense to define the parameter as rvalue with `&&`. + +==== Noncompliant code example + +While the following code looks fine and compiles, it does actually _copy_ the elements. In fact, `shapes` is left unchanged. + +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +void DrawingStore::insertAllShapes(std::vector&& shapes) { + for (Shape& s : shapes) { + if (s.isVisible()) { + store.emplace_back(s); // Noncompliant, call to std::move is expected. + } + } +} +---- + +==== Compliant solution + +As in the previous example, a call to `std::move` is required to fix the implementation: + +[source,cpp,diff-id=2,diff-type=compliant] +---- +void DrawingStore::insertAllVisibleShapes(std::vector&& shapes) { + for (Shape& s : shapes) { + if (s.isVisible()) { + store.emplace_back(std::move(s)); // Compliant + } + } +} +---- + +// We purposely do not go into the details of "moved-from" states and the fact that `shapes` has still the same number of elements while some of them are in this "moved-from" state. + +Writing ``++for (Shape& s : std::move(shapes))++`` would not fix the issue because this call to `std::move` has no effect here. +The call to `std::move` has to be on `s`, not `shapes`. + +Notice that in this solution, the for-loop variable `s` remains an lvalue reference with a single `&`. +In {cpp}23, it is possible to make it a rvalue too, with ``++std::ranges::views::as_rvalue++``, making the intent of the code clearer. + +// We do not use the shorter form std::views::as_rvalue because libstdc++ does not support it yet. [source,cpp] ---- -enum class Shape { - empty, circle, square -}; +void DrawingStore::insertAllVisibleShapes(std::vector&& shapes) { + for (Shape&& s : shapes | std::ranges::views::as_rvalue) { + if (s.isVisible()) { + store.emplace_back(std::move(s)); // Compliant + } + } +} +---- -class DrawingStoreOk { - std::vector store; -public: - void insertShape(Shape &&shape) { - store.emplace_back(std::move(shape)); - } - - void insertIfCircle(const Shape &shape) { - if (shape == Shape::circle) { - store.emplace_back(shape); - } - } -}; +=== How to move elements of a container using algorithms + +Algorithms, especially with {cpp}20 ranges, are often better alternatives to manual for-loops since they abstract away a lot of implementation details. +However, not all of them abstract away the move semantics and attention is required to use them correctly. + +==== Noncompliant code example + +For example, `std::ranges::copy` performs copies by default: + +[source,cpp,diff-id=3,diff-type=noncompliant] +---- +void DrawingStore::insertAllShapes(std::vector&& shapes) { + // Noncompliant: the elements of shapes are not moved. + std::ranges::copy(shapes, std::back_inserter(store)); +} +---- + +==== Compliant solution + +Here, the solution is fairly simple: `std::ranges::copy` can be replaced with `std::ranges::move`. + +[source,cpp,diff-id=3,diff-type=compliant] +---- +void DrawingStore::insertAllShapes(std::vector&& shapes) { + // Compliant: uses "move" instead of "copy". + std::ranges::move(shapes, std::back_inserter(store)); +} +---- + +==== Noncompliant code example + +However, sometimes `std::ranges::move` cannot be used, for example when not all elements should be moved. +In this case, `std::ranges::copy_if` looks appropriate but falls short: + +[source,cpp,diff-id=4,diff-type=noncompliant] +---- +void DrawingStore::insertAllVisibleShapes(std::vector&& shapes) { + // Noncompliant: the elements of shapes are not moved. + std::ranges::copy_if( + shapes, + std::back_inserter(store), + &Shape::isVisible + ); +} ---- +Again, the elements are copied instead of being moved. + +==== Compliant solution + +While a solution based on ``++std::make_move_iterator++`` exists before {cpp}23, it is fairly verbose and error-prone. +This time again, {cpp}23 ``++std::ranges::views::as_rvalue++`` helps writing regular code: + +[source,cpp,diff-id=4,diff-type=compliant] +---- +void DrawingStore::insertAllVisibleShapes(std::vector&& shapes) { + // Compliant: use as_rvalue to ensure elements are moved. + std::ranges::copy_if( + shapes | std::ranges::views::as_rvalue, + std::back_inserter(store), + &Shape::isVisible + ); +} +---- + +This solution can be applied to any move-compatible algorithm. == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#f18-for-will-move-from-parameters-pass-by-x-and-stdmove-the-parameter[{cpp} Core Guidelines F.18] - For “will-move-from” parameters, pass by X&& and std::move the parameter +=== Documentation + +// Not linking to the _backward versions, to the std::move(start, end, result) overload, +// or std::make_move_iterator function to keep the number of links manageable. + +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/move[`std::move`] +* {cpp} reference - https://en.cppreference.com/w/cpp/algorithm/ranges/move[`std::ranges::move`] +* {cpp} reference - https://en.cppreference.com/w/cpp/ranges/as_rvalue_view[`std::ranges::views::as_rvalue`] +* {cpp} reference - https://en.cppreference.com/w/cpp/language/copy_elision[Copy elision] + +=== External coding guidelines + +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f18-for-will-move-from-parameters-pass-by-x-and-stdmove-the-parameter[F.18: For "will-move-from" parameters, pass by `X&&` and `std::move` the parameter] + +=== Related rules + +* S6352 - The return value of "std::move" should be used in a function +* S5417 - "std::move" and "std::forward" should not be confused ifdef::env-github,rspecator-view[] diff --git a/rules/S5502/cfamily/metadata.json b/rules/S5502/cfamily/metadata.json index bd25034d13e..acc16c6e403 100644 --- a/rules/S5502/cfamily/metadata.json +++ b/rules/S5502/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CLEAR" }, @@ -19,12 +19,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5502", diff --git a/rules/S5502/cfamily/rule.adoc b/rules/S5502/cfamily/rule.adoc index c262f828fdb..bddba5166b2 100644 --- a/rules/S5502/cfamily/rule.adoc +++ b/rules/S5502/cfamily/rule.adoc @@ -73,7 +73,7 @@ void f() { === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#r13-perform-at-most-one-explicit-resource-allocation-in-a-single-expression-statement[R.13 - Perform at most one explicit resource allocation in a single expression statement] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#r13-perform-at-most-one-explicit-resource-allocation-in-a-single-expression-statement[R.13: Perform at most one explicit resource allocation in a single expression statement] ifdef::env-github,rspecator-view[] diff --git a/rules/S5503/cfamily/rule.adoc b/rules/S5503/cfamily/rule.adoc index a20c6094a7b..f29c10d35d2 100644 --- a/rules/S5503/cfamily/rule.adoc +++ b/rules/S5503/cfamily/rule.adoc @@ -49,7 +49,7 @@ void f(Base *b) { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c148-use-dynamic_cast-to-a-pointer-type-when-failure-to-find-the-required-class-is-considered-a-valid-alternative[{cpp} Core Guidelines C.148] - Use dynamic_cast to a pointer type when failure to find the required class is considered a valid alternative +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c148-use-dynamic_cast-to-a-pointer-type-when-failure-to-find-the-required-class-is-considered-a-valid-alternative[C.148: Use `dynamic_cast` to a pointer type when failure to find the required class is considered a valid alternative] ifdef::env-github,rspecator-view[] diff --git a/rules/S5506/cfamily/rule.adoc b/rules/S5506/cfamily/rule.adoc index b46a9fefbff..aebdab622c0 100644 --- a/rules/S5506/cfamily/rule.adoc +++ b/rules/S5506/cfamily/rule.adoc @@ -82,7 +82,7 @@ bool storeIfRelevantInSharedContext(const DataItem &dataItem) { === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#cp20-use-raii-never-plain-lockunlock[CP.20 - Use RAII, never plain lock()/unlock()] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp20-use-raii-never-plain-lockunlock[CP.20: Use RAII, never plain `lock()`/`unlock()`] ifdef::env-github,rspecator-view[] diff --git a/rules/S5507/cfamily/rule.adoc b/rules/S5507/cfamily/rule.adoc index 80964315f40..3f281fe1074 100644 --- a/rules/S5507/cfamily/rule.adoc +++ b/rules/S5507/cfamily/rule.adoc @@ -46,7 +46,7 @@ void f1() { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#r37-do-not-pass-a-pointer-or-reference-obtained-from-an-aliased-smart-pointer[{cpp} Core Guidelines R.37] - Do not pass a pointer or reference obtained from an aliased smart pointer +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#r37-do-not-pass-a-pointer-or-reference-obtained-from-an-aliased-smart-pointer[R.37: Do not pass a pointer or reference obtained from an aliased smart pointer] ifdef::env-github,rspecator-view[] diff --git a/rules/S5523/cfamily/rule.adoc b/rules/S5523/cfamily/rule.adoc index 402cbff30ff..ef606cc3569 100644 --- a/rules/S5523/cfamily/rule.adoc +++ b/rules/S5523/cfamily/rule.adoc @@ -91,7 +91,7 @@ Buffers can be left uninitialized as long as they are written into immediately a == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es20-always-initialize-an-object[{cpp} Core Guidelines ES.20] - Always initialize an object +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es20-always-initialize-an-object[ES.20: Always initialize an object] ifdef::env-github,rspecator-view[] diff --git a/rules/S5524/cfamily/rule.adoc b/rules/S5524/cfamily/rule.adoc index 3aba6357aeb..fb73a73763e 100644 --- a/rules/S5524/cfamily/rule.adoc +++ b/rules/S5524/cfamily/rule.adoc @@ -1,12 +1,12 @@ == Why is this an issue? -_Mutexes_ are synchronization primitives that allow to manage concurrency. It is a common situation to have to lock multiple _mutexes_ simultaneously to get access to several resources at the same time. +_Mutexes_ are synchronization primitives that allow you to manage concurrency. It is a common situation to have to lock more than one _mutex_ simultaneously to get access to several resources at the same time. -If this is not done properly, it can lead to deadlocks or crashes. If one thread acquires A then tries to acquire B, while another thread acquires B then tries to acquire A, both threads will wait for each other forever. +If this is not done properly, it can lead to deadlocks or crashes. If one thread acquires A and then tries to acquire B, while another thread acquires B and then tries to acquire A, both threads will wait for each other forever. -In such a case, a commonly accepted good practice is to define an order on the _mutexes_ and to lock them in that order and unlock them in the reverse order. However, such an order is not always clearly defined or easy to ensure across a whole program. +In such a case, a commonly accepted good practice is to define an order on the _mutexes_ then lock them in that order, and then unlock them in the reverse order. However, such an order is not always clearly defined or easy to ensure across a whole program. {cpp} provides facilities to lock multiple _mutexes_ in one go, with a dedicated deadlock prevention algorithm. They should be used instead. Before {cpp}17, you should use ``++std::lock++``, and since {cpp}17 you can use a variadic constructor of ``++std::scoped_lock++``. See the examples for more details. @@ -55,7 +55,7 @@ void f() { // Compliant: C++17 solution == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#cp21-use-stdlock-or-stdscoped_lock-to-acquire-multiple-mutexes[{cpp} Core Guidelines CP.21] - Use std::lock() or std::scoped_lock to acquire multiple mutexes +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp21-use-stdlock-or-stdscoped_lock-to-acquire-multiple-mutexes[CP.21: Use `std::lock()` or `std::scoped_lock` to acquire multiple ``mutex``es] * {cpp} reference - https://en.cppreference.com/w/cpp/thread/scoped_lock[cppreference.com - std::scoped_lock] diff --git a/rules/S5527/common/resources/standards.adoc b/rules/S5527/common/resources/standards.adoc index 2eaade5380c..7505700e900 100644 --- a/rules/S5527/common/resources/standards.adoc +++ b/rules/S5527/common/resources/standards.adoc @@ -1,10 +1,12 @@ === Standards -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://mobile-security.gitbook.io/masvs/security-requirements/0x10-v5-network_communication_requirements[Mobile AppSec Verification Standard] - Network Communication Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[OWASP Mobile Top 10 2016 Category M3] - Insecure Communication -* https://cwe.mitre.org/data/definitions/297[MITRE, CWE-297] - Improper Validation of Certificate with Host Mismatch +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication] +* CWE - https://cwe.mitre.org/data/definitions/297[CWE-297 - Improper Validation of Certificate with Host Mismatch] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor. + diff --git a/rules/S5527/metadata.json b/rules/S5527/metadata.json index a6cb1e0853e..05cb6f6497c 100644 --- a/rules/S5527/metadata.json +++ b/rules/S5527/metadata.json @@ -56,6 +56,9 @@ "PCI DSS 4.0": [ "4.2.1", "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222550" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5542/common/fix/fix.adoc b/rules/S5542/common/fix/fix.adoc index 137ebf16d42..9148a1ec10d 100644 --- a/rules/S5542/common/fix/fix.adoc +++ b/rules/S5542/common/fix/fix.adoc @@ -4,7 +4,10 @@ considered strong by the cryptographic community. Appropriate choices are currently the following. -==== For AES: Use Galois/Counter mode (GCM) +==== For AES: use authenticated encryption modes + +The best-known authenticated encryption mode for AES is Galois/Counter mode +(GCM). GCM mode combines encryption with authentication and integrity checks using a cryptographic hash function and provides both confidentiality and authenticity @@ -16,11 +19,9 @@ Other similar modes are: * CWC: `Cipher Block Chaining with Message Authentication Code` * EAX: `Encrypt-and-Authenticate` * IAPM: `Integer Authenticated Parallelizable Mode` - * OCB: `Offset Codebook Mode` It is also possible to use AES-CBC with HMAC for integrity checks. However, it - is considered more straightforward to use AES-GCM directly instead. ==== For RSA: use the OAEP scheme diff --git a/rules/S5542/common/resources/standards.adoc b/rules/S5542/common/resources/standards.adoc index f949322ca04..938a3f6b34e 100644 --- a/rules/S5542/common/resources/standards.adoc +++ b/rules/S5542/common/resources/standards.adoc @@ -1,5 +1,6 @@ === Standards -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] diff --git a/rules/S5542/go/metadata.json b/rules/S5542/go/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5542/go/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5542/go/rule.adoc b/rules/S5542/go/rule.adoc new file mode 100644 index 00000000000..9819e141900 --- /dev/null +++ b/rules/S5542/go/rule.adoc @@ -0,0 +1,153 @@ + +include::../summary.adoc[] + +== Why is this an issue? + +include::../rationale.adoc[] + +include::../impact.adoc[] + +// How to fix it section + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +Example with a symmetric cipher, AES in CBC mode: + +[source,go,diff-id=1,diff-type=noncompliant] +---- +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" +) +func encrypt() { + plaintext := []byte("Exampleplaintext") + + key := make([]byte, 32) + rand.Read(key) + block, _ := aes.NewCipher(key) + iv := make([]byte, block.BlockSize()) + rand.Read(iv) + + encrypter := cipher.NewCBCEncrypter(block, iv) // Noncompliant + + ciphertext := make([]byte, len(plaintext)) + encrypter.CryptBlocks(ciphertext, plaintext) +} +---- + +The following example shows the function `cipher.Block.Encrypt` being used directly to run AES in a self-build ECB mode: + +[source,go] +---- +import ( + "crypto/aes" + "crypto/rand" +) +func encrypt() { + plaintext := []byte("Exampleplaintext") + + key := make([]byte, 32) + rand.Read(key) + block, _ := aes.NewCipher(key) + + ciphertext := make([]byte, len(plaintext)) + block.Encrypt(ciphertext, plaintext) // Noncompliant +} +---- + +Example with an asymetric cipher, RSA with PKCS1v15 padding: + +[source,go,diff-id=2,diff-type=noncompliant] +---- +import ( + "crypto/rand" + "crypto/rsa" +) +func encrypt() { + random := rand.Reader + plaintext := []byte("Exampleplaintext") + privateKey, _ := rsa.GenerateKey(random, 4096) + ciphertext, _ := rsa.EncryptPKCS1v15(random, &privateKey.PublicKey, plaintext) // Noncompliant +} +---- + +==== Compliant solution + +include::../common/fix/aes-compliant-example.adoc[] + +[source,go,diff-id=1,diff-type=compliant] +---- +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" +) +func encrypt() { + plaintext := []byte("Exampleplaintext") + + key := make([]byte, 32) + rand.Read(key) + block, _ := aes.NewCipher(key) + nonce := make([]byte, 12) + rand.Read(nonce) + + aesgcm, _ := cipher.NewGCM(block) + + ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) +} +---- + +include::../common/fix/rsa-compliant-example.adoc[] + +[source,go,diff-id=2,diff-type=compliant] +---- +import ( + "crypto/rand" + "crypto/rsa" + "crypto/sha256" +) +func encrypt() { + random := rand.Reader + plaintext := []byte("Exampleplaintext") + privateKey, _ := rsa.GenerateKey(random, 4096) + ciphertext, _ := rsa.EncryptOAEP(sha256.New(), random, &privateKey.PublicKey, plaintext, nil) +} +---- + +=== How does this work? + +include::../common/fix/fix.adoc[] + + + +== Resources + +include::../common/resources/docs.adoc[] + +include::../common/resources/articles.adoc[] + +include::../common/resources/presentations.adoc[] + +include::../common/resources/standards.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::../comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S5542/java/how-to-fix-it/java-cryptographic-extension.adoc b/rules/S5542/java/how-to-fix-it/java-cryptography-extension.adoc similarity index 97% rename from rules/S5542/java/how-to-fix-it/java-cryptographic-extension.adoc rename to rules/S5542/java/how-to-fix-it/java-cryptography-extension.adoc index 8a75671e4ac..815a955234f 100644 --- a/rules/S5542/java/how-to-fix-it/java-cryptographic-extension.adoc +++ b/rules/S5542/java/how-to-fix-it/java-cryptography-extension.adoc @@ -1,4 +1,4 @@ -== How to fix it in Java Cryptographic Extension +== How to fix it in Java Cryptography Extension === Code examples diff --git a/rules/S5542/java/rule.adoc b/rules/S5542/java/rule.adoc index 3b8bdb62574..6201313b98f 100644 --- a/rules/S5542/java/rule.adoc +++ b/rules/S5542/java/rule.adoc @@ -9,7 +9,7 @@ include::../impact.adoc[] // How to fix it section -include::how-to-fix-it/java-cryptographic-extension.adoc[] +include::how-to-fix-it/java-cryptography-extension.adoc[] == Resources @@ -21,9 +21,9 @@ include::../common/resources/presentations.adoc[] include::../common/resources/standards.adoc[] -* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] * https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms diff --git a/rules/S5542/kotlin/how-to-fix-it/java-cryptographic-extension.adoc b/rules/S5542/kotlin/how-to-fix-it/java-cryptography-extension.adoc similarity index 97% rename from rules/S5542/kotlin/how-to-fix-it/java-cryptographic-extension.adoc rename to rules/S5542/kotlin/how-to-fix-it/java-cryptography-extension.adoc index 9c36837a331..efd060fdc18 100644 --- a/rules/S5542/kotlin/how-to-fix-it/java-cryptographic-extension.adoc +++ b/rules/S5542/kotlin/how-to-fix-it/java-cryptography-extension.adoc @@ -1,4 +1,4 @@ -== How to fix it in Java Cryptographic Extension +== How to fix it in Java Cryptography Extension === Code examples diff --git a/rules/S5542/kotlin/rule.adoc b/rules/S5542/kotlin/rule.adoc index 19bb1b7c11e..566ee2e0b81 100644 --- a/rules/S5542/kotlin/rule.adoc +++ b/rules/S5542/kotlin/rule.adoc @@ -9,7 +9,7 @@ include::../impact.adoc[] // How to fix it section -include::how-to-fix-it/java-cryptographic-extension.adoc[] +include::how-to-fix-it/java-cryptography-extension.adoc[] == Resources @@ -21,9 +21,9 @@ include::../common/resources/presentations.adoc[] include::../common/resources/standards.adoc[] -* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] * https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms ifdef::env-github,rspecator-view[] diff --git a/rules/S5542/rationale.adoc b/rules/S5542/rationale.adoc index 2a1d0ed36de..200c56a2499 100644 --- a/rules/S5542/rationale.adoc +++ b/rules/S5542/rationale.adoc @@ -10,18 +10,20 @@ When selecting encryption algorithms, tools, or combinations, you should also consider two things: 1. No encryption is unbreakable. -2. The strength of an encryption algorithm is usually measured by the effort required to crack it within a reasonable time frame. - +2. The strength of an encryption algorithm is usually measured by the effort + required to crack it within a reasonable time frame. For these reasons, as soon as cryptography is included in a project, it is important to choose encryption algorithms that are considered strong and secure by the cryptography community. -For AES, the weakest modes are CBC (Cipher Block Chaining) and ECB +For AES, the weakest mode is ECB (Electronic Codebook). Repeated blocks of data +are encrypted to the same value, making them easy to identify and reducing the +difficulty of recovering the original cleartext. -(Electronic Codebook), as they are either vulnerable to padding oracles or do -not provide authentication mechanisms. +Unauthenticated modes such as CBC (Cipher Block Chaining) may be used but are +prone to attacks that manipulate the ciphertext. They must be used with caution. -And for RSA, the weakest algorithms are either using it without padding or +For RSA, the weakest algorithms are either using it without padding or using the PKCS1v1.5 padding scheme. diff --git a/rules/S5547/cfamily/metadata.json b/rules/S5547/cfamily/metadata.json index 7f87e8b9d4f..2ddbf46c844 100644 --- a/rules/S5547/cfamily/metadata.json +++ b/rules/S5547/cfamily/metadata.json @@ -39,6 +39,9 @@ "6.2.3", "6.2.5", "8.3.7" + ], + "STIG ASD_V5R3": [ + "V-222396" ] } } diff --git a/rules/S5547/common/resources/standards.adoc b/rules/S5547/common/resources/standards.adoc index 8bb786449e5..2823320464e 100644 --- a/rules/S5547/common/resources/standards.adoc +++ b/rules/S5547/common/resources/standards.adoc @@ -1,5 +1,8 @@ === Standards -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222396[Application Security and Development: V-222396] - The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. + diff --git a/rules/S5547/java/how-to-fix-it/java-cryptographic-extension.adoc b/rules/S5547/java/how-to-fix-it/java-cryptography-extension.adoc similarity index 95% rename from rules/S5547/java/how-to-fix-it/java-cryptographic-extension.adoc rename to rules/S5547/java/how-to-fix-it/java-cryptography-extension.adoc index d71db9430db..7c3c996a99f 100644 --- a/rules/S5547/java/how-to-fix-it/java-cryptographic-extension.adoc +++ b/rules/S5547/java/how-to-fix-it/java-cryptography-extension.adoc @@ -1,4 +1,4 @@ -== How to fix it in Java Cryptographic Extension +== How to fix it in Java Cryptography Extension === Code examples diff --git a/rules/S5547/java/metadata.json b/rules/S5547/java/metadata.json index 29fd7c98135..d5c11b387b0 100644 --- a/rules/S5547/java/metadata.json +++ b/rules/S5547/java/metadata.json @@ -34,6 +34,9 @@ "6.2.3", "6.2.5", "8.3.7" + ], + "STIG ASD_V5R3": [ + "V-222396" ] } } diff --git a/rules/S5547/java/rule.adoc b/rules/S5547/java/rule.adoc index 9b76adf8c7e..89ba5ff775d 100644 --- a/rules/S5547/java/rule.adoc +++ b/rules/S5547/java/rule.adoc @@ -8,7 +8,7 @@ include::../impact.adoc[] // How to fix it section -include::how-to-fix-it/java-cryptographic-extension.adoc[] +include::how-to-fix-it/java-cryptography-extension.adoc[] == Resources diff --git a/rules/S5547/kotlin/how-to-fix-it/java-cryptographic-extension.adoc b/rules/S5547/kotlin/how-to-fix-it/java-cryptography-extension.adoc similarity index 95% rename from rules/S5547/kotlin/how-to-fix-it/java-cryptographic-extension.adoc rename to rules/S5547/kotlin/how-to-fix-it/java-cryptography-extension.adoc index e6c68b6ad7d..9401411ccba 100644 --- a/rules/S5547/kotlin/how-to-fix-it/java-cryptographic-extension.adoc +++ b/rules/S5547/kotlin/how-to-fix-it/java-cryptography-extension.adoc @@ -1,4 +1,4 @@ -== How to fix it in Java Cryptographic Extension +== How to fix it in Java Cryptography Extension === Code examples diff --git a/rules/S5547/kotlin/rule.adoc b/rules/S5547/kotlin/rule.adoc index 466c5b8eae3..a6f24da4ff8 100644 --- a/rules/S5547/kotlin/rule.adoc +++ b/rules/S5547/kotlin/rule.adoc @@ -8,14 +8,14 @@ include::../impact.adoc[] // How to fix it section -include::how-to-fix-it/java-cryptographic-extension.adoc[] +include::how-to-fix-it/java-cryptography-extension.adoc[] == Resources include::../common/resources/standards.adoc[] -* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] ifdef::env-github,rspecator-view[] diff --git a/rules/S5547/metadata.json b/rules/S5547/metadata.json index 2dfbef097a4..fae0e12d0f9 100644 --- a/rules/S5547/metadata.json +++ b/rules/S5547/metadata.json @@ -60,6 +60,9 @@ "6.2.3", "6.2.5", "8.3.7" + ], + "STIG ASD_V5R3": [ + "V-222396" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5547/python/how-to-fix-it/ssl.adoc b/rules/S5547/python/how-to-fix-it/ssl.adoc new file mode 100644 index 00000000000..90e97fb1b73 --- /dev/null +++ b/rules/S5547/python/how-to-fix-it/ssl.adoc @@ -0,0 +1,30 @@ +== How to fix it in ssl + +=== Code examples + +include::../../common/fix/code-rationale.adoc[] + +==== Noncompliant code example + +[source,python,diff-id=41,diff-type=noncompliant] +---- +import ssl + +ciphers = 'RC4-SHA:RC4-MD5' +ctx = ssl.create_default_context() +ctx.set_ciphers(ciphers) # Noncompliant +---- + +==== Compliant solution + +[source,python,diff-id=41,diff-type=compliant] +---- +import ssl + +ctx = ssl.create_default_context() +---- + +=== How does this work? + +It is recommended to not override the ciphers but instead, use the secure +default ciphers of the module, as they might change over time. diff --git a/rules/S5547/python/rule.adoc b/rules/S5547/python/rule.adoc index f8bbbcda6f5..1b3f23a132b 100644 --- a/rules/S5547/python/rule.adoc +++ b/rules/S5547/python/rule.adoc @@ -16,6 +16,8 @@ include::how-to-fix-it/pycrypto.adoc[] include::how-to-fix-it/pydes.adoc[] +include::how-to-fix-it/ssl.adoc[] + == Resources include::../common/resources/standards.adoc[] diff --git a/rules/S5547/rationale.adoc b/rules/S5547/rationale.adoc index aae7e5c00a9..c0c8eccabe0 100644 --- a/rules/S5547/rationale.adoc +++ b/rules/S5547/rationale.adoc @@ -2,9 +2,9 @@ Encryption algorithms are essential for protecting sensitive information and ensuring secure communication in various domains. They are used for several important reasons: -* Confidentiality, privacy, and intellectual property protection. -* Security during transmission or on storage devices. -* Data integrity, general trust, and authentication. +* Confidentiality, privacy, and intellectual property protection +* Security during transmission or on storage devices +* Data integrity, general trust, and authentication When selecting encryption algorithms, tools, or combinations, you should also consider two things: diff --git a/rules/S5549/python/metadata.json b/rules/S5549/python/metadata.json index a542c47e6e0..b5be5d1183a 100644 --- a/rules/S5549/python/metadata.json +++ b/rules/S5549/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,11 @@ "constantCost": "5min" }, "tags": [ - + "syntax" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5549", diff --git a/rules/S5553/cfamily/metadata.json b/rules/S5553/cfamily/metadata.json index 2d3a82bb7a2..d200bc30907 100644 --- a/rules/S5553/cfamily/metadata.json +++ b/rules/S5553/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,11 @@ "constantCost": "10min" }, "tags": [ - + "symbolic-execution" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5553", diff --git a/rules/S5566/cfamily/rule.adoc b/rules/S5566/cfamily/rule.adoc index 1b6ebbf8e7d..7a01bc4bf56 100644 --- a/rules/S5566/cfamily/rule.adoc +++ b/rules/S5566/cfamily/rule.adoc @@ -19,6 +19,7 @@ Currently, this rule supports: * ``++std::all_of++`` (since {cpp}11) and ``++std::ranges::all_of++`` (since {cpp}20): returns ``++true++`` if all elements in the given range are matching the given predicate, ``++false++`` otherwise * ``++std::none_of++`` (since {cpp}11) and ``++std::ranges::none_of++`` (since {cpp}20): returns ``++true++`` if no elements in the given range are matching the given predicate, ``++false++`` otherwise * ``++std::any_of++`` (since {cpp}11) and ``++std::ranges::any_of++`` (since {cpp}20): returns ``++true++`` if at least one element in the given range is matching the given predicate, ``++false++`` otherwise +* ``++std::ranges::contains++`` (since {cpp}23): returns ``++true++`` if at least one element in the given range is equal to the given value, ``++false++`` otherwise This rule suggests two options below when the loop doesn't match any of the supported STL algorithm patterns and you just want to iterate over all elements of a sequence: @@ -46,6 +47,15 @@ bool areAllDesired(std::vector values) { return true; } +bool containsDesired(std::vector values, int desired) { + for (int val : values) { // Noncompliant + if (val == desired) { + return true; + } + } + return false; +} + int f(vector &v) { for (auto it = v.begin(); it != v.end(); ++it) { // Noncompliant @@ -77,12 +87,16 @@ using namespace std; bool asDesired(const int v); -bool areAllDesired2(std::vector values) { +bool areAllDesired(std::vector values) { + return std::ranges::all_of(values, asDesired); + // Or, before C++20: return std::all_of(std::begin(values), std::end(values), asDesired); } -bool areAllDesiredCpp20(std::vector values) { - return std::ranges::all_of(values, asDesired); +bool containsDesiredCpp23(std::vector values, int desired) { + return std::ranges::contains(values, desired); + // Or, before C++23: + return std::any_of(std::begin(values), std::end(values), [desired](int val) { return val == desired; }); } void displayNumber(int i) { @@ -95,9 +109,9 @@ void displayNumber(int i) { void f(vector &v) { - std::for_each(v.begin(), v.end(), displayNumber); - // Or since C++20: std::ranges::for_each(v, displayNumber); + // Or, before C++20: + std::for_each(v.begin(), v.end(), displayNumber); auto sum = 0; for (auto elt : v) { @@ -112,9 +126,19 @@ void f(vector &v) { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es71-prefer-a-range-for-statement-to-a-for-statement-when-there-is-a-choice[{cpp} Core Guidelines ES.71] - Prefer a range-for-statement to a for-statement when there is a choice -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#p3-express-intent[{cpp} Core Guidelines P.3] - Express intent +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/algorithm/ranges/contains[`std::ranges::contains`] +* {cpp} reference - https://en.cppreference.com/w/cpp/algorithm/ranges/all_any_none_of[`std::ranges::all_of`, `std::ranges::any_of`, `std::ranges::none_of`] +* {cpp} reference - https://en.cppreference.com/w/cpp/algorithm/ranges/for_each[`std::ranges::for_each`] +* {cpp} reference - https://en.cppreference.com/w/cpp/algorithm/all_any_none_of[`std::all_of`, `std::any_of`, `std::none_of`] +* {cpp} reference - https://en.cppreference.com/w/cpp/algorithm/for_each[`std::for_each`] + +=== External coding guidelines + +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es71-prefer-a-range-for-statement-to-a-for-statement-when-there-is-a-choice[ES.71: Prefer a range-`for`-statement to a `for`-statement when there is a choice] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#p3-express-intent[P.3: Express intent] ifdef::env-github,rspecator-view[] diff --git a/rules/S5570/cfamily/rule.adoc b/rules/S5570/cfamily/rule.adoc index 8c92fe9436e..ba1ae3843e6 100644 --- a/rules/S5570/cfamily/rule.adoc +++ b/rules/S5570/cfamily/rule.adoc @@ -28,7 +28,7 @@ This rule does not apply to overloaded operators because they respect the sequen == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es44-dont-depend-on-order-of-evaluation-of-function-arguments[{cpp} Core Guidelines ES.44] - Don't depend on order of evaluation of function arguments +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es44-dont-depend-on-order-of-evaluation-of-function-arguments[ES.44: Don't depend on order of evaluation of function arguments] * {cpp} reference - https://en.cppreference.com/w/cpp/language/eval_order[cppreference.com - order of evaluation] diff --git a/rules/S5594/xml/metadata.json b/rules/S5594/xml/metadata.json index 4861b951297..ee467ccb58b 100644 --- a/rules/S5594/xml/metadata.json +++ b/rules/S5594/xml/metadata.json @@ -7,7 +7,7 @@ }, "attribute": "COMPLETE" }, - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "10min" @@ -44,7 +44,6 @@ ] }, "defaultQualityProfiles": [ - "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S5594/xml/rule.adoc b/rules/S5594/xml/rule.adoc index 4b468eea51e..88e8335982c 100644 --- a/rules/S5594/xml/rule.adoc +++ b/rules/S5594/xml/rule.adoc @@ -129,7 +129,7 @@ When targeting Android API versions lower than 12, intent filters will cause ``+ === Standards -* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1] - Improper platform usage +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper platform usage] * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[Mobile Top 10 2016 Category M2 - Insecure Data Storage] @@ -138,7 +138,7 @@ When targeting Android API versions lower than 12, intent filters will cause ``+ === External coding guidelines -* OWASP - https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard - V6: Platform Interaction Requirements] +* OWASP - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Mobile AppSec Verification Standard - V6: Platform Interaction Requirements] ifdef::env-github,rspecator-view[] diff --git a/rules/S5604/javascript/rule.adoc b/rules/S5604/javascript/rule.adoc index c8d7e06eb5e..38561a1c89f 100644 --- a/rules/S5604/javascript/rule.adoc +++ b/rules/S5604/javascript/rule.adoc @@ -50,10 +50,10 @@ If geolocation is required, always explain to the user why the application needs == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Web Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/250[MITRE, CWE-250] - Execution with Unnecessary Privileges -* https://cwe.mitre.org/data/definitions/359[MITRE, CWE-359] - Exposure of Private Information +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Web Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/250[CWE-250 - Execution with Unnecessary Privileges] +* CWE - https://cwe.mitre.org/data/definitions/359[CWE-359 - Exposure of Private Information] * https://www.w3.org/TR/permissions/[W3C] - Permissions * https://support.mozilla.org/en-US/kb/does-firefox-share-my-location-websites[Mozilla] - Does Firefox share my location with websites? ifdef::env-github,rspecator-view[] diff --git a/rules/S5604/xml/rule.adoc b/rules/S5604/xml/rule.adoc index db97f432aff..6aedda53058 100644 --- a/rules/S5604/xml/rule.adoc +++ b/rules/S5604/xml/rule.adoc @@ -29,10 +29,11 @@ In AndroidManifest.xml: == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard] - Platform Interaction Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper Platform Usage -* https://cwe.mitre.org/data/definitions/250[MITRE, CWE-250] - Execution with Unnecessary Privileges +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Mobile AppSec Verification Standard - Platform Interaction Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper Platform Usage] +* CWE - https://cwe.mitre.org/data/definitions/250[CWE-250 - Execution with Unnecessary Privileges] * https://developer.android.com/training/permissions/usage-notes[developer.android.com] - App permissions best practices * https://play.google.com/about/privacy-security-deception/permissions/[Google Play] - Privacy, Security, and Deception - Permissions ifdef::env-github,rspecator-view[] diff --git a/rules/S5607/python/metadata.json b/rules/S5607/python/metadata.json index 15d224f5d23..78cebdf6f71 100644 --- a/rules/S5607/python/metadata.json +++ b/rules/S5607/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,11 @@ "constantCost": "20min" }, "tags": [ - + "typing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5607", diff --git a/rules/S5632/metadata.json b/rules/S5632/metadata.json index 038fce49869..177f6fb7a64 100644 --- a/rules/S5632/metadata.json +++ b/rules/S5632/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5632", diff --git a/rules/S5632/python/metadata.json b/rules/S5632/python/metadata.json index ca656ccb0db..47fe19cdd7f 100644 --- a/rules/S5632/python/metadata.json +++ b/rules/S5632/python/metadata.json @@ -1,5 +1,6 @@ { "tags": [ - "python3" + "python3", + "error-handling" ] } diff --git a/rules/S5633/python/metadata.json b/rules/S5633/python/metadata.json index 0855421847c..05fedd4fb68 100644 --- a/rules/S5633/python/metadata.json +++ b/rules/S5633/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "20min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5633", diff --git a/rules/S5633/python/rule.adoc b/rules/S5633/python/rule.adoc index 460f8eb07a2..2bde102897c 100644 --- a/rules/S5633/python/rule.adoc +++ b/rules/S5633/python/rule.adoc @@ -23,8 +23,7 @@ Dictionary unpacking requires an object with methods ``++__getitem__++`` and ``+ class A: pass -dict(**A()) # Noncompliant -{'a': 10, 'b': 20, **A()} # Noncompliant +{'a': 10, 'b': 20, **A()} # Noncompliant ---- @@ -39,7 +38,6 @@ class A: def keys(self): return ['1','2','3'] -dict(**A()) # => {'1': 2, '2': 2, '3': 2} {'a': 10, 'b': 20, **A()} # => {'a': 10, 'b': 20, '1': 2, '2': 2, '3': 2} ---- diff --git a/rules/S5639/cfamily/metadata.json b/rules/S5639/cfamily/metadata.json index 8f2edaaeff5..b13b8b5f7e3 100644 --- a/rules/S5639/cfamily/metadata.json +++ b/rules/S5639/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "CONVENTIONAL" }, @@ -12,23 +12,15 @@ "func": "Constant\/Issue", "constantCost": "0min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Info", "ruleSpecification": "RSPEC-5639", "sqKey": "S5639", "scope": "All", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S5642/python/metadata.json b/rules/S5642/python/metadata.json index cc4f1de90d9..741f77d6126 100644 --- a/rules/S5642/python/metadata.json +++ b/rules/S5642/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "20min" }, "tags": [ - + "python3", + "design" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5642", diff --git a/rules/S5644/python/metadata.json b/rules/S5644/python/metadata.json index 6f7d73bf573..4461c2d8568 100644 --- a/rules/S5644/python/metadata.json +++ b/rules/S5644/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "20min" }, "tags": [ - + "python3", + "typing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5644", diff --git a/rules/S5654/python/rule.adoc b/rules/S5654/python/rule.adoc index 18fd3ae585c..f1968ccbe1c 100644 --- a/rules/S5654/python/rule.adoc +++ b/rules/S5654/python/rule.adoc @@ -3,9 +3,9 @@ As soon as the ``++yield++`` keyword is used the enclosing method or function becomes a generator. Thus ``++yield++`` should never be used in a function or method which is not intended to be a generator. -This rule raises an issue when ``++yield++`` or ``++yield from++`` are used in a function or method which is not a generator because: +This rule raises an issue when ``++yield from++`` or ``++yield++`` are used in a function or method which is not a generator because: -* the function/method's return type annotation is not [``++typing.Generator[...]++``|https://docs.python.org/3/library/typing.html#typing.Generator] +* the function/method's return type annotation is not https://docs.python.org/3/library/typing.html#typing.Generator[``++typing.Generator[...]++``] * it is a special method which can never be a generator (ex: ``++__init__++``). diff --git a/rules/S5655/python/metadata.json b/rules/S5655/python/metadata.json index ca380e0b36d..319adeda48a 100644 --- a/rules/S5655/python/metadata.json +++ b/rules/S5655/python/metadata.json @@ -13,7 +13,8 @@ "constantCost": "20min" }, "tags": [ - "suspicious" + "suspicious", + "typing" ], "extra": { "replacementRules": [ diff --git a/rules/S5658/cfamily/rule.adoc b/rules/S5658/cfamily/rule.adoc index 504b2b54f68..f62b0121c84 100644 --- a/rules/S5658/cfamily/rule.adoc +++ b/rules/S5658/cfamily/rule.adoc @@ -54,7 +54,7 @@ void f1 ( ) * MISRA C:2004, 17.3 - >, >=, <, +<=+ shall not be applied to pointer types except where they point to the same array. * MISRA {cpp}:2008, 5-0-18 - >, >=, <, +<=+ shall not be applied to objects of pointer type, except where they point to the same array. -* https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es62-dont-compare-pointers-into-different-arrays[{cpp} Core Guidelines ES.62] - Don't compare pointers into different arrays +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es62-dont-compare-pointers-into-different-arrays[ES.62: Don't compare pointers into different arrays] ifdef::env-github,rspecator-view[] diff --git a/rules/S5659/common/fix/decode.adoc b/rules/S5659/common/fix/decode.adoc index 832c78282b7..61d311dad17 100644 --- a/rules/S5659/common/fix/decode.adoc +++ b/rules/S5659/common/fix/decode.adoc @@ -10,7 +10,7 @@ Every time your application receives a JWT, it needs to decode the token to extract the information contained within. It is during this decoding process that the signature of the JWT should also be checked. -To resolve the issue follow these instructions: +To resolve the issue, follow these instructions: 1. Use framework-specific functions for signature verification: Most programming frameworks that support JWTs provide specific functions to not only decode a @@ -19,7 +19,7 @@ functions when handling incoming tokens. 2. Handle invalid signatures appropriately: If a JWT's signature does not validate correctly, it means the token is not trustworthy, indicating potential -tampering. The action to take on encountering an invalid token should be denying +tampering. The action to take when encountering an invalid token should be denying the request carrying it and logging the event for further investigation. 3. Incorporate signature validation in your tests: When you are writing tests diff --git a/rules/S5659/common/resources/standards.adoc b/rules/S5659/common/resources/standards.adoc index 55922a18b08..2113999782c 100644 --- a/rules/S5659/common/resources/standards.adoc +++ b/rules/S5659/common/resources/standards.adoc @@ -1,6 +1,6 @@ === Standards -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://cwe.mitre.org/data/definitions/347[MITRE, CWE-347] - Improper Verification of Cryptographic Signature +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/347[CWE-347 - Improper Verification of Cryptographic Signature] diff --git a/rules/S5659/python/how-to-fix-it/pyjwt.adoc b/rules/S5659/python/how-to-fix-it/pyjwt.adoc index 8bea54be2f0..156779cf0d3 100644 --- a/rules/S5659/python/how-to-fix-it/pyjwt.adoc +++ b/rules/S5659/python/how-to-fix-it/pyjwt.adoc @@ -10,7 +10,7 @@ include::../../common/fix/code-rationale-decode.adoc[] ---- import jwt -jwt.decode(token, verify=False) # Noncompliant +jwt.decode(token, options={"verify_signature":False}) # Noncompliant ---- ==== Compliant solution diff --git a/rules/S5663/java/metadata.json b/rules/S5663/java/metadata.json index 932edd41146..91af81d8f7a 100644 --- a/rules/S5663/java/metadata.json +++ b/rules/S5663/java/metadata.json @@ -16,17 +16,13 @@ "java14" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-5663", "sqKey": "S5663", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5664/java/metadata.json b/rules/S5664/java/metadata.json index 726d79a593c..ed54a7a6c83 100644 --- a/rules/S5664/java/metadata.json +++ b/rules/S5664/java/metadata.json @@ -16,17 +16,13 @@ "java14" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-5664", "sqKey": "S5664", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5665/java/metadata.json b/rules/S5665/java/metadata.json index b350ac9c943..c6e2a504f8e 100644 --- a/rules/S5665/java/metadata.json +++ b/rules/S5665/java/metadata.json @@ -16,17 +16,13 @@ "java14" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-5665", "sqKey": "S5665", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5669/java/metadata.json b/rules/S5669/java/metadata.json index 83bfc4b3210..3f16748c953 100644 --- a/rules/S5669/java/metadata.json +++ b/rules/S5669/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-5669", "sqKey": "S5669", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5685/python/metadata.json b/rules/S5685/python/metadata.json index 4314e302e80..36bfc759465 100644 --- a/rules/S5685/python/metadata.json +++ b/rules/S5685/python/metadata.json @@ -13,7 +13,9 @@ "constantCost": "10min" }, "tags": [ - + "pep", + "confusing", + "bad-practice" ], "extra": { "replacementRules": [ diff --git a/rules/S5685/python/rule.adoc b/rules/S5685/python/rule.adoc index a04be508856..e6ddaecadd3 100644 --- a/rules/S5685/python/rule.adoc +++ b/rules/S5685/python/rule.adoc @@ -10,7 +10,7 @@ Reasons why it is better to avoid using the walrus operator in Python: * *Compatibility:* If you are working on projects that need to be compatible with older versions of Python (before 3.8), you should avoid using the walrus operator, as it won't be available in those versions. -=== How to fix it +== How to fix it Avoid using the walrus operator for the cases when it is not mandatory. === Code examples diff --git a/rules/S5689/java/metadata.json b/rules/S5689/java/metadata.json index 6afd55ee1cb..f556fc72f27 100644 --- a/rules/S5689/java/metadata.json +++ b/rules/S5689/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "unknown" + "quickfix": "unknown", + "scope": "Main" } diff --git a/rules/S5689/see.adoc b/rules/S5689/see.adoc index 045d8dded36..b331a7aba1d 100644 --- a/rules/S5689/see.adoc +++ b/rules/S5689/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework.html[OWASP Testing Guide - OTG-INFO-008] - Fingerprint Web Application Framework -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Information Exposure +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Information Exposure] diff --git a/rules/S5691/see.adoc b/rules/S5691/see.adoc index aaf2bcbee48..bf35fb6d71f 100644 --- a/rules/S5691/see.adoc +++ b/rules/S5691/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * https://github.com/mtojek/go-url-fuzzer[github.com/mtojek/go-url-fuzzer] - Discover hidden files and directories on a web server. -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Web Top 10 2017 Category A6] - Security Misconfiguration. -* https://cwe.mitre.org/data/definitions/538[MITRE, CWE-538] - File and Directory Information Exposure +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/538[CWE-538 - File and Directory Information Exposure] diff --git a/rules/S5693/java/metadata.json b/rules/S5693/java/metadata.json index 6afd55ee1cb..f556fc72f27 100644 --- a/rules/S5693/java/metadata.json +++ b/rules/S5693/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "unknown" + "quickfix": "unknown", + "scope": "Main" } diff --git a/rules/S5693/see.adoc b/rules/S5693/see.adoc index b6ae9572320..b72264b6635 100644 --- a/rules/S5693/see.adoc +++ b/rules/S5693/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html[Owasp Cheat Sheet] - Owasp Denial of Service Cheat Sheet -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/770[MITRE, CWE-770] - Allocation of Resources Without Limits or Throttling -* https://cwe.mitre.org/data/definitions/400[MITRE, CWE-400] - Uncontrolled Resource Consumption \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/770[CWE-770 - Allocation of Resources Without Limits or Throttling] +* CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption] \ No newline at end of file diff --git a/rules/S5696/common/resources/standards.adoc b/rules/S5696/common/resources/standards.adoc index aae20e2badc..6e42c2c04a4 100644 --- a/rules/S5696/common/resources/standards.adoc +++ b/rules/S5696/common/resources/standards.adoc @@ -1,5 +1,7 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S5696/metadata.json b/rules/S5696/metadata.json index fe2a89cb0bf..6c34f905192 100644 --- a/rules/S5696/metadata.json +++ b/rules/S5696/metadata.json @@ -1,50 +1,57 @@ { - "title": "DOM updates should not lead to cross-site scripting (XSS) attacks", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "COMPLETE" + "title": "DOM updates should not lead to cross-site scripting (XSS) attacks", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "HIGH" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe" + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe" + ], + "extra": { + "replacementRules": [ + ], - "extra": { - "replacementRules": [], - "legacyKeys": [] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-5696", - "sqKey": "S5696", - "scope": "Tests", - "securityStandards": { - "CWE": [ - 79 - ], - "OWASP": [ - "A7" - ], - "OWASP Top 10 2021": [ - "A3" - ], - "PCI DSS 3.2": [ - "6.5.7" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "5.3.3" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-5696", + "sqKey": "S5696", + "scope": "Tests", + "securityStandards": { + "CWE": [ + 79 + ], + "OWASP": [ + "A7" + ], + "OWASP Top 10 2021": [ + "A3" + ], + "PCI DSS 3.2": [ + "6.5.7" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "5.3.3" ], - "quickfix": "unknown" -} \ No newline at end of file + "STIG ASD_V5R3": [ + "V-222609" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S5707/python/metadata.json b/rules/S5707/python/metadata.json index 0d2e0583c8a..a298b220012 100644 --- a/rules/S5707/python/metadata.json +++ b/rules/S5707/python/metadata.json @@ -13,7 +13,9 @@ "constantCost": "10min" }, "tags": [ - + "error-handling", + "pep", + "design" ], "extra": { "replacementRules": [ diff --git a/rules/S5708/metadata.json b/rules/S5708/metadata.json index 6f4f19946af..e316e009d29 100644 --- a/rules/S5708/metadata.json +++ b/rules/S5708/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5708", diff --git a/rules/S5708/python/metadata.json b/rules/S5708/python/metadata.json index 0d8f3a4d037..2feecc9e828 100644 --- a/rules/S5708/python/metadata.json +++ b/rules/S5708/python/metadata.json @@ -1,6 +1,8 @@ { "tags": [ - "python3" + "error-handling", + "pep", + "design" ], "quickfix": "covered" } diff --git a/rules/S5709/python/metadata.json b/rules/S5709/python/metadata.json index ac9b1eab701..bf419ae106f 100644 --- a/rules/S5709/python/metadata.json +++ b/rules/S5709/python/metadata.json @@ -13,7 +13,8 @@ "constantCost": "10min" }, "tags": [ - + "convention", + "bad-practice" ], "extra": { "replacementRules": [ diff --git a/rules/S5713/python/metadata.json b/rules/S5713/python/metadata.json index 9b623610df8..a61615e0d79 100644 --- a/rules/S5713/python/metadata.json +++ b/rules/S5713/python/metadata.json @@ -1,3 +1,8 @@ { - "quickfix": "covered" + "quickfix": "covered", + "tags": [ + "error-handling", + "bad-practice", + "unused" + ] } diff --git a/rules/S5714/python/metadata.json b/rules/S5714/python/metadata.json index 625ad1022b4..b92f02183bc 100644 --- a/rules/S5714/python/metadata.json +++ b/rules/S5714/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "5min" }, "tags": [ - + "error-handling", + "bad-practice" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5714", diff --git a/rules/S5717/python/metadata.json b/rules/S5717/python/metadata.json index 147f2883202..34abc7e108e 100644 --- a/rules/S5717/python/metadata.json +++ b/rules/S5717/python/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - + "pitfall", + "bad-practice" ], "extra": { "replacementRules": [ diff --git a/rules/S5719/python/metadata.json b/rules/S5719/python/metadata.json index 506fb3e6b1f..7bbaa0b31ae 100644 --- a/rules/S5719/python/metadata.json +++ b/rules/S5719/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "5min" }, "tags": [ - + "python3", + "syntax" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5719", diff --git a/rules/S5722/python/metadata.json b/rules/S5722/python/metadata.json index 849856a58fb..79f125be216 100644 --- a/rules/S5722/python/metadata.json +++ b/rules/S5722/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "5min" }, "tags": [ - + "design", + "bad-practice" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5722", diff --git a/rules/S5724/python/metadata.json b/rules/S5724/python/metadata.json index 96d630e9e63..4cff048f466 100644 --- a/rules/S5724/python/metadata.json +++ b/rules/S5724/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "5min" }, "tags": [ - + "design", + "bad-practice" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5724", diff --git a/rules/S5725/see.adoc b/rules/S5725/see.adoc index c5c350119d9..d8530e808a1 100644 --- a/rules/S5725/see.adoc +++ b/rules/S5725/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[OWASP Top 10 2021 Category A8] - Software and Data Integrity Failures -* https://cwe.mitre.org/data/definitions/353[MITRE, CWE-353] - Missing Support for Integrity Check -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A6-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[Top 10 2021 Category A8 - Software and Data Integrity Failures] +* CWE - https://cwe.mitre.org/data/definitions/353[CWE-353 - Missing Support for Integrity Check] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity[developer.mozilla.org] - Subresource Integrity * https://en.wikipedia.org/wiki/Watering_hole_attack[Wikipedia, Watering Hole Attacks] diff --git a/rules/S5728/see.adoc b/rules/S5728/see.adoc index 83b0648cadb..0faebdf827c 100644 --- a/rules/S5728/see.adoc +++ b/rules/S5728/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * https://www.w3.org/TR/CSP3/[w3.org] - Content Security Policy Level 3 -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A6-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP[developer.mozilla.org] - Content Security Policy (CSP) \ No newline at end of file diff --git a/rules/S5730/see.adoc b/rules/S5730/see.adoc index 9219e37785a..83216e1a990 100644 --- a/rules/S5730/see.adoc +++ b/rules/S5730/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content[developer.mozilla.org] - Mixed-content * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP[developer.mozilla.org] - Content Security Policy (CSP) * https://www.w3.org/TR/CSP3/[w3.org] - Content Security Policy Level 3 \ No newline at end of file diff --git a/rules/S5732/see.adoc b/rules/S5732/see.adoc index 6c64dcd72f6..dd6be05aebb 100644 --- a/rules/S5732/see.adoc +++ b/rules/S5732/see.adoc @@ -1,10 +1,10 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html[OWASP Cheat Sheets] - Clickjacking Defense Cheat Sheet * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors[developer.mozilla.org] - Frame-ancestors * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP[developer.mozilla.org] - Content Security Policy (CSP) -* https://cwe.mitre.org/data/definitions/451[MITRE, CWE-451] - User Interface (UI) Misrepresentation of Critical Information +* CWE - https://cwe.mitre.org/data/definitions/451[CWE-451 - User Interface (UI) Misrepresentation of Critical Information] * https://www.w3.org/TR/CSP3/[w3.org] - Content Security Policy Level 3 \ No newline at end of file diff --git a/rules/S5734/see.adoc b/rules/S5734/see.adoc index 641a39514cf..b15c71ccf46 100644 --- a/rules/S5734/see.adoc +++ b/rules/S5734/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options[developer.mozilla.org] - X-Content-Type-Options * https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/[blog.mozilla.org] - Mitigating MIME Confusion Attacks in Firefox \ No newline at end of file diff --git a/rules/S5736/see.adoc b/rules/S5736/see.adoc index a2e1fd9988e..79f714498dc 100644 --- a/rules/S5736/see.adoc +++ b/rules/S5736/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy[developer.mozilla.org] - Referrer-Policy * https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns[developer.mozilla.org] - Referer header: privacy and security concerns -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] \ No newline at end of file diff --git a/rules/S5738/java/rule.adoc b/rules/S5738/java/rule.adoc index 46e5feb9ba7..57762d24ee9 100644 --- a/rules/S5738/java/rule.adoc +++ b/rules/S5738/java/rule.adoc @@ -61,7 +61,7 @@ public class Bar extends Foo { // Noncompliant; Foo is deprecated and will be r == Resources -* https://cwe.mitre.org/data/definitions/477[MITRE, CWE-477] - Use of Obsolete Functions +* CWE - https://cwe.mitre.org/data/definitions/477[CWE-477 - Use of Obsolete Functions] * https://wiki.sei.cmu.edu/confluence/x/6TdGBQ[CERT, MET02-J.] - Do not use deprecated or obsolete classes or methods * RSPEC-1874 for standard deprecation use diff --git a/rules/S5739/see.adoc b/rules/S5739/see.adoc index 1e6317f2a01..a228d3cc228 100644 --- a/rules/S5739/see.adoc +++ b/rules/S5739/see.adoc @@ -1,5 +1,5 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security[developer.mozilla.org] - Strict Transport Security \ No newline at end of file diff --git a/rules/S5742/metadata.json b/rules/S5742/metadata.json index 153b6784694..6cd6e06e3bb 100644 --- a/rules/S5742/metadata.json +++ b/rules/S5742/metadata.json @@ -7,13 +7,12 @@ }, "attribute": "COMPLETE" }, - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "30min" }, "tags": [ - "cwe" ], "extra": { "replacementRules": [ @@ -36,6 +35,6 @@ ] }, "defaultQualityProfiles": [ - "Sonar way" + ] } diff --git a/rules/S5742/see.adoc b/rules/S5742/see.adoc index 81430efadc3..e75dc54f3a8 100644 --- a/rules/S5742/see.adoc +++ b/rules/S5742/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://developer.mozilla.org/en-US/docs/Web/Security/Certificate_Transparency[developer.mozilla.org] - Certificate Transparency * https://en.wikipedia.org/wiki/Certificate_authority[wikipedia.org] - Certificate Authority \ No newline at end of file diff --git a/rules/S5743/javascript/metadata.json b/rules/S5743/javascript/metadata.json index 8f4a7bf328e..9e26dfeeb6e 100644 --- a/rules/S5743/javascript/metadata.json +++ b/rules/S5743/javascript/metadata.json @@ -1,9 +1 @@ -{ - "tags": [ - "privacy", - "express.js" - ], - "defaultQualityProfiles": [ - "Sonar way" - ] -} +{} \ No newline at end of file diff --git a/rules/S5743/metadata.json b/rules/S5743/metadata.json index efe220b7132..60e09a44a12 100644 --- a/rules/S5743/metadata.json +++ b/rules/S5743/metadata.json @@ -1,5 +1,5 @@ { - "title": "Allowing browsers to perform DNS prefetching is security-sensitive", + "title": "Allowing browsers to perform DNS prefetching is security-sensitive", "type": "SECURITY_HOTSPOT", "code": { "impacts": { @@ -7,21 +7,15 @@ }, "attribute": "COMPLETE" }, - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - "privacy" - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-5743", @@ -41,7 +35,5 @@ "2.2" ] }, - "defaultQualityProfiles": [ - "Sonar way" - ] -} + "defaultQualityProfiles": [] +} \ No newline at end of file diff --git a/rules/S5743/see.adoc b/rules/S5743/see.adoc index a0660e608e2..4a6480b6f4c 100644 --- a/rules/S5743/see.adoc +++ b/rules/S5743/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure.html[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control[developer.mozilla.org] - X-DNS-Prefetch-Control * https://developer.mozilla.org/en-US/docs/Web/Performance/dns-prefetch[developer.mozilla.org] - Using dns-prefetch \ No newline at end of file diff --git a/rules/S5750/javascript/metadata.json b/rules/S5750/javascript/metadata.json index 464a2957c4d..9e26dfeeb6e 100644 --- a/rules/S5750/javascript/metadata.json +++ b/rules/S5750/javascript/metadata.json @@ -1,10 +1 @@ -{ - "tags": [ - "cwe", - "privacy", - "express.js" - ], - "defaultQualityProfiles": [ - "Sonar way" - ] -} +{} \ No newline at end of file diff --git a/rules/S5750/metadata.json b/rules/S5750/metadata.json index d15314e18cf..d319dde16e3 100644 --- a/rules/S5750/metadata.json +++ b/rules/S5750/metadata.json @@ -7,7 +7,7 @@ }, "attribute": "COMPLETE" }, - "status": "ready", + "status": "closed", "remediation": { "func": "Constant\/Issue", "constantCost": "10min" @@ -17,12 +17,8 @@ "privacy" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-5750", @@ -49,7 +45,5 @@ "8.2.1" ] }, - "defaultQualityProfiles": [ - "Sonar way" - ] -} + "defaultQualityProfiles": [] +} \ No newline at end of file diff --git a/rules/S5750/see.adoc b/rules/S5750/see.adoc index cba3b4f585e..b3fdb3a6370 100644 --- a/rules/S5750/see.adoc +++ b/rules/S5750/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/525[MITRE, CWE-525] -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure.html[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/525[CWE-525 - Use of Web Browser Cache Containing Sensitive Information] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control[developer.mozilla.org] - Cache-Control diff --git a/rules/S5753/see.adoc b/rules/S5753/see.adoc index b1ed4ff0631..4cfb779e3c9 100644 --- a/rules/S5753/see.adoc +++ b/rules/S5753/see.adoc @@ -1,8 +1,8 @@ == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] * https://docs.microsoft.com/en-us/dotnet/api/system.web.configuration.httpruntimesection.requestvalidationmode?view=netframework-4.8[HttpRuntimeSection.RequestValidationMode Property] * https://owasp.org/www-community/ASP-NET_Request_Validation[OWASP ASP.NET Request Validation] * https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html[OWASP Cheat Sheet] - XSS Prevention Cheat Sheet -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] \ No newline at end of file diff --git a/rules/S5754/python/rule.adoc b/rules/S5754/python/rule.adoc index 73c0565c129..7f319b356da 100644 --- a/rules/S5754/python/rule.adoc +++ b/rules/S5754/python/rule.adoc @@ -72,7 +72,7 @@ except FileNotFoundError: * PEP 352 - https://www.python.org/dev/peps/pep-0352/#id5[Required Superclass for Exceptions] * Python Documentation - https://docs.python.org/3/library/exceptions.html[Built-in exceptions] * Python Documentation - https://docs.python.org/3/reference/compound_stmts.html#the-try-statement[The ``++try++`` statement] -* CWE - https://cwe.mitre.org/data/definitions/391[MITRE, CWE-391, Unchecked Error Condition] +* CWE - https://cwe.mitre.org/data/definitions/391[CWE-391, Unchecked Error Condition] ifdef::env-github,rspecator-view[] diff --git a/rules/S5756/python/metadata.json b/rules/S5756/python/metadata.json index b05eb48d620..22a802bdd31 100644 --- a/rules/S5756/python/metadata.json +++ b/rules/S5756/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,11 @@ "constantCost": "20min" }, "tags": [ - + "typing" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5756", diff --git a/rules/S5757/see.adoc b/rules/S5757/see.adoc index efe699c8620..5a6a634304b 100644 --- a/rules/S5757/see.adoc +++ b/rules/S5757/see.adoc @@ -1,5 +1,5 @@ == See -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures -* https://cwe.mitre.org/data/definitions/532[MITRE, CWE-532] - Insertion of Sensitive Information into Log File -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure.html[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures] +* CWE - https://cwe.mitre.org/data/definitions/532[CWE-532 - Insertion of Sensitive Information into Log File] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] diff --git a/rules/S5759/see.adoc b/rules/S5759/see.adoc index a76647d4f4e..fc9c1396829 100644 --- a/rules/S5759/see.adoc +++ b/rules/S5759/see.adoc @@ -1,5 +1,5 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure.html[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For[developer.mozilla.org] - X-Forwarded-For \ No newline at end of file diff --git a/rules/S5766/see.adoc b/rules/S5766/see.adoc index a9626e3dd83..9f3e0aff6a4 100644 --- a/rules/S5766/see.adoc +++ b/rules/S5766/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[OWASP Top 10 2021 Category A8] - Software and Data Integrity Failures -* https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization[OWASP Top 10 2017 Category A8] - Insecure Deserialization +* OWASP - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[Top 10 2021 Category A8 - Software and Data Integrity Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization[Top 10 2017 Category A8 - Insecure Deserialization] * https://docs.microsoft.com/en-us/dotnet/framework/misc/security-and-serialization[docs.microsoft.com] - security-and-serialization -* https://cwe.mitre.org/data/definitions/502[MITRE, CWE-502] - Deserialization of Untrusted Data \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/502[CWE-502 - Deserialization of Untrusted Data] \ No newline at end of file diff --git a/rules/S5769/abap/rule.adoc b/rules/S5769/abap/rule.adoc index cbd72ec5635..caac3c4bd16 100644 --- a/rules/S5769/abap/rule.adoc +++ b/rules/S5769/abap/rule.adoc @@ -28,11 +28,6 @@ LOOP AT i_bseg ASSIGNING . ENDLOOP. ---- - -== Resources - -* https://zevolving.com/use-of-field-symbols-vs-work-area/[Use of Field-symbols vs Work area] - ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S5773/metadata.json b/rules/S5773/metadata.json index 3c322512589..e27aff1452f 100644 --- a/rules/S5773/metadata.json +++ b/rules/S5773/metadata.json @@ -14,7 +14,8 @@ "constantCost": "30min" }, "tags": [ - "cwe" + "cwe", + "symbolic-execution" ], "extra": { "replacementRules": [ diff --git a/rules/S5780/metadata.json b/rules/S5780/metadata.json index 448d4458ef8..94b2e78984d 100644 --- a/rules/S5780/metadata.json +++ b/rules/S5780/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - + "confusing", + "suspicious" ], "extra": { "replacementRules": [ diff --git a/rules/S5782/cfamily/metadata.json b/rules/S5782/cfamily/metadata.json index 5e102881696..fd032690a0f 100644 --- a/rules/S5782/cfamily/metadata.json +++ b/rules/S5782/cfamily/metadata.json @@ -39,6 +39,9 @@ "OWASP": [ "A9" ], + "OWASP Top 10 2021": [ + "A6" + ], "CERT": [ "STR50-CPP.", "ARR30-C." @@ -48,10 +51,13 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" + "quickfix": "infeasible" } diff --git a/rules/S5782/common/resources/standards.adoc b/rules/S5782/common/resources/standards.adoc index ffec55080b1..fe2f1d6d310 100644 --- a/rules/S5782/common/resources/standards.adoc +++ b/rules/S5782/common/resources/standards.adoc @@ -1,8 +1,9 @@ === Standards * OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 - A06 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] * CWE - https://cwe.mitre.org/data/definitions/131[CWE-131 - Incorrect Calculation of Buffer Size] * CWE - https://cwe.mitre.org/data/definitions/788[CWE-788 - Access of Memory Location After End of Buffer] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S5786/java/metadata.json b/rules/S5786/java/metadata.json index dbd2d3a3e8a..1b7853cb6f8 100644 --- a/rules/S5786/java/metadata.json +++ b/rules/S5786/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "CLEAR" }, @@ -17,12 +17,8 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Info", "ruleSpecification": "RSPEC-5786", diff --git a/rules/S5786/java/rule.adoc b/rules/S5786/java/rule.adoc index 6612d3e3f3f..6bd80c303cf 100644 --- a/rules/S5786/java/rule.adoc +++ b/rules/S5786/java/rule.adoc @@ -22,7 +22,7 @@ The code will be non-conventional and readability can be slightly affected. === Exceptions This rule does not raise an issue when the visibility is set to `private`, because `private` test methods and classes are systematically ignored by JUnit5, without a proper warning. -In this case, there is also an impact on reliability and so it is handled by the rule https://rules.sonarsource.com/java/RSPEC-5810/[S5810]. +In this case, there is also an impact on reliability and so it is handled by the rule S5810. == How to fix it diff --git a/rules/S5793/java/metadata.json b/rules/S5793/java/metadata.json index 8a95f26b522..77273b3d2bd 100644 --- a/rules/S5793/java/metadata.json +++ b/rules/S5793/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "CONVENTIONAL" }, @@ -17,19 +17,13 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Info", "ruleSpecification": "RSPEC-5793", "sqKey": "S5793", "scope": "Tests", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S5796/python/metadata.json b/rules/S5796/python/metadata.json index 138faf37a18..04f6818f095 100644 --- a/rules/S5796/python/metadata.json +++ b/rules/S5796/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "5min" }, "tags": [ - + "suspicious" ], "extra": { "replacementRules": [ diff --git a/rules/S5797/description.adoc b/rules/S5797/description.adoc new file mode 100644 index 00000000000..09850b05f70 --- /dev/null +++ b/rules/S5797/description.adoc @@ -0,0 +1,5 @@ +This rule raises an issue when a constant expression is used as a condition in an ``++if++``, ``++elif++``, a conditional expression or other boolean expressions. + +== Why is this an issue? + +When a constant is used as a condition, either it has no effect on the execution flow and it can be removed, or some code will never be executed and it is a bug. diff --git a/rules/S5797/php/metadata.json b/rules/S5797/php/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5797/php/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5797/php/rule.adoc b/rules/S5797/php/rule.adoc new file mode 100644 index 00000000000..c8211f6024e --- /dev/null +++ b/rules/S5797/php/rule.adoc @@ -0,0 +1,34 @@ +include::../description.adoc[] + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,php,diff-id=1,diff-type=noncompliant] +---- +function foo() { + if (true) { // Noncompliant: the condition is always true + return 1; + } else { + return 2; + } +} +---- + +==== Compliant solution + +[source,php,diff-id=1,diff-type=compliant] +---- +function foo() { + $a = bar(); + if ($a) { + return 1; + } else { + return 2; + } +} +---- + +include::../rule.adoc[] diff --git a/rules/S5797/python/rule.adoc b/rules/S5797/python/rule.adoc index c45be3615f0..5523a2715ea 100644 --- a/rules/S5797/python/rule.adoc +++ b/rules/S5797/python/rule.adoc @@ -1,19 +1,38 @@ -include::../rule.adoc[] +include::../description.adoc[] + +=== Code examples + +==== Noncompliant code example -ifdef::env-github,rspecator-view[] +[source,python,diff-id=1,diff-type=noncompliant] +---- +def foo(): + a = True + if a: # Noncompliant: the condition is always true + return 1 + else: + return 2 +---- -''' -== Implementation Specification -(visible only on this page) -include::../message.adoc[] +==== Compliant solution -include::../highlighting.adoc[] +[source,python,diff-id=1,diff-type=compliant] +---- +def foo(): + a = bar() + if a: + return 1 + else: + return 2 +---- -''' -== Comments And Links -(visible only on this page) -include::../comments-and-links.adoc[] +== Resources -endif::env-github,rspecator-view[] +=== Documentation + +* Python documentation - https://www.python.org/dev/peps/pep-0285/[PEP 285 - Adding a bool type] +* Python documentation - https://docs.python.org/3/library/stdtypes.html#truth-value-testing[Python documentation - Truth Value Testing] + +include::../rule.adoc[] diff --git a/rules/S5797/rule.adoc b/rules/S5797/rule.adoc index 78f353d8d3b..3068e7fd2df 100644 --- a/rules/S5797/rule.adoc +++ b/rules/S5797/rule.adoc @@ -1,40 +1,17 @@ -This rule raises an issue when a constant expression is used as a condition in an ``++if++``, ``++elif++``, a conditional expression or other boolean expressions. +ifdef::env-github,rspecator-view[] -== Why is this an issue? +''' +== Implementation Specification +(visible only on this page) -When a constant is used as a condition, either it has no effect on the execution flow and it can be removed, or some code will never be executed and it is a bug. +include::./message.adoc[] +include::./highlighting.adoc[] -=== Noncompliant code example +''' +== Comments And Links +(visible only on this page) -[source,python,diff-id=1,diff-type=noncompliant] ----- -def foo(): - a = True - if a: # Noncompliant: the condition is always true - return 1 - else: - return 2 ----- - - -=== Compliant solution - -[source,python,diff-id=1,diff-type=compliant] ----- -def foo(): - a = bar() - if a: - return 1 - else: - return 2 ----- - - -== Resources - -=== Documentation - -* Python documentation - https://www.python.org/dev/peps/pep-0285/[PEP 285 - Adding a bool type] -* Python documentation - https://docs.python.org/3/library/stdtypes.html#truth-value-testing[Python documentation - Truth Value Testing] +include::./comments-and-links.adoc[] +endif::env-github,rspecator-view[] diff --git a/rules/S5798/cfamily/metadata.json b/rules/S5798/cfamily/metadata.json index f6da1055c77..8cc5201a750 100644 --- a/rules/S5798/cfamily/metadata.json +++ b/rules/S5798/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5798", diff --git a/rules/S5798/cfamily/rule.adoc b/rules/S5798/cfamily/rule.adoc index ff14f38f616..9fb1b875563 100644 --- a/rules/S5798/cfamily/rule.adoc +++ b/rules/S5798/cfamily/rule.adoc @@ -63,7 +63,7 @@ void f(char *password, size_t bufferSize) { * OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] * OWASP - https://github.com/OWASP/ASVS/blob/master/4.0/en/0x16-V8-Data-Protection.md#v83-sensitive-private-data[Application Security Verification Standard 4.0 - 8.3.6] -* MITRE - https://cwe.mitre.org/data/definitions/14[CWE-14 - Compiler Removal of Code to Clear Buffers] +* CWE - https://cwe.mitre.org/data/definitions/14[CWE-14 - Compiler Removal of Code to Clear Buffers] ifdef::env-github,rspecator-view[] diff --git a/rules/S5801/cfamily/metadata.json b/rules/S5801/cfamily/metadata.json index a6f73dc76c2..e4b5b050e8e 100644 --- a/rules/S5801/cfamily/metadata.json +++ b/rules/S5801/cfamily/metadata.json @@ -50,6 +50,9 @@ "ASVS 4.0": [ "14.1.2", "5.4.1" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5801/cfamily/rule.adoc b/rules/S5801/cfamily/rule.adoc index d157dc899c7..2aab61b073a 100644 --- a/rules/S5801/cfamily/rule.adoc +++ b/rules/S5801/cfamily/rule.adoc @@ -50,10 +50,11 @@ int f(char *src) { == See -* https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[OWASP Top 10 2021 Category A6] - Vulnerable and Outdated Components -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities -* https://cwe.mitre.org/data/definitions/120[MITRE, CWE-120] - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') +* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5802/see.adoc b/rules/S5802/see.adoc index 9f16dcbd12e..02c570ebca3 100644 --- a/rules/S5802/see.adoc +++ b/rules/S5802/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/243[MITRE, CWE-243] - Creation of chroot Jail Without Changing Working Directory +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/243[CWE-243 - Creation of chroot Jail Without Changing Working Directory] * https://man7.org/linux/man-pages/man2/chdir.2.html[man7.org] - chdir * https://man7.org/linux/man-pages/man2/chroot.2.html[man7.org] - chroot \ No newline at end of file diff --git a/rules/S5804/java/metadata.json b/rules/S5804/java/metadata.json index 853a70b4c58..d4c125afafe 100644 --- a/rules/S5804/java/metadata.json +++ b/rules/S5804/java/metadata.json @@ -3,5 +3,6 @@ "cwe", "spring" ], - "quickfix": "unknown" + "quickfix": "unknown", + "scope": "Main" } diff --git a/rules/S5804/see.adoc b/rules/S5804/see.adoc index e27f1b06779..59e11a8747e 100644 --- a/rules/S5804/see.adoc +++ b/rules/S5804/see.adoc @@ -1,5 +1,5 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] diff --git a/rules/S5807/python/metadata.json b/rules/S5807/python/metadata.json index 3e4b8e44a38..57af769a3c7 100644 --- a/rules/S5807/python/metadata.json +++ b/rules/S5807/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,11 @@ "constantCost": "1min" }, "tags": [ - + "design" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5807", diff --git a/rules/S5808/common/resources/standards.adoc b/rules/S5808/common/resources/standards.adoc index 35cc93b5ca1..ccea0bd3198 100644 --- a/rules/S5808/common/resources/standards.adoc +++ b/rules/S5808/common/resources/standards.adoc @@ -1,5 +1,5 @@ === Standards -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/285[MITRE, CWE-285] - Improper Authorization +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/285[CWE-285 - Improper Authorization] diff --git a/rules/S5813/cfamily/metadata.json b/rules/S5813/cfamily/metadata.json index 355de6bb19c..745d74d69b9 100644 --- a/rules/S5813/cfamily/metadata.json +++ b/rules/S5813/cfamily/metadata.json @@ -44,6 +44,9 @@ "ASVS 4.0": [ "14.1.2", "5.4.1" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5813/cfamily/rule.adoc b/rules/S5813/cfamily/rule.adoc index df7804d25e8..ee7aafdbca3 100644 --- a/rules/S5813/cfamily/rule.adoc +++ b/rules/S5813/cfamily/rule.adoc @@ -54,8 +54,9 @@ size_t f(char *src) { == See -* https://cwe.mitre.org/data/definitions/120[MITRE, CWE-120] - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') +* CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5814/cfamily/metadata.json b/rules/S5814/cfamily/metadata.json index 53d461beb7b..a2b8ce9f36e 100644 --- a/rules/S5814/cfamily/metadata.json +++ b/rules/S5814/cfamily/metadata.json @@ -50,6 +50,9 @@ "ASVS 4.0": [ "14.1.2", "5.4.1" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5814/cfamily/rule.adoc b/rules/S5814/cfamily/rule.adoc index 1bbe7515d68..0cef868260c 100644 --- a/rules/S5814/cfamily/rule.adoc +++ b/rules/S5814/cfamily/rule.adoc @@ -53,10 +53,11 @@ int f(char *src) { == See -* https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[OWASP Top 10 2021 Category A6] - Vulnerable and Outdated Components -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities -* https://cwe.mitre.org/data/definitions/120[MITRE, CWE-120] - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') +* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5815/cfamily/metadata.json b/rules/S5815/cfamily/metadata.json index 467d12be3f1..824fb3b4abb 100644 --- a/rules/S5815/cfamily/metadata.json +++ b/rules/S5815/cfamily/metadata.json @@ -50,6 +50,9 @@ "ASVS 4.0": [ "14.1.2", "5.4.1" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5815/cfamily/rule.adoc b/rules/S5815/cfamily/rule.adoc index 4b72dc3eefb..3b7f7d54eab 100644 --- a/rules/S5815/cfamily/rule.adoc +++ b/rules/S5815/cfamily/rule.adoc @@ -51,10 +51,11 @@ int f(char *src) { == See -* https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[OWASP Top 10 2021 Category A6] - Vulnerable and Outdated Components -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities -* https://cwe.mitre.org/data/definitions/120[MITRE, CWE-120] - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') +* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5816/cfamily/metadata.json b/rules/S5816/cfamily/metadata.json index 81c72e6e62b..d9c64219297 100644 --- a/rules/S5816/cfamily/metadata.json +++ b/rules/S5816/cfamily/metadata.json @@ -50,6 +50,9 @@ "ASVS 4.0": [ "14.1.2", "5.4.1" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5816/cfamily/rule.adoc b/rules/S5816/cfamily/rule.adoc index f42a1773c75..4cc2d8a0759 100644 --- a/rules/S5816/cfamily/rule.adoc +++ b/rules/S5816/cfamily/rule.adoc @@ -63,10 +63,11 @@ int f(char *src) { == See -* https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[OWASP Top 10 2021 Category A6] - Vulnerable and Outdated Components -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities -* https://cwe.mitre.org/data/definitions/120[MITRE, CWE-120] - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') +* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5824/cfamily/metadata.json b/rules/S5824/cfamily/metadata.json index b71d214ecf5..03e4b7a8b56 100644 --- a/rules/S5824/cfamily/metadata.json +++ b/rules/S5824/cfamily/metadata.json @@ -49,6 +49,10 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222567", + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5824/cfamily/rule.adoc b/rules/S5824/cfamily/rule.adoc index a17f2f3fe46..53d6a84b6bd 100644 --- a/rules/S5824/cfamily/rule.adoc +++ b/rules/S5824/cfamily/rule.adoc @@ -52,13 +52,14 @@ int f(char *tempData) { == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[OWASP Top 10 2021 Category A6] - Vulnerable and Outdated Components -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities -* https://cwe.mitre.org/data/definitions/377[MITRE, CWE-377] - Insecure Temporary File +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] * https://wiki.sei.cmu.edu/confluence/display/c/CON33-C.+Avoid+race+conditions+when+using+library+functions[CERT, CON33-C.] - Avoid race conditions when using library functions * https://wiki.sei.cmu.edu/confluence/display/c/FIO21-C.+Do+not+create+temporary+files+in+shared+directories[CERT, FIO21-C.] - Do not create temporary files in shared directories - +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S5825/cfamily/metadata.json b/rules/S5825/cfamily/metadata.json index 56d33c9bfe5..cf7fbc41bca 100644 --- a/rules/S5825/cfamily/metadata.json +++ b/rules/S5825/cfamily/metadata.json @@ -18,12 +18,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-5825", @@ -37,5 +33,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S5826/java/metadata.json b/rules/S5826/java/metadata.json index 89917a3a4cb..77ff33a084b 100644 --- a/rules/S5826/java/metadata.json +++ b/rules/S5826/java/metadata.json @@ -17,17 +17,13 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-5826", "sqKey": "S5826", - "scope": "All", + "scope": "Tests", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5827/cfamily/rule.adoc b/rules/S5827/cfamily/rule.adoc index 014b3fdce14..1c5d6d25260 100644 --- a/rules/S5827/cfamily/rule.adoc +++ b/rules/S5827/cfamily/rule.adoc @@ -45,7 +45,7 @@ The rule S6234 detects other situations where `auto` can improve readability. === External coding guidelines -* https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#es11-use-auto-to-avoid-redundant-repetition-of-type-names[{cpp} Core Guidelines ES.11] - Use auto to avoid redundant repetition of type names +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es11-use-auto-to-avoid-redundant-repetition-of-type-names[ES.11: Use `auto` to avoid redundant repetition of type names] === Related rules diff --git a/rules/S5828/python/metadata.json b/rules/S5828/python/metadata.json index 7bf4eb880cb..43e457e3ea1 100644 --- a/rules/S5828/python/metadata.json +++ b/rules/S5828/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,15 +13,12 @@ "constantCost": "1min" }, "tags": [ - + "python3", + "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5828", diff --git a/rules/S5829/cfamily/rule.adoc b/rules/S5829/cfamily/rule.adoc index 3e7c32734f3..a07777ccc41 100644 --- a/rules/S5829/cfamily/rule.adoc +++ b/rules/S5829/cfamily/rule.adoc @@ -62,18 +62,18 @@ struct B { [source,cpp] ---- -struct A { - A(int i, int j, int z) { - ... - } +struct A { + A(int i, int j, int z) { + ... + } }; -void f() { - A a{1,2,3}; +void f() { + A a{1,2,3}; } -struct B { - A a{1, 2, 3}; +struct B { + A a{1, 2, 3}; }; ---- @@ -91,7 +91,7 @@ vector v1(5, 10); // 5 copies of the value 10 [source,cpp] ---- -auto i1 {1}; // int with the value 1 +auto i1 {1}; // int with the value 1 auto i2 = {1}; // std::initializer_list with an element equal to 1 ---- @@ -112,7 +112,7 @@ vector v = { 1, 2, 4 }; == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/8e82f0a0d9ba3992af2d61480250e1c577df4a28/CppCoreGuidelines.md#es23-prefer-the\--initializer-syntax[{cpp} Core Guidelines ES.23] - Prefer the {} initializer syntax +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es23-prefer-the\--initializer-syntax[ES.23: Prefer the `{}`-initializer syntax] ifdef::env-github,rspecator-view[] diff --git a/rules/S5832/cfamily/rule.adoc b/rules/S5832/cfamily/rule.adoc index 8e455452eef..db87013ff91 100644 --- a/rules/S5832/cfamily/rule.adoc +++ b/rules/S5832/cfamily/rule.adoc @@ -54,7 +54,7 @@ The account validity is checked with ``++pam_acct_mgmt++`` when authenticating a === Standards * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] -* OWASP - https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/304[CWE-304 - Missing Critical Step in Authentication] diff --git a/rules/S5842/java/metadata.json b/rules/S5842/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S5842/java/metadata.json +++ b/rules/S5842/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S5843/java/metadata.json b/rules/S5843/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S5843/java/metadata.json +++ b/rules/S5843/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S5845/python/metadata.json b/rules/S5845/python/metadata.json index 17971333806..865538eb0eb 100644 --- a/rules/S5845/python/metadata.json +++ b/rules/S5845/python/metadata.json @@ -1,3 +1,6 @@ { - + "tags": [ + "tests", + "typing" + ] } diff --git a/rules/S5846/java/metadata.json b/rules/S5846/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S5846/java/metadata.json +++ b/rules/S5846/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S5847/cfamily/metadata.json b/rules/S5847/cfamily/metadata.json index 6258dcc4116..23e85ada7f6 100644 --- a/rules/S5847/cfamily/metadata.json +++ b/rules/S5847/cfamily/metadata.json @@ -24,6 +24,9 @@ ], "ASVS 4.0": [ "11.1.6" + ], + "STIG ASD_V5R3": [ + "V-222567" ] } } diff --git a/rules/S5847/cfamily/rule.adoc b/rules/S5847/cfamily/rule.adoc index 9ebecdc638c..03f82b42687 100644 --- a/rules/S5847/cfamily/rule.adoc +++ b/rules/S5847/cfamily/rule.adoc @@ -25,12 +25,12 @@ include::../common/how-to-fix/rationale.adoc[] The following code sample is susceptible to a race condition attack because it checks a file exists strictly before it opens it for writing. -[source,C++,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=1,diff-type=noncompliant] ---- FILE *fopen_if_not_exists(const char *file) { if (access(file, F_OK) == -1 && errno == ENOENT) { FILE *f = fopen(file, "w"); // Noncompliant - + return f; } @@ -40,7 +40,7 @@ FILE *fopen_if_not_exists(const char *file) { ==== Compliant solution -[source,C++,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=1,diff-type=compliant] ---- FILE *fopen_if_not_exists(const char *file) { FILE *f = fopen(file, "wx"); @@ -64,6 +64,8 @@ check for its existence beforehand. * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/367[CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. + ifdef::env-github,rspecator-view[] diff --git a/rules/S5847/metadata.json b/rules/S5847/metadata.json index ee58b6dc207..5b4c087e6bc 100644 --- a/rules/S5847/metadata.json +++ b/rules/S5847/metadata.json @@ -45,6 +45,9 @@ ], "ASVS 4.0": [ "11.1.6" + ], + "STIG ASD_V5R3": [ + "V-222567" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5849/ansible/metadata.json b/rules/S5849/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S5849/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S5849/ansible/rule.adoc b/rules/S5849/ansible/rule.adoc new file mode 100644 index 00000000000..4997d379394 --- /dev/null +++ b/rules/S5849/ansible/rule.adoc @@ -0,0 +1,47 @@ +include::../common/description.adoc[] + +== Ask Yourself Whether + +include::../common/ask-yourself.adoc[] + +== Recommended Secure Coding Practices + +include::../common/recommended.adoc[] + +== Sensitive Code Example + +[source,yaml] +---- +- name: Set cap_sys_chroot+ep on /usr/bin/example + community.general.capabilities: + path: /usr/bin/example + capability: cap_sys_admin+ep # Sensitive + state: present +---- + +== See + +* CWE - https://cwe.mitre.org/data/definitions/250[CWE-250 - Execution with Unnecessary Privileges] +* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] +* https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Kubernetes Documentation] - Configure a Security Context for a Pod or Container +* https://man7.org/linux/man-pages/man7/capabilities.7.html[Linux manual page] - capabilities(7) + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Make sure setting capabilities is safe here. + + +''' +== Comments And Links +(visible only on this page) + + + +endif::env-github,rspecator-view[] diff --git a/rules/S5849/cfamily/rule.adoc b/rules/S5849/cfamily/rule.adoc index b250b287a8f..cf0e7aca9f6 100644 --- a/rules/S5849/cfamily/rule.adoc +++ b/rules/S5849/cfamily/rule.adoc @@ -48,10 +48,10 @@ fchmod(fd, S_ISUID|S_ISGID); // Sensitive == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/250[MITRE, CWE-250] - Execution with Unnecessary Privileges -* https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] - Incorrect Privilege Assignment +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/250[CWE-250 - Execution with Unnecessary Privileges] +* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] * https://forums.grsecurity.net/viewtopic.php?f=7&t=2522[False Boundaries and Arbitrary Code Execution] * https://man7.org/linux/man-pages/man7/capabilities.7.html[Linux manual page] - capabilities(7) diff --git a/rules/S5849/common/ask-yourself.adoc b/rules/S5849/common/ask-yourself.adoc new file mode 100644 index 00000000000..83967979807 --- /dev/null +++ b/rules/S5849/common/ask-yourself.adoc @@ -0,0 +1,6 @@ +Capabilities are granted: + +* To a process that does not require all capabilities to do its job. +* To a not trusted process. + +There is a risk if you answered yes to any of those questions. \ No newline at end of file diff --git a/rules/S5849/common/description.adoc b/rules/S5849/common/description.adoc new file mode 100644 index 00000000000..08180f0fc4e --- /dev/null +++ b/rules/S5849/common/description.adoc @@ -0,0 +1,5 @@ +Setting capabilities can lead to privilege escalation and container escapes. + +Linux capabilities allow you to assign narrow slices of ``++root++``'s permissions to processes. A thread with capabilities bypasses the normal kernel security checks to execute high-privilege actions such as mounting a device to a directory, without requiring additional root privileges. + +In a container, capabilities might allow to access resources from the host system which can result in container escapes. For example, with the capability ``++SYS_ADMIN++`` an attacker might be able to mount devices from the host system inside of the container. \ No newline at end of file diff --git a/rules/S5849/common/recommended.adoc b/rules/S5849/common/recommended.adoc new file mode 100644 index 00000000000..5f4cecc1a29 --- /dev/null +++ b/rules/S5849/common/recommended.adoc @@ -0,0 +1,4 @@ +Capabilities are high privileges, traditionally associated with superuser (root), +thus make sure that the most restrictive and necessary capabilities are assigned. + +In the best case, no capabilities should be granted at all. \ No newline at end of file diff --git a/rules/S5849/kubernetes/rule.adoc b/rules/S5849/kubernetes/rule.adoc index 6e89da3d573..72e3ee867e1 100644 --- a/rules/S5849/kubernetes/rule.adoc +++ b/rules/S5849/kubernetes/rule.adoc @@ -1,24 +1,12 @@ -Setting capabilities can lead to privilege escalation and container escapes. - -Linux capabilities allow you to assign narrow slices of ``++root++``'s permissions to processes. A thread with capabilities bypasses the normal kernel security checks to execute high-privilege actions such as mounting a device to a directory, without requiring additional root privileges. - -In a container, capabilities might allow to access resources from the host system which can result in container escapes. For example, with the capability ``++SYS_ADMIN++`` an attacker might be able to mount devices from the host system inside of the container. - +include::../common/description.adoc[] == Ask Yourself Whether -Capabilities are granted: - -* To a process that does not require all capabilities to do its job. -* To a not trusted process. - -There is a risk if you answered yes to any of those questions. - +include::../common/ask-yourself.adoc[] == Recommended Secure Coding Practices -Capabilities are high privileges, traditionally associated with superuser (root), thus make sure that the most restrictive and necessary capabilities are assigned. - +include::../common/recommended.adoc[] == Sensitive Code Example @@ -54,8 +42,8 @@ spec: == See -* https://cwe.mitre.org/data/definitions/250[MITRE, CWE-250] - Execution with Unnecessary Privileges -* https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] - Incorrect Privilege Assignment +* CWE - https://cwe.mitre.org/data/definitions/250[CWE-250 - Execution with Unnecessary Privileges] +* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] * https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Kubernetes Documentation] - Configure a Security Context for a Pod or Container * https://man7.org/linux/man-pages/man7/capabilities.7.html[Linux manual page] - capabilities(7) diff --git a/rules/S5850/java/metadata.json b/rules/S5850/java/metadata.json index 0db3279e44b..f4b27f0bb34 100644 --- a/rules/S5850/java/metadata.json +++ b/rules/S5850/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S5852/java/metadata.json b/rules/S5852/java/metadata.json index 6afd55ee1cb..f556fc72f27 100644 --- a/rules/S5852/java/metadata.json +++ b/rules/S5852/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "unknown" + "quickfix": "unknown", + "scope": "Main" } diff --git a/rules/S5852/javascript/rule.adoc b/rules/S5852/javascript/rule.adoc index df69f6122cf..757c74ec685 100644 --- a/rules/S5852/javascript/rule.adoc +++ b/rules/S5852/javascript/rule.adoc @@ -23,7 +23,7 @@ In order to rewrite your regular expression without these patterns, consider the * If applicable, define a maximum number of expected repetitions using the bounded quantifiers, like `+{1,5}+` instead of ``+`` for instance. -* Refactor nested quantifiers to limit the number of way the inner group can be matched by the outer quantifier, for instance this nested quantifier situation `+(ba+)++` doesn't cause performance issues, indeed, the inner group can be matched only if there exists exactly one `+b+` char per repetition of the group. +* Refactor nested quantifiers to limit the number of way the inner group can be matched by the outer quantifier, for instance this nested quantifier situation `pass:[(ba+)+]` doesn't cause performance issues, indeed, the inner group can be matched only if there exists exactly one `+b+` char per repetition of the group. * Optimize regular expressions by emulating _possessive quantifiers_ and _atomic grouping_. * Use negated character classes instead of `+.+` to exclude separators where applicable. For example the quadratic regex `+.*_.*+` can be made linear by changing it to `+[^_]*_.*+` diff --git a/rules/S5852/see.adoc b/rules/S5852/see.adoc index 9f49c48d7b8..96231235610 100644 --- a/rules/S5852/see.adoc +++ b/rules/S5852/see.adoc @@ -1,8 +1,8 @@ == See -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/400[MITRE, CWE-400] - Uncontrolled Resource Consumption -* https://cwe.mitre.org/data/definitions/1333[MITRE, CWE-1333] - Inefficient Regular Expression Complexity +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption] +* CWE - https://cwe.mitre.org/data/definitions/1333[CWE-1333 - Inefficient Regular Expression Complexity] * https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS[owasp.org] - OWASP Regular expression Denial of Service - ReDoS * https://web.archive.org/web/20220506215733/https://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016[stackstatus.net(archived)] - Outage Postmortem - July 20, 2016 * https://www.regular-expressions.info/catastrophic.html[regular-expressions.info] - Runaway Regular Expressions: Catastrophic Backtracking diff --git a/rules/S5854/java/metadata.json b/rules/S5854/java/metadata.json index 2f6c6b7b09a..6c1c02b5e2c 100644 --- a/rules/S5854/java/metadata.json +++ b/rules/S5854/java/metadata.json @@ -16,17 +16,13 @@ "regex" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-5854", "sqKey": "S5854", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5855/java/metadata.json b/rules/S5855/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S5855/java/metadata.json +++ b/rules/S5855/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S5856/dart/metadata.json b/rules/S5856/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S5856/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S5856/dart/rule.adoc b/rules/S5856/dart/rule.adoc new file mode 100644 index 00000000000..630ecc064b4 --- /dev/null +++ b/rules/S5856/dart/rule.adoc @@ -0,0 +1,43 @@ +== Why is this an issue? + +include::../description.adoc[] + +=== Noncompliant code example + +[source,dart] +---- +RegExp(r'(['); +RegExp(r'(\\w+-(\\d+)'); +---- + + +=== Compliant solution + +[source,dart] +---- +RegExp(r'\(\['); +RegExp(r'(\\w+)-(\\d+)'); +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/valid_regexps[Dart Lint rule - valid_regexps] +* Dart API Reference - https://api.dart.dev/stable/dart-core/RegExp-class.html[Dart RegExp] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Invalid regular expression syntax. + +=== Highlighting + +The error inside the regular expression + +endif::env-github,rspecator-view[] diff --git a/rules/S5856/java/metadata.json b/rules/S5856/java/metadata.json index 0967ef424bc..f4b27f0bb34 100644 --- a/rules/S5856/java/metadata.json +++ b/rules/S5856/java/metadata.json @@ -1 +1,3 @@ -{} +{ + "scope": "Main" +} diff --git a/rules/S5857/java/metadata.json b/rules/S5857/java/metadata.json index 0db3279e44b..f4b27f0bb34 100644 --- a/rules/S5857/java/metadata.json +++ b/rules/S5857/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S5860/java/metadata.json b/rules/S5860/java/metadata.json index 0967ef424bc..f4b27f0bb34 100644 --- a/rules/S5860/java/metadata.json +++ b/rules/S5860/java/metadata.json @@ -1 +1,3 @@ -{} +{ + "scope": "Main" +} diff --git a/rules/S5864/python/metadata.json b/rules/S5864/python/metadata.json index f40fa320772..4f3475c7b28 100644 --- a/rules/S5864/python/metadata.json +++ b/rules/S5864/python/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - + "confusing", + "typing" ], "extra": { "replacementRules": [ diff --git a/rules/S5866/java/metadata.json b/rules/S5866/java/metadata.json index 5af54a7ef30..e51cba4ddeb 100644 --- a/rules/S5866/java/metadata.json +++ b/rules/S5866/java/metadata.json @@ -16,17 +16,13 @@ "regex" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-5866", "sqKey": "S5866", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5867/java/metadata.json b/rules/S5867/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S5867/java/metadata.json +++ b/rules/S5867/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S5868/java/metadata.json b/rules/S5868/java/metadata.json index 0db3279e44b..f4b27f0bb34 100644 --- a/rules/S5868/java/metadata.json +++ b/rules/S5868/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S5869/java/metadata.json b/rules/S5869/java/metadata.json index 0db3279e44b..f4b27f0bb34 100644 --- a/rules/S5869/java/metadata.json +++ b/rules/S5869/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S5876/common/resources/standards.adoc b/rules/S5876/common/resources/standards.adoc index ad513b70f65..c7309aaacc4 100644 --- a/rules/S5876/common/resources/standards.adoc +++ b/rules/S5876/common/resources/standards.adoc @@ -1,6 +1,9 @@ === Standards -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] * https://owasp.org/www-community/attacks/Session_fixation[OWASP Sesssion Fixation] -* https://cwe.mitre.org/data/definitions/384[MITRE, CWE-384] - Session Fixation +* CWE - https://cwe.mitre.org/data/definitions/384[CWE-384 - Session Fixation] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222579[Application Security and Development: V-222579] - Applications must use system-generated session identifiers that protect against session fixation. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. + diff --git a/rules/S5876/metadata.json b/rules/S5876/metadata.json index c97cbd85d8c..aa5c49919d1 100644 --- a/rules/S5876/metadata.json +++ b/rules/S5876/metadata.json @@ -45,6 +45,10 @@ ], "ASVS 4.0": [ "3.2.1" + ], + "STIG ASD_V5R3": [ + "V-222579", + "V-222582" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5883/common/resources/standards.adoc b/rules/S5883/common/resources/standards.adoc index 17a557bf3fb..187f8e7ab49 100644 --- a/rules/S5883/common/resources/standards.adoc +++ b/rules/S5883/common/resources/standards.adoc @@ -1,7 +1,8 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/88[MITRE, CWE-88] - Argument Injection or Modification +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/88[CWE-88 - Argument Injection or Modification] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S5883/metadata.json b/rules/S5883/metadata.json index 643c76019b9..5f994ad369f 100644 --- a/rules/S5883/metadata.json +++ b/rules/S5883/metadata.json @@ -47,6 +47,9 @@ "ASVS 4.0": [ "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S5886/python/metadata.json b/rules/S5886/python/metadata.json index a526b859129..62f75a06bb5 100644 --- a/rules/S5886/python/metadata.json +++ b/rules/S5886/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "5min" }, "tags": [ - + "typing" ], "extra": { "replacementRules": [ diff --git a/rules/S5890/python/metadata.json b/rules/S5890/python/metadata.json index 87416a2646d..292a2981b36 100644 --- a/rules/S5890/python/metadata.json +++ b/rules/S5890/python/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - + "typing", + "confusing" ], "extra": { "replacementRules": [ diff --git a/rules/S5899/python/metadata.json b/rules/S5899/python/metadata.json index 1731af0ff6a..b48a71d18a8 100644 --- a/rules/S5899/python/metadata.json +++ b/rules/S5899/python/metadata.json @@ -30,7 +30,7 @@ "sqKey": "S5899", "scope": "Tests", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S5905/python/metadata.json b/rules/S5905/python/metadata.json index fdcdd185d96..3d5675c4b7b 100644 --- a/rules/S5905/python/metadata.json +++ b/rules/S5905/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "tests" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5905", diff --git a/rules/S5906/python/metadata.json b/rules/S5906/python/metadata.json index 431b0d6cc46..bfa953e298c 100644 --- a/rules/S5906/python/metadata.json +++ b/rules/S5906/python/metadata.json @@ -13,7 +13,8 @@ "constantCost": "1min" }, "tags": [ - "tests" + "tests", + "unittest" ], "extra": { "replacementRules": [ @@ -28,7 +29,7 @@ "sqKey": "S5906", "scope": "Tests", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S5911/php/metadata.json b/rules/S5911/php/metadata.json index e4885442244..1531d8923e7 100644 --- a/rules/S5911/php/metadata.json +++ b/rules/S5911/php/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5911", diff --git a/rules/S5912/cfamily/metadata.json b/rules/S5912/cfamily/metadata.json index a51111352dd..513f653d046 100644 --- a/rules/S5912/cfamily/metadata.json +++ b/rules/S5912/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "cppcoreguidelines" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5912", diff --git a/rules/S5912/cfamily/rule.adoc b/rules/S5912/cfamily/rule.adoc index c9a1dfb55c5..4c9b751e38b 100644 --- a/rules/S5912/cfamily/rule.adoc +++ b/rules/S5912/cfamily/rule.adoc @@ -130,6 +130,5 @@ This goes well in hand with non-copyable classes. === External coding guidelines -* {cpp} Core Guidelines - -https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es63-dont-slice[ES.63 Don't slice] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es63-dont-slice[ES.63: Don't slice] diff --git a/rules/S5915/python/metadata.json b/rules/S5915/python/metadata.json index 1b9bfca69db..6d138e9deef 100644 --- a/rules/S5915/python/metadata.json +++ b/rules/S5915/python/metadata.json @@ -4,5 +4,8 @@ "unused", "pitfall" ], + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "covered" } diff --git a/rules/S5917/java/metadata.json b/rules/S5917/java/metadata.json index 1d3d6b69983..dd5822d9844 100644 --- a/rules/S5917/java/metadata.json +++ b/rules/S5917/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-5917", "sqKey": "S5917", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S5918/python/metadata.json b/rules/S5918/python/metadata.json index 90b082a5d44..58c6b251597 100644 --- a/rules/S5918/python/metadata.json +++ b/rules/S5918/python/metadata.json @@ -29,7 +29,7 @@ "sqKey": "S5918", "scope": "Tests", "defaultQualityProfiles": [ - + "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S5945/cfamily/rule.adoc b/rules/S5945/cfamily/rule.adoc index 62ac15abf62..a1362f93f66 100644 --- a/rules/S5945/cfamily/rule.adoc +++ b/rules/S5945/cfamily/rule.adoc @@ -47,7 +47,7 @@ This rule will not report the use of C-style arrays in ``++extern "C"++`` code ( == Resources -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/46dadd0b16b904fe0ff88c1fef9b0702dfd139e2/CppCoreGuidelines.md#slcon1-prefer-using-stl-array-or-vector-instead-of-a-c-array[SL.con.1 - Prefer using STL array or vector instead of a C array] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#slcon1-prefer-using-stl-array-or-vector-instead-of-a-c-array[SL.con.1: Prefer using STL `array` or `vector` instead of a C array] ifdef::env-github,rspecator-view[] diff --git a/rules/S5946/cfamily/rule.adoc b/rules/S5946/cfamily/rule.adoc index 33d10235bf7..79170c1d342 100644 --- a/rules/S5946/cfamily/rule.adoc +++ b/rules/S5946/cfamily/rule.adoc @@ -51,7 +51,7 @@ How are you? == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/c553535fb8dda2839d13ab5f807ffbc66b63d67b/CppCoreGuidelines.md#sl50-avoid-endl[{cpp} Core Guidelines SL.50] - Avoid endl +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#slio50-avoid-endl[SL.io.50: Avoid `endl`] ifdef::env-github,rspecator-view[] diff --git a/rules/S5950/cfamily/rule.adoc b/rules/S5950/cfamily/rule.adoc index a8e0f7b7241..6a3f3552242 100644 --- a/rules/S5950/cfamily/rule.adoc +++ b/rules/S5950/cfamily/rule.adoc @@ -71,8 +71,8 @@ In addition, `make_shared` does not support the following: == Resources -* {cpp] Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c150-use-make_unique-to-construct-objects-owned-by-unique_ptrs[C.150 - Use make_unique() to construct objects owned by unique_ptrs] -* {cpp] Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#c151-use-make_shared-to-construct-objects-owned-by-shared_ptrs[C.151 - Use make_shared() to construct objects owned by shared_ptrs] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c150-use-make_unique-to-construct-objects-owned-by-unique_ptrs[C.150: Use `make_unique()` to construct objects owned by ``unique_ptr``s] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c151-use-make_shared-to-construct-objects-owned-by-shared_ptrs[C.151: Use `make_shared()` to construct objects owned by ``shared_ptr``s] ifdef::env-github,rspecator-view[] diff --git a/rules/S5951/cfamily/rule.adoc b/rules/S5951/cfamily/rule.adoc index d4eb8da95f3..7519b1ba2b0 100644 --- a/rules/S5951/cfamily/rule.adoc +++ b/rules/S5951/cfamily/rule.adoc @@ -47,5 +47,5 @@ A f(); == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/c553535fb8dda2839d13ab5f807ffbc66b63d67b/CppCoreGuidelines.md#enforcement-40[{cpp} Core Guidelines F.20] - Flag returning a const value. +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f20-for-out-output-values-prefer-return-values-to-output-parameters[F.20: For "out" output values, prefer return values to output parameters] diff --git a/rules/S5952/cfamily/rule.adoc b/rules/S5952/cfamily/rule.adoc index 663022b34a3..bc81ac47797 100644 --- a/rules/S5952/cfamily/rule.adoc +++ b/rules/S5952/cfamily/rule.adoc @@ -63,7 +63,7 @@ class Derived : public Base { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/9efcaf07f7013fb6d07ee004f936540164535c63/CppCoreGuidelines.md#c52-use-inheriting-constructors-to-import-constructors-into-a-derived-class-that-does-not-need-further-explicit-initialization[{cpp} Core Guidelines C.52] - Use inheriting constructors to import constructors into a derived class that does not need further explicit initialization +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#c52-use-inheriting-constructors-to-import-constructors-into-a-derived-class-that-does-not-need-further-explicit-initialization[C.52: Use inheriting constructors to import constructors into a derived class that does not need further explicit initialization] ifdef::env-github,rspecator-view[] diff --git a/rules/S5953/python/metadata.json b/rules/S5953/python/metadata.json index 95f4263f997..c2d32aa6dce 100644 --- a/rules/S5953/python/metadata.json +++ b/rules/S5953/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,22 +13,16 @@ "constantCost": "5min" }, "tags": [ - + "suspicious" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5953", "sqKey": "S5953", "scope": "All", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S5954/cfamily/rule.adoc b/rules/S5954/cfamily/rule.adoc index e60399e2a3b..e2421730642 100644 --- a/rules/S5954/cfamily/rule.adoc +++ b/rules/S5954/cfamily/rule.adoc @@ -38,5 +38,5 @@ The move constructor of the ``++shared_ptr++`` itself. == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/c553535fb8dda2839d13ab5f807ffbc66b63d67b/CppCoreGuidelines.md#r34-take-a-shared_ptrwidget-parameter-to-express-that-a-function-is-part-owner[{cpp} Core Guidelines R.34] - Warn if a function takes a Shared_ptr by rvalue reference. Suggesting taking it by value instead. +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#r34-take-a-shared_ptrwidget-parameter-to-express-shared-ownership[R.34: Take a `shared_ptr` parameter to express shared ownership] diff --git a/rules/S5955/cfamily/rule.adoc b/rules/S5955/cfamily/rule.adoc index 0bb5e0ea5b6..ac57d2c41c3 100644 --- a/rules/S5955/cfamily/rule.adoc +++ b/rules/S5955/cfamily/rule.adoc @@ -34,7 +34,7 @@ void f() { == Resources -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#es5-keep-scopes-small[ES.5 - Keep scopes small] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#es5-keep-scopes-small[ES.5: Keep scopes small] ifdef::env-github,rspecator-view[] diff --git a/rules/S5962/cfamily/rule.adoc b/rules/S5962/cfamily/rule.adoc index 16b75230187..0259337f2b1 100644 --- a/rules/S5962/cfamily/rule.adoc +++ b/rules/S5962/cfamily/rule.adoc @@ -35,5 +35,5 @@ void startBackgroundTask(){ == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#cp26-dont-detach-a-thread[{cpp} Core Guidelines CP.26] - Don't detach() a thread +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp26-dont-detach-a-thread[CP.26: Don't `detach()` a thread] diff --git a/rules/S5973/common/why.adoc b/rules/S5973/common/why.adoc new file mode 100644 index 00000000000..044ad8db869 --- /dev/null +++ b/rules/S5973/common/why.adoc @@ -0,0 +1 @@ +Unstable / flaky tests are tests which sometimes pass and sometimes fail, without any code change. Obviously, they slow down developments when developers have to rerun failed tests. However, the real problem is that you can't completely trust these tests, they might fail for many different reasons and you don't know if any of them will happen in production. diff --git a/rules/S5973/java/metadata.json b/rules/S5973/java/metadata.json index ec830b135e3..2c63c085104 100644 --- a/rules/S5973/java/metadata.json +++ b/rules/S5973/java/metadata.json @@ -1,36 +1,2 @@ { - "title": "Tests should be stable", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "TESTED" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "20min" - }, - "tags": [ - "tests", - "design", - "unpredictable" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-5973", - "sqKey": "S5973", - "scope": "Tests", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S5973/java/rule.adoc b/rules/S5973/java/rule.adoc index 8c56e9979c3..ad10a6cca23 100644 --- a/rules/S5973/java/rule.adoc +++ b/rules/S5973/java/rule.adoc @@ -1,9 +1,8 @@ == Why is this an issue? -Unstable / flaky tests are tests which sometimes pass and sometimes fail, without any code change. Obviously, they slow down developments when engineers have to rerun failed tests. However the real problem is that you can't completely trust these tests, they might fail for many different reasons and you don't know if any of them will happen in production. +include::../common/why.adoc[] - -Some tools, such as TestNG, enable developers to automatically retry flaky tests. This might be ok as a temporary solution, but it should definitely be fixed. The more flaky tests you add, the more chances there are for a bug to arrive in production. +Some tools, such as TestNG, enable developers to automatically retry flaky tests. This might be acceptable as a temporary solution, but it should eventually be fixed. The more flaky tests you add, the more chances there are for a bug to arrive in production. This rule raises an issue when the annotation ``++org.testng.annotations.Test++`` is given a ``++successPercentage++`` argument with a value lower than ``++100++``. @@ -25,8 +24,8 @@ public class PercentageTest { == Resources -* https://testng.org/doc/documentation-main.html#annotations[TestNG documentation - Annotations] -* https://engineering.atspotify.com/2019/11/18/test-flakiness-methods-for-identifying-and-dealing-with-flaky-tests/[Test Flakiness - Methods for identifying and dealing with flaky tests] +* TestNG documentation - https://testng.org/#_annotations[Annotations] +* Spotify Engineering - https://engineering.atspotify.com/2019/11/18/test-flakiness-methods-for-identifying-and-dealing-with-flaky-tests/[Test Flakiness - Methods for identifying and dealing with flaky tests] ifdef::env-github,rspecator-view[] diff --git a/rules/S5973/javascript/metadata.json b/rules/S5973/javascript/metadata.json new file mode 100644 index 00000000000..bb3d04f385c --- /dev/null +++ b/rules/S5973/javascript/metadata.json @@ -0,0 +1,3 @@ +{ + "quickfix": "infeasible" +} diff --git a/rules/S5973/javascript/rule.adoc b/rules/S5973/javascript/rule.adoc new file mode 100644 index 00000000000..7cedc685382 --- /dev/null +++ b/rules/S5973/javascript/rule.adoc @@ -0,0 +1,37 @@ +== Why is this an issue? + +include::../common/why.adoc[] + +Some tools, such as Jest, enable developers to automatically retry flaky tests. This might be acceptable as a temporary solution, but it should eventually be fixed. The more flaky tests you add, the more chances there are for a bug to arrive in production. + + +This rule raises an issue when these functions are called with a value higher than ``++0++``: +* ``++jest.retry()++`` +* ``++this.retries()++`` inside a Mocha test case + +== How to fix it + +Make your test stable so that it passes on the first try, or remove it. + +=== Code examples + +==== Noncompliant code example + +[source,js] +---- +jest.retryTimes(3); // Noncompliant + +describe('API.foo()', function() { + it('should return 5 when computing ...', function() { + doSomethingUnstable(); + }); +}); +---- + +== Resources +=== Documentation +* Jest docs - https://jestjs.io/docs/jest-object#jestretrytimesnumretries-options[jest.retryTimes()] +* Mocha docs - https://mochajs.org/#retry-tests[Retry tests] + +=== Articles & blog posts +* Spotify Engineering - https://engineering.atspotify.com/2019/11/18/test-flakiness-methods-for-identifying-and-dealing-with-flaky-tests/[Test Flakiness - Methods for identifying and dealing with flaky tests] diff --git a/rules/S5973/metadata.json b/rules/S5973/metadata.json index 2c63c085104..4239531e2a0 100644 --- a/rules/S5973/metadata.json +++ b/rules/S5973/metadata.json @@ -1,2 +1,37 @@ { + "title": "Tests should be stable", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM", + "RELIABILITY": "MEDIUM" + }, + "attribute": "TESTED" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "20min" + }, + "tags": [ + "tests", + "design", + "unpredictable" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-5973", + "sqKey": "S5973", + "scope": "Tests", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S5976/java/rule.adoc b/rules/S5976/java/rule.adoc index 63368638a66..14f63461ea0 100644 --- a/rules/S5976/java/rule.adoc +++ b/rules/S5976/java/rule.adoc @@ -102,7 +102,7 @@ public class AppTest * https://phauer.com/2019/modern-best-practices-testing-java/#use-parameterized-tests[Modern Best Practices for Testing in Java - Philipp Hauer] * https://junit.org/junit5/docs/current/user-guide/#writing-tests-parameterized-tests[JUnit 5 documentation - Parameterized tests] * https://www.testwithspring.com/lesson/writing-parameterized-tests-with-junit-4/[Writing Parameterized Tests With JUnit 4] -* https://testng.org/doc/documentation-main.html#parameters[TestNG documentation - Parameters] +* https://testng.org/#_parameters[TestNG documentation - Parameters] ifdef::env-github,rspecator-view[] diff --git a/rules/S5979/java/metadata.json b/rules/S5979/java/metadata.json index edccd875ddd..e7c1a85c0f2 100644 --- a/rules/S5979/java/metadata.json +++ b/rules/S5979/java/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -17,19 +17,13 @@ "mockito" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5979", "sqKey": "S5979", "scope": "Tests", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S5981/cfamily/rule.adoc b/rules/S5981/cfamily/rule.adoc index 49f05f9bb11..6c895cc3399 100644 --- a/rules/S5981/cfamily/rule.adoc +++ b/rules/S5981/cfamily/rule.adoc @@ -67,7 +67,7 @@ double computeArea(const Shape* shape) { == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/c553535fb8dda2839d13ab5f807ffbc66b63d67b/CppCoreGuidelines.md#type2-dont-use-static_cast-downcasts-use-dynamic_cast-instead[{cpp} Core Guidelines - Type safety profile - Type.2]: Don’t use static_cast to downcast. Use dynamic_cast instead. +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#prosafety-type-safety-profile[Type.2: Don’t use `static_cast` to downcast] ifdef::env-github,rspecator-view[] diff --git a/rules/S5982/cfamily/rule.adoc b/rules/S5982/cfamily/rule.adoc index 942928ff2ab..938e7888630 100644 --- a/rules/S5982/cfamily/rule.adoc +++ b/rules/S5982/cfamily/rule.adoc @@ -48,9 +48,9 @@ if(fchdir(fd) == -1) { == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/252[MITRE, CWE-252] - Unchecked Return Value +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/252[CWE-252 - Unchecked Return Value] * https://man7.org/linux/man-pages/man2/chdir.2.html[man7.org] - chdir ifdef::env-github,rspecator-view[] @@ -61,7 +61,7 @@ ifdef::env-github,rspecator-view[] === Message -Make sure that changing the current working directory without verifying the success if safe here. +Make sure that changing the current working directory without verifying the success is safe here. endif::env-github,rspecator-view[] diff --git a/rules/S5994/java/metadata.json b/rules/S5994/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S5994/java/metadata.json +++ b/rules/S5994/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S5999/cfamily/metadata.json b/rules/S5999/cfamily/metadata.json index 322e87b8e8a..ea94ce10b3c 100644 --- a/rules/S5999/cfamily/metadata.json +++ b/rules/S5999/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -16,12 +16,8 @@ "since-c++17" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-5999", diff --git a/rules/S6001/java/metadata.json b/rules/S6001/java/metadata.json index 17971333806..f4b27f0bb34 100644 --- a/rules/S6001/java/metadata.json +++ b/rules/S6001/java/metadata.json @@ -1,3 +1,3 @@ { - + "scope": "Main" } diff --git a/rules/S6002/java/metadata.json b/rules/S6002/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S6002/java/metadata.json +++ b/rules/S6002/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S6004/cfamily/metadata.json b/rules/S6004/cfamily/metadata.json index 6ee4cc4726b..8c4ffb9089f 100644 --- a/rules/S6004/cfamily/metadata.json +++ b/rules/S6004/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "\"if\",\"switch\", and range-based for loop initializer should be used to reduce scope of variables", + "title": "\"if\" and \"switch\" initializer should be used to reduce scope of variables", "type": "CODE_SMELL", "code": { "impacts": { diff --git a/rules/S6004/cfamily/rule.adoc b/rules/S6004/cfamily/rule.adoc index 316a1c3e810..85e766948e1 100644 --- a/rules/S6004/cfamily/rule.adoc +++ b/rules/S6004/cfamily/rule.adoc @@ -36,7 +36,7 @@ bool better_init() { This rule raises an issue when: -- a variable is declared just before a statement that allows variable declaration (`if`, `switch`, or, starting {cpp}20, range-based `for` loop), +- a variable is declared just before a statement that allows variable declaration (`if`, `switch`), - this variable is used in the statement header, - there are other statements after this statement where this variable might be used, - yet, it is never used after the statement. @@ -82,32 +82,6 @@ void switchStatement() { } ---- -[source,cpp] ----- -std::vector> getTable(); -void printHeadersBad() { - auto rows = getTable(); // Noncompliant in C++20: rows is accessible outside of the loop - for (int x : rows[0]) { - std::cout << x <<' '; - } - std::cout << "\n"; -} ----- - -Using a temporary to avoid leaking of the variable into the ambient scope creates a bigger problem: an undefined behavior. Even though the lifetime of a temporary returned by the range expression is extended, the life of a temporary within the range expression terminates before the loop begins to execute. - -[source,cpp] ----- -std::vector> getTable(); -void printHeadersWorse() { - for (int x : getTable()[0]) { // Undefined behavior: return value of getTable() no longer exists in the loop body - std::cout << x <<' '; - } - std::cout << "\n"; -} ----- - - === Compliant solution [source,cpp] @@ -141,15 +115,6 @@ void switchStatement() { } std::cout << "\n"; } - -std::vector> getTable(); -void printHeadersGood() { - // Compliant: rows is accessible only inside the loop (this code requires at least C++20) - for (auto rows = getTable(); int x : table[0]) { - std::cout << x <<' '; - } - std::cout << "\n"; -} ---- === Exceptions diff --git a/rules/S6005/cfamily/rule.adoc b/rules/S6005/cfamily/rule.adoc index d226662f360..6e35cb65e3b 100644 --- a/rules/S6005/cfamily/rule.adoc +++ b/rules/S6005/cfamily/rule.adoc @@ -61,6 +61,6 @@ void printingMap(const std::map& map) { === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#reason-48[F.21 - To return multiple “out” values, prefer returning a struct or tuple] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#f21-to-return-multiple-out-values-prefer-returning-a-struct-or-tuple[F.21: To return multiple "out" values, prefer returning a struct or tuple] diff --git a/rules/S6012/cfamily/rule.adoc b/rules/S6012/cfamily/rule.adoc index cf2fc525d82..f8d3a922e25 100644 --- a/rules/S6012/cfamily/rule.adoc +++ b/rules/S6012/cfamily/rule.adoc @@ -3,13 +3,13 @@ Since {cpp}17, class template arguments can be automatically deduced by the compiler, either by looking at the arguments of the class constructors or by using an explicitly defined deduction guide. -Using the class template argument deduction allow to: +Using the class template argument deduction allows to: * Avoid verbose specification of all template parameter types for a class template. * Avoid writing helper function that only serves the purpose of deducing the type of a class from its arguments. For example, ``++std::make_pair++``. -* Be able to instantiate a class template with hard to spell or unutterable names, such as the closure type of a lambda. +* Be able to instantiate a class template with hard-to-spell or unutterable names, such as the closure type of a lambda. -This rule raises an issue when explicit class template arguments that can be automatically deduced is specified. +This rule raises an issue when explicit class template arguments that can be automatically deduced are specified. === Noncompliant code example @@ -18,8 +18,7 @@ This rule raises an issue when explicit class template arguments that can be aut ---- void f() { std::vector v1 {1, 2, 3}; // Noncompliant, int could have been deduced -}{code} - +} ---- === Compliant solution diff --git a/rules/S6018/cfamily/rule.adoc b/rules/S6018/cfamily/rule.adoc index 68cd2995ba5..8c11e009bb5 100644 --- a/rules/S6018/cfamily/rule.adoc +++ b/rules/S6018/cfamily/rule.adoc @@ -2,6 +2,7 @@ ``{cpp}17`` introduced inline variables. They provide a proper way to define global variables in header files. Before inline variables, it wasn’t possible to simply define global variables without compile or link errors: +[source,cpp] ---- struct A { static std::string s1 = "s1"; // doesn’t compile @@ -20,14 +21,19 @@ This rule will detect these workarounds and suggest using inline variables inste [source,cpp] ---- -struct A { +struct Clazz { static std::string& getS1() { // Noncompliant static std::string s1 = "s1"; return s1; } + + static Clazz const& getSelf() { // Noncompliant + static Clazz self; + return self; + } }; -inline std::string& gets2() { // Noncompliant +inline std::string& getS2() { // Noncompliant static std::string s2 = "s2"; return s2; } @@ -41,9 +47,12 @@ T s3 = "s3"; // Noncompliant. Available starting C++14 [source,cpp] ---- -struct A { - inline static std::string s1 = "s1"; // Compliant +struct Clazz { + inline static std::string s1 = "s1"; // Compliant, + static Clazz self; }; +inline Class Clazz::self; // Compliant +// Out of line definition is required for `Clazz` to be complete. inline std::string s2 = "s2"; // Compliant ---- diff --git a/rules/S6019/java/metadata.json b/rules/S6019/java/metadata.json index 7a73a41bfdf..f4b27f0bb34 100644 --- a/rules/S6019/java/metadata.json +++ b/rules/S6019/java/metadata.json @@ -1,2 +1,3 @@ { -} \ No newline at end of file + "scope": "Main" +} diff --git a/rules/S6024/cfamily/rule.adoc b/rules/S6024/cfamily/rule.adoc index de5ede3fa77..e87926b6d31 100644 --- a/rules/S6024/cfamily/rule.adoc +++ b/rules/S6024/cfamily/rule.adoc @@ -20,8 +20,8 @@ When writing generic code, you should prefer using those functions for objects t template bool f(T const &t, std::vector const &v) { if (!t.empty()) { // Noncompliant in C++17 - auto val = (t.begin() // Noncompliant in C++11 - ->size()); // Noncompliant in C++17 + auto val = t.begin() // Noncompliant in C++11 + ->size(); // Noncompliant in C++17 return val == v.size(); // Compliant, v does not depend on a template parameter } return false; diff --git a/rules/S6025/cfamily/metadata.json b/rules/S6025/cfamily/metadata.json index 74e96f215d2..19d00d5716b 100644 --- a/rules/S6025/cfamily/metadata.json +++ b/rules/S6025/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "FOCUSED" }, @@ -18,12 +18,8 @@ "pitfall" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6025", diff --git a/rules/S6035/java/metadata.json b/rules/S6035/java/metadata.json index 0967ef424bc..f4b27f0bb34 100644 --- a/rules/S6035/java/metadata.json +++ b/rules/S6035/java/metadata.json @@ -1 +1,3 @@ -{} +{ + "scope": "Main" +} diff --git a/rules/S6045/cfamily/metadata.json b/rules/S6045/cfamily/metadata.json index bfa7a51d8a2..8245bc315a1 100644 --- a/rules/S6045/cfamily/metadata.json +++ b/rules/S6045/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "Transparent comparator should be used with associative \"std::string\" containers", + "title": "Transparent function objects should be used with associative \"std::string\" containers", "type": "CODE_SMELL", "code": { "impacts": { @@ -17,12 +17,8 @@ "since-c++14" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6045", @@ -31,5 +27,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S6045/cfamily/rule.adoc b/rules/S6045/cfamily/rule.adoc index 8b103b2e859..142817e8b42 100644 --- a/rules/S6045/cfamily/rule.adoc +++ b/rules/S6045/cfamily/rule.adoc @@ -1,83 +1,187 @@ == Why is this an issue? -{cpp}14 has introduced transparent comparators: the function objects that support heterogeneous comparison (i.e., comparison of values of different types, such as ``++std::string++`` and ``++char const*++``). When using such comparator, the search-optimized containers, namely, ``++std::set++``, ``++std::multiset++``, ``++std::map++``, and ``++std::multimap++``, enable additional lookup-function overloads that support types different from the ``++key_type++``. +Transparent function objects are function-like types that support heterogeneous operations. There are essentially two kinds of such types: transparent comparators and transparent hashers. For instance, a transparent comparator for strings would support comparing a `std::string`` with string-like types (such as ``++char const*++`` or ``++std::string_view++``). +These transparent function objects are interesting for search-optimized containers such as `std::set` and `std::map`, including their `multi` and `unordered` variants. When transparent comparators/hashers are used, the containers enable additional overloads for many operations that support types different from their ``++key_type++``. -Invoking a lookup function (such as ``++find++``, ``++count++``, or ``++lower_bound++``) with a non-``++std::string++`` argument, i.e., a raw C-string literal (``++s.find("Nemo")++``), or a temporary ``++std::string++`` created of an ``++std::string_view++``, on a container of ``++std::string++`` with non-transparent comparator, leads to a temporary ``++std::string++`` object, because the lookup function will support only an argument of the ``++key_type++``. +For example, `std::set` is _not_ using transparent comparators. Invoking many member functions with a non-`std::string` argument leads to, implicitly or explicitly, creating a temporary `std::string` object because the functions only support an argument of the ``++key_type++``. - -{cpp}20 extends support for heterogeneous lookup to unordered associative containers (``++std::unordered_set++``, ``++std::unordered_multiset++``, ``++std::unordered_map++``, and ``++std::unordered_multimap++``) that provide additional overloads when the equality functor and the hasher are both transparent. -The standard provides transparent equality functors in the form ``++std::equal_to<>++``. However, there is no standard transparent hasher object and one needs to be defined in the program. -For ``++std::string++`` such hasher may be provided by converting each supplied object to ``++std::string_view++`` and hashing it using ``++std::hash++``: +[source,cpp] ---- -struct StringHash { - using is_transparent = void; // enables heterogeneous lookup - - std::size_t operator()(std::string_view sv) const { - std::hash hasher; - return hasher(sv); - } -}; +// Given a container c with a non-transparent comparator: +std::set c = ...; + +// Calling "find" with a C-style string (char const*) +auto it = c.find("Nemo"); +// is equivalent to +auto it = c.find(std::string{"Nemo"}); + +// Calling C++20 "contains" with a std::string_view sv +// does not compile since conversion has to be explicit: +// if (c.contains(sv)) { ... } +// It has to be rewritten like this: +if (c.contains(std::string(sv))) { ... } ---- -Prefer using a transparent comparator with associative ``++std::string++`` containers to avoid creating the temporary. Note that transparent comparators are strongly discouraged if used with types that are not directly comparable as it will lead to the creation of ``++O(log(container.size())))++`` temporaries with lookup functions such as ``++find++``, ``++count++``, and ``++lower_bound++``. +Using heterogeneous comparison and hashing directly benefits the application performance since unnecessary temporaries can be avoided. An excellent and very common example of when transparent functions objects are beneficial is when the ``++key_type++`` is `std::string`. -Custom non-transparent functor (comparator, equality or hasher) may have different semantics than corresponding operators on `std:::string`. In such case, the heterogeneous lookup can still be enabled, by declaring the ``++is_transparent++`` nested type in the functor, and adjusting the implementation to accept either ``++std::string_view++`` or any type (i.e. turning it into a template). The later change is required to avoid the creation of `std::string` temporaries for each invocation and thus degradation of performance. +// We do not pedantically list the version of {cpp} that enables these overloads because there are too many combinations of type/function, and it is expected that newer standards will simply make this worse. +Starting from {cpp}14, transparent function objects can enable additional overloads for these containers: `std::set`, `std::map`, ``++std::unordered_set++``, ``++std::unordered_map++``, `std::multiset`, `std::multimap`, ``++std::unordered_multiset++``, and ``++std::unordered_multimap++``. -This rule will detect ``++std::set++``, ``++std::multiset++``, ``++std::map++``, ``++std::multimap++``, and since {cpp}20 ``++std::unordered_set++``, ``++std::unordered_multiset++``, ``++std::unordered_map++``, and ``++std::unordered_multimap++`` types, that use ``++std::string++`` as key and do not enable heterogeneous lookup. +Depending on the {cpp} version and the container type, the overloads are available for these operations: +* Lookup functions, such as: `find`, `count`, ``++lower_bound++``, ``++upper_bound++``, ``++equal_range++``, `contains`. +* Mutation functions, such as: `erase`, `extract`, `insert`, ``++insert_or_assign++``. -=== Noncompliant code example +For this reason, this rule detects using `std::string` as the key for the associative container types mentioned previously when heterogeneous operations are disabled. -[source,cpp] +== How to fix it + +You should prefer using transparent comparators and hashers with associative containers over `std::string` to avoid creating costly temporaries. + +Transparent comparators introduced in {cpp}14 include: `std::less<>`, ``++std::less_equal<>++``, ``++std::equal_to<>++``, etc. (This syntax leverages the default template parameter, which is `void`.) However, there are no standard transparent hashers. + +You can override the default comparator and hasher for the type family of `std::set` and `std::map` by explicitly providing the corresponding template parameter. + +=== Working with tree-based containers + +`std::set`, `std::map`, `std::multiset`, and `std::multimap` are tree-based data structures that, by default, use `<` to compare the keys. Under the hood, they use `std::less` to invoke the `operator<` on the keys. + +==== Noncompliant code example + +[source,cpp,diff-id=1,diff-type=noncompliant] ---- -void f() { - // the default std::less is not transparent - std::set m = { "Dory", "Marlin", "Nemo", "Emo"}; // Noncompliant - m.find("Nemo"); // This leads to a temporary std::string{"Nemo"}. - std::string_view n{"Nemo"}; - m.find(std::string(n)); // extra temporary std::string +void example() { + std::set sea = { // Noncompliant + "Dory", "Marlin", "Nemo", "Emo", "Darla" + }; + sea.find("Nemo"); // This leads to a temporary std::string{"Nemo"}. + + std::string_view hero{"Nemo"}; + sea.contains(std::string(hero)); // Extra temporary std::string. } +---- -void g() { - // the default std::equal_to and std::hash are not transparent - std::unordered_set m = { "Dory", "Marlin", "Nemo", "Emo"}; // Noncompliant - m.find("Nemo"); // This leads to a temporary std::string{"Nemo"}. - std::string_view n{"Nemo"}; - m.find(std::string(n)); // extra temporary std::string +The default comparator for `std::set` is `std::less`, which is not transparent. + +==== Compliant solution + +Instead, `std::less<>` should be used: + +[source,cpp,diff-id=1,diff-type=compliant] +---- +void example() { + std::set> sea = { // Compliant + "Dory", "Marlin", "Nemo", "Emo", "Darla" + }; + + sea.find("Nemo"); // No more temporary std::string{"Nemo"}. + + std::string_view hero{"Nemo"}; + sea.contains(hero); // No need to create the std::string anymore. } +---- + +When `find` is called, the STL essentially invokes + +[source,cpp] +---- +std::less::operator(std::string const& lhs, const char* rhs); +---- + +This results in `lhs < rhs`. In other words, it compares the `std::string` against a C-style string with no undesired temporaries. + +It works equivalently for `std::map`: `std::map` should be rewritten as `std::map>`. -struct UpToTenLess { +=== Working with tree-based containers and custom comparators + +Sometimes, it is useful to use a custom comparator, for example, to implement a case-insensitive string comparison. + +==== Noncompliant code example + +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +struct CaseInsensitiveCompare { bool operator()(const std::string& lhs, const std::string& rhs) const { - return lhs.compare(0, 10, rhs, 0, 10); + return std::ranges::lexicographical_compare(lhs, rhs, [](char l, char r) { + return std::tolower(l) < std::tolower(r); + }); } }; -void g() { - // UpToTenLess is not transparent - std::set m = { "Dory", "Marlin", "Nemo", "Emo"}; // Noncompliant - m.find("Nemo"); // This leads to a temporary std::string{"Nemo"}. - std::string_view n{"Nemo"}; - m.find(std::string(n)); // extra temporary std::string +void example() { + std::set m = { // Noncompliant + "Dory", "Marlin", "Nemo", "Emo", "Darla" + }; + + m.lower_bound("nemo"); // This leads to a temporary std::string{"Nemo"}. } ---- -=== Compliant solution +However, like `std::less`, `CaseInsensitiveCompare` is not transparent, and the code triggers the construction of undesired temporary strings. -[source,cpp] +==== Compliant solution + +A comparator needs to explicitly declare itself as transparent. This is achieved by having an inner type named `is_transparent` in the comparator. The type itself does not matter. + +Furthermore, the comparator needs to provide heterogeneous comparisons. There are multiple ways to achieve this: + +. Its `operator()` could be templated and written in a generic way, like `std::less` does. +. It could provide the relevant overloads for the software. +. It can provide one overload whose lightweight parameter type can be constructed from key-like types. + +For instance, to implement a transparent case-insensitive comparator for strings, we can leverage the fact that ``++string_view++`` offers lightweight conversions. Furthermore, since ``++string_view++`` and `string` have very similar interfaces, the implementation of the comparator can remain unchanged: + +[source,cpp,diff-id=2,diff-type=compliant] +---- +struct CaseInsensitiveCompare { + using is_transparent = void; // Enables heterogeneous operations. + + bool operator()(const std::string_view& lhs, const std::string_view& rhs) const { + return std::ranges::lexicographical_compare(lhs, rhs, [](char l, char r) { + return std::tolower(l) < std::tolower(r); + }); + } +}; + +void example() { + std::set m = { // Compliant + "Dory", "Marlin", "Nemo", "Emo", "Darla" + }; + + m.lower_bound("nemo"); // No more temporary std::string{"nemo"}. +} +---- + +=== Working with hash-based containers + +`std::unordered_set`, `std::unordered_map`, `std::unordered_multiset`, and `std::unordered_multimap` are hash-based data structures that, by default, use `std::hash` to compute the hash of a key, and `==` to compare the keys. Under the hood, they use `std::equals_to` to invoke the `operator==` on the keys. + +{cpp}20 extends support for heterogeneous operations to these unordered associative containers: they provide additional overloads when the equality functor and the hasher are both transparent. + +==== Noncompliant code example + +[source,cpp,diff-id=3,diff-type=noncompliant] ---- -void f() { - // std::less<> is transparent - std::set> m = // Compliant - { "Dory", "Marlin", "Nemo", "Emo"}; - m.find("Nemo"); // No temporary is created, the raw C-string literal - // is compared directly with std::string elements - std::string_view n{"Nemo"}; - m.find(n); // No need to create the std::string +void example() { + std::unordered_set sea = { // Noncompliant + "Dory", "Marlin", "Nemo", "Emo", "Darla" + }; + + sea.erase("Darla"); // This leads to a temporary std::string{"Darla"}. } +---- + +==== Compliant solution +{cpp}14 provides transparent equality functors in the form ``++std::equal_to<>++``. However, there is no standard transparent hasher object. + +You can apply the same strategies to create custom hashers as the ones presented above for custom comparators. When the key is `std::string`, you can essentially leverage ``++std::string_view++`` and the implementation of `std::hash` for this lightweight type: + +[source,cpp,diff-id=3,diff-type=compliant] +---- struct StringHash { - using is_transparent = void; // enables heterogenous lookup + using is_transparent = void; // Enables heterogeneous operations. std::size_t operator()(std::string_view sv) const { std::hash hasher; @@ -85,34 +189,41 @@ struct StringHash { } }; +void example() { + std::unordered_set> sea = { // Compliant + "Dory", "Marlin", "Nemo", "Emo", "Darla" + }; -void g() { - // std::equal_to<> and StringHash are both transparent - std::unordered_set> m = { "Dory", "Marlin", "Nemo", "Emo"}; // Compliant - m.find("Nemo"); // std::string_view is created out of raw C-string literal - std::string_view n{"Nemo"}; - m.find(n); // No need to create a std::string + sea.erase("Darla"); // No more temporary std::string{"Darla"}. } +---- -struct UpToTenLess { - using is_transparent = void; +Finally, working with a custom equality comparator for hash-based containers is similar. - bool operator()(std::string_view lhs, std::string_view rhs) const { - return lhs.compare(0, 10, rhs, 0, 10); - } -}; +=== Pitfalls -void g() { - // UpToTenLess is now transparent - std::set m = { "Dory", "Marlin", "Nemo", "Emo"}; - m.find("Nemo"); // std::string_view is created out of raw C-string literal - std::string_view n{"Nemo"}; - m.find(n); // No need to create a std::string -} ----- +Transparent comparators/hashers are strongly discouraged when used with types that are not directly comparable or expensive to create. For example, in the example above, if `CaseInsensitiveCompare` had the inner type ``++is_transparent++`` but its `operator()` still had ``std::string`` arguments, each internal comparison performed by ``++lower_bound++`` would create a temporary `std::string`. This would be significantly worse than the original version, which creates only one temporary object. + +The standard comparator types existed before {cpp}14, but their type parameter had to be provided. {cpp}14 introduced a default value for the template parameter, `void`, alongside a template specialization that is the transparent comparator. Therefore, when creating an object of such type, it is essential to write ``++std::less<>++`` and not ``++std::less++``, for example. == Resources -S6021 for when it might be a bad idea to use transparent comparators. +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/functional#Transparent_function_objects[Transparent function objects] +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/functional/less_void[`std::less`] +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/functional/equal_to_void[``++std::equal_to++``] +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/hash[`std::hash`] +* {cpp} reference - https://en.cppreference.com/w/cpp/container/set[`std::set`] +* {cpp} reference - https://en.cppreference.com/w/cpp/container/map[`std::map`] +* {cpp} reference - https://en.cppreference.com/w/cpp/container/unordered_set[``++std::unordered_set++``] +* {cpp} reference - https://en.cppreference.com/w/cpp/container/unordered_map[``++std::unordered_map++``] +* {cpp} reference - https://en.cppreference.com/w/cpp/string/basic_string_view[``++std::string_view++``] + +// Multimap versions and std::string are not linked because they are rarely used or well-known. + +=== Related rules + +* S6021 Heterogeneous sorted containers should only be used with types that support heterogeneous comparison diff --git a/rules/S6069/cfamily/metadata.json b/rules/S6069/cfamily/metadata.json index 7575d756e1f..56936d64ace 100644 --- a/rules/S6069/cfamily/metadata.json +++ b/rules/S6069/cfamily/metadata.json @@ -47,6 +47,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6069/cfamily/rule.adoc b/rules/S6069/cfamily/rule.adoc index 6cd19b9519d..d0bb7061d07 100644 --- a/rules/S6069/cfamily/rule.adoc +++ b/rules/S6069/cfamily/rule.adoc @@ -49,10 +49,11 @@ sprintf(buf, "%s", message);{code} == See -* https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[OWASP Top 10 2021 Category A6] - Vulnerable and Outdated Components -* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities -* https://cwe.mitre.org/data/definitions/676[MITRE, CWE-676] - Use of Potentially Dangerous Function -* https://cwe.mitre.org/data/definitions/119[MITRE, CWE-119] - Improper Restriction of Operations within the Bounds of a Memory Buffer +* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] +* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] +* CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] +* CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S6070/java/metadata.json b/rules/S6070/java/metadata.json index ac71cf73fb0..e16e51fa249 100644 --- a/rules/S6070/java/metadata.json +++ b/rules/S6070/java/metadata.json @@ -16,17 +16,13 @@ "regex" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6070", "sqKey": "S6070", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S6096/common/resources/articles.adoc b/rules/S6096/common/resources/articles.adoc new file mode 100644 index 00000000000..936f0e0a3b9 --- /dev/null +++ b/rules/S6096/common/resources/articles.adoc @@ -0,0 +1,4 @@ +=== Articles & blog posts + +* Sonar Blog - https://www.sonarsource.com/blog/the-hidden-flaws-of-archives-in-java/[The Hidden Flaws of Archives in Java] +* Sonar Blog - https://www.sonarsource.com/blog/openrefine-zip-slip/[Unzipping Dangers: OpenRefine Zip Slip Vulnerability] diff --git a/rules/S6096/common/resources/docs.adoc b/rules/S6096/common/resources/docs.adoc deleted file mode 100644 index 5413a68a9f6..00000000000 --- a/rules/S6096/common/resources/docs.adoc +++ /dev/null @@ -1,3 +0,0 @@ -=== Documentation - -* https://snyk.io/research/zip-slip-vulnerability[snyk] - Zip Slip Vulnerability diff --git a/rules/S6096/common/resources/standards.adoc b/rules/S6096/common/resources/standards.adoc index f8aad022fdc..97a216c1077 100644 --- a/rules/S6096/common/resources/standards.adoc +++ b/rules/S6096/common/resources/standards.adoc @@ -1,8 +1,10 @@ === Standards -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/22[MITRE, CWE-22] - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S6096/csharp/rule.adoc b/rules/S6096/csharp/rule.adoc index 9a5e5567462..b49e2a8454d 100644 --- a/rules/S6096/csharp/rule.adoc +++ b/rules/S6096/csharp/rule.adoc @@ -10,7 +10,7 @@ include::how-to-fix-it/dotnet.adoc[] == Resources -include::../common/resources/docs.adoc[] +include::../common/resources/articles.adoc[] include::../common/resources/standards.adoc[] diff --git a/rules/S6096/java/rule.adoc b/rules/S6096/java/rule.adoc index 4970cfc106d..5a96d91ce5f 100644 --- a/rules/S6096/java/rule.adoc +++ b/rules/S6096/java/rule.adoc @@ -8,7 +8,7 @@ include::how-to-fix-it/java-se.adoc[] == Resources -include::../common/resources/docs.adoc[] +include::../common/resources/articles.adoc[] include::../common/resources/standards.adoc[] diff --git a/rules/S6096/javascript/rule.adoc b/rules/S6096/javascript/rule.adoc index dae77c4fd66..85116f736c1 100644 --- a/rules/S6096/javascript/rule.adoc +++ b/rules/S6096/javascript/rule.adoc @@ -11,7 +11,7 @@ include::how-to-fix-it/nodejs.adoc[] == Resources -include::../common/resources/docs.adoc[] +include::../common/resources/articles.adoc[] include::../common/resources/standards.adoc[] diff --git a/rules/S6096/metadata.json b/rules/S6096/metadata.json index 31c45688d11..f2727c39dfd 100644 --- a/rules/S6096/metadata.json +++ b/rules/S6096/metadata.json @@ -51,6 +51,9 @@ "12.3.4", "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6104/java/metadata.json b/rules/S6104/java/metadata.json index e9c6c5cde77..2d1925419f7 100644 --- a/rules/S6104/java/metadata.json +++ b/rules/S6104/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-6104", "sqKey": "S6104", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S6105/common/resources/standards.adoc b/rules/S6105/common/resources/standards.adoc index f9032084236..4f27cf9e317 100644 --- a/rules/S6105/common/resources/standards.adoc +++ b/rules/S6105/common/resources/standards.adoc @@ -1,6 +1,8 @@ === Standards -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/601[MITRE, CWE-601] - URL Redirection to Untrusted Site ('Open Redirect') +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/601[CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S6105/metadata.json b/rules/S6105/metadata.json index 6b3d12be7c0..82b20ec85ff 100644 --- a/rules/S6105/metadata.json +++ b/rules/S6105/metadata.json @@ -1,53 +1,60 @@ { - "title": "DOM updates should not lead to open redirect vulnerabilities", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "COMPLETE" + "title": "DOM updates should not lead to open redirect vulnerabilities", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "HIGH" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe" + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe" + ], + "extra": { + "replacementRules": [ + ], - "extra": { - "replacementRules": [], - "legacyKeys": [] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-6105", - "sqKey": "S6105", - "scope": "Main", - "securityStandards": { - "CWE": [ - 20, - 601 - ], - "OWASP": [ - "A5" - ], - "OWASP Top 10 2021": [ - "A1" - ], - "PCI DSS 3.2": [ - "6.5.8" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "5.1.3", - "5.1.4", - "5.1.5" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6105", + "sqKey": "S6105", + "scope": "Main", + "securityStandards": { + "CWE": [ + 20, + 601 + ], + "OWASP": [ + "A5" + ], + "OWASP Top 10 2021": [ + "A1" + ], + "PCI DSS 3.2": [ + "6.5.8" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "5.1.3", + "5.1.4", + "5.1.5" ], - "quickfix": "unknown" -} \ No newline at end of file + "STIG ASD_V5R3": [ + "V-222609" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S6108/javascript/rule.adoc b/rules/S6108/javascript/rule.adoc index 83a3c40d6fb..6b3ef8017d3 100644 --- a/rules/S6108/javascript/rule.adoc +++ b/rules/S6108/javascript/rule.adoc @@ -109,5 +109,5 @@ function for_set(target, path, value) { == See * https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf[Prototype pollution attack in NodeJS application - Olivier Arteau] -* https://cwe.mitre.org/data/definitions/1321[MITRE, CWE-1321] - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') +* CWE - https://cwe.mitre.org/data/definitions/1321[CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')] diff --git a/rules/S6109/javascript/rule.adoc b/rules/S6109/javascript/rule.adoc index ce5a6fb9c46..d0e7ecb2d51 100644 --- a/rules/S6109/javascript/rule.adoc +++ b/rules/S6109/javascript/rule.adoc @@ -107,5 +107,5 @@ for_set(req.query.path, req.query.val); // Compliant == Resources * https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf[Prototype pollution attack in NodeJS application - Olivier Arteau] -* https://cwe.mitre.org/data/definitions/1321[MITRE, CWE-1321] - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') +* CWE - https://cwe.mitre.org/data/definitions/1321[CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')] diff --git a/rules/S6146/vb6/metadata.json b/rules/S6146/vb6/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6146/vb6/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6146/vb6/rule.adoc b/rules/S6146/vb6/rule.adoc new file mode 100644 index 00000000000..a3828481b42 --- /dev/null +++ b/rules/S6146/vb6/rule.adoc @@ -0,0 +1,36 @@ +== Why is this an issue? + +There are several compilations options available for Visual Basic source code and `Option Explicit` defines compiler behavior for implicit variable declarations. Not specifying `Option Explicit` will allow creating a variable by it's first usage. This behavior can lead to unexpected runtime errors due to typos in variable names. + +== How to fix it + +`Option Explicit` should be added to every individual source file. + +=== Code examples + +==== Noncompliant code example + +[source,vb6,diff-id=1,diff-type=noncompliant] +---- +Sub DoSomething(First As String, Second As String) + Parameter = Fist ' New local variable "Fist" is created and assigned to new local variable "Parameter" instead of "First" argument. + DoSomething(Parameter) + Parametr = Second ' "Second" argument is assigned to newly created variable "Parametr" instead of intended "Parameter". + DoSomething(Parameter) ' Value of "Parameter" is always Nothing +End Sub +---- + + +==== Compliant solution + +[source,vb6,diff-id=1,diff-type=compliant] +---- +Option Explicit + +Sub DoSomething(First As String, Second As String) + Dim Parameter As String = First + DoSomething(Parameter) + Parameter = Second + DoSomething(Parameter) +End Sub +---- diff --git a/rules/S6147/cfamily/metadata.json b/rules/S6147/cfamily/metadata.json index 17971333806..8fe708f200f 100644 --- a/rules/S6147/cfamily/metadata.json +++ b/rules/S6147/cfamily/metadata.json @@ -1,3 +1,35 @@ { - + "title": "Use discriminated unions or \"std::variant\"", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "HIGH" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "20min" + }, + "tags": [ + "clumsy", + "pitfall" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Critical", + "ruleSpecification": "RSPEC-6147", + "sqKey": "S6147", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "infeasible" } diff --git a/rules/S6147/cfamily/rule.adoc b/rules/S6147/cfamily/rule.adoc index 3c988af182a..08b2d80b1ba 100644 --- a/rules/S6147/cfamily/rule.adoc +++ b/rules/S6147/cfamily/rule.adoc @@ -1 +1,110 @@ -include::../rule.adoc[] +== Why is this an issue? + +In order to save memory, unions allow you to use the same memory to store objects from a list of possible types as long as one object is stored at a time. Unions are not inherently safe, as they expect you to externally keep track of the type of value they currently hold. + + +Wrong tracking has the potential to corrupt memory or to trigger undefined behaviors. + + +A straightforward way to avoid it is storing the information about the currently active alternative along with the union. Here follow suggested patterns to do that: + + +[source, cpp] +---- +typedef int altType1; +typedef float altType2; + +// Pattern 1 +union alternativesCommonStartingFieldPattern { + struct { + bool isAlt1; + altType1 a1; + } one; + + struct { + bool isAlt1; + altType2 a2; + } two; +}; + +double getValueAsDouble(alternativesCommonStartingFieldPattern *pattern1) { + return pattern1->one.isAlt1?pattern1->one.a1:pattern1->two.a2; +} +---- + +This pattern uses the fact that when two alternatives of a standard layout union are standard-layout-structs that share a common initial sequence, it is allowed to read this common initial sequence on one alternative even if the other alternative is the one currently active. This is commonly used to limit the number of bits required to store the discriminant. + + +[source, cpp] +---- +// Pattern 2 +struct wrappedUnionPattern { + enum {ALTTYPE1, ALTTYPE2} type; + + union { + altType1 a1; + altType2 a2; + }; +}; + +double getValueAsDouble(wrappedUnionPattern *pattern2) { + return (pattern2->type==wrappedUnionPattern::ALTTYPE1)?pattern2->a1:pattern2->a2; +} +---- +This pattern is more straightforward, and wraps the union inside a structure that will also store the discriminant. Note that in this case, the union itself can be anonymous. + +[source, cpp] +---- +// Pattern 3 (C++17) +using stdVariantPattern = std::variant; + +double getValueAsDouble(stdVariantPattern *pattern3) { + return std::visit([](auto&& alternative) -> double { return alternative;}, *pattern3); +} +---- +This pattern relies on {cpp}17’s ``++std::variant++`` to store the alternative. + + +In general, ``++std::variant++`` is: + +* Safer as the type of the current value is always known and checked before usage. +* More practical as it can have members of any type, including non trivial types (see S6025). It also supports redundant types, which is useful when alternatives have the same type with different semantic meanings. +* Easier to use as it provides many member/helper functions. + +One noticeable difference with unions is that the alternatives in a ``++std::variant++`` do not have a name. You can access them by type or by index, using ``++std::get++`` (throws if the wrong alternative is accessed) or ``++std::get_if++`` (returns a null pointer if the wrong alternative is used). But very often, instead of accessing a specific alternative, visitors are used to distinguish cases of the variant. + + +This rule raises an issue when unions are used outside of the 3 suggested patterns. + + +=== Noncompliant code example + +[source,cpp,diff-id=1,diff-type=noncompliant] +---- +void rawUnion() { + union IntOrDouble { // Noncompliant: union is not wrapped + int i; + double d; + }; + IntOrDouble intOrDouble; + intOrDouble.d = 10.5; +} +---- + + +=== Compliant solution + +[source,cpp,diff-id=1,diff-type=compliant] +---- +struct IntOrChar { + enum { INT, CHAR } tag; + union { // Compliant + int i; + char c; + }; +}; + +void simpleVariant() { + std::variant intOrDouble = 10.5; // Compliant +}{code} +---- diff --git a/rules/S6147/metadata.json b/rules/S6147/metadata.json index fb764041d74..2c63c085104 100644 --- a/rules/S6147/metadata.json +++ b/rules/S6147/metadata.json @@ -1,35 +1,2 @@ { - "title": "Use discriminated unions or \"std::variant\"", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "HIGH" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "20min" - }, - "tags": [ - "clumsy", - "pitfall" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Critical", - "ruleSpecification": "RSPEC-6147", - "sqKey": "S6147", - "scope": "All", - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" } diff --git a/rules/S6147/rule.adoc b/rules/S6147/rule.adoc deleted file mode 100644 index 2e048bb1662..00000000000 --- a/rules/S6147/rule.adoc +++ /dev/null @@ -1,113 +0,0 @@ -== Why is this an issue? - -In order to save memory, unions allow you to use the same memory to store objects from a list of possible types as long as one object is stored at a time. Unions are not inherently safe, as they expect you to externally keep track of the type of value they currently hold. - - - -Wrong tracking has the potential to corrupt memory or to trigger undefined behaviors. - - -A straightforward way to avoid it is storing the information about the currently active alternative along with the union. Here follow suggested patterns to do that: - - -  - ----- -typedef int altType1; -typedef float altType2; - -// Pattern 1 -union alternativesCommonStartingFieldPattern { - struct { - bool isAlt1; - altType1 a1; - } one; - - struct { - bool isAlt1; - altType2 a2; - } two; -}; - -double getValueAsDouble(alternativesCommonStartingFieldPattern *pattern1) { - return pattern1->one.isAlt1?pattern1->one.a1:pattern1->two.a2; -} ----- -This pattern uses the fact that when two alternatives of a standard layout union are standard-layout-structs that share a common initial sequence, it is allowed to read this common initial sequence on one alternative even if the other alternative is the one currently active. This is commonly used to limit the number of bits required to store the discriminant. - - -  - ----- -// Pattern 2 -struct wrappedUnionPattern { - enum {ALTTYPE1, ALTTYPE2} type; - - union { - altType1 a1; - altType2 a2; - }; -}; - -double getValueAsDouble(wrappedUnionPattern *pattern2) { - return (pattern2->type==wrappedUnionPattern::ALTTYPE1)?pattern2->a1:pattern2->a2; -} ----- -This pattern is more straightforward, and wraps the union inside a structure that will also store the discriminant. Note that in this case, the union itself can be anonymous. - ----- -// Pattern 3 (C++17) -using stdVariantPattern = std::variant; - -double getValueAsDouble(stdVariantPattern *pattern3) { - return std::visit([](auto&& alternative) -> double { return alternative;}, *pattern3); -} ----- -This pattern relies on {cpp}17’s ``++std::variant++`` to store the alternative. - - -In general, ``++std::variant++`` is: - -* Safer as the type of the current value is always known and checked before usage. -* More practical as it can have members of any type, including non trivial types (see S6025). It also supports redundant types, which is useful when alternatives have the same type with different semantic meanings. -* Easier to use as it provides many member/helper functions. - -One noticeable difference with unions is that the alternatives in a ``++std::variant++`` do not have a name. You can access them by type or by index, using ``++std::get++`` (throws if the wrong alternative is accessed) or ``++std::get_if++`` (returns a null pointer if the wrong alternative is used). But very often, instead of accessing a specific alternative, visitors are used to distinguish cases of the variant. - - -This rule raises an issue when unions are used outside of the 3 suggested patterns. - - -=== Noncompliant code example - -[source,text] ----- -void rawUnion() { - union IntOrDouble { // Noncompliant: union is not wrapped - int i; - double d; - }; - IntOrDouble intOrDouble; - intOrDouble.d = 10.5; -} ----- - - -=== Compliant solution - -[source,text] ----- -struct IntOrChar { -  enum { INT, CHAR } tag; -  union { // Compliant -    int i; -    char c; -  }; -}; - -void simpleVariant() { -  std::variant intOrDouble = 10.5; // Compliant -}{code} -  ----- - diff --git a/rules/S6168/cfamily/rule.adoc b/rules/S6168/cfamily/rule.adoc index 5a3abde23b2..fd6dde09000 100644 --- a/rules/S6168/cfamily/rule.adoc +++ b/rules/S6168/cfamily/rule.adoc @@ -39,5 +39,5 @@ int main() { === External coding guidelines -* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/036324/CppCoreGuidelines.md#cp25-prefer-gsljoining_thread-over-stdthread[CP.25 - Prefer "gsl::joining_thread" over "std::thread"] +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp25-prefer-gsljoining_thread-over-stdthread[CP.25: Prefer `gsl::joining_thread` over `std::thread`] diff --git a/rules/S6169/cfamily/metadata.json b/rules/S6169/cfamily/metadata.json index 9f1fd5fb0f1..55fe4b56108 100644 --- a/rules/S6169/cfamily/metadata.json +++ b/rules/S6169/cfamily/metadata.json @@ -1,5 +1,5 @@ { - "title": "Call to \"std::is_constant_evaluated\" should not be gratuitous", + "title": "\"std::is_constant_evaluated\" and \"if consteval\" should only be used when necessary", "type": "BUG", "code": { "impacts": { diff --git a/rules/S6169/cfamily/rule.adoc b/rules/S6169/cfamily/rule.adoc index 355c23264fa..538c80bfe3b 100644 --- a/rules/S6169/cfamily/rule.adoc +++ b/rules/S6169/cfamily/rule.adoc @@ -1,29 +1,357 @@ +This rule raises an issue when `std::is_constant_evaluated()` or `if consteval` are used in a context where they always produce the same result, i.e. are always `true` or always `false`. + == Why is this an issue? -``++std::is_constant_evaluated++`` is used to determine whether or not a context is constant-evaluated. This can be useful when, for example, two different implementations are provided for an algorithm: one, usually slow, for compile-time and the other one, faster, for runtime. +The `std::is_constant_evaluated` function (introduced in {cpp}20) and the `if consteval` language construct (introduced in {cpp}23) are used to determine whether the evaluation is performed at compile-time or runtime. +This can be useful when, for example, two different implementations are provided for an algorithm: +one that does not perform any IO operations and is compatible with compile-time evaluation, and the other one that also emits log entries at runtime. +These constructs should be used inside functions that are `constexpr`, and thus can be evaluated both at compile-time and at runtime. -However, some contexts are either always constant-evaluated or never constant-evaluated. In these cases, a call to ``++std::is_constant_evaluated++`` is unnecessary as it will always return the same result. +When used inside a context that is either always evaluated at compile-time or always evaluated at runtime, +a call to `std::is_constant_evaluated` always returns the same result, similarly `if consteval` always evaluates the same branch, +making their use redundant. -``++std::is_constant_evaluated++`` will always return ``++true++`` when called in: +This rule raises issues for contexts where expressions are always evaluated at compile-time or always evaluated at runtime. -* the condition of ``++if constexpr++`` -* the condition of ``++static_assert++`` -* ``++consteval++`` functions +In contexts that are always evaluated at compile-time: -And it will always return ``++false++`` in: +* `+std::is_constant_evaluated()+` always returns `true`. +* `+if consteval { /* then-branch */ }+` always evaluates the `then-branch`. +* `+if !consteval { /* then-branch */ } else { /* else-branch */}+` always evaluates the `else-branch`. -* non-``++constexpr++``/``++consteval++`` functions +These include: -This rule raises an issue when ``++std::is_constant_evaluated()++`` is called in an ``++if constexpr++`` or a ``++static_assert++`` condition, where it is always ``++true++``. +* The conditions of an `if constexpr` or a `static_assert`. ++ +[source,cpp] +---- +constexpr double power(double b, int x) { + if constexpr (std::is_constant_evaluated()) { // Noncompliant: always true + // compile-time implementation + } else { + // runtime implementation + } +} +static_assert(std::is_constant_evaluated()); // Noncompliant: always true +---- -=== Noncompliant code example +* The initialization of a variable declared `constexpr` or `constinit`. ++ +[source,cpp] +---- +constexpr int size = std::is_constant_evaluated() ? 10 : 20; // Noncompliant: always returns true +constinit int val = std::is_constant_evaluated() ? 20 : 30; // Noncompliant: always returns true +---- +* All expressions inside an _immediate context_. For instance bodies of `consteval` function, `then` branches of `if consteval`, and `else` branches of `if not consteval`. ++ [source,cpp] ---- +consteval bool onlyCompileTimeFunc() { + if consteval { // Noncompliant: always true + /* Branch is always taken */ + } else { + /* Branch is never taken */ + } + + if not consteval { // Noncompliant: always false + /* Branch is never taken */ + } else { + /* Branch is always taken */ + } + + bool ce = std::is_constant_evaluated(); // Noncompliant: always true + return std::is_constant_evaluated(); // Noncompliant: always returns true +} + +constexpr bool possiblyCompileTimeFunc() { + if consteval { // Compliant: depends on the call site + if consteval { // Noncompliant: always true + /* .... */ + } + if not consteval { // Noncompliant: always false + /* .... */ + } + return std::is_constant_evaluated(); // Noncompliant: always returns true + } + + if ! consteval { // Compliant: depends on the call site + /* Runtime branch */ + } else { + return std::is_constant_evaluated(); // Noncompliant: always returns true + } + + return std::is_constant_evaluated(); // Compliant: depends on call site +} +---- + +In contexts that are always evaluated at runtime: + +* `+std::is_constant_evaluated()+` always returns `false`. +* `+if consteval { /* then-branch */ } else { /* else-branch */}+` always evaluates `else-branch`. +* `+if !consteval { /* then-branch */ }+` always evaluates `then-branch`. + +They include: + +* The body of functions that are neither `constexpr` nor `consteval`. +* `else` branches of `if consteval`. +* `then` branches of `if not consteval`. + +[source,cpp] +---- +bool onlyRuntimeFunc() { + if consteval { // Noncompliant: always false + /* Never taken branch */ + } else { + /* Always taken branch */ + } + + if not consteval { // Noncompliant: always true + /* Always taken branch */ + } else { + /* Never taken branch */ + } + + bool ce = std::is_constant_evaluated(); // Noncompliant: always false + return std::is_constant_evaluated(); // Noncompliant: always returns false +} + +constexpr bool possiblyCompileTimeFunc() { + if not consteval { // Compliant: depends on the call site + if consteval { // Noncompliant: always false + /* ... */ + } + if not consteval { // Noncompliant: always true + /* .... */ + } + return std::is_constant_evaluated(); // Noncompliant: always returns false + } + + if consteval { // Compliant: depends on the call site + /* Compile-time branch */ + } else { + return std::is_constant_evaluated(); // Noncompliant: always returns false + } + + return std::is_constant_evaluated(); // Compliant: depends on call site +} +---- + +It is possible to nest a compile-time-only context inside otherwise runtime context, +in such case expressions are still evaluated at compile-time, and this rule will raise issues: + +[source,cpp] +---- +void constexprInRuntime() { + // Initializer of constexpr variable is always constant-expresion + constexpr int x = std::is_constant_evaluated(); // Noncompliant: always returns true +} + +constexpr void constexprInNotConsteval() { + if not consteval { + // Initializer of constexpr variable is always constant-expresion + constexpr int x = std::is_constant_evaluated(); // Noncompliant: always return true + } +} +---- + +=== When is the issue raised for variables that are neither `constexpr` nor `constinit`? + +For some variables, the compiler tries to initialize them at compile-time. +They are initialized at runtime only if such initialization is not possible. + +This happens for: + +* Variables with static and thread storage duration, like global, static, and thread-local variables. ++ +[source,cpp] +---- +int x = 10; // Evaluated at compile-time +int const y = init(); // Evaluated at compile-time if `init()` is constant-expression +std::mutex m; // Evaluated at compile-time because the selected constructor is constexpr + +void runtime() { + static int s = 20; // Evaluted at compile-time. +} +---- ++ +Evaluating such variables at compile-time avoids order of initialization issues. +It is recommended to mark these variables as `constexpr` (if they can be made `const`) or `constinit`. + +* Local variables that are declared `const` and have integral and enumeration types. ++ +[source,cpp] +---- +void cpp03Code() { + int const size = 5; // Evaluated at compile-time + int arr[size] = {}; // OK, size is constant + for (int i = 0; i < size; ++i) { + /* .... */ + } +} +---- ++ +Evaluating such variables at compile-time was already possible before `constexpr` was introduced to allow patterns like the above. +It is recommended to mark these variables as `constexpr`. + +Due to the above special rules, `std::is_constant_evaluated()` and `if consteval` are always `true` within such implicit constant initialization. +This may lead to surprising and unintuitive results, thus this rule raises issues in the following cases: + +[source,cpp] +---- +void onlyRuntime() { + bool const ce = std::is_constant_evaluated(); // Noncompliant: always true, due to implicit constant evaluation + bool e = std::is_constant_evaluated(); // Noncompliant: always false, not an implicit constant evaluation +} + +constexpr void possiblyCompileTimeFunc() { + bool const ce = std::is_constant_evaluated(); // Noncompliant: always true, due to implicit constant evaluation + bool e = std::is_constant_evaluated(); // Compliant: depends on the call site +} +---- + + +=== When are issues raised for lambdas? + +The call operator of a lambda can be explicitly marked `consteval`. In such cases, it can only be invoked at compile-time, and the rule raises an issue: + +[source,cpp] +---- +[] () consteval { + if consteval { // Noncompliant: always true + /* .... */ + } + return std::is_constant_evaluated(); // Noncompliant: always returns true +}; +---- + +Otherwise, the lambda call operator is implicitly considered to be `constexpr`, +regardless if it is marked so. +This means that the lambda can be invoked at compile-time, +and uses of `std::is_constant_evaluated()` and `if consteval` are not redundant. + +However, when a lambda is invoked locally only in compile-time or runtime context, +checking the evaluation context is still redundant. +In particular, this is obvious when the lambda is immediately invoked. The rule raises issues in that case: + +[source,cpp] +---- +// The lambda is provably invoked only at compile-time: +constexpr bool ce = [] () { + if consteval { // Noncompliant: always true + return true; + } + return false; +}(); +---- + +=== When do `constexpr` functions become immediate (compile-time only)? + +An immediate function (including one marked `consteval`) can only be invoked at compile-time, +and thus requires that all arguments are known at compile-time, +i.e. either they are constants or the function is invoked in an _immediate context_: +[source,cpp] +---- +consteval void handle(int); + +constexpr void foo(int x) { + handle(x); // ill-formed, the process cannot be called at compile-time, + // because `x` may have runtime value +} +---- + +In the case of non-template functions, this can be fixed by putting the call +to immediate function inside an `if consteval` block. +[source,cpp] +---- +constexpr void foo(int x) { + if consteval { + handle(x); // OK, the handle is evaluated only at compile-time + } +} +---- + +However, in the case of templates, it is possible that depending on the template parameters, +an immediate or runtime function will be called. +In such case, the compiler automatically changes the enclosing function to an immediate function, +in a process referred to as _immediate escalation_: + +[source,cpp] +---- +consteval int process(int); +float process(float); + +template +constexpr T foo(T x) { + // Calls `consteval` process if T = int, and runtimne for T = float. + // foo is promoted to immediate function. + return process(x); +} +---- + +The same behavior is applied to lambdas, both generic and non-generic, +if they contain an immediate invocation. + +As a consequence, uses of `std::is_constant_evaluated()` and `if consteval` are also redundant when used in an _immediate escalated_ lambda or function template instantiations. + +This rule raises issues if such uses are redundant for all possible specializations +of lambda or template: + +[source,cpp] +---- +consteval int process(int); +float process(float); + +template +constexpr bool conditionallyImmediate(T x) { + process(x); // Calls consteval function depending on the argument type + return std::is_constant_evaluated(); // Compliant: not all specializations are immediate +} + +template +constexpr bool alwaysImmediate(T x, int t) { + process(t); // Always calls consteval function + return std::is_constant_evaluated(); // Noncompliant: all specializations are immediate +} + +constexpr auto nonGenericLambda = [](int x) { + process(x); // Always calls consteval function + return std::is_constant_evaluated(); // Noncompliant: lambda is immediate +}; + +template +constexpr auto conditionallyImmediateGenericLambda = [] (auto x) { + process(x); // Calls consteval function depending on the argument type + return std::is_constant_evaluated(); // Compliant: not all specializations are immediate +}; + +template +constexpr auto alwaysImmediateGenericLambda = [](T x, int t) { + process(t); // Always calls consteval function + return std::is_constant_evaluated(); // Noncompliant: all specializations are immediate +}; +---- + +== How to fix it + +Depending on the context, the issue may be fixed by: + +* changing the context of invocation: replacing an `if constexpr` with a simple `if` or changing a function from `consteval` to `constexpr`. +* removing dead code: replacing `std::is_constant_evaluated()` with the produced value, removing `if consteval` and dead branches. + +=== Inside `if constexpr` condition + +Changing `if constexpr` into `if` leads to the condition no longer being always evaluated at compile-time. +The result of `std::is_constant_evaluated()` now depends on the call site. + +==== Noncompliant code example + +[source,cpp,diff-id=1,diff-type=noncompliant] +---- constexpr double power(double b, int x) { - if constexpr (std::is_constant_evaluated()) { // Noncompliant: will always be true + if constexpr (std::is_constant_evaluated()) { // Noncompliant: always true // compile-time implementation } else { // runtime implementation @@ -31,13 +359,25 @@ constexpr double power(double b, int x) { } ---- +===== Compliant solution + +[source,cpp,diff-id=1,diff-type=compliant] +---- +constexpr double power(double b, int x) { + if (std::is_constant_evaluated()) { + // compile-time implementation + } else { + // runtime implementation + } +} +---- -=== Compliant solution +Alternatively, since {cpp}23 you can use `if consteval` (see S7033). [source,cpp] ---- constexpr double power(double b, int x) { - if (std::is_constant_evaluated()) { + if consteval { // compile-time implementation } else { // runtime implementation @@ -45,4 +385,98 @@ constexpr double power(double b, int x) { } ---- +=== Removing unnecessary checks + +Inside `if consteval` code is always evaluated at compile-time, +so nested `if consteval` branches and calls to `std::is_constant_evaluated()` are always `true`. + +==== Noncompliant code example + +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +constexpr bool possiblyCompileTimeFunc() { + if consteval { + if consteval { // Noncompliant: always true + /* Code A */ + } + if not consteval { // Noncompliant: always false + /* Code B */ + } + return std::is_constant_evaluated(); // Noncompliant: always returns true + } + + if ! consteval { + /* Code C */ + } + + return std::is_constant_evaluated(); // Compliant: result depends on evaluation +} +---- + +==== Compliant solution + +[source,cpp,diff-id=2,diff-type=compliant] +---- +constexpr bool possiblyCompileTimeFunc() { + if consteval { + /* Code A */ + return true; + } + + if ! consteval { + /* Code C */ + } + + return std::is_constant_evaluated(); // Compliant: result depends on evaluation +} +---- + +=== Making function callable at runtime + +Changing the function to be declared as `constexpr` allows it to be called at runtime, +and makes `if consteval` meaningful. + +==== Noncompliant code example + +[source,cpp,diff-id=3,diff-type=noncompliant] +---- +consteval bool compileTimeOnlyFunc() { + if consteval { // Noncompliant: always true + /* Code A */ + } else { + /* Code B */ + } + + return std::is_constant_evaluated(); // Noncompliant: always returns true +} +---- + +==== Compliant solution + +[source,cpp,diff-id=3,diff-type=compliant] +---- +constexpr bool compileTimeOrRuntimeFunc() { + if consteval { // Compliant: result depends on evaluation + /* Code A */ + } else { + /* Code B */ + } + + return std::is_constant_evaluated(); // Compliant: result depends on evaluation +} +---- + + +== Resources + +=== Documentation +* {cpp} reference - https://en.cppreference.com/w/cpp/language/consteval[consteval specifier] +* {cpp} reference - https://en.cppreference.com/w/cpp/language/if#Consteval_if[Consteval if] + +=== Standards + +* Open Standards - https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2022/p2564r3.html[P2564R3] `consteval` needs to propagate up + +=== Related rules +* S7033 - "if consteval" should be used instead of "if (std::is_constant_evaluated())" diff --git a/rules/S6171/cfamily/rule.adoc b/rules/S6171/cfamily/rule.adoc index 5119f7dc426..f5bcf4f4d9d 100644 --- a/rules/S6171/cfamily/rule.adoc +++ b/rules/S6171/cfamily/rule.adoc @@ -46,3 +46,14 @@ void f2(std::unordered_map &m) { } ---- +== Resources + +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/container/set/find[`std::set::find`] +* {cpp} reference - https://en.cppreference.com/w/cpp/container/set/count[`std::set::count`] +* {cpp} reference - https://en.cppreference.com/w/cpp/container/set/contains[`std::set::contains`] + +=== Related rules + +* S7034 - "contains" should be used to test whether a substring is part of a string diff --git a/rules/S6173/common/resources/standards.adoc b/rules/S6173/common/resources/standards.adoc index 884c95a914d..20895759781 100644 --- a/rules/S6173/common/resources/standards.adoc +++ b/rules/S6173/common/resources/standards.adoc @@ -1,5 +1,7 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/470[MITRE, CWE-470] - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/470[CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S6173/metadata.json b/rules/S6173/metadata.json index 1d1e40ebe73..ec8c39d2332 100644 --- a/rules/S6173/metadata.json +++ b/rules/S6173/metadata.json @@ -42,6 +42,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6177/cfamily/rule.adoc b/rules/S6177/cfamily/rule.adoc index d3e9033349a..34cf723e917 100644 --- a/rules/S6177/cfamily/rule.adoc +++ b/rules/S6177/cfamily/rule.adoc @@ -1,8 +1,8 @@ == Why is this an issue? -{cpp}20 extends the ``++using++`` declaration to ``++class enum++``. ``++using enum++`` introduces all the ``++enum++`` constants into the current scope. - +{cpp}20 extends the ``++using++`` declaration to ``++enum class++``. ``++using enum++`` introduces all the ``++enum++`` constants into the current scope. +[source,cpp] ---- enum class rgbaColorChannel { red, green, blue, alpha }; @@ -17,18 +17,27 @@ std::string_view toString(rgbaColorChannel channel) { } ---- -As with other ``++using++`` declarations, ``++using enum++`` improves readability when used in small scopes yet might generate confusion in large scopes. +As with other ``++using++`` declarations, ``++using enum++`` improves readability when used in small scopes yet it generates confusion in large scopes. + +The ``++switch++`` statement, as in the example above, is a natural scope for ``++using enum++``. -The ``++switch++`` statement, as in the example above, when applied to a ``++class enum++`` value, is a natural scope for ``++using enum++``. +This rule reports scopes that use a particular ``++enum class++`` extensively and can benefit from ``++using enum++`` declaration. For example, it reports most ``++switch++`` statements applied to an ``++enum++`` value. -This rule reports scopes that use a particular ``++class enum++`` extensively and could benefit from ``++using enum++`` declaration. For example, it reports most ``++switch++`` statements applied to an ``++enum++`` value. +=== Exceptions +The rule does not apply if adding the `using enum` clause would create a name collision or reduce readability by shadowing a name. -=== Noncompliant code example +== How to fix it -[source,cpp] +Add `using enum` inside the relevant scope and replace the qualified identifiers with the corresponding enumerator names. + +=== Code examples + +==== Noncompliant code example + +[source,cpp,diff-id=1,diff-type=noncompliant] ---- enum class DayOfTheWeek { mon, tue, wed, thu, fri, sat, sun }; @@ -46,9 +55,9 @@ bool isWorkDay(DayOfTheWeek day) { ---- -=== Compliant solution +==== Compliant solution -[source,cpp] +[source,cpp,diff-id=1,diff-type=compliant] ---- enum class DayOfTheWeek { mon, tue, wed, thu, fri, sat, sun }; @@ -67,6 +76,32 @@ bool isWorkDay(DayOfTheWeek day) { } ---- -=== Exceptions +==== Noncompliant code example -The rule will not apply if adding the `using enum` clause would create a name collision or reduce readability by shadowing a name. +[source,cpp,diff-id=2,diff-type=noncompliant] +---- +enum class rgbaColorChannel { red, green, blue, alpha }; + +rgbaColorChannel chooseChannel(rgbaColorChannel background, rgbaColorChannel foreground) { + auto result = background; + if ((background == rgbaColorChannel::red || background == rgbaColorChannel::green) && foreground != rgbaColorChannel::red) + result = foreground; + return result; +} +---- + + +==== Compliant solution + +[source,cpp,diff-id=2,diff-type=compliant] +---- +enum class rgbaColorChannel { red, green, blue, alpha }; + +rgbaColorChannel chooseChannel(rgbaColorChannel background, rgbaColorChannel foreground) { + using enum rgbaColorChannel; + auto result = background; + if ((background == red || background == green) && foreground != red) + result = foreground; + return result; +} +---- diff --git a/rules/S6179/cfamily/metadata.json b/rules/S6179/cfamily/metadata.json index 538bfa56659..a5b9e32dff8 100644 --- a/rules/S6179/cfamily/metadata.json +++ b/rules/S6179/cfamily/metadata.json @@ -29,6 +29,11 @@ "ruleSpecification": "RSPEC-6179", "sqKey": "S6179", "scope": "All", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222612" + ] + }, "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S6179/cfamily/rule.adoc b/rules/S6179/cfamily/rule.adoc index f6ff5b32ac2..f4cee388fac 100644 --- a/rules/S6179/cfamily/rule.adoc +++ b/rules/S6179/cfamily/rule.adoc @@ -33,9 +33,16 @@ auto third = std::lerp(a, b, 0.3f); == Resources +=== Documentation + * {cpp} reference - https://en.cppreference.com/w/cpp/numeric/midpoint[std::midpoint] * {cpp} reference - https://en.cppreference.com/w/cpp/numeric/lerp[std::lerp] +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. + + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S6180/cfamily/metadata.json b/rules/S6180/cfamily/metadata.json index dca78c40be6..f0f89417809 100644 --- a/rules/S6180/cfamily/metadata.json +++ b/rules/S6180/cfamily/metadata.json @@ -17,12 +17,8 @@ "bad-practice" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6180", @@ -31,5 +27,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S6180/cfamily/rule.adoc b/rules/S6180/cfamily/rule.adoc index fbd4fae2e17..090fad9b53f 100644 --- a/rules/S6180/cfamily/rule.adoc +++ b/rules/S6180/cfamily/rule.adoc @@ -43,5 +43,5 @@ if (nullptr == ptr) [[unlikely]] { == Resources -* {cpp} reference - https://en.cppreference.com/w/cpp/language/attributes/likely[C++ attribute: likely, unlikely] +* {cpp} reference - https://en.cppreference.com/w/cpp/language/attributes/likely[{cpp} attribute: likely, unlikely] diff --git a/rules/S6183/cfamily/metadata.json b/rules/S6183/cfamily/metadata.json index bb2b08f286b..47ba911c884 100644 --- a/rules/S6183/cfamily/metadata.json +++ b/rules/S6183/cfamily/metadata.json @@ -37,6 +37,9 @@ ], "CWE": [ 195 + ], + "STIG ASD_V5R3": [ + "V-222612" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6183/cfamily/rule.adoc b/rules/S6183/cfamily/rule.adoc index ceefef63034..75d132bacd1 100644 --- a/rules/S6183/cfamily/rule.adoc +++ b/rules/S6183/cfamily/rule.adoc @@ -2,13 +2,13 @@ Functions from the ``++std::cmp_*++`` family should be used to compare signed an == Why is this an issue? -Comparisons between ``++signed++`` and ``++unsigned++`` integers are dangerous because they produce counterintuitive results outside of their shared value range. +Comparisons between ``++signed++`` and ``++unsigned++`` integers are dangerous because they produce counterintuitive results outside their shared value range. When a signed integer is compared to an unsigned one, the former might be converted to unsigned. The conversion preserves the two's-complement bit pattern of the signed value that often corresponds to a large unsigned result. The expression ``++2U < -1++`` evaluates to ``++true++``, for instance. -{cpp}20 introduced remedy to this common pitfall: a family of ``++std::cmp_*++`` functions defined in the ``++++`` header: +{cpp}20 introduced a remedy to this common pitfall: a family of ``++std::cmp_*++`` functions defined in the ``++++`` header: * ``++std::cmp_equal++`` * ``++std::cmp_not_equal++`` @@ -56,7 +56,7 @@ int main(int argc, char **argv) { if (user_input == 0xBEEF) { printf("Whoopsie daisy, ...\n"); // A malicious user can craft input arguments such that the flow of control - // passes through this call to `execl` which opens a new shell with this + // passes through this call to `execl`, which opens a new shell with this // program's (possibly elevated) permissions. execl("/bin/bash", "bash", (char *)NULL); } else { @@ -66,26 +66,26 @@ int main(int argc, char **argv) { } ---- -The program takes as arguments a string and its size, and uses these arguments to copy the string argument into an internal buffer. -Before copying the string into its internal buffer it checks whether the user-provided string fits into the buffer. -The program also comprises a call to `execl` that opens a shell with the program's possibly elevated permissions -- a potentially dangerous endeavour. -Even though the call to `execl` seems unreachable at a first glance, it can actually be reached due to signed/unsigned integer conversion. +The program takes a string and its size as arguments and uses these arguments to copy the string argument into an internal buffer. +Before copying the string into its internal buffer, it checks whether the user-provided string fits into the buffer. +The program also comprises a call to `execl` that opens a shell with the program's possibly elevated permissions -- a potentially dangerous endeavor. +Even though the call to `execl` seems unreachable at first glance, it can actually be reached due to signed/unsigned integer conversion. The check for the buffer size only validates that the provided string length (`user_input`) is smaller or equal to the buffer's size. Since the `atoi` function returns a signed integer, a user may provide a negative number to withstand that check. -The result of `sizeof(*)` on the other hand returns an unsigned integer which causes the expression `user_input * sizeof(char)` to be evaluated by +On the other hand, the result of `sizeof(*)` returns an unsigned integer which causes the expression `user_input * sizeof(char)` to be evaluated by . converting both operands to unsigned integers, . performing the multiplication, and . returning the result as an unsigned integer type. -A malicious user is hence able to provide carefully crafted negative integer and string to bypass the size check while still arriving at the appropriate size argument to not crash `memcpy`. -This, in turn, enables the malicious user to overflow the buffer variable `buf` to override the `user_input` variable which allows the second `if` statement to be evaluated to true, eventually opening a new shell with the target program's possibly elevated permissions. +Hence, a malicious user can provide carefully crafted negative integer and string to bypass the size check while still arriving at the appropriate size argument to not crash `memcpy`. +In turn, this enables the malicious user to overflow the buffer variable `buf` to override the `user_input` variable, which allows the second `if` statement to be evaluated to true, eventually opening a new shell with the target program's possibly elevated permissions. == How to fix it -Use the appropriate function from the ``++std::cmp_*++`` family to conduct comparisons between signed and unsigned integer types. +Use the appropriate function from the ``++std::cmp_*++`` family to compare signed and unsigned integer types. === Code examples @@ -131,10 +131,10 @@ bool fun(int x, std::vector const& v) { Note that this rule (S6183) deliberately avoids intersection with S6214. -While S6214 raises an issue if the signed value can be proven to be negative (in which case it is definitely a bug), S6281 will flag all *other* comparisons between signed and unsigned integers. +While S6214 raises an issue if the signed value can be proven to be negative (in which case it is definitely a bug), S6183 will flag all *other* comparisons between signed and unsigned integers. Therefore, if this rule is enabled, S6214 should be enabled too. -The following code snippet is hence compliant with S6183, but noncompliant with S6214 which will raise an issue on this definite bug. +The following code snippet is compliant with S6183 but noncompliant with S6214, which will raise an issue on this definite bug. [source,cpp,diff-id=3,diff-type=noncompliant] ---- @@ -175,7 +175,8 @@ void foo() { * CERT - https://wiki.sei.cmu.edu/confluence/display/c/INT02-C.+Understand+integer+conversion+rules[INT02-C. Understand integer conversion rules] * CERT - https://wiki.sei.cmu.edu/confluence/display/c/INT31-C.+Ensure+that+integer+conversions+do+not+result+in+lost+or+misinterpreted+data[INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data] -* CWE - https://cwe.mitre.org/data/definitions/195.html[195 Signed to Unsigned Conversion Error] +* CWE - https://cwe.mitre.org/data/definitions/195[CWE-195 Signed to Unsigned Conversion Error] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. === Related rules diff --git a/rules/S6185/cfamily/rule.adoc b/rules/S6185/cfamily/rule.adoc index 67328782c97..c292b1a5a7b 100644 --- a/rules/S6185/cfamily/rule.adoc +++ b/rules/S6185/cfamily/rule.adoc @@ -9,7 +9,7 @@ Before {cpp}20, one popular way to obtain the same result was the conversion of ``++std::format++`` is strictly superior. It is more efficient because it constructs the string in-place instead of copying substrings one by one. It is also often shorter and easier to read because the format pattern is presented in a single piece and not scattered across the concatenation expression. -This rule reports string concatenation cases that can be replaced by ``++std::format++`` and gain in speed and readability. +This rule reports string concatenation cases that can be replaced by ``++std::format++`` to improve performance and readability. === Noncompliant code example @@ -31,3 +31,19 @@ std::string greeting(int n) { } ---- +== Resources + +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/format/format[`std::format`] +* {cpp} reference - https://en.cppreference.com/w/cpp/string/basic_string/to_string[``++std::to_string++``] + +=== Articles & blog posts + +* {cpp} Stories - https://www.cppstories.com/2022/custom-stdformat-cpp20/[Formatting Custom types with std::format from {cpp}20] + +=== Related rules + +* S6484 - Concatenated "std::format" outputs should be replaced by a single invocation +* S6494 - {cpp} formatting functions should be used instead of C printf-like functions +* S6495 - "std::format" should be used instead of standard output manipulators diff --git a/rules/S6191/cfamily/rule.adoc b/rules/S6191/cfamily/rule.adoc index 5c5babfa73d..c5b085f19fd 100644 --- a/rules/S6191/cfamily/rule.adoc +++ b/rules/S6191/cfamily/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -In C++, it usually does not matter how many times you access a variable as long as the variable value is the right one. However, this is not the case when the variable is in a memory region mapped to external hardware. In that case, for instance, several successive reads can yield different values (if the memory is updated by the hardware in-between), and several writes of the same value may be significant (some hardware trigger events each time a memory location is written to). +In {cpp}, it usually does not matter how many times you access a variable as long as the variable value is the right one. However, this is not the case when the variable is in a memory region mapped to external hardware. In that case, for instance, several successive reads can yield different values (if the memory is updated by the hardware in-between), and several writes of the same value may be significant (some hardware trigger events each time a memory location is written to). To specify that every read and write has an impact outside of the abstract machine of the language, access to a variable may be qualified as `volatile`: it will oblige the program to perform all specified reads and writes operations without optimizing anything away. diff --git a/rules/S6194/rule.adoc b/rules/S6194/rule.adoc index 460fc82f546..fdfab5331f8 100644 --- a/rules/S6194/rule.adoc +++ b/rules/S6194/rule.adoc @@ -1,6 +1,25 @@ == Why is this an issue? -Cognitive Complexity is a measure of how hard the control flow of a function is to understand. Coroutines with high Cognitive Complexity will be difficult to maintain. +"Cognitive complexity" is a measure of how hard the control flow of a function is to understand. Code with high cognitive complexity is hard to read, understand, test, and modify. + +This rule raises on coroutines with high cognitive complexity. + +As a rule of thumb, high cognitive complexity is a sign that the code should be refactored into smaller, easier-to-manage pieces. + +=== Which syntax in code does impact cognitive complexity score? + +Here are the core concepts: + +* **Cognitive complexity is incremented each time the code breaks the normal linear reading flow.** + +This concerns, for example, loop structures, conditionals, catches, switches, jumps to labels, and conditions mixing multiple operators. +* **Each nesting level increases complexity.** + +During code reading, the deeper you go through nested layers, the harder it becomes to keep the context in mind. +* **Method calls are free** + + A well-picked method name is a summary of multiple lines of code. + A reader can first explore a high-level view of what the code is performing then go deeper and deeper by looking at called functions content. + +__Note:__ This does not apply to recursive calls, those will increment cognitive score. + +The method of computation is fully detailed in the pdf linked in the resources. == Resources diff --git a/rules/S6200/cfamily/metadata.json b/rules/S6200/cfamily/metadata.json index 39448f487b7..7e554f03c3f 100644 --- a/rules/S6200/cfamily/metadata.json +++ b/rules/S6200/cfamily/metadata.json @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "10min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-6200", @@ -30,5 +24,5 @@ "defaultQualityProfiles": [ "Sonar way" ], - "quickfix": "unknown" -} + "quickfix": "targeted" +} \ No newline at end of file diff --git a/rules/S6200/cfamily/rule.adoc b/rules/S6200/cfamily/rule.adoc index 21313efe996..7c4fb2362c7 100644 --- a/rules/S6200/cfamily/rule.adoc +++ b/rules/S6200/cfamily/rule.adoc @@ -1,9 +1,9 @@ == Why is this an issue? ``++volatile++`` can be used to qualify many objects in C and {cpp}, but only a few of the possible places have a well-defined meaning (global variables and local variables, for instance). -There is no well-defined meaning to the use of volatile to qualify a function return type or a function parameter. -Furthermore, for structured bindings, the volatile qualifier appertains to the decomposed object, which cannot be referred to. -Since {cpp}20, these uses are deprecated, but even before you should not use volatile in those places. +There is no well-defined meaning to the use of `volatile` to qualify a function return type or a function parameter. +Furthermore, for structured bindings, the `volatile` qualifier appertains to the decomposed object, which cannot be referred to. +Since {cpp}20, these uses are deprecated, but even before, you should not use volatile in those places. This rule raises an issue for a volatile qualified function return type, function parameter, and structured binding (available in {cpp} since {cpp}17). @@ -19,3 +19,11 @@ void g() { ---- +== Resources +=== External coding guidelines + +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#cp200-use-volatile-only-to-talk-to-non-c-memory[CP.200: Use volatile only to talk to non-{cpp} memory] +* MISRA {cpp}:2023, 10.1.2 - The volatile qualifier shall be used appropriately + +=== Related rules +* S3687 - Local variables and member data should not be volatile diff --git a/rules/S6204/java/metadata.json b/rules/S6204/java/metadata.json index e7768ee7e1c..993926eb507 100644 --- a/rules/S6204/java/metadata.json +++ b/rules/S6204/java/metadata.json @@ -16,17 +16,13 @@ "java16" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6204", "sqKey": "S6204", - "scope": "Main", + "scope": "All", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S6207/dart/metadata.json b/rules/S6207/dart/metadata.json new file mode 100644 index 00000000000..4d3d7fa62b3 --- /dev/null +++ b/rules/S6207/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Empty constructor bodies should be replaced with a semicolon" +} diff --git a/rules/S6207/dart/rule.adoc b/rules/S6207/dart/rule.adoc new file mode 100644 index 00000000000..c12d495a592 --- /dev/null +++ b/rules/S6207/dart/rule.adoc @@ -0,0 +1,57 @@ +== Why is this an issue? + +In Dart, we use constructors to provide an initialization logic for a new object creation. Sometimes we don't need any additional logic, so the constructor is left empty. In such cases, the constructor body can be simply removed and the declaration must be terminated with a semicolon. + +=== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class Person { + + String name; + int age; + + Person(this.name, this.age) {} +} +---- + + +=== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class Person { + + String name; + int age; + + Person(this.name, this.age); +} +---- + + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/empty_constructor_bodies[Dart Linter rule - empty_constructor_bodies] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Empty constructor bodies should be written using a ';' rather than '{}'. + +=== Highlighting + +The empty constructor body. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S6208/java/metadata.json b/rules/S6208/java/metadata.json index 6bc3d3718ec..bd74c6fde32 100644 --- a/rules/S6208/java/metadata.json +++ b/rules/S6208/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "CLEAR" }, @@ -16,17 +16,13 @@ "java14" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Info", "ruleSpecification": "RSPEC-6208", "sqKey": "S6208", - "scope": "Main", + "scope": "All", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S6212/java/metadata.json b/rules/S6212/java/metadata.json index 7ba08fa2cda..b80169d49b3 100644 --- a/rules/S6212/java/metadata.json +++ b/rules/S6212/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "CLEAR" }, @@ -16,19 +16,13 @@ "java10" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Info", "ruleSpecification": "RSPEC-6212", "sqKey": "S6212", "scope": "Main", - "defaultQualityProfiles": [ - - ], + "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S6213/java/metadata.json b/rules/S6213/java/metadata.json index 5f83660b6d3..bd23a8f3337 100644 --- a/rules/S6213/java/metadata.json +++ b/rules/S6213/java/metadata.json @@ -12,21 +12,15 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6213", "sqKey": "S6213", - "scope": "Main", + "scope": "All", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S6218/java/rule.adoc b/rules/S6218/java/rule.adoc index eee9429570d..a60828a6515 100644 --- a/rules/S6218/java/rule.adoc +++ b/rules/S6218/java/rule.adoc @@ -3,10 +3,10 @@ In records, the default behavior of the ``++equals()++`` method is to check the equality by field values. This works well for primitive fields or fields, whose type overrides ``++equals()++``, but this behavior doesn't work as expected for array fields. -By default, array fields are compared by their reference, and overriding ``++equals()++`` is highly appreciated to achieve the deep equality check. The same strategy applies to ``++hashcode()++`` and ``++toString()++`` methods. +By default, array fields are compared by their reference, and overriding ``++equals()++`` is highly appreciated to achieve the deep equality check. The same strategy applies to ``++hashCode()++`` and ``++toString()++`` methods. -This rule reports an issue if a record class has an array field and is not overriding ``++equals()++``, ``++hashcode()++`` or ``++toString()++`` methods. +This rule reports an issue if a record class has an array field and is not overriding ``++equals()++``, ``++hashCode()++`` or ``++toString()++`` methods. === Noncompliant code example @@ -60,7 +60,7 @@ ifdef::env-github,rspecator-view[] === Message -Override [equals|hashcode|toString] to consider array's content in the method +Override [equals|hashCode|toString] to consider array's content in the method === Highlighting diff --git a/rules/S6223/cfamily/metadata.json b/rules/S6223/cfamily/metadata.json index a54f2217507..b2125117f92 100644 --- a/rules/S6223/cfamily/metadata.json +++ b/rules/S6223/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6223", diff --git a/rules/S6226/cfamily/rule.adoc b/rules/S6226/cfamily/rule.adoc index 389055c08c5..7bfa6a63913 100644 --- a/rules/S6226/cfamily/rule.adoc +++ b/rules/S6226/cfamily/rule.adoc @@ -58,7 +58,7 @@ This rule does not apply to fields whose class has a non-default alignment. == Resources -* {cpp} reference - https://en.cppreference.com/w/cpp/language/attributes/no_unique_address[C++ attribute: no_unique_address] +* {cpp} reference - https://en.cppreference.com/w/cpp/language/attributes/no_unique_address[{cpp} attribute: no_unique_address] ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S6229/cfamily/rule.adoc b/rules/S6229/cfamily/rule.adoc index 40481ed92db..d59982f53a7 100644 --- a/rules/S6229/cfamily/rule.adoc +++ b/rules/S6229/cfamily/rule.adoc @@ -3,10 +3,10 @@ The ``++chrono++`` library, introduced in {cpp}20, provides support for calendars, time zones, and i/o formatting and parsing operations on time-related objects. -``++chrono++`` is a better alternative to the C/POSIX functions that operate on ``++time_t++``, ``++tm++``, or ``++timespec++`` types. In comparison to C facilities, it provides a better integration with other components of the {cpp} standard library: (``++iostreams++`` and ``++format++``). Also, it supports compile-time computation and it is thread safe. +``++chrono++`` is a better alternative to the C/POSIX functions that operate on ``++time_t++``, ``++tm++``, or ``++timespec++`` types. In comparison to C facilities, it provides better integration with other components of the {cpp} standard library (``++iostreams++`` and ``++format++``). Also, it supports compile-time computation and it is thread-safe. -This rule raises an issue on any use of C/POSIX functions that can be replaced with one of the ``++std::chrono++`` components: +This rule raises an issue C/POSIX functions that can be replaced with one of the ``++std::chrono++`` components: * querying for current time (``++time++``, ``++timespec_get++``, ``++clock_gettime++``) * date to time-point conversion (``++mktime++``, ``++gmtime++``, ``++localtime++``) @@ -42,17 +42,24 @@ std::optional yearOfTimePoint(std::chrono::system_clock::time_point tp) { return date->tm_year + 1900; } -std::string toIsoString(std::chrono::system_clock::time_point tp) { +std::string toString(std::chrono::system_clock::time_point tp) { std::time_t t = std::chrono::system_clock::to_time_t(tp); std::tm* date = std::gmtime(&t); // Noncompliant if (!date) throw InvalidDate(); std::string buffer(100, ' '); - std::size_t written = std::strftime(buffer.data(), buffer.size(), "%F", date); + std::size_t written = std::strftime(&buffer[0], buffer.size(), "%A %c", date); buffer.resize(written); return buffer; } + +std::string toFrenchString(std::chrono::system_clock::time_point tp) { + auto oldLocale = std::locale::global(std::locale("fr_FR.UTF-8")); + std::string result = toString(tp); + std::locale::global(oldLocale); + return result; +} ---- === Compliant solution @@ -78,8 +85,19 @@ std::optional yearOfTimePoint(std::chrono::system_clock::time return date.year(); } -std::string toIsoString(std::chrono::system_clock::time_point tp) { - return std::format("{:%F}", tp); +std::string toString(std::chrono::system_clock::time_point tp) { + return std::format("{:%A %c}", tp); // Or "{:L%A %c}" if you want to use the global locale +} + +std::string toFrenchString(std::chrono::system_clock::time_point tp) { + return std::format(std::locale("fr_FR.UTF-8"), "{:L%A %c}", tp); } ---- +== Resources + +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/chrono[Date and time utilities] +* {cpp} reference - https://en.cppreference.com/w/cpp/chrono/system_clock/formatter#Format_specification[Formatting `std::chrono::sys_time`] + diff --git a/rules/S6232/cfamily/rule.adoc b/rules/S6232/cfamily/rule.adoc index aca726e2997..73aaff98ada 100644 --- a/rules/S6232/cfamily/rule.adoc +++ b/rules/S6232/cfamily/rule.adoc @@ -103,7 +103,7 @@ float fastInvSqrt(float number) { === Conference presentations -* CppCon 2019 - https://www.youtube.com/watch?v=_qzMpk-22cc[Type punning in modern C++, Timur Doumler] +* CppCon 2019 - https://www.youtube.com/watch?v=_qzMpk-22cc[Type punning in modern {cpp}, Timur Doumler] === Related rules diff --git a/rules/S6235/cfamily/rule.adoc b/rules/S6235/cfamily/rule.adoc index 4abdb100c00..4c84ad9b6dc 100644 --- a/rules/S6235/cfamily/rule.adoc +++ b/rules/S6235/cfamily/rule.adoc @@ -29,7 +29,7 @@ const long double tau = 6.28L; == Resources -* https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#Rl-const[{cpp} Core Guidelines NL.26] - Use conventional const notation +* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#nl26-use-conventional-const-notation[NL.26: Use conventional `const` notation] ifdef::env-github,rspecator-view[] diff --git a/rules/S6245/metadata.json b/rules/S6245/metadata.json index 287a54472f6..0e1492fe05c 100644 --- a/rules/S6245/metadata.json +++ b/rules/S6245/metadata.json @@ -7,10 +7,8 @@ }, "attribute": "COMPLETE" }, - "status": "ready", + "status": "deprecated", "tags": [ - "aws", - "cwe" ], "extra": { "replacementRules": [ @@ -36,6 +34,5 @@ ] }, "defaultQualityProfiles": [ - "Sonar way" ] } diff --git a/rules/S6245/python/metadata.json b/rules/S6245/python/metadata.json index 17971333806..dca761a71ca 100644 --- a/rules/S6245/python/metadata.json +++ b/rules/S6245/python/metadata.json @@ -1,3 +1,5 @@ { - + "tags": [ + "deprecated" + ] } diff --git a/rules/S6245/see.adoc b/rules/S6245/see.adoc index 985907e9d7a..0f28a100f18 100644 --- a/rules/S6245/see.adoc +++ b/rules/S6245/see.adoc @@ -1,8 +1,3 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration * https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html[AWS documentation] - Protecting data using server-side encryption diff --git a/rules/S6246/java/metadata.json b/rules/S6246/java/metadata.json index a299ae4fe14..ee41a12acab 100644 --- a/rules/S6246/java/metadata.json +++ b/rules/S6246/java/metadata.json @@ -16,17 +16,13 @@ "aws" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6246", "sqKey": "S6246", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S6249/cloudformation/rule.adoc b/rules/S6249/cloudformation/rule.adoc index a0764241c3d..4260eff68df 100644 --- a/rules/S6249/cloudformation/rule.adoc +++ b/rules/S6249/cloudformation/rule.adoc @@ -25,7 +25,7 @@ Resources: S3Bucket: Type: 'AWS::S3::Bucket' # Sensitive Properties: - BucketName: "mynoncompliantbucket" + BucketName: "bucketname" S3BucketPolicy: Type: 'AWS::S3::BucketPolicy' @@ -39,7 +39,9 @@ Resources: AWS: # Sensitive: only one principal is forced to use https - 'arn:aws:iam::123456789123:root' Action: "*" - Resource: arn:aws:s3:::mynoncompliantbuckets6249/* + Resource: + - arn:aws:s3:::bucketname + - arn:aws:s3:::bucketname/* Condition: Bool: "aws:SecureTransport": false @@ -56,12 +58,12 @@ Resources: S3Bucket: Type: 'AWS::S3::Bucket' # Compliant Properties: - BucketName: "mycompliantbucket" + BucketName: "bucketname" S3BucketPolicy: Type: 'AWS::S3::BucketPolicy' Properties: - Bucket: "mycompliantbucket" + Bucket: !Ref S3Bucket PolicyDocument: Version: "2012-10-17" Statement: @@ -69,7 +71,9 @@ Resources: Principal: AWS: "*" # all principals should use https Action: "*" # for any actions - Resource: arn:aws:s3:::mycompliantbucket/* # for any resources + Resource: # for the bucket and all its objects + - arn:aws:s3:::bucketname + - arn:aws:s3:::bucketname/* Condition: Bool: "aws:SecureTransport": false diff --git a/rules/S6249/see.adoc b/rules/S6249/see.adoc index 1424bc1ecf8..c75646e9940 100644 --- a/rules/S6249/see.adoc +++ b/rules/S6249/see.adoc @@ -1,9 +1,5 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration * https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html#transit[AWS documentation] - Enforce encryption of data in transit * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-s3-5[AWS Foundational Security Best Practices controls] - S3 buckets should require requests to use Secure Socket Layer -* https://cwe.mitre.org/data/definitions/319[MITRE, CWE-319] - Cleartext Transmission of Sensitive Information \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information] \ No newline at end of file diff --git a/rules/S6249/terraform/rule.adoc b/rules/S6249/terraform/rule.adoc index 8b0914292d2..4d285586569 100644 --- a/rules/S6249/terraform/rule.adoc +++ b/rules/S6249/terraform/rule.adoc @@ -8,6 +8,7 @@ include::../recommended.adoc[] No secure policy is attached to this bucket: +[source,terraform] ---- resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive bucket = "mynoncompliantbucketname" @@ -16,6 +17,7 @@ resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive A policy is defined but forces only HTTPs communication for some users: +[source,terraform] ---- resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive bucket = "mynoncompliantbucketname" @@ -31,13 +33,13 @@ resource "aws_s3_bucket_policy" "mynoncompliantbucketpolicy" { { Sid = "HTTPSOnly" Effect = "Deny" - Principal = [ - "arn:aws:iam::123456789123:root" - ] # secondary location: only one principal is forced to use https + Principal = { + "AWS": "arn:aws:iam::123456789123:root" + } # secondary location: only one principal is forced to use https Action = "s3:*" Resource = [ - aws_s3_bucket.mynoncompliantbucketpolicy.arn, - "${aws_s3_bucket.mynoncompliantbucketpolicy.arn}/*", + aws_s3_bucket.mynoncompliantbucket.arn, + "${aws_s3_bucket.mynoncompliantbucket.arn}/*", ] Condition = { Bool = { @@ -70,7 +72,9 @@ resource "aws_s3_bucket_policy" "mycompliantpolicy" { { Sid = "HTTPSOnly" Effect = "Deny" - Principal = "*" + Principal = { + "AWS": "*" + } Action = "s3:*" Resource = [ aws_s3_bucket.mycompliantbucket.arn, diff --git a/rules/S6252/see.adoc b/rules/S6252/see.adoc index 4b4e07038a1..a56c8746e50 100644 --- a/rules/S6252/see.adoc +++ b/rules/S6252/see.adoc @@ -1,5 +1,3 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration * https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html[AWS documentation] - Using versioning in S3 buckets diff --git a/rules/S6255/terraform/metadata.json b/rules/S6255/terraform/metadata.json index cc3f9cab293..c15bdaa4879 100644 --- a/rules/S6255/terraform/metadata.json +++ b/rules/S6255/terraform/metadata.json @@ -38,7 +38,5 @@ "6.2.4" ] }, - "defaultQualityProfiles": [ - "Sonar way" - ] + "defaultQualityProfiles": [] } diff --git a/rules/S6255/terraform/rule.adoc b/rules/S6255/terraform/rule.adoc index 6cb74acdda8..cd5dc4d39d0 100644 --- a/rules/S6255/terraform/rule.adoc +++ b/rules/S6255/terraform/rule.adoc @@ -85,10 +85,8 @@ resource "aws_s3_bucket_versioning" "example" { == See -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures * https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html[AWS documentation] - Configuring MFA delete -* https://cwe.mitre.org/data/definitions/308[MITRE, CWE-308] - Use of Single-factor Authentication -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication +* CWE - https://cwe.mitre.org/data/definitions/308[CWE-308 - Use of Single-factor Authentication] ifdef::env-github,rspecator-view[] diff --git a/rules/S6258/cloudformation/rule.adoc b/rules/S6258/cloudformation/rule.adoc index 8dcb2325d46..15076aef67e 100644 --- a/rules/S6258/cloudformation/rule.adoc +++ b/rules/S6258/cloudformation/rule.adoc @@ -100,8 +100,8 @@ Resources: Type: "AWS::Redshift::Cluster" Properties: DBName: "Redshift Warehouse Cluster" ----- - +---- + For https://aws.amazon.com/opensearch-service/[Amazon OpenSearch] service or Amazon Elasticsearch service: [source,yaml] @@ -169,19 +169,41 @@ For https://aws.amazon.com/s3/[Amazon S3 access requests]: ---- AWSTemplateFormatVersion: 2010-09-09 Resources: - S3BucketLogs: - Type: 'AWS::S3::Bucket' - Properties: - BucketName: "mycompliantloggingbucket" - AccessControl: LogDeliveryWrite - S3Bucket: Type: 'AWS::S3::Bucket' Properties: BucketName: "mycompliantbucket" LoggingConfiguration: - DestinationBucketName: !Ref S3BucketLogs + DestinationBucketName: !Ref S3LoggingBucket LogFilePrefix: testing-logs + S3LoggingBucket: + Type: 'AWS::S3::Bucket' + Properties: + BucketName: "mycompliantloggingbucket" + S3BucketPolicy: + Type: 'AWS::S3::BucketPolicy' + Properties: + Bucket: !Ref S3LoggingBucket + PolicyDocument: + Version: 2012-10-17 + Statement: + - Action: + - 's3:PutObject' + Effect: Allow + Principal: + Service: logging.s3.amazonaws.com + Resource: !Join + - '' + - - 'arn:aws:s3:::' + - !Ref S3LoggingBucket + - /* + Condition: + ArnLike: + 'aws:SourceArn': !GetAtt + - S3Bucket + - Arn + StringEquals: + 'aws:SourceAccount': !Sub '${AWS::AccountId}' ---- For https://aws.amazon.com/api-gateway/[Amazon API Gateway] stages: @@ -259,8 +281,8 @@ Resources: Logs: Audit: true General: true ----- - +---- + For https://aws.amazon.com/redshift/[Amazon Redshift]: diff --git a/rules/S6258/see.adoc b/rules/S6258/see.adoc index 9f25c500c3d..0387cf1bbb7 100644 --- a/rules/S6258/see.adoc +++ b/rules/S6258/see.adoc @@ -1,6 +1,4 @@ == See -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures * https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html[AWS Documentation] - Logging requests using server access logging -* https://cwe.mitre.org/data/definitions/778[MITRE, CWE-778] - Insufficient Logging -* https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[OWASP Top 10 2017 Category A10] - Insufficient Logging & Monitoring \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/778[CWE-778 - Insufficient Logging] diff --git a/rules/S6258/terraform/rule.adoc b/rules/S6258/terraform/rule.adoc index 5e377162f5b..fc73df26cbb 100644 --- a/rules/S6258/terraform/rule.adoc +++ b/rules/S6258/terraform/rule.adoc @@ -118,25 +118,43 @@ resource "google_container_cluster" "example" { For Amazon https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket[S3 access requests]: [source,terraform] ---- -resource "aws_s3_bucket" "example-logs" { - bucket = "example_logstorage" - acl = "log-delivery-write" -} - resource "aws_s3_bucket" "example" { bucket = "example" - - logging { # AWS provider <= 3 - target_bucket = aws_s3_bucket.example-logs.id - target_prefix = "log/example" - } } -resource "aws_s3_bucket_logging" "example" { # AWS provider >= 4 +resource "aws_s3_bucket_logging" "example" { bucket = aws_s3_bucket.example.id - target_bucket = aws_s3_bucket.example-logs.id - target_prefix = "log/example" + target_bucket = aws_s3_bucket.logs.id + target_prefix = "testing-logs" +} + +# Set up a logging bucket +resource "aws_s3_bucket" "logs" { + bucket = "example_logstorage" +} + +data "aws_iam_policy_document" "logs" { + statement { + sid = "s3-log-delivery" + effect = "Allow" + + principals { + type = "Service" + identifiers = ["logging.s3.amazonaws.com"] + } + + actions = ["s3:PutObject"] + + resources = [ + "${aws_s3_bucket.logs.arn}/*", + ] + } +} + +resource "aws_s3_bucket_policy" "logs" { + bucket = aws_s3_bucket.example-logs.id + policy = data.aws_iam_policy_document.example.json } ---- diff --git a/rules/S6265/metadata.json b/rules/S6265/metadata.json index 9698c073266..677f5bf6525 100644 --- a/rules/S6265/metadata.json +++ b/rules/S6265/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6265", diff --git a/rules/S6265/see.adoc b/rules/S6265/see.adoc index 17454cbc74a..49f49773bba 100644 --- a/rules/S6265/see.adoc +++ b/rules/S6265/see.adoc @@ -1,8 +1,6 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control * https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl[AWS Documentation] - Access control list (ACL) overview (canned ACLs) * https://docs.aws.amazon.com/AmazonS3/latest/userguide/walkthrough1.html[AWS Documentation] - Controlling access to a bucket with user policies -* https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] diff --git a/rules/S6268/javascript/metadata.json b/rules/S6268/javascript/metadata.json index 873e91d92da..8f6ca4a6c6d 100644 --- a/rules/S6268/javascript/metadata.json +++ b/rules/S6268/javascript/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -12,12 +12,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6268", diff --git a/rules/S6268/javascript/rule.adoc b/rules/S6268/javascript/rule.adoc index 1324fd91aa9..e55971c4ec5 100644 --- a/rules/S6268/javascript/rule.adoc +++ b/rules/S6268/javascript/rule.adoc @@ -66,9 +66,9 @@ export class HelloComponent implements OnInit { == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] * https://angular.io/guide/security[Angular - Best Practices - Security] diff --git a/rules/S6270/metadata.json b/rules/S6270/metadata.json index fdae780b9fd..23c29806819 100644 --- a/rules/S6270/metadata.json +++ b/rules/S6270/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6270", @@ -38,6 +34,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222620" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6270/see.adoc b/rules/S6270/see.adoc index a132b69ed97..d2aed85fbfd 100644 --- a/rules/S6270/see.adoc +++ b/rules/S6270/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control * https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege[AWS Documentation] - Grant least privilege -* https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. + diff --git a/rules/S6273/cloudformation/rule.adoc b/rules/S6273/cloudformation/rule.adoc index 086faa0d3a0..32540ba9e5c 100644 --- a/rules/S6273/cloudformation/rule.adoc +++ b/rules/S6273/cloudformation/rule.adoc @@ -10,7 +10,7 @@ include::../description.adoc[] ==== Noncompliant code example -With default provided regular expression ^([A-Z][A-Za-z]*:)*([A-Z][A-Za-z]*)$: +With default provided regular expression `^([A-Z][A-Za-z]\*:)*([A-Z][A-Za-z]*)$`: [source,yaml,diff-id=1,diff-type=noncompliant] ---- diff --git a/rules/S6273/description.adoc b/rules/S6273/description.adoc index 3586c768050..7963c986f97 100644 --- a/rules/S6273/description.adoc +++ b/rules/S6273/description.adoc @@ -1,33 +1,3 @@ -A well-structured tagging strategy is essential when working with AWS resources. -Inadequate tagging practices can lead to several potential issues and make it challenging to manage your AWS environment effectively: +Proper tagging enhances resource discovery, lifecycle management, and overall productivity within the AWS environment. -When resources lack proper tags or have inconsistent tagging, it becomes difficult to identify their purpose, owner, or role within the infrastructure. -This ambiguity can lead to confusion and errors during resource management and allocation. -Without clear and consistent tags, teams may struggle to understand the resource's function, hindering collaboration and efficiency. - -Effective tagging is crucial for monitoring and managing costs in AWS. -Resources without appropriate tags may not be adequately categorized, making tracking their usage and associated expenses hard. -As a result, it becomes challenging to allocate costs to specific projects, departments, or teams accurately. -Poor cost visibility can lead to overspending, budgeting issues, and difficulty in optimizing resource allocation. - -Tags play a significant role in resource security and compliance. -Inadequate tagging can result in incorrectly classified resources, leading to potential security vulnerabilities and compliance risks. -It becomes challenging to apply consistent security policies, control access, and track changes without proper tagging. -This can leave the AWS environment more susceptible to unauthorized access and compliance violations. - -Automation and governance rely on well-defined tags to enforce policies and ensure consistent resource management. -Inadequate tagging practices can hinder automation efforts, making it challenging to automate resource provisioning, scaling, and deprovisioning. -Additionally, insufficient tags can lead to governance challenges, making it harder to enforce standardized policies and configurations across resources. - -Tags enable efficient resource search and filtering in the AWS Management Console and API. -When tags are missing, inconsistent, or irrelevant, locating specific resources becomes cumbersome. -Teams may need to resort to manual searches or resort to resource-naming conventions, defeating the purpose of tags. -The lack of well-organized tags can increase the time and effort required for resource discovery and impact productivity. - -Inadequate tagging practices can also impede resource lifecycle management. -It becomes harder to track when resources were created, their purpose, and whether they are still in use. -Without this vital information, it becomes challenging to identify and delete unused or deprecated resources, leading to resource sprawl and increased costs. - -In summary, an inadequate tagging strategy in AWS resources can lead to difficulties in resource identification, cost management, security, automation, and resource lifecycle management. -It is crucial to establish a well-organized tagging approach to mitigate these potential issues and efficiently manage your AWS environment. -In the following section, we will explore how to fix this code smell by adopting best practices for tagging AWS resources. +This rule ensures that AWS tag keys adhere to a specified naming convention, facilitating effective resource management, cost tracking, security compliance, and automation. diff --git a/rules/S6273/see.adoc b/rules/S6273/see.adoc index 7f5c874cda8..aa4370227e5 100644 --- a/rules/S6273/see.adoc +++ b/rules/S6273/see.adoc @@ -1,3 +1,38 @@ == Resources + +A well-structured tagging strategy is essential when working with AWS resources. +Inadequate tagging practices can lead to several potential issues and make it challenging to manage your AWS environment effectively: + +When resources lack proper tags or have inconsistent tagging, it becomes difficult to identify their purpose, owner, or role within the infrastructure. +This ambiguity can lead to confusion and errors during resource management and allocation. +Without clear and consistent tags, teams may struggle to understand the resource's function, hindering collaboration and efficiency. + +Effective tagging is crucial for monitoring and managing costs in AWS. +Resources without appropriate tags may not be adequately categorized, making tracking their usage and associated expenses hard. +As a result, it becomes challenging to allocate costs to specific projects, departments, or teams accurately. +Poor cost visibility can lead to overspending, budgeting issues, and difficulty in optimizing resource allocation. + +Tags play a significant role in resource security and compliance. +Inadequate tagging can result in incorrectly classified resources, leading to potential security vulnerabilities and compliance risks. +It becomes challenging to apply consistent security policies, control access, and track changes without proper tagging. +This can leave the AWS environment more susceptible to unauthorized access and compliance violations. + +Automation and governance rely on well-defined tags to enforce policies and ensure consistent resource management. +Inadequate tagging practices can hinder automation efforts, making it challenging to automate resource provisioning, scaling, and deprovisioning. +Additionally, insufficient tags can lead to governance challenges, making it harder to enforce standardized policies and configurations across resources. + +Tags enable efficient resource search and filtering in the AWS Management Console and API. +When tags are missing, inconsistent, or irrelevant, locating specific resources becomes cumbersome. +Teams may need to resort to manual searches or resort to resource-naming conventions, defeating the purpose of tags. +The lack of well-organized tags can increase the time and effort required for resource discovery and impact productivity. + +Inadequate tagging practices can also impede resource lifecycle management. +It becomes harder to track when resources were created, their purpose, and whether they are still in use. +Without this vital information, it becomes challenging to identify and delete unused or deprecated resources, leading to resource sprawl and increased costs. + +In summary, an inadequate tagging strategy in AWS resources can lead to difficulties in resource identification, cost management, security, automation, and resource lifecycle management. +It is crucial to establish a well-organized tagging approach to mitigate these potential issues and efficiently manage your AWS environment. +In the following section, we will explore how to fix this code smell by adopting best practices for tagging AWS resources. + === Documentation https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/adopt-a-standardized-approach-for-tag-names.html[AWS Documentation] Adopt a Standardized Approach for Tag Names diff --git a/rules/S6273/summary.adoc b/rules/S6273/summary.adoc index 677a67e3559..59f500855e6 100644 --- a/rules/S6273/summary.adoc +++ b/rules/S6273/summary.adoc @@ -1,2 +1 @@ Amazon Web Services (AWS) resources tags are metadata labels with keys and optional values used to categorize and manage resources. -An ineffective tagging strategy can lead to difficulties in resource identification, cost management, and overall AWS environment management. diff --git a/rules/S6275/see.adoc b/rules/S6275/see.adoc index f043383f945..b1398e79e47 100644 --- a/rules/S6275/see.adoc +++ b/rules/S6275/see.adoc @@ -1,8 +1,4 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html[Amazon EBS encryption] -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] diff --git a/rules/S6281/metadata.json b/rules/S6281/metadata.json index b369a8e553b..b1685d09648 100644 --- a/rules/S6281/metadata.json +++ b/rules/S6281/metadata.json @@ -37,6 +37,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222620" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6281/see.adoc b/rules/S6281/see.adoc index 866174ac569..e4e36b22c4e 100644 --- a/rules/S6281/see.adoc +++ b/rules/S6281/see.adoc @@ -1,7 +1,6 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html[AWS Documentation] - Blocking public access to your Amazon S3 storage -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. + diff --git a/rules/S6287/common/resources/standards.adoc b/rules/S6287/common/resources/standards.adoc index 37755cd8a0a..c64ed9e868a 100644 --- a/rules/S6287/common/resources/standards.adoc +++ b/rules/S6287/common/resources/standards.adoc @@ -1,6 +1,9 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/384[MITRE, CWE-384] - Session Fixation \ No newline at end of file +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/384[CWE-384 - Session Fixation] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582[Application Security and Development: V-222582] - The application must not re-use or recycle session IDs. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S6287/message.adoc b/rules/S6287/message.adoc index c19f60d6127..950beb752b2 100644 --- a/rules/S6287/message.adoc +++ b/rules/S6287/message.adoc @@ -1,4 +1,4 @@ === Message -Change this code to not place user-controlled data in the cookie name. +Change this code to not place user-controlled data in a session cookie. diff --git a/rules/S6287/metadata.json b/rules/S6287/metadata.json index b07a270100f..bbc030c2c02 100644 --- a/rules/S6287/metadata.json +++ b/rules/S6287/metadata.json @@ -47,6 +47,10 @@ "ASVS 4.0": [ "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222582", + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6287/python/how-to-fix-it/fastapi.adoc b/rules/S6287/python/how-to-fix-it/fastapi.adoc new file mode 100644 index 00000000000..f2ba5baee9c --- /dev/null +++ b/rules/S6287/python/how-to-fix-it/fastapi.adoc @@ -0,0 +1,39 @@ +== How to fix it in FastAPI + +=== Code examples + +include::../../common/fix/code-rationale.adoc[] + +==== Noncompliant code example + +[source,python,diff-id=11,diff-type=noncompliant] +---- +from fastapi import APIRouter +from fastapi.responses import Response, RedirectResponse +from fastapi.requests import Request + +router = APIRouter() + +@router.get('/check-cookie') +async def check_cookie(request: Request, response: Response, cookie: str | None = None): + if "session" not in request.cookies.keys(): + response.set_cookie("session", cookie) # Noncompliant +---- + +==== Compliant solution + +[source,python,diff-id=11,diff-type=compliant] +---- +from fastapi import APIRouter +from fastapi.responses import Response, RedirectResponse +from fastapi.requests import Request + +router = APIRouter() + +@router.get('/check-cookie') +async def check_cookie(request: Request): + if "session" not in request.cookies.keys(): + return RedirectResponse("/getcookie") +---- + +include::../../common/fix/how-does-this-work.adoc[] diff --git a/rules/S6287/python/rule.adoc b/rules/S6287/python/rule.adoc index 8c7c8baec86..b81eb46b104 100644 --- a/rules/S6287/python/rule.adoc +++ b/rules/S6287/python/rule.adoc @@ -8,6 +8,8 @@ include::../impact.adoc[] include::how-to-fix-it/django.adoc[] +include::how-to-fix-it/fastapi.adoc[] + == Resources include::../common/resources/standards.adoc[] diff --git a/rules/S6288/see.adoc b/rules/S6288/see.adoc index 30a0e264d62..099a84ccab0 100644 --- a/rules/S6288/see.adoc +++ b/rules/S6288/see.adoc @@ -1,8 +1,8 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] * https://developer.android.com/privacy-and-security/keystore[developer.android.com] - Android keystore system * https://developer.android.com/privacy-and-security/keystore#UserAuthentication[developer.android.com] - Require user authentication for key use -* https://mobile-security.gitbook.io/masvs/security-requirements/0x07-v2-data_storage_and_privacy_requirements[Mobile AppSec Verification Standard] - Authentication and Session Management Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m4-insecure-authentication[OWASP Mobile Top 10 2016 Category M4] - Insecure Authentication -* https://cwe.mitre.org/data/definitions/522[MITRE, CWE-522] - Insufficiently Protected Credentials \ No newline at end of file +* OWASP - https://mas.owasp.org/checklists/MASVS-STORAGE/[Mobile AppSec Verification Standard - Authentication and Session Management Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m4-insecure-authentication[Mobile Top 10 2016 Category M4 - Insecure Authentication] +* CWE - https://cwe.mitre.org/data/definitions/522[CWE-522 - Insufficiently Protected Credentials] \ No newline at end of file diff --git a/rules/S6290/secrets/metadata.json b/rules/S6290/secrets/metadata.json index 178bb00f0f8..85f0f30bf4b 100644 --- a/rules/S6290/secrets/metadata.json +++ b/rules/S6290/secrets/metadata.json @@ -52,6 +52,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6290/secrets/rule.adoc b/rules/S6290/secrets/rule.adoc index b37b8522453..1bdd2e4e7a0 100644 --- a/rules/S6290/secrets/rule.adoc +++ b/rules/S6290/secrets/rule.adoc @@ -8,7 +8,6 @@ include::../../../shared_content/secrets/rationale.adoc[] This rule detects the following leaks: * AWS Secret Access Keys -* AWS Access IDs * AWS Session Tokens === What is the potential impact? diff --git a/rules/S6291/see.adoc b/rules/S6291/see.adoc index f847e078288..f18fce10f6a 100644 --- a/rules/S6291/see.adoc +++ b/rules/S6291/see.adoc @@ -1,10 +1,10 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://mobile-security.gitbook.io/masvs/security-requirements/0x07-v2-data_storage_and_privacy_requirements[Mobile AppSec Verification Standard] - Data Storage and Privacy Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[OWASP Mobile Top 10 2016 Category M2] - Insecure Data Storage -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://mas.owasp.org/checklists/MASVS-STORAGE/[Mobile AppSec Verification Standard] - Data Storage and Privacy Requirements +* https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[Mobile Top 10 2016 Category M2] - Insecure Data Storage +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] diff --git a/rules/S6292/secrets/metadata.json b/rules/S6292/secrets/metadata.json index 8039ca052d4..bfa4c973408 100644 --- a/rules/S6292/secrets/metadata.json +++ b/rules/S6292/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,12 +17,8 @@ "cert" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6292", @@ -52,6 +48,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6293/metadata.json b/rules/S6293/metadata.json index c3a7e9eb756..d5ca7afeea1 100644 --- a/rules/S6293/metadata.json +++ b/rules/S6293/metadata.json @@ -13,7 +13,8 @@ "constantCost": "5min" }, "tags": [ - "cwe" + "cwe", + "android" ], "extra": { "replacementRules": [ diff --git a/rules/S6293/see.adoc b/rules/S6293/see.adoc index bf6ff33ef18..88f5278c176 100644 --- a/rules/S6293/see.adoc +++ b/rules/S6293/see.adoc @@ -1,7 +1,7 @@ == See -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] * https://developer.android.com/training/sign-in/biometric-auth[developer.android.com] - Use a cryptographic solution that depends on authentication -* https://owasp.org/www-project-mobile-top-10/2016-risks/m4-insecure-authentication[OWASP Mobile Top 10 Category M4] - Insecure Authentication -* https://mobile-security.gitbook.io/masvs/security-requirements/0x09-v4-authentication_and_session_management_requirements[OWASP MASVS] - Authentication and Session Management Requirements -* https://cwe.mitre.org/data/definitions/287[MITRE, CWE-287] - Improper Authentication \ No newline at end of file +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m4-insecure-authentication[Mobile Top 10 2016 Category M4 - Insecure Authentication] +* OWASP - https://mas.owasp.org/checklists/MASVS-AUTH/[Mobile AppSec Verification Standard - Authentication and Session Management Requirements] +* CWE - https://cwe.mitre.org/data/definitions/287[CWE-287 - Improper Authentication] \ No newline at end of file diff --git a/rules/S6294/cloudformation/rule.adoc b/rules/S6294/cloudformation/rule.adoc index b92db579530..89454283804 100644 --- a/rules/S6294/cloudformation/rule.adoc +++ b/rules/S6294/cloudformation/rule.adoc @@ -57,7 +57,7 @@ Resources: ==== Compliant solution -Example with a `!Ref`: +Example with a `!Ref` in `LogGroup`: [source,yaml] ---- @@ -76,6 +76,27 @@ Resources: RetentionInDays: 30 ---- +Example with a `!Ref` in `AWS::Lambda::Function` (it also works for `AWS::Serverless::Function`): + +[source,yaml] +---- +AWSTemplateFormatVersion: 2010-09-09 +Resources: + ExampleFunction: + Type: AWS::Lambda::Function + Properties: + Runtime: nodejs12.x + Description: Example of Lambda Function + LoggingConfig: + LogGroup: !Ref ExampleLogGroup + + ExampleLogGroup: + Type: AWS::Logs::LogGroup + Properties: + LogGroupName: "/aws/lambda/exampleFunction" + RetentionInDays: 30 +---- + Example with `!Sub`: [source,yaml] @@ -95,6 +116,21 @@ Resources: RetentionInDays: 30 ---- +Example with `CloudWatchLogs` (it only works for `AWS::CodeBuild::Project`): + +[source,yaml] +---- +AWSTemplateFormatVersion: 2010-09-09 +Resources: + CodeBuildProject: + Type: AWS::CodeBuild::Project + Properties: + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + GroupName: "aws/codeBuild/project" +---- + == Resources * AWS Documentation https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html[AWS::Logs::LogGroup] diff --git a/rules/S6299/javascript/metadata.json b/rules/S6299/javascript/metadata.json index e4632d4c9ab..b2600d04bef 100644 --- a/rules/S6299/javascript/metadata.json +++ b/rules/S6299/javascript/metadata.json @@ -3,18 +3,16 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, - "status": "ready", + "status": "deprecated", "tags": [ "cwe" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6299", @@ -41,6 +39,5 @@ ] }, "defaultQualityProfiles": [ - "Sonar way" ] } diff --git a/rules/S6299/javascript/rule.adoc b/rules/S6299/javascript/rule.adoc index d6fcc7bd689..23bd4c0b4cc 100644 --- a/rules/S6299/javascript/rule.adoc +++ b/rules/S6299/javascript/rule.adoc @@ -83,8 +83,8 @@ When using JSX, putting the content as a child node of the element is safe: == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] * https://vuejs.org/v2/guide/security.html#Injecting-HTML[Vue.js - Security - Injecting HTML] diff --git a/rules/S6300/see.adoc b/rules/S6300/see.adoc index 57de178ddac..d223601a676 100644 --- a/rules/S6300/see.adoc +++ b/rules/S6300/see.adoc @@ -1,8 +1,8 @@ == See -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://mobile-security.gitbook.io/masvs/security-requirements/0x07-v2-data_storage_and_privacy_requirements[Mobile AppSec Verification Standard] - Data Storage and Privacy Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[OWASP Mobile Top 10 2016 Category M2] - Insecure Data Storage -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://mas.owasp.org/checklists/MASVS-STORAGE/[Mobile AppSec Verification Standard - Data Storage and Privacy Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[Mobile Top 10 2016 Category M2 - Insecure Data Storage] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] diff --git a/rules/S6301/common/resources/docs.adoc b/rules/S6301/common/resources/docs.adoc index 3debc875755..614491b2edf 100644 --- a/rules/S6301/common/resources/docs.adoc +++ b/rules/S6301/common/resources/docs.adoc @@ -2,4 +2,4 @@ * Android Documentation - https://developer.android.com/privacy-and-security/keystore[Android Keystore system] * Android Documentation - https://developer.android.com/privacy-and-security/security-tips#UserData[Security tips - User data] -* OWASP Mobile Application Security Testing Guide - https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05d-testing-data-storage[Data Storage on Android] +* OWASP Mobile Application Security Testing Guide - https://mas.owasp.org/MASTG/0x05d-Testing-Data-Storage/[Data Storage on Android] diff --git a/rules/S6301/common/resources/standards.adoc b/rules/S6301/common/resources/standards.adoc index 787382bf55d..abe88d58f09 100644 --- a/rules/S6301/common/resources/standards.adoc +++ b/rules/S6301/common/resources/standards.adoc @@ -1,10 +1,10 @@ === Standards -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://mobile-security.gitbook.io/masvs/security-requirements/0x07-v2-data_storage_and_privacy_requirements[Mobile AppSec Verification Standard] - Data Storage and Privacy Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[OWASP Mobile Top 10 2016 Category M2] - Insecure Data Storage -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data -* https://cwe.mitre.org/data/definitions/321[MITRE, CWE-321] - Use of Hard-coded Cryptographic Key \ No newline at end of file +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://mas.owasp.org/checklists/MASVS-STORAGE/[Mobile AppSec Verification Standard - Data Storage and Privacy Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[Mobile Top 10 2016 Category M2 - Insecure Data Storage] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* CWE - https://cwe.mitre.org/data/definitions/321[CWE-321 - Use of Hard-coded Cryptographic Key] diff --git a/rules/S6301/java/metadata.json b/rules/S6301/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S6301/java/metadata.json +++ b/rules/S6301/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S6302/metadata.json b/rules/S6302/metadata.json index 92d33a2d03c..66a0c3dd7a6 100644 --- a/rules/S6302/metadata.json +++ b/rules/S6302/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "aws" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6302", diff --git a/rules/S6302/see.adoc b/rules/S6302/see.adoc index 97f32c9c81e..58a3ec0f083 100644 --- a/rules/S6302/see.adoc +++ b/rules/S6302/see.adoc @@ -1,8 +1,6 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control * https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege[AWS Documentation] - Grant least privilege * https://cloud.google.com/iam/docs/understanding-roles[Google Cloud Documentation] - Understanding roles -* https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] diff --git a/rules/S6303/metadata.json b/rules/S6303/metadata.json index 33404758f11..321bbae3a9a 100644 --- a/rules/S6303/metadata.json +++ b/rules/S6303/metadata.json @@ -39,6 +39,9 @@ "PCI DSS 4.0": [ "2.2", "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222588" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6303/see.adoc b/rules/S6303/see.adoc index 05b23ce67c7..035465c64fa 100644 --- a/rules/S6303/see.adoc +++ b/rules/S6303/see.adoc @@ -1,4 +1,6 @@ == See * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html[AWS Documentation] - Encrypting Amazon RDS resources -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. + diff --git a/rules/S6304/metadata.json b/rules/S6304/metadata.json index d6a22bcc0dd..d64c3663366 100644 --- a/rules/S6304/metadata.json +++ b/rules/S6304/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -17,12 +17,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6304", diff --git a/rules/S6304/see.adoc b/rules/S6304/see.adoc index a132b69ed97..0d9741b7da4 100644 --- a/rules/S6304/see.adoc +++ b/rules/S6304/see.adoc @@ -1,7 +1,5 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control * https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege[AWS Documentation] - Grant least privilege -* https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] diff --git a/rules/S6308/elasticsearch_see.adoc b/rules/S6308/elasticsearch_see.adoc index c0122d8b414..f66398deadc 100644 --- a/rules/S6308/elasticsearch_see.adoc +++ b/rules/S6308/elasticsearch_see.adoc @@ -1,9 +1,6 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/encryption-at-rest.html[AWS Documentation] - Encryption of data at rest for Amazon Elasticsearch Service -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. + diff --git a/rules/S6308/metadata.json b/rules/S6308/metadata.json index 6a31d27fae8..20746056f68 100644 --- a/rules/S6308/metadata.json +++ b/rules/S6308/metadata.json @@ -39,6 +39,9 @@ "PCI DSS 4.0": [ "2.2", "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222588" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6308/opensearch_see.adoc b/rules/S6308/opensearch_see.adoc index cb9028cf393..062b89830ea 100644 --- a/rules/S6308/opensearch_see.adoc +++ b/rules/S6308/opensearch_see.adoc @@ -1,9 +1,6 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html[AWS Documentation] - Encryption of data at rest for Amazon OpenSearch Service -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. + diff --git a/rules/S6317/common/resources/standards.adoc b/rules/S6317/common/resources/standards.adoc index 38d55ddc676..d5a360369a7 100644 --- a/rules/S6317/common/resources/standards.adoc +++ b/rules/S6317/common/resources/standards.adoc @@ -1,5 +1,3 @@ === Standards -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-269] - Improper Privilege Management \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-269 - Improper Privilege Management] diff --git a/rules/S6319/metadata.json b/rules/S6319/metadata.json index 9bbe2be4054..e535002c22f 100644 --- a/rules/S6319/metadata.json +++ b/rules/S6319/metadata.json @@ -39,6 +39,9 @@ "PCI DSS 4.0": [ "2.2", "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222588" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6319/see.adoc b/rules/S6319/see.adoc index 6bdd2b97fa9..0d37d1c494c 100644 --- a/rules/S6319/see.adoc +++ b/rules/S6319/see.adoc @@ -1,9 +1,5 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/sagemaker/latest/dg/encryption-at-rest.html[Protect Data at Rest Using Encryption] -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6320/java/rule.adoc b/rules/S6320/java/rule.adoc index ac38ad2045d..c5640e00164 100644 --- a/rules/S6320/java/rule.adoc +++ b/rules/S6320/java/rule.adoc @@ -27,7 +27,7 @@ You should try to identify the code responsible for these checks and fix it. [source,java,diff-id=1,diff-type=noncompliant] ---- -String hexString(Object o) { +private String hexString(Object o) { return Integer.toHexString((Integer) o); // Noncompliant if hexString is called with a String for example } ---- @@ -38,7 +38,7 @@ One possible solution is to change `hexString` to only accept integers and adapt [source,java,diff-id=1,diff-type=compliant] ---- -String hexString(Integer i) { +private String hexString(Integer i) { return Integer.toHexString(i); } ---- @@ -48,7 +48,7 @@ Here, the `if` statement with the condition relying on `instanceof` prevents ref [source,java,diff-id=1,diff-type=compliant] ---- -String hexString(Object o) { +private String hexString(Object o) { if (o instanceof Integer) { return Integer.toHexString((Integer) o); } diff --git a/rules/S6321/ansible/metadata.json b/rules/S6321/ansible/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6321/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6321/ansible/rule.adoc b/rules/S6321/ansible/rule.adoc new file mode 100644 index 00000000000..2b072f26cf5 --- /dev/null +++ b/rules/S6321/ansible/rule.adoc @@ -0,0 +1,105 @@ +== Why is this an issue? + +include::../rationale.adoc[] + +include::../impact.adoc[] + +== How to fix it + +include::../common/how-to-fix-it/intro.adoc[] + +=== Code examples + +==== Noncompliant code example + +An ingress rule allowing all inbound SSH traffic: + +[source,yaml,diff-id=1,diff-type=noncompliant] +---- +--- +- name: Configure iptables rules + hosts: all + become: yes + tasks: + - name: Allow incoming SSH connections on port 22 + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + destination_port: "22" # Noncompliant + jump: ACCEPT + + - name: Allow existing connections + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + ctstate: ESTABLISHED,RELATED + jump: ACCEPT + + - name: Drop all other incoming traffic + ansible.builtin.iptables: + chain: INPUT + jump: DROP +---- + +==== Compliant solution + +An ingress rule allowing inbound SSH traffic from specific IP addresses: + +[source,yaml,diff-id=1,diff-type=compliant] +---- +--- +- name: Configure iptables rules + hosts: all + become: yes + tasks: + - name: Allow incoming SSH connections on port 22 + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + destination_port: "22" + source: "42.42.42.42" + jump: ACCEPT + + - name: Allow existing connections + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + ctstate: ESTABLISHED,RELATED + jump: ACCEPT + + - name: Drop all other incoming traffic + ansible.builtin.iptables: + chain: INPUT + jump: DROP +---- + +== Resources + +=== Documentation + +Ansible Community Documentation - https://docs.ansible.com/ansible/latest/collections/ansible/builtin/iptables_module.html[Modify iptables rules] + +include::../common/resources/articles.adoc[] + +include::../common/resources/presentations.adoc[] + +include::../common/resources/standards.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Change this code to restrict the source to a subset of trusted IP addresses. + +=== Highlighting + +Highlight the value of the `destination_port` key in the `ansible.builtin.iptables` task. + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S6321/azureresourcemanager/how-to-fix-it/bicep.adoc b/rules/S6321/azureresourcemanager/how-to-fix-it/bicep.adoc new file mode 100644 index 00000000000..37cd49ccfd7 --- /dev/null +++ b/rules/S6321/azureresourcemanager/how-to-fix-it/bicep.adoc @@ -0,0 +1,37 @@ +== How to fix it in Bicep + +include::../../common/how-to-fix-it/intro.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = { + name: 'securityRules' + properties: { + direction: 'Inbound' + access: 'Allow' + protocol: '*' + destinationPortRange: '*' + sourceAddressPrefix: '*' + } +} +---- + +==== Compliant solution + +[source,bicep,diff-id=2,diff-type=compliant] +---- +resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = { + name: 'securityRules' + properties: { + direction: 'Inbound' + access: 'Allow' + protocol: '*' + destinationPortRange: '22' + sourceAddressPrefix: '10.0.0.0/24' + } +} +---- diff --git a/rules/S6321/azureresourcemanager/how-to-fix-it/json.adoc b/rules/S6321/azureresourcemanager/how-to-fix-it/json.adoc new file mode 100644 index 00000000000..b5eef8364f4 --- /dev/null +++ b/rules/S6321/azureresourcemanager/how-to-fix-it/json.adoc @@ -0,0 +1,53 @@ +== How to fix it in JSON templates + +include::../../common/how-to-fix-it/intro.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,json,diff-id=1,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [ + { + "name": "networkSecurityGroups/example", + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2022-11-01", + "properties": { + "protocol": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "access": "Allow", + "direction": "Inbound" + } + } + ] +} +---- + +==== Compliant solution + +[source,json,diff-id=1,diff-type=compliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [ + { + "name": "networkSecurityGroups/example", + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2022-11-01", + "properties": { + "protocol": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "10.0.0.0/24", + "access": "Allow", + "direction": "Inbound" + } + } + ] +} +---- diff --git a/rules/S6321/azureresourcemanager/rule.adoc b/rules/S6321/azureresourcemanager/rule.adoc index 706f52f7f0c..0b5d7c53c93 100644 --- a/rules/S6321/azureresourcemanager/rule.adoc +++ b/rules/S6321/azureresourcemanager/rule.adoc @@ -6,87 +6,9 @@ Any firewall rule allowing traffic from all IP addresses to standard network por include::../impact.adoc[] -== How to fix it +include::how-to-fix-it/json.adoc[] -include::../common/how-to-fix-it/intro.adoc[] - -=== Code examples - -==== Noncompliant code example - -[source,json,diff-id=1,diff-type=noncompliant] ----- -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - { - "name": "networkSecurityGroups/example", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "apiVersion": "2022-11-01", - "properties": { - "protocol": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "access": "Allow", - "direction": "Inbound" - } - } - ] -} ----- - -[source,bicep,diff-id=2,diff-type=noncompliant] ----- -resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = { - name: 'securityRules' - properties: { - direction: 'Inbound' - access: 'Allow' - protocol: '*' - destinationPortRange: '*' - sourceAddressPrefix: '*' - } -} ----- - -==== Compliant solution - -[source,json,diff-id=1,diff-type=compliant] ----- -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - { - "name": "networkSecurityGroups/example", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "apiVersion": "2022-11-01", - "properties": { - "protocol": "*", - "destinationPortRange": "22", - "sourceAddressPrefix": "10.0.0.0/24", - "access": "Allow", - "direction": "Inbound" - } - } - ] -} ----- - -[source,bicep,diff-id=2,diff-type=compliant] ----- -resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = { - name: 'securityRules' - properties: { - direction: 'Inbound' - access: 'Allow' - protocol: '*' - destinationPortRange: '22' - sourceAddressPrefix: '10.0.0.0/24' - } -} ----- +include::how-to-fix-it/bicep.adoc[] == Resources diff --git a/rules/S6321/common/resources/standards.adoc b/rules/S6321/common/resources/standards.adoc index 98bb0194911..f5b48203351 100644 --- a/rules/S6321/common/resources/standards.adoc +++ b/rules/S6321/common/resources/standards.adoc @@ -1,5 +1,5 @@ === Standards -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] diff --git a/rules/S6321/metadata.json b/rules/S6321/metadata.json index ea4dd8c7cf3..214f6553190 100644 --- a/rules/S6321/metadata.json +++ b/rules/S6321/metadata.json @@ -32,6 +32,12 @@ "CWE": [ 284 ], + "OWASP": [ + "A3" + ], + "OWASP Top 10 2021": [ + "A1" + ], "PCI DSS 3.2": [ "6.5.8" ], diff --git a/rules/S6327/metadata.json b/rules/S6327/metadata.json index 7fadad9bb57..9942b2145a2 100644 --- a/rules/S6327/metadata.json +++ b/rules/S6327/metadata.json @@ -10,7 +10,7 @@ "status": "ready", "remediation": { "func": "Constant\/Issue", - "constantCost": "10min" + "constantCost": "45min" }, "tags": [ "aws", @@ -41,6 +41,9 @@ "2.2", "4.2.1", "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222588" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6327/recommended.adoc b/rules/S6327/recommended.adoc index 619707c6c6b..bde7a0a6055 100644 --- a/rules/S6327/recommended.adoc +++ b/rules/S6327/recommended.adoc @@ -1,3 +1,18 @@ == Recommended Secure Coding Practices -It's recommended to encrypt SNS topics that contain sensitive information. Encryption and decryption are handled transparently by SNS, so no further modifications to the application are necessary. +It is recommended to encrypt SNS topics that contain sensitive information. + +To do so, create a master key and assign the SNS topic to it. Note that this +system does not encrypt the following: + +* Topic metadata (topic name and attributes) +* Message metadata (subject, message ID, timestamp, and attributes) +* Data protection policy +* Per-topic metrics + +Then, make sure that any publishers have the ``++kms:GenerateDataKey*++`` and +``++kms:Decrypt++`` permissions for the AWS KMS key. + +See https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse[AWS SNS Key Management Documentation] +for more information. + diff --git a/rules/S6327/see.adoc b/rules/S6327/see.adoc index 41af62b45d0..d43a57148f0 100644 --- a/rules/S6327/see.adoc +++ b/rules/S6327/see.adoc @@ -1,10 +1,6 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html[AWS Documentation] - Encryption at rest * https://aws.amazon.com/blogs/compute/encrypting-messages-published-to-amazon-sns-with-aws-kms/[Encrypting messages published to Amazon SNS with AWS KMS] -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6329/metadata.json b/rules/S6329/metadata.json index 3aa2e9e7891..b6c56afe71a 100644 --- a/rules/S6329/metadata.json +++ b/rules/S6329/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -17,12 +17,8 @@ "aws" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6329", @@ -38,6 +34,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222620" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6329/see.adoc b/rules/S6329/see.adoc index 56267b6caa4..a96400fb9eb 100644 --- a/rules/S6329/see.adoc +++ b/rules/S6329/see.adoc @@ -1,9 +1,8 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html[AWS Documentation] - Amazon EC2 instance IP addressing * https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.PublicPrivate.html[AWS Documentation] - Public and private replication instances * https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html[AWS Documentation] - VPC Peering -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. diff --git a/rules/S6330/cloudformation/rule.adoc b/rules/S6330/cloudformation/rule.adoc index 1ca958e8523..91230ed28a7 100644 --- a/rules/S6330/cloudformation/rule.adoc +++ b/rules/S6330/cloudformation/rule.adoc @@ -12,10 +12,11 @@ For https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-propertie ---- AWSTemplateFormatVersion: '2010-09-09' Resources: - Queue: # Sensitive, encryption disabled by default + Queue: Type: AWS::SQS::Queue Properties: DisplayName: "unencrypted_queue" + SqsManagedSseEnabled: false # Sensitive, encryption disabled ---- == Compliant Solution @@ -30,10 +31,7 @@ Resources: Type: AWS::SQS::Queue Properties: DisplayName: "encrypted_queue" - KmsMasterKeyId: - Fn::GetAtt: - - TestKey - - KeyId + SqsManagedSseEnabled: true ---- include::../see.adoc[] @@ -47,7 +45,10 @@ ifdef::env-github,rspecator-view[] === Message -* Omitting "KmsMasterKeyId" disables SQS queues encryption. Make sure it is safe here. +* Setting "SqsManagedSseEnabled" to "false" disables SQS queues encryption. Make sure it is safe here. + +=== Highlighting +* Highlight the `SqsManagedSseEnabled` attribute if it is set to `false`. endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6330/javascript/rule.adoc b/rules/S6330/javascript/rule.adoc index 0b507d4394b..d59940664f4 100644 --- a/rules/S6330/javascript/rule.adoc +++ b/rules/S6330/javascript/rule.adoc @@ -12,7 +12,9 @@ For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[` ---- import { Queue } from 'aws-cdk-lib/aws-sqs'; -new Queue(this, 'example'); // Sensitive +new Queue(this, 'example', { + encryption: QueueEncryption.UNENCRYPTED // Sensitive +}); ---- For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[`aws-cdk-lib.aws-sqs.CfnQueue`] @@ -21,7 +23,9 @@ For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.htm ---- import { CfnQueue } from 'aws-cdk-lib/aws-sqs'; -new CfnQueue(this, 'example'); // Sensitive +new CfnQueue(this, 'example', { + sqsManagedSseEnabled: false // Sensitive +}); ---- == Compliant Solution @@ -33,7 +37,7 @@ For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[` import { Queue } from 'aws-cdk-lib/aws-sqs'; new Queue(this, 'example', { - encryption: QueueEncryption.KMS_MANAGED + encryption: QueueEncryption.SQS_MANAGED }); ---- @@ -43,12 +47,8 @@ For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.htm ---- import { CfnQueue } from 'aws-cdk-lib/aws-sqs'; -const encryptionKey = new Key(this, 'example', { - enableKeyRotation: true, -}); - new CfnQueue(this, 'example', { - kmsMasterKeyId: encryptionKey.keyId + sqsManagedSseEnabled: true }); ---- @@ -62,27 +62,22 @@ ifdef::env-github,rspecator-view[] === Message -For CfnQueue: - -* Omitting "kmsMasterKeyId" disables SQS queues encryption. Make sure it is safe here. - For Queue: -* Omitting "encryption" disables SQS queues encryption. Make sure it is safe here. * Setting "encryption" to "QueueEncryption.UNENCRYPTED" disables SQS queues encryption. Make sure it is safe here. -=== Highlighting +For CfnQueue: + +* Setting "sqsManagedSseEnabled" to "false" disables SQS queues encryption. Make sure it is safe here. -* Highlight the initializer function if it does not contain the third argument `props` or `props` is set to `undefined`. +=== Highlighting -For Topic: +For Queue: -* Highlight the `props` object if it does not contain the property `encryption`. * Highlight the `encryption` attribute if it is set to `QueueEncryption.UNENCRYPTED`. For CfnQueue: -* Highlight the `props` object if it does not contain the property `kmsMasterKeyId`. -* Highlight the `kmsMasterKeyId` attribute if it is set to `undefined`. +* Highlight the `sqsManagedSseEnabled` attribute if it is set to `false`. endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6330/metadata.json b/rules/S6330/metadata.json index 3010a0458e1..4e15814fdb3 100644 --- a/rules/S6330/metadata.json +++ b/rules/S6330/metadata.json @@ -39,6 +39,9 @@ "PCI DSS 4.0": [ "2.2", "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222588" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6330/python/rule.adoc b/rules/S6330/python/rule.adoc index 7c712863746..e36f9c8cb62 100644 --- a/rules/S6330/python/rule.adoc +++ b/rules/S6330/python/rule.adoc @@ -6,23 +6,6 @@ include::../recommended.adoc[] == Sensitive Code Example -For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[aws_cdk.aws_sqs.Queue]: - -[source,python] ----- -from aws_cdk import ( - aws_sqs as sqs -) - -class QueueStack(Stack): - def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: - super().__init__(scope, construct_id, **kwargs) - sqs.Queue( # Sensitive, unencrypted by default - self, - "example" - ) ----- - For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[aws_cdk.aws_sqs.CfnQueue]: [source,python] @@ -34,32 +17,15 @@ from aws_cdk import ( class CfnQueueStack(Stack): def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) - sqs.CfnQueue( # Sensitive, unencrypted by default + sqs.CfnQueue( self, - "example" + "example", + sqs_managed_sse_enabled=False # Sensitive, unencrypted ) ---- == Compliant Solution -For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[aws_cdk.aws_sqs.Queue]: - -[source,python] ----- -from aws_cdk import ( - aws_sqs as sqs -) - -class QueueStack(Stack): - def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: - super().__init__(scope, construct_id, **kwargs) - sqs.Queue( - self, - "example", - encryption=sqs.QueueEncryption.KMS_MANAGED - ) ----- - For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[aws_cdk.aws_sqs.CfnQueue]: [source,python] @@ -71,11 +37,10 @@ from aws_cdk import ( class CfnQueueStack(Stack): def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) - my_key = kms.Key(self, "key") sqs.CfnQueue( self, "example", - kms_master_key_id=my_key.key_id + sqs_managed_sse_enabled=True ) ---- @@ -90,14 +55,10 @@ ifdef::env-github,rspecator-view[] === Message -For CfnQueue: - -* Omitting "kms_master_key_id" disables SQS queues encryption. Make sure it is safe here. - -For Queue: +* Setting "sqs_managed_sse_enabled" to "False" disables SQS queues encryption. Make sure it is safe here. -* Omitting "encryption" disables SQS queues encryption. Make sure it is safe here. -* Setting "encryption" to "QueueEncryption.UNENCRYPTED" disables SQS queues encryption. Make sure it is safe here. +=== Highlighting +* Highlight the `sqs_managed_sse_enabled` attribute if it is set to `False`. endif::env-github,rspecator-view[] diff --git a/rules/S6330/see.adoc b/rules/S6330/see.adoc index a3df50064a4..f9f1b360441 100644 --- a/rules/S6330/see.adoc +++ b/rules/S6330/see.adoc @@ -1,9 +1,5 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html[AWS Documentation] - Encryption at rest -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222588[Application Security and Development: V-222588] - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest. diff --git a/rules/S6330/terraform/rule.adoc b/rules/S6330/terraform/rule.adoc index e47ced943ee..c8f3afb2c23 100644 --- a/rules/S6330/terraform/rule.adoc +++ b/rules/S6330/terraform/rule.adoc @@ -10,8 +10,9 @@ For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ [source,terraform] ---- -resource "aws_sqs_queue" "queue" { # Sensitive, encryption disabled by default +resource "aws_sqs_queue" "queue" { name = "sqs-unencrypted" + sqs_managed_sse_enabled = false # Sensitive, encryption disabled } ---- @@ -23,7 +24,7 @@ For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ ---- resource "aws_sqs_queue" "queue" { name = "sqs-encrypted" - kms_master_key_id = aws_kms_key.enc_key.key_id + sqs_managed_sse_enabled = true } ---- @@ -38,7 +39,7 @@ ifdef::env-github,rspecator-view[] === Message -* Omitting "kms_master_key_id" disables SQS queues encryption. Make sure it is safe here. +* Setting "sqs_managed_sse_enabled" to "false" disables SQS queues encryption. Make sure it is safe here. endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6332/see.adoc b/rules/S6332/see.adoc index 09b2e62d887..46d05ccf617 100644 --- a/rules/S6332/see.adoc +++ b/rules/S6332/see.adoc @@ -1,9 +1,4 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/efs/latest/ug/encryption.html[AWS Documentation] - Data encryption in Amazon EFS -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] diff --git a/rules/S6333/metadata.json b/rules/S6333/metadata.json index 79491b684f4..f1a88b8e324 100644 --- a/rules/S6333/metadata.json +++ b/rules/S6333/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -17,12 +17,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6333", @@ -37,6 +33,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222620" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6333/see.adoc b/rules/S6333/see.adoc index 835c2a29145..9ebc9b06bf3 100644 --- a/rules/S6333/see.adoc +++ b/rules/S6333/see.adoc @@ -1,6 +1,5 @@ == See * https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html[AWS Documentation] - Controlling and managing access to a REST API in API Gateway -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. diff --git a/rules/S6334/secrets/metadata.json b/rules/S6334/secrets/metadata.json index 158b1dfa56c..9978f2b2d93 100644 --- a/rules/S6334/secrets/metadata.json +++ b/rules/S6334/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -44,6 +44,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6335/secrets/metadata.json b/rules/S6335/secrets/metadata.json index f46c6ad252b..015a0f94724 100644 --- a/rules/S6335/secrets/metadata.json +++ b/rules/S6335/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -44,6 +44,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6336/secrets/metadata.json b/rules/S6336/secrets/metadata.json index 198028bd790..a923030da7e 100644 --- a/rules/S6336/secrets/metadata.json +++ b/rules/S6336/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6336", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6337/secrets/metadata.json b/rules/S6337/secrets/metadata.json index 3758e338d29..28c4ae2fb29 100644 --- a/rules/S6337/secrets/metadata.json +++ b/rules/S6337/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -44,6 +44,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6338/secrets/metadata.json b/rules/S6338/secrets/metadata.json index 7f036648c48..e6686f32711 100644 --- a/rules/S6338/secrets/metadata.json +++ b/rules/S6338/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6338", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6339/php/metadata.json b/rules/S6339/php/metadata.json index 3293339bca5..3c4ca4ad16f 100644 --- a/rules/S6339/php/metadata.json +++ b/rules/S6339/php/metadata.json @@ -27,7 +27,6 @@ ] }, "defaultQualityProfiles": [ - "Sonar way" ], "quickfix": "unknown" } diff --git a/rules/S6339/php/rule.adoc b/rules/S6339/php/rule.adoc index aa789e79622..9754a3d683d 100644 --- a/rules/S6339/php/rule.adoc +++ b/rules/S6339/php/rule.adoc @@ -28,5 +28,5 @@ define('AUTH_SALT', 'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI == Resources -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] * https://wordpress.org/support/article/editing-wp-config-php/#security-keys[wordpress.org] - WordPress Security Keys diff --git a/rules/S6341/php/rule.adoc b/rules/S6341/php/rule.adoc index 3c74b727e6c..a59690e93e9 100644 --- a/rules/S6341/php/rule.adoc +++ b/rules/S6341/php/rule.adoc @@ -40,13 +40,13 @@ define( 'DISALLOW_FILE_EDIT', true ); == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * https://wordpress.org/support/article/editing-wp-config-php/#disable-the-plugin-and-theme-editor[wordpress.org] - Disable the Plugin and Theme Editor -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') -* https://cwe.mitre.org/data/definitions/94[MITRE, CWE-94] - Improper Control of Generation of Code ('Code Injection') -* https://cwe.mitre.org/data/definitions/95[MITRE, CWE-95] - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] +* CWE - https://cwe.mitre.org/data/definitions/94[CWE-94 - Improper Control of Generation of Code ('Code Injection')] +* CWE - https://cwe.mitre.org/data/definitions/95[CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')] diff --git a/rules/S6342/php/rule.adoc b/rules/S6342/php/rule.adoc index dd43ae2445c..d633a049e97 100644 --- a/rules/S6342/php/rule.adoc +++ b/rules/S6342/php/rule.adoc @@ -36,13 +36,13 @@ define( 'DISALLOW_FILE_MODS', true ); == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * https://wordpress.org/support/article/editing-wp-config-php/#disable-plugin-and-theme-update-and-installation[wordpress.org] - Disable Plugin and Theme Update and Installation -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') -* https://cwe.mitre.org/data/definitions/94[MITRE, CWE-94] - Improper Control of Generation of Code ('Code Injection') -* https://cwe.mitre.org/data/definitions/95[MITRE, CWE-95] - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] +* CWE - https://cwe.mitre.org/data/definitions/94[CWE-94 - Improper Control of Generation of Code ('Code Injection')] +* CWE - https://cwe.mitre.org/data/definitions/95[CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')] diff --git a/rules/S6343/php/rule.adoc b/rules/S6343/php/rule.adoc index a50b6d67c71..fed348459ac 100644 --- a/rules/S6343/php/rule.adoc +++ b/rules/S6343/php/rule.adoc @@ -33,7 +33,7 @@ define( 'AUTOMATIC_UPDATER_DISABLED', false ); == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] * https://wordpress.org/support/article/editing-wp-config-php/#disable-wordpress-auto-updates[Wordpress.org] - Disable WordPress Auto Updates -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] diff --git a/rules/S6345/php/rule.adoc b/rules/S6345/php/rule.adoc index d6e88fcd04b..ae50ded0c4a 100644 --- a/rules/S6345/php/rule.adoc +++ b/rules/S6345/php/rule.adoc @@ -35,9 +35,9 @@ define( 'WP_ACCESSIBLE_HOSTS', 'api.wordpress.org' ); == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/[OWASP Top 10 2021 Category A10] - Server-Side Request Forgery (SSRF) +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/[Top 10 2021 Category A10 - Server-Side Request Forgery (SSRF)] * https://wordpress.org/support/article/editing-wp-config-php/#block-external-url-requestsl[wordpress.org] - Block External URL Requests -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * https://owasp.org/www-community/attacks/Server_Side_Request_Forgery[OWASP Attack Category] - Server Side Request Forgery -* https://cwe.mitre.org/data/definitions/918[MITRE, CWE-918] - Server-Side Request Forgery (SSRF) +* CWE - https://cwe.mitre.org/data/definitions/918[CWE-918 - Server-Side Request Forgery (SSRF)] diff --git a/rules/S6346/php/rule.adoc b/rules/S6346/php/rule.adoc index 9d685c45b27..fdc06b637fa 100644 --- a/rules/S6346/php/rule.adoc +++ b/rules/S6346/php/rule.adoc @@ -30,7 +30,7 @@ define( 'WP_ALLOW_REPAIR', false ); == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] * https://wordpress.org/support/article/editing-wp-config-php/#automatic-database-optimizing[wordpress.org] - Automatic Database Optimizing -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] diff --git a/rules/S6348/php/rule.adoc b/rules/S6348/php/rule.adoc index c257113ec10..b569d692123 100644 --- a/rules/S6348/php/rule.adoc +++ b/rules/S6348/php/rule.adoc @@ -29,8 +29,8 @@ define( 'DISALLOW_UNFILTERED_HTML', true ); == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') \ No newline at end of file +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] diff --git a/rules/S6350/metadata.json b/rules/S6350/metadata.json index a03f79e7fda..7fac9801e71 100644 --- a/rules/S6350/metadata.json +++ b/rules/S6350/metadata.json @@ -30,6 +30,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "extra": { diff --git a/rules/S6350/see.adoc b/rules/S6350/see.adoc index fd4e96842da..aa9dcc2e3f3 100644 --- a/rules/S6350/see.adoc +++ b/rules/S6350/see.adoc @@ -1,6 +1,7 @@ == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/88[MITRE, CWE-88] - Argument Injection or Modification +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/88[CWE-88 - Argument Injection or Modification] * https://blog.sonarsource.com/php-supply-chain-attack-on-composer[CVE-2021-29472] - PHP Supply Chain Attack on Composer +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6355/java/metadata.json b/rules/S6355/java/metadata.json index 5906361cf4b..792c4d00f4f 100644 --- a/rules/S6355/java/metadata.json +++ b/rules/S6355/java/metadata.json @@ -18,7 +18,7 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6355", "sqKey": "S6355", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [ "Sonar way" ], diff --git a/rules/S6358/xml/rule.adoc b/rules/S6358/xml/rule.adoc index a8ee2fa5af8..91056464646 100644 --- a/rules/S6358/xml/rule.adoc +++ b/rules/S6358/xml/rule.adoc @@ -67,14 +67,14 @@ If targeting Android 6.0 or above (API level 23), define files to include/exclud == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] * https://developer.android.com/guide/topics/data/autobackup[Back up user data with Auto Backup] -* https://mobile-security.gitbook.io/masvs/security-requirements/0x07-v2-data_storage_and_privacy_requirements[Mobile AppSec Verification Standard] - Data Storage and Privacy Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper platform usage -* https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[OWASP Mobile Top 10 2016 Category M2] - Insecure Data Storage -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/312[MITRE, CWE-922] - Insecure Storage of Sensitive Information +* OWASP - https://mas.owasp.org/checklists/MASVS-STORAGE/[Mobile AppSec Verification Standard - Data Storage and Privacy Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper platform usage] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[Mobile Top 10 2016 Category M2 - Insecure Data Storage] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/312[CWE-922 - Insecure Storage of Sensitive Information] ifdef::env-github,rspecator-view[] diff --git a/rules/S6359/xml/rule.adoc b/rules/S6359/xml/rule.adoc index c8eaa141bad..f65b6742d39 100644 --- a/rules/S6359/xml/rule.adoc +++ b/rules/S6359/xml/rule.adoc @@ -66,10 +66,10 @@ It is common practice to use the application package name as part of the namespa === Standards -* Mobile AppSec Verification Standard - https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Platform Interaction Requirements] +* Mobile AppSec Verification Standard - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Platform Interaction Requirements] * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper Platform Usage] -* MITRE - https://cwe.mitre.org/data/definitions/265[CWE-265 - Privilege Issues] -* MITRE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* CWE - https://cwe.mitre.org/data/definitions/265[CWE-265 - Privilege Issues] +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] === External coding guidelines diff --git a/rules/S6361/xml/rule.adoc b/rules/S6361/xml/rule.adoc index 98fb0f9923e..dc92cb2cea9 100644 --- a/rules/S6361/xml/rule.adoc +++ b/rules/S6361/xml/rule.adoc @@ -53,10 +53,10 @@ There is a risk if you answered yes to this question. == See * https://developer.android.com/guide/topics/providers/content-provider-creating#Permissions[developer.android.com] - Implementing content provider permissions -* https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard] - Platform Interaction Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper platform usage -* https://owasp.org/www-project-mobile-top-10/2016-risks/m6-insecure-authorization[OWASP Mobile Top 10 2016 Category M6] - Insecure Authorization -* https://cwe.mitre.org/data/definitions/1220[MITRE, CWE-1220] - Insufficient Granularity of Access Control +* OWASP - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Mobile AppSec Verification Standard - Platform Interaction Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper platform usage] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m6-insecure-authorization[Mobile Top 10 2016 Category M6 - Insecure Authorization] +* CWE - https://cwe.mitre.org/data/definitions/1220[CWE-1220 - Insufficient Granularity of Access Control] ifdef::env-github,rspecator-view[] diff --git a/rules/S6362/java/metadata.json b/rules/S6362/java/metadata.json index 6afd55ee1cb..f556fc72f27 100644 --- a/rules/S6362/java/metadata.json +++ b/rules/S6362/java/metadata.json @@ -1,3 +1,4 @@ { - "quickfix": "unknown" + "quickfix": "unknown", + "scope": "Main" } diff --git a/rules/S6362/see.adoc b/rules/S6362/see.adoc index bc387380288..53c7c2eb15c 100644 --- a/rules/S6362/see.adoc +++ b/rules/S6362/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] diff --git a/rules/S6363/java/metadata.json b/rules/S6363/java/metadata.json index 7a73a41bfdf..f4b27f0bb34 100644 --- a/rules/S6363/java/metadata.json +++ b/rules/S6363/java/metadata.json @@ -1,2 +1,3 @@ { -} \ No newline at end of file + "scope": "Main" +} diff --git a/rules/S6363/see.adoc b/rules/S6363/see.adoc index bc387380288..53c7c2eb15c 100644 --- a/rules/S6363/see.adoc +++ b/rules/S6363/see.adoc @@ -1,6 +1,6 @@ == See -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS) -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[Top 10 2017 Category A7 - Cross-Site Scripting (XSS)] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] diff --git a/rules/S6373/java/rule.adoc b/rules/S6373/java/rule.adoc index 02c9d0c9f09..a7bf04128f2 100644 --- a/rules/S6373/java/rule.adoc +++ b/rules/S6373/java/rule.adoc @@ -75,6 +75,7 @@ property to `false`. * OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 - Category A5 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/611[CWE-611 - Improper Restriction of XML External Entity Reference] * CWE - https://cwe.mitre.org/data/definitions/827[CWE-827 - Improper Control of Document Type Definition] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. ifdef::env-github,rspecator-view[] diff --git a/rules/S6373/metadata.json b/rules/S6373/metadata.json index e9671a4f1fe..2de76c79cd3 100644 --- a/rules/S6373/metadata.json +++ b/rules/S6373/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -12,16 +12,10 @@ "func": "Constant\/Issue", "constantCost": "15min" }, - "tags": [ - - ], + "tags": [], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6373", @@ -46,6 +40,9 @@ ], "ASVS 4.0": [ "5.5.2" + ], + "STIG ASD_V5R3": [ + "V-222608" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6374/java/rule.adoc b/rules/S6374/java/rule.adoc index bc4090659ec..5b971f9f5b3 100644 --- a/rules/S6374/java/rule.adoc +++ b/rules/S6374/java/rule.adoc @@ -86,10 +86,10 @@ builder.setEntityResolver(new EntityResolver()); == Resources * https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-8CD65EF5-D113-4D5C-A564-B875C8625FAC[Oracle Java Documentation] - XML External Entity Injection Attack -* https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[OWASP Top 10 2017 Category A4] - XML External Entities (XXE) +* OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)] * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java[OWASP XXE Prevention Cheat Sheet] -* https://cwe.mitre.org/data/definitions/611[MITRE, CWE-611] - Information Exposure Through XML External Entity Reference -* https://cwe.mitre.org/data/definitions/827[MITRE, CWE-827] - Improper Control of Document Type Definition +* CWE - https://cwe.mitre.org/data/definitions/611[CWE-611 - Information Exposure Through XML External Entity Reference] +* CWE - https://cwe.mitre.org/data/definitions/827[CWE-827 - Improper Control of Document Type Definition] ifdef::env-github,rspecator-view[] diff --git a/rules/S6375/terraform/rule.adoc b/rules/S6375/terraform/rule.adoc index a03be8ca6ce..5ff65fa86b0 100644 --- a/rules/S6375/terraform/rule.adoc +++ b/rules/S6375/terraform/rule.adoc @@ -60,10 +60,7 @@ resource "azuread_directory_role_member" "example" { == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-266] - Incorrect Privilege Assignment +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-266 - Incorrect Privilege Assignment] * https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference[Azure AD Documentation] - Azure AD built-in roles * https://docs.microsoft.com/en-us/azure/active-directory/roles/best-practices[Azure AD Documentation] - Best practices for Azure AD roles diff --git a/rules/S6376/java/rule.adoc b/rules/S6376/java/rule.adoc index a7ecbe9e246..85685964213 100644 --- a/rules/S6376/java/rule.adoc +++ b/rules/S6376/java/rule.adoc @@ -6,7 +6,7 @@ XML files are complex data structures. When a malicious user is able to submit a === What is the potential impact? -When an attacker successfully exploits the vulnerability, it can lead to a Denial of Service (DoS) condition. +When an attacker successfully exploits the vulnerability, it can lead to a Denial of Service (DoS) condition. === System Unavailability @@ -32,14 +32,18 @@ include::how-to-fix-it/jdom2.adoc[] * Java Documentation - https://docs.oracle.com/en/java/javase/21/docs/api/java.xml/javax/xml/transform/TransformerFactory.html[TransformerFactory Class] * Java Documentation - https://docs.oracle.com/en/java/javase/21/security/java-api-xml-processing-jaxp-security-guide.html[Java API for XML Processing (JAXP) Security Guide] * Dom4j Documentation - https://dom4j.github.io/javadoc/2.1.4/org/dom4j/io/SAXReader.html[SAXReader Class] -* Jdom2 Documentation - http://www.jdom.org/docs/apidocs/org/jdom2/input/SAXBuilder.html[SAXBuilder class] +* Jdom2 Documentation - https://javadoc.io/static/org.jdom/jdom2/2.0.6.1/org/jdom2/input/SAXBuilder.html[SAXBuilder class] * OWASP - https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java[XXE Prevention Cheat Sheet] === Standards -* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5 - Security Misconfiguration] -* OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[OWASP Top 10 2017 Category A4 - XML External Entities (XXE)] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)] * CWE - https://cwe.mitre.org/data/definitions/776[CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222593[Application Security and Development: V-222593] - XML-based applications must mitigate DoS attacks by using XML filters, parser options, or gateways. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. + ifdef::env-github,rspecator-view[] diff --git a/rules/S6376/metadata.json b/rules/S6376/metadata.json index caac9fed78e..22e5285cb61 100644 --- a/rules/S6376/metadata.json +++ b/rules/S6376/metadata.json @@ -13,6 +13,7 @@ "constantCost": "15min" }, "tags": [ + ], "extra": { "replacementRules": [ @@ -35,6 +36,11 @@ ], "OWASP Top 10 2021": [ "A5" + ], + "STIG ASD_V5R3": [ + "V-222593", + "V-222608", + "V-222667" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6377/common/description.adoc b/rules/S6377/common/description.adoc new file mode 100644 index 00000000000..3391ddbc8b2 --- /dev/null +++ b/rules/S6377/common/description.adoc @@ -0,0 +1,4 @@ +XML can be used for a wide variety of purposes. Using a signature on an XML +message generally indicates this message requires authenticity and integrity. +However, if the signature validation is not properly implemented this +authenticity can not be guaranteed. diff --git a/rules/S6377/common/impact.adoc b/rules/S6377/common/impact.adoc new file mode 100644 index 00000000000..f99027d53be --- /dev/null +++ b/rules/S6377/common/impact.adoc @@ -0,0 +1,6 @@ +By not enforcing secure validation, the XML Digital Signature API is more +susceptible to attacks such as signature spoofing and injections. + +include::impacts/spoofing.adoc[] + +include::impacts/injection.adoc[] diff --git a/rules/S6377/common/impacts/injection.adoc b/rules/S6377/common/impacts/injection.adoc new file mode 100644 index 00000000000..4b2a7c463f8 --- /dev/null +++ b/rules/S6377/common/impacts/injection.adoc @@ -0,0 +1,8 @@ +=== Risk of Injection Attacks + +Disabling secure validation can expose the application to injection attacks. +Attackers can inject malicious code or entities into the XML document, taking +advantage of the weakened validation process. In some cases, it can also expose +the application to denial-of-service attacks. Attackers can exploit +vulnerabilities in the validation process to cause excessive resource +consumption or system crashes, leading to service unavailability or disruption. diff --git a/rules/S6377/common/impacts/spoofing.adoc b/rules/S6377/common/impacts/spoofing.adoc new file mode 100644 index 00000000000..538dc5470bc --- /dev/null +++ b/rules/S6377/common/impacts/spoofing.adoc @@ -0,0 +1,8 @@ +=== Increased Vulnerability to Signature Spoofing + +By disabling secure validation, the application becomes more susceptible to +signature spoofing attacks. Attackers can potentially manipulate the XML +signature in a way that bypasses the validation process, allowing them to forge +or tamper with the signature. This can lead to the acceptance of invalid or +maliciously modified signatures, compromising the integrity and authenticity of +the XML documents. diff --git a/rules/S6377/common/rationale.adoc b/rules/S6377/common/rationale.adoc new file mode 100644 index 00000000000..0899ad55f83 --- /dev/null +++ b/rules/S6377/common/rationale.adoc @@ -0,0 +1,3 @@ +XML signatures are a method used to ensure the integrity and authenticity of XML +documents. However, if XML signatures are not validated securely, it can lead to +potential vulnerabilities. diff --git a/rules/S6377/common/resources/docs.adoc b/rules/S6377/common/resources/docs.adoc new file mode 100644 index 00000000000..a30663059bc --- /dev/null +++ b/rules/S6377/common/resources/docs.adoc @@ -0,0 +1,3 @@ +=== Documentation + +* Oracle Java Documentation - https://docs.oracle.com/en/java/javase/21/security/java-xml-digital-signature-api-overview-and-tutorial.html[XML Digital Signature API Overview and Tutorial] diff --git a/rules/S6377/common/resources/standards.adoc b/rules/S6377/common/resources/standards.adoc new file mode 100644 index 00000000000..65e0a7babde --- /dev/null +++ b/rules/S6377/common/resources/standards.adoc @@ -0,0 +1,6 @@ +=== Standards + +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10:2021 A02:2021 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/347[CWE-347 - Improper Verification of Cryptographic Signature] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. diff --git a/rules/S6377/csharp/how-to-fix/net-core.adoc b/rules/S6377/csharp/how-to-fix/net-core.adoc new file mode 100644 index 00000000000..49047bd1b26 --- /dev/null +++ b/rules/S6377/csharp/how-to-fix/net-core.adoc @@ -0,0 +1,64 @@ +== How to fix it in ASP.NET Core + +=== Code examples + +The following noncompliant code example verifies an XML signature without +providing a trusted public key. This code will validate the signature against +the embedded public key, accepting any forged signature. + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +XmlDocument xmlDoc = new() +{ + PreserveWhitespace = true +}; +xmlDoc.Load("/data/login.xml"); +SignedXml signedXml = new(xmlDoc); +XmlNodeList nodeList = xmlDoc.GetElementsByTagName("Signature"); +signedXml.LoadXml((XmlElement?)nodeList[0]); +if (signedXml.CheckSignature()) { + // Process the XML content +} else { + // Raise an error +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +CspParameters cspParams = new() +{ + KeyContainerName = "MY_RSA_KEY" +}; +RSACryptoServiceProvider rsaKey = new(cspParams); + +XmlDocument xmlDoc = new() +{ + PreserveWhitespace = true +}; +xmlDoc.Load("/data/login.xml"); +SignedXml signedXml = new(xmlDoc); +XmlNodeList nodeList = xmlDoc.GetElementsByTagName("Signature"); +signedXml.LoadXml((XmlElement?)nodeList[0]); +if (signedXml.CheckSignature(rsaKey)) { + // Process the XML content +} else { + // Raise an error +} +---- + +=== How does this work? + +Here, the compliant solution provides an RSA public key to the signature +validation function. This will ensure only signatures computed with the +associated private key will be accepted, preventing signature forgery attacks. + +Using the `CheckSignature` method without providing a key can be risky because +it may search the `AddressBook` store for certificates, which includes all +trusted root CA certificates on the machine. This broad trust base can be +exploited by attackers. Additionally, if the document is not signed with an +X.509 signature, the method will use the key embedded in the signature element, +which can lead to accepting signatures from untrusted sources. diff --git a/rules/S6377/csharp/metadata.json b/rules/S6377/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6377/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6377/csharp/rule.adoc b/rules/S6377/csharp/rule.adoc new file mode 100644 index 00000000000..a9bd5b39fa8 --- /dev/null +++ b/rules/S6377/csharp/rule.adoc @@ -0,0 +1,39 @@ +include::../common/rationale.adoc[] + +== Why is this an issue? + +include::../common/description.adoc[] + +=== What is the potential impact? + +include::../common/impact.adoc[] + +include::./how-to-fix/net-core.adoc[] + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml[System.Security.Cryptography.Xml Namespace] +* Microsfot Learn - https://learn.microsoft.com/en-us/dotnet/standard/security/how-to-verify-the-digital-signatures-of-xml-documents[How to: Verify the Digital Signatures of XML Documents] + +include::../common/resources/standards.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Change this code to only accept signatures computed from a trusted party. + +=== Highlight + +The call to the signature verification function: +* System.Security.Cryptography.Xml.SignedXml.CheckSignature +* System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey + +''' +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6377/java/how-to-fix/java-se.adoc b/rules/S6377/java/how-to-fix/java-se.adoc new file mode 100644 index 00000000000..c7fde91473b --- /dev/null +++ b/rules/S6377/java/how-to-fix/java-se.adoc @@ -0,0 +1,40 @@ +== How to fix it in Java SE + +=== Code examples + +For versions of Java before 17, secure validation is disabled by default unless the application runs with a security manager, which is rare. It should be enabled explicitly by setting the ``org.jcp.xml.dsig.secureValidation`` attribute to true with the ``javax.xml.crypto.dsig.dom.DOMValidateContext.setProperty`` method. + +For Java 17 and higher, secure validation is enabled by default. + +==== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +NodeList signatureElement = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); + +XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); +DOMValidateContext valContext = new DOMValidateContext(new KeyValueKeySelector(), signatureElement.item(0)); // Noncompliant +XMLSignature signature = fac.unmarshalXMLSignature(valContext); + +boolean signatureValidity = signature.validate(valContext); +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +NodeList signatureElement = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); + +XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); +DOMValidateContext valContext = new DOMValidateContext(new KeyValueKeySelector(), signatureElement.item(0)); +valContext.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE); +XMLSignature signature = fac.unmarshalXMLSignature(valContext); + +boolean signatureValidity = signature.validate(valContext); +---- + +=== How does this work? + +When XML Signature secure validation mode is enabled, XML Signatures are processed more securely. It enforces a number of restrictionsto to protect from XML Documents that may contain hostile constructs that can cause denial-of-service or other types of security issues. + +These restrictions can protect you from XML Signatures that may contain potentially hostile constructs that can cause denial-of-service or other types of security issues. diff --git a/rules/S6377/java/rule.adoc b/rules/S6377/java/rule.adoc index 10f824f81fe..8d408dd126c 100644 --- a/rules/S6377/java/rule.adoc +++ b/rules/S6377/java/rule.adoc @@ -1,4 +1,4 @@ -XML signatures are a method used to ensure the integrity and authenticity of XML documents. However, if XML signatures are not validated securely, it can lead to potential vulnerabilities. +include::../common/rationale.adoc[] == Why is this an issue? @@ -6,70 +6,15 @@ Before Java 17, XML Digital Signature API does not apply restrictions on XML sig == What is the potential impact -By not enforcing secure validation, the XML Digital Signature API is more susceptible to attacks such as signature spoofing and injections. +include::../common/impact.adoc[] -=== Increased Vulnerability to Signature Spoofing - -By disabling secure validation, the Java application becomes more susceptible to signature spoofing attacks. Attackers can potentially manipulate the XML signature in a way that bypasses the validation process, allowing them to forge or tamper with the signature. This can lead to the acceptance of invalid or maliciously modified signatures, compromising the integrity and authenticity of the XML documents. - -=== Risk of Injection Attacks - -Disabling secure validation can expose the application to injection attacks. Attackers can inject malicious code or entities into the XML document, taking advantage of the weakened validation process. In some cases, it can also expose the application to denial-of-service attacks. Attackers can exploit vulnerabilities in the validation process to cause excessive resource consumption or system crashes, leading to service unavailability or disruption. - - -== How to fix it in Java SE - -=== Code examples - -For versions of Java before 17, secure validation is disabled by default unless the application runs with a security manager, which is rare. It should be enabled explicitly by setting the ``org.jcp.xml.dsig.secureValidation`` attribute to true with the ``javax.xml.crypto.dsig.dom.DOMValidateContext.setProperty`` method. - -For Java 17 and higher, secure validation is enabled by default. - -==== Noncompliant code example - -[source,java,diff-id=1,diff-type=noncompliant] ----- -NodeList signatureElement = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); - -XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); -DOMValidateContext valContext = new DOMValidateContext(new KeyValueKeySelector(), signatureElement.item(0)); // Noncompliant -XMLSignature signature = fac.unmarshalXMLSignature(valContext); - -boolean signatureValidity = signature.validate(valContext); ----- - -==== Compliant solution - -[source,java,diff-id=1,diff-type=compliant] ----- -NodeList signatureElement = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); - -XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); -DOMValidateContext valContext = new DOMValidateContext(new KeyValueKeySelector(), signatureElement.item(0)); -valContext.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE); -XMLSignature signature = fac.unmarshalXMLSignature(valContext); - -boolean signatureValidity = signature.validate(valContext); ----- - -=== How does this work? - -When XML Signature secure validation mode is enabled, XML Signatures are processed more securely. It enforces a number of restrictionsto to protect from XML Documents that may contain hostile constructs that can cause denial-of-service or other types of security issues. - -These restrictions can protect you from XML Signatures that may contain potentially hostile constructs that can cause denial-of-service or other types of security issues. +include::./how-to-fix/java-se.adoc[] == Resources -=== Documentation - -* Oracle Java Documentation - https://docs.oracle.com/en/java/javase/21/security/java-xml-digital-signature-api-overview-and-tutorial.html[XML Digital Signature API Overview and Tutorial] - -=== Standards - -* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10:2021 A02:2021 - Cryptographic Failures] -* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 -Sensitive Data Exposure] -* CWE - https://cwe.mitre.org/data/definitions/347[CWE-347 - Improper Verification of Cryptographic Signature] +include::../common/resources/docs.adoc[] +include::../common/resources/standards.adoc[] ifdef::env-github,rspecator-view[] diff --git a/rules/S6377/metadata.json b/rules/S6377/metadata.json index 47f76c253ac..64047e88f6e 100644 --- a/rules/S6377/metadata.json +++ b/rules/S6377/metadata.json @@ -35,6 +35,9 @@ ], "OWASP Top 10 2021": [ "A2" + ], + "STIG ASD_V5R3": [ + "V-222608" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6377/python/how-to-fix/signxml.adoc b/rules/S6377/python/how-to-fix/signxml.adoc new file mode 100644 index 00000000000..03d70806c59 --- /dev/null +++ b/rules/S6377/python/how-to-fix/signxml.adoc @@ -0,0 +1,66 @@ +== How to fix it in SignXML + +=== Code examples + +The following noncompliant code example verifies an XML signature without +providing a trusted signing authority. This code will accept any signature +created from a generally trusted certificate, for example, a Let's encrypt one. + +==== Noncompliant code example + +[source,python,diff-id=1,diff-type=noncompliant] +---- +from lxml import etree +from signxml import XMLVerifier + +xml_file = open("signed.xml", "rb") +xml = etree.parse(xml_file) + +XMLVerifier().verify(xml) # Noncompliant +---- + +==== Compliant solution + +[source,python,diff-id=1,diff-type=compliant] +---- +from lxml import etree +from signxml import XMLVerifier + +xml_file = open("signed.xml", "rb") +xml = etree.parse(xml_file) + +cert_file = open("cert.pem", "rb") +cert = cert_file.read() +XMLVerifier().verify(xml, x509_cert=cert) +---- + +=== How does this work? + +Here, the compliant solution provides a trusted certificate to the signature validation function. This will ensure only signatures computed with the +private key associated with the provided certificate will be accepted. + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Change this code to only accept signatures computed from a trusted party. + +=== Highlight + +When no `expect_config` is provided: + +* Highlight the call to the `verify` method. + +When an `expect_config` is provided: + +* Highlight the `verify` call. +* As a secondary location, highlight the `require_x509=False` in the +`SignatureConfiguration` instantiation. + + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6377/python/metadata.json b/rules/S6377/python/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6377/python/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6377/python/rule.adoc b/rules/S6377/python/rule.adoc new file mode 100644 index 00000000000..2afc5d7843b --- /dev/null +++ b/rules/S6377/python/rule.adoc @@ -0,0 +1,15 @@ +include::../common/rationale.adoc[] + +== Why is this an issue? + +include::../common/description.adoc[] + +=== What is the potential impact? + +include::../common/impact.adoc[] + +include::./how-to-fix/signxml.adoc[] + +== Resources + +include::../common/resources/standards.adoc[] \ No newline at end of file diff --git a/rules/S6378/azureresourcemanager/rule.adoc b/rules/S6378/azureresourcemanager/rule.adoc index f8ff86cf280..99a196796a5 100644 --- a/rules/S6378/azureresourcemanager/rule.adoc +++ b/rules/S6378/azureresourcemanager/rule.adoc @@ -6,7 +6,7 @@ include::../recommended.adoc[] == Sensitive Code Example -Using ARM templates: +Using JSON templates: [source,json,diff-id=1,diff-type=noncompliant] ---- @@ -17,7 +17,7 @@ Using ARM templates: { "type": "Microsoft.ApiManagement/service", "apiVersion": "2022-09-01-preview", - "name": "apiManagementService", + "name": "apiManagementService" } ] } @@ -35,7 +35,7 @@ resource sensitiveApiManagementService 'Microsoft.ApiManagement/service@2022-09- == Compliant Solution -Using ARM templates: +Using JSON templates: [source,json,diff-id=1,diff-type=compliant] ---- diff --git a/rules/S6378/see.adoc b/rules/S6378/see.adoc index 0897fb72e5e..7e7fb76053a 100644 --- a/rules/S6378/see.adoc +++ b/rules/S6378/see.adoc @@ -1,7 +1,5 @@ == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A05] - Security Misconfiguration -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A06] - Security Misconfiguration * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview[Azure AD Documentation - Managed Identities Overview] * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations[Azure AD Documentation - Managed Identities Best Practices] * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities[Azure AD Documentation - Services that support managed identities] diff --git a/rules/S6379/see.adoc b/rules/S6379/see.adoc index 047d248058b..db23e908b07 100644 --- a/rules/S6379/see.adoc +++ b/rules/S6379/see.adoc @@ -1,3 +1,3 @@ == See -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] diff --git a/rules/S6380/see.adoc b/rules/S6380/see.adoc index 73fdba8c440..5d1a79a11e3 100644 --- a/rules/S6380/see.adoc +++ b/rules/S6380/see.adoc @@ -1,5 +1,3 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Boken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] diff --git a/rules/S6381/see.adoc b/rules/S6381/see.adoc index bab2ea3c8b2..0e6745a9f4a 100644 --- a/rules/S6381/see.adoc +++ b/rules/S6381/see.adoc @@ -1,8 +1,5 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-266] - Incorrect Privilege Assignment +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-266 - Incorrect Privilege Assignment] * https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles[Azure Documentation] - Azure built-in roles * https://docs.microsoft.com/en-us/azure/role-based-access-control/best-practices[Azure Documentation] - Best practices for Azure RBAC \ No newline at end of file diff --git a/rules/S6382/common/resources/standards.adoc b/rules/S6382/common/resources/standards.adoc index c6af0d95035..6fdda393da5 100644 --- a/rules/S6382/common/resources/standards.adoc +++ b/rules/S6382/common/resources/standards.adoc @@ -1,3 +1 @@ -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Boken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere \ No newline at end of file +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] diff --git a/rules/S6382/terraform/highlighting.adoc b/rules/S6382/terraform/highlighting.adoc index 90313b0021f..2b6af8eed79 100644 --- a/rules/S6382/terraform/highlighting.adoc +++ b/rules/S6382/terraform/highlighting.adoc @@ -3,4 +3,4 @@ * If one (out of one) assignment is missing: Highlight the resource * If an assignment is security-sensitive: Highlight the assignment * For `linux_web_app` and `windows_web_app`: -** If both assignments are present and security-sensitive: Highlight `client_cert_enabled = false` +** If both assignments are present and security-sensitive: Highlight `client_certificate_enabled = false` diff --git a/rules/S6382/terraform/message.adoc b/rules/S6382/terraform/message.adoc index 7dbc57bfba6..7a1a59313fc 100644 --- a/rules/S6382/terraform/message.adoc +++ b/rules/S6382/terraform/message.adoc @@ -6,16 +6,20 @@ For these resources: * `app_service` * `data_factory_linked_service_sftp` * `data_factory_linked_service_web` -* `linux_web_app` -* `windows_web_app` (if both parameters are non-compliant, flag `client_cert_enabled` first) +* `linux_web_app` +* `windows_web_app` (if both parameters are non-compliant, flag `client_certificate_enabled` first) These messages apply: * If an assignment is missing: Omitting {property_name} disables certificate-based authentication. Make sure it is safe here. * If the assignment is security-sensitive: Make sure that disabling certificate-based authentication is safe here. -* For `function_app` and `logic_app_standard`: +* For `function_app`: ** Omitting `client_cert_mode` makes certificate-based authentication optional. Make sure it is safe here. ** Make sure that setting certificate-based authentication as optional is safe here. +* For `logic_app_standard`: +** Omitting `client_certificate_mode` makes certificate-based authentication optional. Make sure it is safe here. +** Make sure that setting certificate-based authentication as optional is safe here. + Make sure that disabling certificate-based authentication is safe here. diff --git a/rules/S6382/terraform/rule.adoc b/rules/S6382/terraform/rule.adoc index b2adbc0dca2..14a122de66d 100644 --- a/rules/S6382/terraform/rule.adoc +++ b/rules/S6382/terraform/rule.adoc @@ -6,13 +6,17 @@ include::../common/recommended.adoc[] == Sensitive Code Example -For https://azure.microsoft.com/en-us/services/app-service/[App Service]: +For https://azure.microsoft.com/en-us/services/app-service/containers/[Linux and Windows Web Apps]: [source,terraform,diff-id=1,diff-type=noncompliant] ---- -resource "azurerm_app_service" "example" { +resource "azurerm_linux_web_app" "example" { client_cert_enabled = false # Sensitive } +resource "azurerm_linux_web_app" "example2" { + client_certificate_enabled = true + client_certificate_mode = "Optional" # Sensitive +} ---- For https://azure.microsoft.com/en-us/services/logic-apps/[Logic App Standards] and https://azure.microsoft.com/en-us/services/functions/[Function Apps]: @@ -43,27 +47,24 @@ resource "azurerm_api_management" "example" { } ---- -For https://azure.microsoft.com/en-us/services/app-service/containers/[Linux and Windows Web Apps]: +For https://azure.microsoft.com/en-us/services/app-service/[App Service]: [source,terraform,diff-id=5,diff-type=noncompliant] ---- -resource "azurerm_linux_web_app" "example" { +resource "azurerm_app_service" "example" { client_cert_enabled = false # Sensitive } -resource "azurerm_linux_web_app" "exemple2" { - client_cert_enabled = true - client_cert_mode = "Optional" # Sensitive -} ---- == Compliant Solution -For https://azure.microsoft.com/en-us/services/app-service/[App Service]: +For https://azure.microsoft.com/en-us/services/app-service/containers/[Linux and Windows Web Apps]: [source,terraform,diff-id=1,diff-type=compliant] ---- -resource "azurerm_app_service" "example" { - client_cert_enabled = true +resource "azurerm_linux_web_app" "example" { + client_certificate_enabled = true + client_certificate_mode = "Required" } ---- @@ -95,13 +96,12 @@ resource "azurerm_api_management" "example" { } ---- -For https://azure.microsoft.com/en-us/services/app-service/containers/[Linux and Windows Web Apps]: +For https://azure.microsoft.com/en-us/services/app-service/[App Service]: [source,terraform,diff-id=5,diff-type=compliant] ---- -resource "azurerm_linux_web_app" "exemple" { +resource "azurerm_app_service" "example" { client_cert_enabled = true - client_cert_mode = "Required" } ---- diff --git a/rules/S6383/see.adoc b/rules/S6383/see.adoc index f916ce38146..a1ace6be274 100644 --- a/rules/S6383/see.adoc +++ b/rules/S6383/see.adoc @@ -1,6 +1,4 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Boken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] diff --git a/rules/S6384/common/resources/standards.adoc b/rules/S6384/common/resources/standards.adoc index b9c6aade53f..08cbac28edb 100644 --- a/rules/S6384/common/resources/standards.adoc +++ b/rules/S6384/common/resources/standards.adoc @@ -1,5 +1,6 @@ === Standards -* https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard] - Platform Interaction Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper Platform Usage -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation \ No newline at end of file +* OWASP - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Mobile AppSec Verification Standard - Platform Interaction Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper Platform Usage] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6384/metadata.json b/rules/S6384/metadata.json index 92f9a480148..118b8185d26 100644 --- a/rules/S6384/metadata.json +++ b/rules/S6384/metadata.json @@ -40,6 +40,9 @@ "ASVS 4.0": [ "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6385/azureresourcemanager/how-to-fix-it/bicep.adoc b/rules/S6385/azureresourcemanager/how-to-fix-it/bicep.adoc new file mode 100644 index 00000000000..0ef695b7c58 --- /dev/null +++ b/rules/S6385/azureresourcemanager/how-to-fix-it/bicep.adoc @@ -0,0 +1,51 @@ +== How to fix it in Bicep + +include::../../common/fix/rationale.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +targetScope = 'managementGroup' + +resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sensitive + properties: { + permissions: [ + { + actions: ['*'] + notActions: [] + } + ] + + assignableScopes: [ + managementGroup().id + ] + } +} +---- + +==== Compliant solution + +[source,bicep,diff-id=2,diff-type=compliant] +---- +targetScope = 'managementGroup' + +resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { + properties: { + permissions: [ + { + actions: ['Microsoft.Compute/*'] + notActions: [] + } + ] + + assignableScopes: [ + managementGroup().id + ] + } +} +---- + +include::../../common/fix/extra-mile.adoc[] diff --git a/rules/S6385/azureresourcemanager/how_to_fix_it.adoc b/rules/S6385/azureresourcemanager/how-to-fix-it/json.adoc similarity index 61% rename from rules/S6385/azureresourcemanager/how_to_fix_it.adoc rename to rules/S6385/azureresourcemanager/how-to-fix-it/json.adoc index 65625378e40..a1de8fb9fd7 100644 --- a/rules/S6385/azureresourcemanager/how_to_fix_it.adoc +++ b/rules/S6385/azureresourcemanager/how-to-fix-it/json.adoc @@ -1,6 +1,6 @@ -== How to fix it +== How to fix it in JSON templates -include::../common/fix/rationale.adoc[] +include::../../common/fix/rationale.adoc[] === Code examples @@ -32,26 +32,6 @@ include::../common/fix/rationale.adoc[] } ---- -[source,bicep,diff-id=2,diff-type=noncompliant] ----- -targetScope = 'managementGroup' - -resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sensitive - properties: { - permissions: [ - { - actions: ['*'] - notActions: [] - } - ] - - assignableScopes: [ - managementGroup().id - ] - } -} ----- - ==== Compliant solution [source,json,diff-id=1,diff-type=compliant] @@ -80,22 +60,4 @@ resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sen } ---- -[source,bicep,diff-id=2,diff-type=compliant] ----- -targetScope = 'managementGroup' - -resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { - properties: { - permissions: [ - { - actions: ['Microsoft.Compute/*'] - notActions: [] - } - ] - - assignableScopes: [ - managementGroup().id - ] - } -} ----- +include::../../common/fix/extra-mile.adoc[] diff --git a/rules/S6385/azureresourcemanager/rule.adoc b/rules/S6385/azureresourcemanager/rule.adoc index ce16b355162..3f5b8c4650b 100644 --- a/rules/S6385/azureresourcemanager/rule.adoc +++ b/rules/S6385/azureresourcemanager/rule.adoc @@ -8,9 +8,9 @@ include::../common/description.adoc[] include::../common/impact/description.adoc[] -include::how_to_fix_it.adoc[] +include::how-to-fix-it/json.adoc[] -include::../common/fix/extra-mile.adoc[] +include::how-to-fix-it/bicep.adoc[] include::../see.adoc[] diff --git a/rules/S6385/see.adoc b/rules/S6385/see.adoc index 5b9e2de7b5e..dfd1a65045a 100644 --- a/rules/S6385/see.adoc +++ b/rules/S6385/see.adoc @@ -7,7 +7,4 @@ === Standards -* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] -* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] -* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html[Top 10 2017 Category A5 - Broken Access Control] * CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] \ No newline at end of file diff --git a/rules/S6387/see.adoc b/rules/S6387/see.adoc index 217c693e873..92f393f9184 100644 --- a/rules/S6387/see.adoc +++ b/rules/S6387/see.adoc @@ -1,8 +1,5 @@ == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] - Incorrect Privilege Assignment +* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] * https://docs.microsoft.com/en-us/azure/role-based-access-control/scope-overview[Azure Documentation] - Understand scope for Azure RBAC * https://docs.microsoft.com/en-us/azure/role-based-access-control/best-practices[Azure Documentation] - Best practices for Azure RBAC \ No newline at end of file diff --git a/rules/S6388/see.adoc b/rules/S6388/see.adoc index 04be82e838d..615d26f78f1 100644 --- a/rules/S6388/see.adoc +++ b/rules/S6388/see.adoc @@ -1,12 +1,7 @@ == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://docs.aws.amazon.com/efs/latest/ug/encryption.html[Data encryption in Amazon EFS] -* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] * https://learn.microsoft.com/en-us/azure/backup/backup-encryption[Encryption in Azure Backup] * https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-security[Security in Azure Database for MySQL] * https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-security[Security in Azure Database for PostgreSQL] diff --git a/rules/S6389/text/rule.adoc b/rules/S6389/text/rule.adoc index d8439d4c192..7db6274db8c 100644 --- a/rules/S6389/text/rule.adoc +++ b/rules/S6389/text/rule.adoc @@ -63,7 +63,7 @@ def subtract_funds(account: str, amount: int): * https://en.wikipedia.org/wiki/Bidirectional_text[Wikipedia] - Bidirectional Text * https://www.trojansource.codes/trojan-source.pdf[Trojan Source Report] * https://www.trojansource.codes/trojan-source.pdf#page=15[Trojan Source Report] - IDEs revealing hidden characters -* https://cwe.mitre.org/data/definitions/94[MITRE, CWE-94] - Improper Control of Generation of Code ('Code Injection') +* CWE - https://cwe.mitre.org/data/definitions/94[CWE-94 - Improper Control of Generation of Code ('Code Injection')] ifdef::env-github,rspecator-view[] diff --git a/rules/S6390/common/resources/standards.adoc b/rules/S6390/common/resources/standards.adoc index 2321160186b..45b75363f88 100644 --- a/rules/S6390/common/resources/standards.adoc +++ b/rules/S6390/common/resources/standards.adoc @@ -1,5 +1,7 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/400[MITRE, CWE-400] - Uncontrolled Resource Consumption +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6390/metadata.json b/rules/S6390/metadata.json index d988a515529..7350f778fc9 100644 --- a/rules/S6390/metadata.json +++ b/rules/S6390/metadata.json @@ -37,6 +37,10 @@ "12.1.1", "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609", + "V-222667" ] }, "defaultSeverity": "Critical", diff --git a/rules/S6391/cfamily/rule.adoc b/rules/S6391/cfamily/rule.adoc index f67c5c7dc2c..8ddf21fe669 100644 --- a/rules/S6391/cfamily/rule.adoc +++ b/rules/S6391/cfamily/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Coroutines, introduced in C++20, are functions in which execution can be suspended and resumed. +Coroutines, introduced in {cpp}20, are functions in which execution can be suspended and resumed. When a coroutine resumes, it takes over where it left thanks to the coroutine state. A _coroutine state_ is an object which contains all the information a coroutine needs to resume its execution correctly: diff --git a/rules/S6395/java/metadata.json b/rules/S6395/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S6395/java/metadata.json +++ b/rules/S6395/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S6396/java/metadata.json b/rules/S6396/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S6396/java/metadata.json +++ b/rules/S6396/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S6397/java/metadata.json b/rules/S6397/java/metadata.json index 2c63c085104..f4b27f0bb34 100644 --- a/rules/S6397/java/metadata.json +++ b/rules/S6397/java/metadata.json @@ -1,2 +1,3 @@ { + "scope": "Main" } diff --git a/rules/S6398/common/resources/standards.adoc b/rules/S6398/common/resources/standards.adoc index feb72408749..7c797513009 100644 --- a/rules/S6398/common/resources/standards.adoc +++ b/rules/S6398/common/resources/standards.adoc @@ -1,6 +1,7 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/76[MITRE, CWE-76] - Improper Neutralization of Equivalent Special Elements \ No newline at end of file +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/76[CWE-76 - Improper Neutralization of Equivalent Special Elements] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6398/java/how-to-fix-it/spring.adoc b/rules/S6398/java/how-to-fix-it/spring.adoc new file mode 100644 index 00000000000..f9231d497b8 --- /dev/null +++ b/rules/S6398/java/how-to-fix-it/spring.adoc @@ -0,0 +1,44 @@ +== How to fix it in Spring + +=== Code examples + +include::../../common/fix/code-rationale.adoc[] + +In this example a json string is parsed using the `BasicJsonParser` class from the `org.springframework.boot.json` package. This class is used to parse JSON strings into a `Map` object. Since the attacker can control the json string they can control the keys and values of the `Map` object. + +==== Noncompliant code example + +[source,java,diff-id=31,diff-type=noncompliant] +---- +import java.util.Map; +import org.springframework.boot.json.BasicJsonParser; + +@GetMapping("/example") +public Map example(@RequestParam String input) { + BasicJsonParser parser = new BasicJsonParser(); + String json = String.format("{\"key\":\"%s\"}", input); + return parser.parseMap(json); // Noncompliant +} +---- + +==== Compliant solution + +[source,java,diff-id=31,diff-type=compliant] +---- +import java.util.Map; + +@GetMapping("/example") +public Map example(@RequestParam String input) { + return Map.of("key", input); +} +---- + +=== How does this work? + +include::../../common/fix/introduction.adoc[] + +include::../../common/fix/object.adoc[] + +The example compliant code skips the use of a JSON parser and directly adds the user controlled data into a `Map` object. This way the attacker cannot control the keys and values of the `Map` object. + +include::../../common/fix/casting.adoc[] diff --git a/rules/S6398/java/metadata.json b/rules/S6398/java/metadata.json index fda4c996d41..af9aaf743bb 100644 --- a/rules/S6398/java/metadata.json +++ b/rules/S6398/java/metadata.json @@ -35,6 +35,9 @@ "ASVS 4.0": [ "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultSeverity": "Major", diff --git a/rules/S6398/java/rule.adoc b/rules/S6398/java/rule.adoc index 817178f5004..eaa7da72f18 100644 --- a/rules/S6398/java/rule.adoc +++ b/rules/S6398/java/rule.adoc @@ -65,6 +65,8 @@ include::how-to-fix-it/gson.adoc[] include::how-to-fix-it/fasterxml.adoc[] +include::how-to-fix-it/spring.adoc[] + == Resources include::../common/resources/docs.adoc[] diff --git a/rules/S6399/common/resources/standards.adoc b/rules/S6399/common/resources/standards.adoc index 472024e653f..2fe8e557466 100644 --- a/rules/S6399/common/resources/standards.adoc +++ b/rules/S6399/common/resources/standards.adoc @@ -1,6 +1,8 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/91[MITRE, CWE-91] - XML Injection (aka Blind XPath Injection) \ No newline at end of file +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/91[CWE-91 - XML Injection (aka Blind XPath Injection)] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6399/metadata.json b/rules/S6399/metadata.json index 178860d97c8..780655fe034 100644 --- a/rules/S6399/metadata.json +++ b/rules/S6399/metadata.json @@ -36,6 +36,10 @@ "5.1.3", "5.1.4", "5.3.10" + ], + "STIG ASD_V5R3": [ + "V-222608", + "V-222609" ] }, "defaultSeverity": "Major", @@ -51,4 +55,4 @@ ], "quickfix": "unknown" } - \ No newline at end of file + diff --git a/rules/S6400/terraform/rule.adoc b/rules/S6400/terraform/rule.adoc index d05b7caf5b8..46f8388d46b 100644 --- a/rules/S6400/terraform/rule.adoc +++ b/rules/S6400/terraform/rule.adoc @@ -123,9 +123,7 @@ resource "google_cloud_run_service_iam_member" "example" { == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] ifdef::env-github,rspecator-view[] diff --git a/rules/S6401/terraform/rule.adoc b/rules/S6401/terraform/rule.adoc index e3be715cdb8..3689586cd69 100644 --- a/rules/S6401/terraform/rule.adoc +++ b/rules/S6401/terraform/rule.adoc @@ -35,8 +35,6 @@ resource "google_kms_crypto_key" "compliant-key" { == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration * https://cloud.google.com/kms/docs/key-rotation[GCP Documentation] - KMS Key rotation diff --git a/rules/S6402/terraform/rule.adoc b/rules/S6402/terraform/rule.adoc index dc40b13cac2..7e4e1087fc4 100644 --- a/rules/S6402/terraform/rule.adoc +++ b/rules/S6402/terraform/rule.adoc @@ -55,11 +55,9 @@ resource "google_dns_managed_zone" "example" { == See -* https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[OWASP Top 10 2021 Category A8] - Software and Data Integrity Failures -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration * https://cloud.google.com/dns/docs/dnssec-config[GCP Documentation] - Manage DNSSEC configuration -* https://cwe.mitre.org/data/definitions/345[MITRE, CWE-345] - Insufficient Verification of Data Authenticity -* https://cwe.mitre.org/data/definitions/353[MITRE, CWE-353] - Missing Support for Integrity Check +* CWE - https://cwe.mitre.org/data/definitions/345[CWE-345 - Insufficient Verification of Data Authenticity] +* CWE - https://cwe.mitre.org/data/definitions/353[CWE-353 - Missing Support for Integrity Check] ifdef::env-github,rspecator-view[] diff --git a/rules/S6403/terraform/rule.adoc b/rules/S6403/terraform/rule.adoc index 92941eb47ff..0790b3bd9eb 100644 --- a/rules/S6403/terraform/rule.adoc +++ b/rules/S6403/terraform/rule.adoc @@ -60,10 +60,8 @@ resource "google_sql_database_instance" "example" { == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data -* https://cwe.mitre.org/data/definitions/79[MITRE, CWE-319] - Cleartext Transmission of Sensitive Information +* CWE - https://cwe.mitre.org/data/definitions/311[CWE-311 - Missing Encryption of Sensitive Data] +* CWE - https://cwe.mitre.org/data/definitions/79[CWE-319 - Cleartext Transmission of Sensitive Information] * https://cloud.google.com/sql/docs/mysql/authorize-ssl[GCP Documentation] - Cloud SQL: Authorizing with SSL/TLS certificates diff --git a/rules/S6404/terraform/metadata.json b/rules/S6404/terraform/metadata.json index 89ead763b6a..884b1302429 100644 --- a/rules/S6404/terraform/metadata.json +++ b/rules/S6404/terraform/metadata.json @@ -37,6 +37,9 @@ ], "PCI DSS 4.0": [ "6.2.4" + ], + "STIG ASD_V5R3": [ + "V-222620" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6404/terraform/rule.adoc b/rules/S6404/terraform/rule.adoc index 51a0583d456..a6be4946a5c 100644 --- a/rules/S6404/terraform/rule.adoc +++ b/rules/S6404/terraform/rule.adoc @@ -119,9 +119,8 @@ resource "google_container_cluster" "example" { == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Boken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222620[Application Security and Development: V-222620] - Application web servers must be on a separate network segment from the application and database servers. ifdef::env-github,rspecator-view[] diff --git a/rules/S6405/terraform/rule.adoc b/rules/S6405/terraform/rule.adoc index 8d524819984..d4b8d48ac00 100644 --- a/rules/S6405/terraform/rule.adoc +++ b/rules/S6405/terraform/rule.adoc @@ -62,11 +62,9 @@ resource "google_compute_instance" "example" { == See -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] - Incorrect Privilege Assignment -* https://cwe.mitre.org/data/definitions/269[MITRE, CWE-269] - Improper Privilege Management -* https://cwe.mitre.org/data/definitions/272[MITRE, CWE-272] - Least Privilege Violation +* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 - Incorrect Privilege Assignment] +* CWE - https://cwe.mitre.org/data/definitions/269[CWE-269 - Improper Privilege Management] +* CWE - https://cwe.mitre.org/data/definitions/272[CWE-272 - Least Privilege Violation] * https://cloud.google.com/compute/docs/connect/restrict-ssh-keys#remove-metadata-key[GCP Documentation] - Restrict SSH keys from VMs * https://cloud.google.com/compute/docs/instances/access-overview#risks[GCP Documentation] - Risks of manual key management diff --git a/rules/S6406/terraform/rule.adoc b/rules/S6406/terraform/rule.adoc index 6998a59403a..d6120d34c15 100644 --- a/rules/S6406/terraform/rule.adoc +++ b/rules/S6406/terraform/rule.adoc @@ -106,9 +106,7 @@ resource "google_project_iam_custom_role" "example" { * https://cloud.google.com/iam/docs/recommender-overview[GCP Docs] - Enforce least privilege with role recommendations * https://cloud.google.com/iam/docs/manage-policy-insights[GCP Docs] - Security Insights -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Boken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] ifdef::env-github,rspecator-view[] diff --git a/rules/S6407/terraform/rule.adoc b/rules/S6407/terraform/rule.adoc index eede8d92ee3..4f474040287 100644 --- a/rules/S6407/terraform/rule.adoc +++ b/rules/S6407/terraform/rule.adoc @@ -63,11 +63,8 @@ resource "google_app_engine_standard_app_version" "example" { == See -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor -* https://cwe.mitre.org/data/definitions/319[MITRE, CWE-319] - Cleartext Transmission of Sensitive Information +* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] +* CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information] * https://cloud.google.com/appengine/docs/standard/nodejs/application-security[GCP Documentation] - Overview of App Security diff --git a/rules/S6408/terraform/rule.adoc b/rules/S6408/terraform/rule.adoc index f8785be8133..a3774e44466 100644 --- a/rules/S6408/terraform/rule.adoc +++ b/rules/S6408/terraform/rule.adoc @@ -147,9 +147,7 @@ resource "google_project_iam_custom_role" "example" { * https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/[Rhino Security Labs] - Privilege Escalation in Google Cloud Platform - Part 2 (Non-IAM) * https://www.praetorian.com/blog/google-cloud-platform-gcp-service-account-based-privilege-escalation-paths/[Praetorian] - Google Cloud Platform (GCP) Service Account-based Privilege Escalation paths * https://cloud.google.com/iam/docs/manage-policy-insights[GCP Docs] - Security Insights -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Boken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] ifdef::env-github,rspecator-view[] diff --git a/rules/S6409/terraform/rule.adoc b/rules/S6409/terraform/rule.adoc index f210a4f8ad8..8c72add0c2a 100644 --- a/rules/S6409/terraform/rule.adoc +++ b/rules/S6409/terraform/rule.adoc @@ -38,9 +38,7 @@ resource "google_container_cluster" "example" { == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Boken Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Boken Access Control -* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] * https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#leave_abac_disabled[Google Cloud Documentation] - Hardening your cluster's security ifdef::env-github,rspecator-view[] diff --git a/rules/S6410/terraform/rule.adoc b/rules/S6410/terraform/rule.adoc index 10b7f7d4f5c..9c21ef9e259 100644 --- a/rules/S6410/terraform/rule.adoc +++ b/rules/S6410/terraform/rule.adoc @@ -58,11 +58,7 @@ If the ``++MODERN++`` or ``++COMPATIBLE++`` profiles must be used so that older === Standards -* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] -* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] -* OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] -* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] -* MITRE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] +* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] === External coding guidelines diff --git a/rules/S6411/java/metadata.json b/rules/S6411/java/metadata.json index 780e5ac78e7..a2160dd1f88 100644 --- a/rules/S6411/java/metadata.json +++ b/rules/S6411/java/metadata.json @@ -12,12 +12,11 @@ "func": "Constant\/Issue", "constantCost": "30min" }, - "tags": [ - ], + "tags": [], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6411", "sqKey": "S6411", - "scope": "All", + "scope": "Main", "defaultQualityProfiles": [], "quickfix": "unknown" } diff --git a/rules/S6412/terraform/rule.adoc b/rules/S6412/terraform/rule.adoc index 0acbd6e8bd3..f782f5baa43 100644 --- a/rules/S6412/terraform/rule.adoc +++ b/rules/S6412/terraform/rule.adoc @@ -43,9 +43,7 @@ resource "google_storage_bucket" "example" { == See -* https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[OWASP Top 10 2021 Category A5] - Security Misconfiguration * https://cloud.google.com/storage/docs/object-versioning?hl=en[GCP documentation] - Object Versioning -* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration ifdef::env-github,rspecator-view[] diff --git a/rules/S6414/terraform/rule.adoc b/rules/S6414/terraform/rule.adoc index 7fd405da3e3..b766af383de 100644 --- a/rules/S6414/terraform/rule.adoc +++ b/rules/S6414/terraform/rule.adoc @@ -46,8 +46,6 @@ resource "google_project_iam_audit_config" "example" { == See -* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures -* https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring.html[OWASP Top 10 2017 Category A10] - Insufficient Logging & Monitoring * https://cloud.google.com/logging/docs/audit[GCP Documentation] - Cloud Audit Logs overview diff --git a/rules/S6416/java/rule.adoc b/rules/S6416/java/rule.adoc index bf1fb8335f7..2754bd8a261 100644 --- a/rules/S6416/java/rule.adoc +++ b/rules/S6416/java/rule.adoc @@ -31,15 +31,15 @@ include::../../../shared_content/layc/exception-impact.adoc[] * @param temp the temperature in Celsius, between 0 and 250 (inclusive) * @throws IllegalArgumentException if the temperature is outside of the supported range */ -void setOvenTemperature(int temp) { +private void setOvenTemperature(int temp) { if (temp < 0 || temp > 250) { throw new IllegalArgumentException(); } // ... } -void caller() { - setOvenTemperature(-3); +void finishCooking() { + setOvenTemperature(-3); // Noncompliant } ---- @@ -52,15 +52,15 @@ void caller() { * @param temp the temperature in Celsius, between 0 and 250 (inclusive) * @throws IllegalArgumentException if the temperature is outside of the supported range */ -void setOvenTemperature(int temp) { +private void setOvenTemperature(int temp) { if (temp < 0 || temp > 250) { throw new IllegalArgumentException(); } // ... } -void caller() { - setOvenTemperature(180); +void finishCooking() { + setOvenTemperature(0); } ---- diff --git a/rules/S6417/python/rule.adoc b/rules/S6417/python/rule.adoc index 78d9199157e..1434027c8f5 100644 --- a/rules/S6417/python/rule.adoc +++ b/rules/S6417/python/rule.adoc @@ -19,7 +19,8 @@ If you still want to modify the collection, it is best to use a second collectio [source,python,diff-id=1,diff-type=noncompliant] ---- -def my_fun(my_dict): +def my_fun(): + my_dict = {'a': 1, 'b': 2, 'c': 3} for key in my_dict: if my_dict[key] == 'foo': my_dict.pop(key) # Noncompliant: this will make the iteration unreliable @@ -29,7 +30,8 @@ def my_fun(my_dict): [source,python,diff-id=1,diff-type=compliant] ---- -def my_fun(my_dict): +def my_fun(): + my_dict = {'a': 1, 'b': 2, 'c': 3} for key in list(my_dict.keys()): if my_dict[key] == 'foo': my_dict.pop(key) diff --git a/rules/S6418/cfamily/metadata.json b/rules/S6418/cfamily/metadata.json new file mode 100644 index 00000000000..1ca501ab27b --- /dev/null +++ b/rules/S6418/cfamily/metadata.json @@ -0,0 +1,32 @@ +{ + "tags": [ + "cwe", + "cert" + ], + "securityStandards": { + "CERT": [ + "MSC03-J." + ], + "CWE": [ + 798 + ], + "OWASP": [ + "A2" + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" + ] + }, + "quickfix": "infeasible" +} diff --git a/rules/S6418/cfamily/rule.adoc b/rules/S6418/cfamily/rule.adoc new file mode 100644 index 00000000000..c166816a68f --- /dev/null +++ b/rules/S6418/cfamily/rule.adoc @@ -0,0 +1,34 @@ +:detections: variables/fields +:sensibility: 5 + +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +[source,cpp] +---- +char const *mySecret = "47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37"; +---- + + + +include::../see.adoc[] + +* MSC - https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[MSC03-J - Never hard code sensitive information] + + +ifdef::env-github,rspecator-view[] +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6418/csharp/metadata.json b/rules/S6418/csharp/metadata.json new file mode 100644 index 00000000000..1ca501ab27b --- /dev/null +++ b/rules/S6418/csharp/metadata.json @@ -0,0 +1,32 @@ +{ + "tags": [ + "cwe", + "cert" + ], + "securityStandards": { + "CERT": [ + "MSC03-J." + ], + "CWE": [ + 798 + ], + "OWASP": [ + "A2" + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" + ] + }, + "quickfix": "infeasible" +} diff --git a/rules/S6418/csharp/rule.adoc b/rules/S6418/csharp/rule.adoc new file mode 100644 index 00000000000..40c53a83a07 --- /dev/null +++ b/rules/S6418/csharp/rule.adoc @@ -0,0 +1,31 @@ +:detections: variables/fields/properties +:sensibility: 3 + +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +[source,csharp] +---- +const string mySecret = "47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37"; +---- + +include::../see.adoc[] + +* MSC - https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[MSC03-J - Never hard code sensitive information] + +ifdef::env-github,rspecator-view[] +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6418/description.adoc b/rules/S6418/description.adoc index bb24c43ee26..7440fe66992 100644 --- a/rules/S6418/description.adoc +++ b/rules/S6418/description.adoc @@ -9,6 +9,6 @@ In the past, it has led to the following vulnerabilities: Secrets should be stored outside of the source code in a configuration file or a management service for secrets. -This rule detects variables/fields having a name matching a list of words (secret, token, credential, auth, api[_.-]?key) being assigned a pseudorandom hard-coded value. +This rule detects {detections} having a name matching a list of words (secret, token, credential, auth, api[_.-]?key) being assigned a pseudorandom hard-coded value. The pseudorandomness of the hard-coded value is based on its entropy and the probability to be human-readable. The randomness sensibility can be adjusted if needed. Lower values will detect less random values, raising potentially more false positives. diff --git a/rules/S6418/java/rule.adoc b/rules/S6418/java/rule.adoc index dd84cda13e8..886dddc613d 100644 --- a/rules/S6418/java/rule.adoc +++ b/rules/S6418/java/rule.adoc @@ -1,3 +1,6 @@ +:detections: variables/fields +:defaultsensibility: 5 + include::../description.adoc[] include::../ask-yourself.adoc[] @@ -17,7 +20,7 @@ public static void main(String[] args) { == Compliant Solution -Using https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/secretsmanager[AWS Secrets Manager]: +Using https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/secrets-manager[AWS Secrets Manager]: [source,java] ---- @@ -73,12 +76,10 @@ public static void doSomething(SecretClient secretClient, String secretName) { ---- -== See +include::../see.adoc[] + +* MSC - https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[MSC03-J - Never hard code sensitive information] -* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures -* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication -* https://cwe.mitre.org/data/definitions/798.html[MITRE, CWE-798] - Use of Hard-coded Credentials -* https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[CERT, MSC03-J.] - Never hard code sensitive information ifdef::env-github,rspecator-view[] ''' @@ -87,6 +88,7 @@ ifdef::env-github,rspecator-view[] include::../message.adoc[] + include::../parameters.adoc[] ''' diff --git a/rules/S6418/javascript/metadata.json b/rules/S6418/javascript/metadata.json new file mode 100644 index 00000000000..bb3d04f385c --- /dev/null +++ b/rules/S6418/javascript/metadata.json @@ -0,0 +1,3 @@ +{ + "quickfix": "infeasible" +} diff --git a/rules/S6418/javascript/rule.adoc b/rules/S6418/javascript/rule.adoc new file mode 100644 index 00000000000..0488d7cfdc3 --- /dev/null +++ b/rules/S6418/javascript/rule.adoc @@ -0,0 +1,52 @@ +:detections: variables/fields +:defaultsensibility: 5 + +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +[source,javascript] +---- +const API_KEY = "1234567890abcdef" // Hard-coded secret (bad practice) + +const response = await fetch("https://api.my-service/v1/users", { + headers: { + Authorization: `Bearer ${API_KEY}`, + }, +}); +---- + +== Compliant Solution + +[source,javascript] +---- +const API_KEY = process.env.API_KEY; + +const response = await fetch("https://api.my-service/v1/users", { + headers: { + Authorization: `Bearer ${API_KEY}`, + }, +}); +---- + +include::../see.adoc[] + +* MSC - https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[MSC03-J - Never hard code sensitive information] + + +ifdef::env-github,rspecator-view[] +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + + +include::../parameters.adoc[] + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6418/metadata.json b/rules/S6418/metadata.json index a86843959c6..6498a5cc147 100644 --- a/rules/S6418/metadata.json +++ b/rules/S6418/metadata.json @@ -3,7 +3,7 @@ "type": "SECURITY_HOTSPOT", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -16,12 +16,8 @@ "cwe" ], "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] + "replacementRules": [], + "legacyKeys": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6418", diff --git a/rules/S6418/parameters.adoc b/rules/S6418/parameters.adoc index 00cbe306efd..fc24247fae5 100644 --- a/rules/S6418/parameters.adoc +++ b/rules/S6418/parameters.adoc @@ -14,7 +14,7 @@ Comma separated list of words identifying potential secret **** ---- -7 +{sensibility} ---- Allows to tune the Randomness Sensibility (from 0 to 10) diff --git a/rules/S6418/php/metadata.json b/rules/S6418/php/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6418/php/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6418/php/rule.adoc b/rules/S6418/php/rule.adoc new file mode 100644 index 00000000000..df27eace1f7 --- /dev/null +++ b/rules/S6418/php/rule.adoc @@ -0,0 +1,59 @@ +:detectson: variables/fields +:defaultsensibility: 5 + +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +[source,php,diff-id=1,diff-type=noncompliant] +---- +$secret = '47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37'; +MyClass->callMyService($secret); +---- + +== Compliant Solution + +Using https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php/example_code/secretsmanager[AWS Secrets Manager]: + +[source,php,diff-id=1,diff-type=compliant] +---- +use Aws\SecretsManager\SecretsManagerClient; +use Aws\Exception\AwsException; +$client = new SecretsManagerClient(...); +$secretName = 'example'; +doSomething($client, $secretName) +function doSomething($client, $secretName) { + try { + $result = $client->getSecretValue([ + 'SecretId' => $secretName, + ]); + } catch (AwsException $e) { + ... + } + if (isset($result['SecretString'])) { + $secret = $result['SecretString']; + } else { + $secret = base64_decode($result['SecretBinary']); + } + // do something with the secret + MyClass->callMyService($secret); +} +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6418/python/metadata.json b/rules/S6418/python/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6418/python/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6418/python/rule.adoc b/rules/S6418/python/rule.adoc new file mode 100644 index 00000000000..8bc97dbe274 --- /dev/null +++ b/rules/S6418/python/rule.adoc @@ -0,0 +1,84 @@ +:detections: variables/fields +:sensibility: 3 + +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +[source,python] +---- +import requests + +API_KEY = "1234567890abcdef" # Hard-coded secret (bad practice) + +def send_api_request(data): + headers = { + "Authorization": f"Bearer {API_KEY}" + } + return requests.post("https://api.example.com", headers=headers, data=data) +---- + +== Compliant Solution + +Using https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/python/example_code/secretsmanager/scenario_get_secret.py[AWS Secrets Manager]: +[source,python] +---- +import boto3 +import logging + +SECRET_NAME = "MY_API_KEY" + +client = boto3.client("secretsmanager") +secret = client.get_secret_value(SecretId=SECRET_NAME) + +def send_api_request(data): + headers = { + "Authorization ": f"Bearer {secret}" + } + return requests.post("https://api.example.com", headers=headers, data=data) +---- + + +Using https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-python?tabs=azure-cli[Azure Key Vault Secret]: +[source,python] +---- +import os +from azure.keyvault.secrets import SecretClient +from azure.identity import DefaultAzureCredential + +SECRET_NAME = "MY_API_KEY" + +keyVaultName = os.environ["KEY_VAULT_NAME"] +KVUri = f"https://{keyVaultName}.vault.azure.net" + +credential = DefaultAzureCredential() +client = SecretClient(vault_url=KVUri, credential=credential) +secret = client.get_secret(SECRET_NAME) + +def send_api_request(data): + headers = { + "Authorization ": f"Bearer {secret.value}" + } + return requests.post("https://api.example.com", headers=headers, data=data) +---- + +include::../see.adoc[] + +* AWS Secrets Manager - https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/secretsmanager[Code Examples] +* Azure Key Vault - https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-python?tabs=azure-cli[Quickstart] + +ifdef::env-github,rspecator-view[] +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../parameters.adoc[] + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6418/see.adoc b/rules/S6418/see.adoc new file mode 100644 index 00000000000..2bbce0cb4db --- /dev/null +++ b/rules/S6418/see.adoc @@ -0,0 +1,5 @@ +== See + +* OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/798[CWE-798 - Use of Hard-coded Credentials] diff --git a/rules/S6422/csharp/metadata.json b/rules/S6422/csharp/metadata.json index 6eba679b033..f377c81b3e8 100644 --- a/rules/S6422/csharp/metadata.json +++ b/rules/S6422/csharp/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "EFFICIENT" }, @@ -20,6 +20,8 @@ "ruleSpecification": "RSPEC-6422", "sqKey": "S6422", "scope": "Main", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "infeasible" } diff --git a/rules/S6423/csharp/metadata.json b/rules/S6423/csharp/metadata.json index 826abee5597..c6578041fef 100644 --- a/rules/S6423/csharp/metadata.json +++ b/rules/S6423/csharp/metadata.json @@ -20,6 +20,11 @@ "ruleSpecification": "RSPEC-6423", "sqKey": "S6423", "scope": "Main", + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222610" + ] + }, "defaultQualityProfiles": [ ], "quickfix": "unknown" } diff --git a/rules/S6423/csharp/rule.adoc b/rules/S6423/csharp/rule.adoc index 66960e8d3fe..b5cad79cd02 100644 --- a/rules/S6423/csharp/rule.adoc +++ b/rules/S6423/csharp/rule.adoc @@ -54,3 +54,5 @@ public static async Task Run( * https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-error-pages?tabs=csharp[Azure Functions error handling and retries] * https://docs.microsoft.com/en-us/azure/azure-functions/functions-monitoring[Monitor Azure Functions] * https://docs.microsoft.com/en-us/azure/azure-monitor/app/azure-functions-supported-features[Application Insights for Azure Functions supported features] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. + diff --git a/rules/S6424/csharp/metadata.json b/rules/S6424/csharp/metadata.json index 329991d9ae6..9dbc7a93a37 100644 --- a/rules/S6424/csharp/metadata.json +++ b/rules/S6424/csharp/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, diff --git a/rules/S6427/cfamily/metadata.json b/rules/S6427/cfamily/metadata.json index bce9407146b..81606b49b58 100644 --- a/rules/S6427/cfamily/metadata.json +++ b/rules/S6427/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "COMPLETE" }, @@ -12,11 +12,15 @@ "func": "Constant\/Issue", "constantCost": "1min" }, - "tags": ["since-c++17" ], + "tags": [ + "since-c++17" + ], "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6427", "sqKey": "S6427", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "covered" } diff --git a/rules/S6428/ansible/metadata.json b/rules/S6428/ansible/metadata.json new file mode 100644 index 00000000000..9e26dfeeb6e --- /dev/null +++ b/rules/S6428/ansible/metadata.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/rules/S6428/ansible/rule.adoc b/rules/S6428/ansible/rule.adoc new file mode 100644 index 00000000000..cec1389b3ac --- /dev/null +++ b/rules/S6428/ansible/rule.adoc @@ -0,0 +1,52 @@ +include::../common/summary.adoc[] + +Process permissions in privileged containers are essentially the same as root permissions on the host. If these processes are +not protected by robust security measures, an attacker who compromises this container might be able to compromise the host as well. +From this point, they are likely to gain the ability to move even further to other managed nodes. + +== Ask Yourself Whether + +* The services of this container are accessible to people who are not administrators of the managed nodes. + +There is a risk if you answered yes to this question. + +include::../common/secure-coding-practices.adoc[] + +== Sensitive Code Example + +[source,yaml] +---- +- name: Example playbook + hosts: server + tasks: + - name: Run container + community.docker.docker_container: + name: container + image: ubuntu:22.04 + privileged: true # Sensitive +---- + +== Compliant Solution + +[source,yaml] +---- +- name: Example playbook + hosts: server + tasks: + - name: Run container + community.docker.docker_container: + name: container + image: ubuntu:22.04 +---- + +include::../common/see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../common/message-highlighting.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S6428/common/message-highlighting.adoc b/rules/S6428/common/message-highlighting.adoc new file mode 100644 index 00000000000..e03fca3b205 --- /dev/null +++ b/rules/S6428/common/message-highlighting.adoc @@ -0,0 +1,7 @@ +=== Message + +Ensure that enabling privileged mode is safe here. + +=== Highlighting + +Highlight `privileged: true`. \ No newline at end of file diff --git a/rules/S6428/common/secure-coding-practices.adoc b/rules/S6428/common/secure-coding-practices.adoc new file mode 100644 index 00000000000..1d83ec3e4c2 --- /dev/null +++ b/rules/S6428/common/secure-coding-practices.adoc @@ -0,0 +1,3 @@ +== Recommended Secure Coding Practices + +Disable privileged mode. \ No newline at end of file diff --git a/rules/S6428/common/see.adoc b/rules/S6428/common/see.adoc new file mode 100644 index 00000000000..191e0f1f97c --- /dev/null +++ b/rules/S6428/common/see.adoc @@ -0,0 +1,3 @@ +== See + +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] \ No newline at end of file diff --git a/rules/S6428/common/summary.adoc b/rules/S6428/common/summary.adoc new file mode 100644 index 00000000000..3467fac61cd --- /dev/null +++ b/rules/S6428/common/summary.adoc @@ -0,0 +1,3 @@ +Running containers in privileged mode can reduce the resilience of a cluster in +the event of a security incident because it weakens the isolation between hosts +and containers. \ No newline at end of file diff --git a/rules/S6428/kubernetes/metadata.json b/rules/S6428/kubernetes/metadata.json index 87e849f47f0..2c63c085104 100644 --- a/rules/S6428/kubernetes/metadata.json +++ b/rules/S6428/kubernetes/metadata.json @@ -1,48 +1,2 @@ { - "title": "Running containers in privileged mode is security-sensitive", - "type": "SECURITY_HOTSPOT", - "code": { - "impacts": { - "SECURITY": "MEDIUM" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "60min" - }, - "tags": [ - "cwe" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6428", - "sqKey": "S6428", - "scope": "Main", - "securityStandards": { - "CWE": [ - 284 - ], - "PCI DSS 3.2": [ - "6.5.8" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "4.1.1", - "4.1.2" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" - ] } diff --git a/rules/S6428/kubernetes/rule.adoc b/rules/S6428/kubernetes/rule.adoc index d46bca1fc9e..103519fd39f 100644 --- a/rules/S6428/kubernetes/rule.adoc +++ b/rules/S6428/kubernetes/rule.adoc @@ -1,6 +1,4 @@ -Running containers in privileged mode can reduce the resilience of a cluster in -the event of a security incident because it weakens the isolation between hosts -and containers. +include::../common/summary.adoc[] Process permissions in privileged containers are essentially the same as root permissions on the host. If these processes are not protected by robust @@ -14,11 +12,9 @@ process. * The services of this Pod are accessible to people who are not administrators of the Kubernetes cluster. -There is a risk if you answered yes to any of those questions. +There is a risk if you answered yes to this question. -== Recommended Secure Coding Practices - -Disable privileged mode. +include::../common/secure-coding-practices.adoc[] == Sensitive Code Example @@ -60,9 +56,7 @@ spec: privileged: false ---- -== See - -* https://cwe.mitre.org/data/definitions/284.html[MITRE, CWE-284] - Improper Access Control +include::../common/see.adoc[] ifdef::env-github,rspecator-view[] @@ -70,12 +64,6 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -=== Message - -Ensure that enabling privileged mode is safe here. - -=== Highlighting - -Highlight `privileged: true`. +include::../common/message-highlighting.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S6428/metadata.json b/rules/S6428/metadata.json index 2c63c085104..87e849f47f0 100644 --- a/rules/S6428/metadata.json +++ b/rules/S6428/metadata.json @@ -1,2 +1,48 @@ { + "title": "Running containers in privileged mode is security-sensitive", + "type": "SECURITY_HOTSPOT", + "code": { + "impacts": { + "SECURITY": "MEDIUM" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "60min" + }, + "tags": [ + "cwe" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6428", + "sqKey": "S6428", + "scope": "Main", + "securityStandards": { + "CWE": [ + 284 + ], + "PCI DSS 3.2": [ + "6.5.8" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "4.1.1", + "4.1.2" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ] } diff --git a/rules/S6429/ansible/metadata.json b/rules/S6429/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6429/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6429/ansible/rule.adoc b/rules/S6429/ansible/rule.adoc new file mode 100644 index 00000000000..d7dd1f7525d --- /dev/null +++ b/rules/S6429/ansible/rule.adoc @@ -0,0 +1,56 @@ +include::../common/summary.adoc[] + + +== Sensitive Code Example +[source,yaml] +---- +- name: Create Pod + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Pod + metadata: + name: test + spec: + containers: + - image: k8s.gcr.io/test-webserver + name: test-container + volumeMounts: + - mountPath: /var/run/docker.sock + name: test-volume + volumes: + - name: test-volume + hostPath: + path: /var/run/docker.sock # Sensitive + type: Socket +---- + +== Compliant Solution +[source,yaml] +---- +- name: Create Pod + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Pod + metadata: + name: test + spec: + containers: + - image: k8s.gcr.io/test-webserver + name: test-container +---- + +include::../common/see.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../common/message-highlighting.adoc[] + + +endif::env-github,rspecator-view[] diff --git a/rules/S6429/common/message-highlighting.adoc b/rules/S6429/common/message-highlighting.adoc new file mode 100644 index 00000000000..8790c8b6f65 --- /dev/null +++ b/rules/S6429/common/message-highlighting.adoc @@ -0,0 +1,8 @@ +=== Message + +Make sure exposing the Docker socket is safe here. + + +=== Highlighting + +* Highlight the whole path if not empty. diff --git a/rules/S6429/common/see.adoc b/rules/S6429/common/see.adoc new file mode 100644 index 00000000000..7a9442d9b5f --- /dev/null +++ b/rules/S6429/common/see.adoc @@ -0,0 +1,5 @@ +== See + +* https://kubernetes.io/docs/concepts/storage/volumes/#hostpath[Kubernetes Documentation] - Volumes +* https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option[Docker Documention] - Daemon socket option +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] diff --git a/rules/S6429/common/summary.adoc b/rules/S6429/common/summary.adoc new file mode 100644 index 00000000000..800f372612a --- /dev/null +++ b/rules/S6429/common/summary.adoc @@ -0,0 +1,16 @@ +Exposing Docker sockets can lead to compromise of the host systems. + +The Docker daemon provides an API to access its functionality, for example through a UNIX domain socket. +Mounting the Docker socket into a container allows the container to control the Docker daemon of the host system, resulting in full access over the whole system. +A compromised or rogue container with access to the Docker socket could endanger the integrity of the whole Kubernetes cluster. + +== Ask Yourself Whether + +* The Pod is untrusted or might contain vulnerabilities. + +There is a risk if you answered yes to this question. + + +== Recommended Secure Coding Practices + +It is recommended to never add a Docker socket as a volume to a Pod. diff --git a/rules/S6429/kubernetes/rule.adoc b/rules/S6429/kubernetes/rule.adoc index 7bb04cd71c1..50acea82713 100644 --- a/rules/S6429/kubernetes/rule.adoc +++ b/rules/S6429/kubernetes/rule.adoc @@ -1,20 +1,4 @@ -Exposing Docker sockets can lead to compromise of the host systems. - -The Docker daemon provides an API to access its functionality, for example through a UNIX domain socket. -Mounting the Docker socket into a container allows the container to control the Docker daemon of the host system, resulting in full access over the whole system. -A compromised or rogue container with access to the Docker socket could endanger the integrity of the whole Kubernetes cluster. - - -== Ask Yourself Whether - -* The Pod is untrusted or might contain vulnerabilities. - -There is a risk if you answered yes to any of those questions. - - -== Recommended Secure Coding Practices - -It is recommended to never add a Docker socket as a volume to a Pod. +include::../common/summary.adoc[] == Sensitive Code Example @@ -51,11 +35,7 @@ spec: name: test-container ---- -== See - -* https://kubernetes.io/docs/concepts/storage/volumes/#hostpath[Kubernetes Documentation] - Volumes -* https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option[Docker Documention] - Daemon socket option -* https://cwe.mitre.org/data/definitions/284.html[MITRE, CWE-284] - Improper Access Control +include::../common/see.adoc[] ifdef::env-github,rspecator-view[] @@ -64,14 +44,7 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -=== Message - -Make sure exposing the Docker socket is safe here. - - -=== Highlighting - -* Highlight the whole path if not empty. +include::../common/message-highlighting.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S6430/ansible/metadata.json b/rules/S6430/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6430/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6430/ansible/rule.adoc b/rules/S6430/ansible/rule.adoc new file mode 100644 index 00000000000..da632f6df37 --- /dev/null +++ b/rules/S6430/ansible/rule.adoc @@ -0,0 +1,84 @@ +include::../description.adoc[] + +== Ask Yourself Whether + +include::../ask-yourself.adoc[] + +== Recommended Secure Coding Practices + +include::../recommended.adoc[] + +== Sensitive Code Example + +[source,yaml] +---- +- name: Create pod + hosts: all + - name: Example + kubernetes.core.k8s: + state: present + namespace: default + definition: + apiVersion: v1 + kind: Pod + metadata: + name: example + spec: + containers: + - name: web + image: nginx + ports: + - name: web + containerPort: 80 + protocol: TCP + securityContext: + allowPrivilegeEscalation: true # Sensitive +---- + +== Compliant Solution + +[source,yaml] +---- +- name: Create pod + hosts: all + - name: Example + kubernetes.core.k8s: + state: present + namespace: default + definition: + apiVersion: v1 + kind: Pod + metadata: + name: example + spec: + containers: + - name: web + image: nginx + ports: + - name: web + containerPort: 80 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false +---- + +== See + +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] +* https://docs.kernel.org/userspace-api/no_new_privs.html[Linux Kernel Archives, no_new_privs] - Official docs + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Make sure that enabling privilege escalation is safe here. + +=== Highlighting + +Highlight `allowPrivilegeEscalation: true`. + +endif::env-github,rspecator-view[] diff --git a/rules/S6430/ask-yourself.adoc b/rules/S6430/ask-yourself.adoc new file mode 100644 index 00000000000..ae10809d076 --- /dev/null +++ b/rules/S6430/ask-yourself.adoc @@ -0,0 +1,4 @@ +* This Pod is accessible to people who are not administrators of the Kubernetes cluster. +* This Pod contains binaries with setuid or setgid capabilities. + +There is a risk if you answered yes to all of these questions. \ No newline at end of file diff --git a/rules/S6430/description.adoc b/rules/S6430/description.adoc new file mode 100644 index 00000000000..66a1d68851f --- /dev/null +++ b/rules/S6430/description.adoc @@ -0,0 +1,15 @@ +Allowing process privilege escalations exposes the Pod to attacks that exploit +setuid binaries. + +This field directly controls whether the `no_new_privs` flag is set in the +container process. + +When this flag is enabled, binaries configured with setuid or setgid bits +cannot change their runtime uid or gid: Potential attackers must rely on other +privilege escalation techniques to successfully operate as root on the Pod. + +Depending on how resilient the Kubernetes cluster and Pods are, attackers can +extend their attack to the cluster by compromising the nodes from which the +cluster started the Pod. + +The `allowPrivilegeEscalation` field should not be set to true unless the Pod's +risks related to setuid or setgid bits have been mitigated. \ No newline at end of file diff --git a/rules/S6430/highlighting.adoc b/rules/S6430/highlighting.adoc new file mode 100644 index 00000000000..b00dabbe453 --- /dev/null +++ b/rules/S6430/highlighting.adoc @@ -0,0 +1 @@ +Highlight `allowPrivilegeEscalation: true`. \ No newline at end of file diff --git a/rules/S6430/kubernetes/metadata.json b/rules/S6430/kubernetes/metadata.json index 96632636ded..2c63c085104 100644 --- a/rules/S6430/kubernetes/metadata.json +++ b/rules/S6430/kubernetes/metadata.json @@ -1,48 +1,2 @@ { - "title": "Allowing process privilege escalations is security-sensitive", - "type": "SECURITY_HOTSPOT", - "code": { - "impacts": { - "SECURITY": "MEDIUM" - }, - "attribute": "COMPLETE" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "60min" - }, - "tags": [ - "cwe" - ], - "extra": { - "replacementRules": [ - - ], - "legacyKeys": [ - - ] - }, - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6430", - "sqKey": "S6430", - "scope": "Main", - "securityStandards": { - "CWE": [ - 284 - ], - "PCI DSS 3.2": [ - "6.5.8" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "4.1.1", - "4.1.2" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" - ] } diff --git a/rules/S6430/kubernetes/rule.adoc b/rules/S6430/kubernetes/rule.adoc index b46a8cc3735..c85aa87b88e 100644 --- a/rules/S6430/kubernetes/rule.adoc +++ b/rules/S6430/kubernetes/rule.adoc @@ -1,29 +1,12 @@ -Allowing process privilege escalations exposes the Pod to attacks that exploit -setuid binaries. - -This field directly controls whether the `no_new_privs` flag is set in the -container process. + -When this flag is enabled, binaries configured with setuid or setgid bits -cannot change their runtime uid or gid: Potential attackers must rely on other -privilege escalation techniques to successfully operate as root on the Pod. - -Depending on how resilient the Kubernetes cluster and Pods are, attackers can -extend their attack to the cluster by compromising the nodes from which the -cluster started the Pod. - -The `allowPrivilegeEscalation` field should not be set to true unless the Pod's -risks related to setuid or setgid bits have been mitigated. +include::../description.adoc[] == Ask Yourself Whether -* This Pod is accessible to people who are not administrators of the Kubernetes cluster. -* This Pod contains binaries with setuid or setgid capabilities. - -There is a risk if you answered yes to all of these questions. +include::../ask-yourself.adoc[] == Recommended Secure Coding Practices -Disable privilege escalation. +include::../recommended.adoc[] == Sensitive Code Example @@ -67,8 +50,7 @@ spec: == See -* https://cwe.mitre.org/data/definitions/284.html[MITRE, CWE-284] - Improper Access Control -* https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt[Linux Kernel Archives, no_new_privs] - Official docs +include::../see.adoc[] ifdef::env-github,rspecator-view[] @@ -78,10 +60,10 @@ ifdef::env-github,rspecator-view[] === Message -Make sure that enabling privilege escalation is safe here. +include::../message.adoc[] === Highlighting -Highlight `allowPrivilegeEscalation: true`. +include::../highlighting.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S6430/message.adoc b/rules/S6430/message.adoc new file mode 100644 index 00000000000..427626d3177 --- /dev/null +++ b/rules/S6430/message.adoc @@ -0,0 +1 @@ +Make sure that enabling privilege escalation is safe here. \ No newline at end of file diff --git a/rules/S6430/metadata.json b/rules/S6430/metadata.json index 2c63c085104..96632636ded 100644 --- a/rules/S6430/metadata.json +++ b/rules/S6430/metadata.json @@ -1,2 +1,48 @@ { + "title": "Allowing process privilege escalations is security-sensitive", + "type": "SECURITY_HOTSPOT", + "code": { + "impacts": { + "SECURITY": "MEDIUM" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "60min" + }, + "tags": [ + "cwe" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6430", + "sqKey": "S6430", + "scope": "Main", + "securityStandards": { + "CWE": [ + 284 + ], + "PCI DSS 3.2": [ + "6.5.8" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "4.1.1", + "4.1.2" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ] } diff --git a/rules/S6430/recommended.adoc b/rules/S6430/recommended.adoc new file mode 100644 index 00000000000..e69de29bb2d diff --git a/rules/S6430/see.adoc b/rules/S6430/see.adoc new file mode 100644 index 00000000000..464bd66a461 --- /dev/null +++ b/rules/S6430/see.adoc @@ -0,0 +1,2 @@ +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] +* https://docs.kernel.org/userspace-api/no_new_privs.html[Linux Kernel Archives, no_new_privs] - Official docs \ No newline at end of file diff --git a/rules/S6431/ansible/metadata.json b/rules/S6431/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6431/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6431/ansible/rule.adoc b/rules/S6431/ansible/rule.adoc new file mode 100644 index 00000000000..d12dddf7dd1 --- /dev/null +++ b/rules/S6431/ansible/rule.adoc @@ -0,0 +1,65 @@ +include::../kubernetes/description.adoc[] + +== Sensitive Code Example + +[source,yaml,diff-id=1,diff-type=noncompliant] +---- +- name: Create a Pod + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Pod + metadata: + name: example + spec: + containers: + - name: web + image: nginx + ports: + - name: web + containerPort: 80 + protocol: TCP + hostPID: true # Sensitive + hostIPC: true # Sensitive + hostNetwork: true # Sensitive +---- + +== Compliant Solution + +[source,yaml,diff-id=1,diff-type=compliant] +---- +- name: Create a Pod + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Pod + metadata: + name: example + spec: + containers: + - name: web + image: nginx + ports: + - name: web + containerPort: 80 + protocol: TCP + hostPID: false + hostIPC: false + hostNetwork: false +---- + +include::../kubernetes/resources.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../kubernetes/message.adoc[] + +include::../kubernetes/highlighting.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S6431/docker/rule.adoc b/rules/S6431/docker/rule.adoc index c259f9d0673..e1e09b8a57b 100644 --- a/rules/S6431/docker/rule.adoc +++ b/rules/S6431/docker/rule.adoc @@ -41,7 +41,7 @@ RUN --network=none wget -O /home/sessions http://127.0.0.1:9000/sessions == See * https://docs.docker.com/build/buildkit/dockerfile-frontend/[Dockerfile reference] - Custom Dockerfile syntax * https://docs.docker.com/engine/reference/builder/#run---network[Dockerfile reference] - RUN --network -* https://cwe.mitre.org/data/definitions/653.html[MITRE, CWE-653] - Improper Isolation or Compartmentalization +* CWE - https://cwe.mitre.org/data/definitions/653[CWE-653 - Improper Isolation or Compartmentalization] ifdef::env-github,rspecator-view[] diff --git a/rules/S6431/kubernetes/description.adoc b/rules/S6431/kubernetes/description.adoc new file mode 100644 index 00000000000..77e7f9a62a8 --- /dev/null +++ b/rules/S6431/kubernetes/description.adoc @@ -0,0 +1,31 @@ +Using host operating system namespaces can lead to compromise of the host systems. + +These attacks would target: + +* host processes +* host inter-process communication (IPC) mechanisms +* network services of the local host system + +These three items likely include systems that support either the internal +operation of the Kubernetes cluster or the enterprise's internal +infrastructure. + +Opening these points to containers opens new attack surfaces for attackers who +have already successfully exploited services exposed by containers. Depending +on how resilient the cluster is, attackers can extend their attack to the +cluster by compromising the nodes from which the cluster started the process. + +Host network sharing could provide a significant performance advantage for +workloads that require critical network performance. However, the successful +exploitation of this attack vector could have a catastrophic impact on +confidentiality within the cluster. + +== Ask Yourself Whether + +* The services of this Pod are accessible to people who are not administrators of the Kubernetes cluster. +* The cluster's services performances do *not* rely on operating system namespaces. + +There is a risk if you answered yes to any of those questions. + +== Recommended Secure Coding Practices + +Do not use host operating system namespaces. diff --git a/rules/S6431/kubernetes/highlighting.adoc b/rules/S6431/kubernetes/highlighting.adoc new file mode 100644 index 00000000000..2e77809f7d0 --- /dev/null +++ b/rules/S6431/kubernetes/highlighting.adoc @@ -0,0 +1,3 @@ +=== Highlighting + +Highlight ``++host___: true++``. diff --git a/rules/S6431/kubernetes/message.adoc b/rules/S6431/kubernetes/message.adoc new file mode 100644 index 00000000000..41d5041f919 --- /dev/null +++ b/rules/S6431/kubernetes/message.adoc @@ -0,0 +1,3 @@ +=== Message + +Make sure it is safe to use host operating system namespaces here. \ No newline at end of file diff --git a/rules/S6431/kubernetes/resources.adoc b/rules/S6431/kubernetes/resources.adoc new file mode 100644 index 00000000000..ad2e6cc17f0 --- /dev/null +++ b/rules/S6431/kubernetes/resources.adoc @@ -0,0 +1,3 @@ +== See + +* CWE - https://cwe.mitre.org/data/definitions/653[CWE-653 - Improper Isolation or Compartmentalization] \ No newline at end of file diff --git a/rules/S6431/kubernetes/rule.adoc b/rules/S6431/kubernetes/rule.adoc index ebdb8409610..d9955a1d022 100644 --- a/rules/S6431/kubernetes/rule.adoc +++ b/rules/S6431/kubernetes/rule.adoc @@ -1,38 +1,8 @@ -Using host operating system namespaces can lead to compromise of the host systems. + -These attacks would target: - -* host processes -* host inter-process communication (IPC) mechanisms -* network services of the local host system - -These three items likely include systems that support either the internal -operation of the Kubernetes cluster or the enterprise's internal -infrastructure. - -Opening these points to containers opens new attack surfaces for attackers who -have already successfully exploited services exposed by containers. Depending -on how resilient the cluster is, attackers can extend their attack to the -cluster by compromising the nodes from which the cluster started the process. - -Host network sharing could provide a significant performance advantage for -workloads that require critical network performance. However, the successful -exploitation of this attack vector could have a catastrophic impact on -confidentiality within the cluster. - -== Ask Yourself Whether - -* The services of this Pod are accessible to people who are not administrators of the Kubernetes cluster. -* The cluster's services performances do *not* rely on operating system namespaces. - -There is a risk if you answered yes to any of those questions. - -== Recommended Secure Coding Practices - -Do not use host operating system namespaces. +include::description.adoc[] == Sensitive Code Example -[source,yaml] +[source,yaml,diff-id=1,diff-type=noncompliant] ---- apiVersion: v1 kind: Pod @@ -53,7 +23,7 @@ spec: == Compliant Solution -[source,yaml] +[source,yaml,diff-id=1,diff-type=compliant] ---- apiVersion: v1 kind: Pod @@ -72,9 +42,7 @@ spec: hostNetwork: false ---- -== See - -* https://cwe.mitre.org/data/definitions/653.html[MITRE, CWE-653] - Improper Isolation or Compartmentalization +include::resources.adoc[] ifdef::env-github,rspecator-view[] @@ -82,13 +50,9 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -=== Message - -Make sure it is safe to use host operating system namespaces here. - -=== Highlighting +include::message.adoc[] -Highlight ``++host___: true++``. +include::highlighting.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S6432/common/resources/standards.adoc b/rules/S6432/common/resources/standards.adoc index 8a9e51ebaca..85130396cec 100644 --- a/rules/S6432/common/resources/standards.adoc +++ b/rules/S6432/common/resources/standards.adoc @@ -1,10 +1,10 @@ === Standards -* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures -* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure -* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements -* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography -* https://cwe.mitre.org/data/definitions/323[MITRE, CWE-323] - Reusing a Nonce, Key Pair in Encryption +* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements] +* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography] +* CWE - https://cwe.mitre.org/data/definitions/323[CWE-323 - Reusing a Nonce, Key Pair in Encryption] * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[NIST, SP-800-38A] - Recommendation for Block Cipher Modes of Operation * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf[NIST, SP-800-38C] - Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf[NIST, SP-800-38D] - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC diff --git a/rules/S6432/message.adoc b/rules/S6432/message.adoc index b64258799d3..b4b532a61a3 100644 --- a/rules/S6432/message.adoc +++ b/rules/S6432/message.adoc @@ -1,8 +1,8 @@ === Message * Primary location -** Use a dynamically-generated initialization vector (IV) to avoid IV-key pair reuse. +** Use a dynamically-generated initialization vector (IV) instead of hardcoded values. * Secondary location ** The initialization vector is configured here. -** The initialization vector is a static value. \ No newline at end of file +** The initialization vector is a static value. diff --git a/rules/S6433/ansible/metadata.json b/rules/S6433/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6433/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6433/ansible/rule.adoc b/rules/S6433/ansible/rule.adoc new file mode 100644 index 00000000000..36f4d766059 --- /dev/null +++ b/rules/S6433/ansible/rule.adoc @@ -0,0 +1,77 @@ +Mounting sensitive file system paths can lead to information disclosure and compromise of the host systems. + +System paths can contain sensitive information like configuration files or cache files. +Those might be used by attackers to expand permissions or to collect information for further attacks. +System paths can also contain binaries and scripts that might be executed by the host system periodically. +A compromised or rogue container with access to sensitive files could endanger the integrity of the whole Kubernetes cluster. + + +== Ask Yourself Whether + +* The mounted file path contains sensitive information. +* The mounted file path contains configuration files or executables that are writable. +* The Pod is untrusted or might contain vulnerabilities. + +There is a risk if you answered yes to any of those questions. + + +== Recommended Secure Coding Practices + +It is recommended to avoid mounting sensitive system file paths into containers. +If it is necessary to mount such a path due to the architecture, the least privileges should be given, for instance by making the mount read-only to prevent unwanted modifications. + + +== Sensitive Code Example +[source,yaml] +---- +--- +- name: Deploy a Container + hosts: all + tasks: + - name: Create and Start Container + community.docker.docker_container: + name: container + image: ubuntu:22.04 + volumes: + - "/etc:/host_etc" # Sensitive +---- + +== Compliant Solution +[source,yaml] +---- +--- +- name: Deploy a Container + hosts: all + tasks: + - name: Create and Start Container + community.docker.docker_container: + name: container + image: ubuntu:22.04 + volumes: + - "/data:/data" +---- + +== See + +* Ansible Community Documentation - https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html[community.docker.docker_container module] +* Ansible Community Documentation - https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html#containers-podman-podman-container-module-manage-podman-containers[containers.podman.podman_container module] +* Ansible Community Documentation - https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.html#kubernetes-core-k8s-module-manage-kubernetes-k8s-objects[kubernetes.core.k8s module] +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-668 - Exposure of Resource to Wrong Sphere] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Make sure mounting the file system path is safe here. + + +=== Highlighting + +* Highlight the whole path if not empty. + + +endif::env-github,rspecator-view[] diff --git a/rules/S6433/kubernetes/metadata.json b/rules/S6433/kubernetes/metadata.json index 2c63c085104..1ce5d975729 100644 --- a/rules/S6433/kubernetes/metadata.json +++ b/rules/S6433/kubernetes/metadata.json @@ -1,2 +1,3 @@ { -} + "defaultQualityProfiles": [] +} \ No newline at end of file diff --git a/rules/S6433/kubernetes/rule.adoc b/rules/S6433/kubernetes/rule.adoc index d4754195db0..75369c7b243 100644 --- a/rules/S6433/kubernetes/rule.adoc +++ b/rules/S6433/kubernetes/rule.adoc @@ -64,7 +64,7 @@ spec: == See * https://kubernetes.io/docs/concepts/storage/volumes/#hostpath[Kubernetes Documentation] - Volumes -* https://cwe.mitre.org/data/definitions/284.html[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-668 - Exposure of Resource to Wrong Sphere] ifdef::env-github,rspecator-view[] diff --git a/rules/S6437/ansible/metadata.json b/rules/S6437/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6437/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6437/ansible/rule.adoc b/rules/S6437/ansible/rule.adoc new file mode 100644 index 00000000000..5b1b09075fa --- /dev/null +++ b/rules/S6437/ansible/rule.adoc @@ -0,0 +1,77 @@ +include::../../../shared_content/secrets/description.adoc[] + +== Why is this an issue? + +include::../../../shared_content/secrets/rationale.adoc[] + +=== What is the potential impact? + +include::../common/impact/rationale.adoc[] + +include::../../../shared_content/secrets/impact/financial_loss.adoc[] + +include::../../../shared_content/secrets/impact/security_downgrade.adoc[] + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,yaml,diff-id=1,diff-type=noncompliant] +---- +- name: Example playbook + hosts: server + tasks: + - name: Add a new user + ansible.builtin.user: + name: admin + uid: 1040 + group: admin + password: hunter2 # Noncompliant +---- + +==== Compliant solution + +[source,yaml,diff-id=1,diff-type=compliant] +---- +- name: Example playbook + hosts: server + tasks: + - name: Add a new user + ansible.builtin.user: + name: admin + uid: 1040 + group: admin + password: "{{ admin_password }}" +---- + +=== How does this work? + +While the noncompliant code example contains a hard-coded password, the compliant solution retrieves the secret's value externally. This avoids storing the password in the source code and allows the password to be different depending on the environment the code runs in. + +Several methods can be used to retrieve the secret value externally. Ansible offers a built-in solution called Ansible Vault. Ansible Vault allows you to encrypt sensitive data and store it in a file. This encrypted file can then be used in your playbooks. + +== Resources + +=== Documentation + +* Ansible - https://docs.ansible.com/ansible/latest/vault_guide/index.html[Protecting sensitive data with Ansible Vault] +* Red Hat - https://www.redhat.com/sysadmin/ansible-playbooks-secrets[Handling secrets in your Ansible playbooks] + +include::../common/resources/standards.adoc[] + +ifdef::env-github,rspecator-view[] +''' +== Implementation Specification +(visible only on this page) + +=== Message +Revoke and change this secret, as it might be compromised. + +=== Highlighting + +Highlight property name and value + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6437/azureresourcemanager/metadata.json b/rules/S6437/azureresourcemanager/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6437/azureresourcemanager/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6437/azureresourcemanager/rule.adoc b/rules/S6437/azureresourcemanager/rule.adoc new file mode 100644 index 00000000000..f5d49138b07 --- /dev/null +++ b/rules/S6437/azureresourcemanager/rule.adoc @@ -0,0 +1,129 @@ +include::../../../shared_content/secrets/description.adoc[] + +== Why is this an issue? + +include::../../../shared_content/secrets/rationale.adoc[] + +=== What is the potential impact? + +include::../common/impact/rationale.adoc[] + +include::../../../shared_content/secrets/impact/financial_loss.adoc[] + +include::../../../shared_content/secrets/impact/security_downgrade.adoc[] + +== How to fix it in JSON templates + +=== Code examples + +==== Noncompliant code example + +[source,json,diff-id=1,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + }, + "resources": [ + { + "type": "Microsoft.Sql/servers", + "apiVersion": "2023-05-01-preview", + "name": "example-database", + "properties": { + "administratorLogin": "admin", + "administratorLoginPassword": "password" + } + } + ] +} +---- + +==== Compliant solution + +[source,json,diff-id=1,diff-type=compliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "adminUsername": { + "type": "securestring" + }, + "adminPassword": { + "type": "securestring" + } + }, + "resources": [ + { + "type": "Microsoft.Sql/servers", + "apiVersion": "2023-05-01-preview", + "name": "example-database", + "properties": { + "administratorLogin": "[parameters('adminUsername')]", + "administratorLoginPassword": "[parameters('adminPassword')]" + } + } + ] +} +---- + +== How to fix it in Bicep + +=== Code examples + +==== Noncompliant code example + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = { + name: 'example-database' + properties: { + administratorLogin: 'admin' + administratorLoginPassword: 'password' + } +} +---- + +==== Compliant solution + +[source,bicep,diff-id=2,diff-type=compliant] +---- +@secure() +param adminLogin string +@secure() +param adminPassword string + +resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = { + name: 'example-database' + properties: { + administratorLogin: adminLogin + administratorLoginPassword: adminPassword + } +} +---- + +== Resources + +=== Documentation + +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices#security-recommendations-for-parameters[ARM template best practices] +* Microsoft - https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/best-practices[Best practices for Bicep] +* Microsoft - https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers?pivots=deployment-language-arm-template[Microsoft.Sql servers documentation] + +include::../common/resources/standards.adoc[] + +ifdef::env-github,rspecator-view[] +''' +== Implementation Specification +(visible only on this page) + +=== Message +Revoke and change this secret, as it might be compromised. + +=== Highlighting + +Highlight property name and value + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6437/common/resources/standards.adoc b/rules/S6437/common/resources/standards.adoc index 63b583867de..e8488b6a7ff 100644 --- a/rules/S6437/common/resources/standards.adoc +++ b/rules/S6437/common/resources/standards.adoc @@ -1,6 +1,6 @@ === Standards * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 - Category A7 - Identification and Authentication Failures] -* OWASP - https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication[Top 10 2017 - Category A2 - Broken Authentication] -* CWE - https://cwe.mitre.org/data/definitions/798.html[CWE-798 - Use of Hard-coded Credentials] -* CWE - https://cwe.mitre.org/data/definitions/259.html[CWE-259 - Use of Hard-coded Password] \ No newline at end of file +* OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 - Category A2 - Broken Authentication] +* CWE - https://cwe.mitre.org/data/definitions/798[CWE-798 - Use of Hard-coded Credentials] +* CWE - https://cwe.mitre.org/data/definitions/259[CWE-259 - Use of Hard-coded Password] diff --git a/rules/S6437/docker/rule.adoc b/rules/S6437/docker/rule.adoc index 1a827e746fe..0e2b1a79f0d 100644 --- a/rules/S6437/docker/rule.adoc +++ b/rules/S6437/docker/rule.adoc @@ -17,6 +17,10 @@ include::../../../shared_content/secrets/impact/financial_loss.adoc[] include::../../../shared_content/secrets/impact/security_downgrade.adoc[] +=== Exceptions + +In multi-stage builds, the rule only scans instructions that are part of the final image. + == How to fix it Best practices recommend using a secret vault for all secrets that must be @@ -90,7 +94,7 @@ services that implement such a feature. If such an option can not be considered, store the runtime secrets in an https://docs.docker.com/compose/env-file/[environment file] such as `.env` and then start the container with the -https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file[`--env-file`] argument: +https://docs.docker.com/engine/reference/commandline/run/#env[`--env-file`] argument: [source,docker] ---- @@ -109,8 +113,8 @@ include::../common/resources/documentation.adoc[] === Standards -* CWE - https://cwe.mitre.org/data/definitions/522.html[CWE-522 - Insufficiently Protected Credentials] -* CWE - https://cwe.mitre.org/data/definitions/798.html[CWE-798 - Use of Hard-coded Credentials] +* CWE - https://cwe.mitre.org/data/definitions/522[CWE-522 - Insufficiently Protected Credentials] +* CWE - https://cwe.mitre.org/data/definitions/798[CWE-798 - Use of Hard-coded Credentials] ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S6437/java/rule.adoc b/rules/S6437/java/rule.adoc index a55b1c2c9e9..b770afa1e3c 100644 --- a/rules/S6437/java/rule.adoc +++ b/rules/S6437/java/rule.adoc @@ -45,7 +45,7 @@ import org.h2.security.SHA256; String inputString = System.getenv("SECRET"); byte[] key = inputString.getBytes(); -SHA256.getHMAC(key, message); // Noncompliant +SHA256.getHMAC(key, message); ---- include::../common/fix/how-it-works.adoc[] diff --git a/rules/S6444/see.adoc b/rules/S6444/see.adoc index 5bc7dfdc2c5..060cb30dc3e 100644 --- a/rules/S6444/see.adoc +++ b/rules/S6444/see.adoc @@ -1,11 +1,11 @@ == See -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/400[MITRE, CWE-400] - Uncontrolled Resource Consumption -* https://cwe.mitre.org/data/definitions/1333[MITRE, CWE-1333] - Inefficient Regular Expression Complexity +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption] +* CWE - https://cwe.mitre.org/data/definitions/1333[CWE-1333 - Inefficient Regular Expression Complexity] * https://www.regular-expressions.info/catastrophic.html[regular-expressions.info] - Runaway Regular Expressions: Catastrophic Backtracking * https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS[owasp.org] - Regular expression Denial of Service - ReDoS -* https://cwe.mitre.org/data/definitions/1333[MITRE, CWE-1333] - Inefficient Regular Expression Complexity +* CWE - https://cwe.mitre.org/data/definitions/1333[CWE-1333 - Inefficient Regular Expression Complexity] * https://docs.microsoft.com/dotnet/standard/base-types/best-practices[docs.microsoft.com] - Best practices for regular expressions in .NET * https://docs.microsoft.com/dotnet/standard/base-types/backtracking-in-regular-expressions[docs.microsoft.com] - Backtracking in Regular Expressions * https://devblogs.microsoft.com/dotnet/regular-expression-improvements-in-dotnet-7/#backtracking-and-regexoptions-nonbacktracking[devblogs.microsoft.com] - Regular Expression Improvements in .NET 7: Backtracking (and RegexOptions.NonBacktracking) diff --git a/rules/S6459/cfamily/rule.adoc b/rules/S6459/cfamily/rule.adoc index 44a56995c1e..d9ad165f0f5 100644 --- a/rules/S6459/cfamily/rule.adoc +++ b/rules/S6459/cfamily/rule.adoc @@ -40,7 +40,8 @@ The rule raises an issue when a forwarding reference parameter is constrained by === Exceptions -The rule does not raise an issue for the `std::ranges::range` concept and its refinements (like `std::ranges::forward_range`, `std::ranges::bidirectional_range`) which are designed to handle forwarding reference parameters. +The rule does not raise an issue for the concepts `std::convertible_to` and `std::ranges::range` with its refinements (like `std::ranges::forward_range`, `std::ranges::bidirectional_range`), +that handle forwarding reference parameters correctly. == How to fix it @@ -88,4 +89,4 @@ auto func2(T&& arg) * {cpp} reference - https://en.cppreference.com/w/cpp/language/reference#Forwarding_references[Forwarding references] * {cpp} reference - https://en.cppreference.com/w/cpp/language/constraints[Constraints and concepts] * {cpp} reference - https://en.cppreference.com/w/cpp/concepts/copy_constructible[`std::copy_constructible` concept] -* {cpp} reference - https://en.cppreference.com/w/cpp/concepts/copyable[`std::copyable` concept] \ No newline at end of file +* {cpp} reference - https://en.cppreference.com/w/cpp/concepts/copyable[`std::copyable` concept] diff --git a/rules/S6463/python/rule.adoc b/rules/S6463/python/rule.adoc index e6489818d58..82d48106d0c 100644 --- a/rules/S6463/python/rule.adoc +++ b/rules/S6463/python/rule.adoc @@ -1,8 +1,6 @@ Allowing unrestricted outbound communications can lead to data leaks. -A restrictive security group is an additional layer of protection that might -prevent the abuse or exploitation of a resource. For example, it complicates the -exfiltration of data in the case of a successfully exploited vulnerability. +When a security group allows all outbound communications, applications or services within the security group can send data to any external IP address or port without restriction. If a resource within the security group becomes compromised, attackers could send malicious traffic or exfiltrate data to external servers. This could happen even if the resource is not directly exposed to the internet, such as in case of a supply chain attack. When deciding if outgoing connections should be limited, consider that limiting the connections results in additional administration and maintenance work. @@ -18,9 +16,9 @@ There is a risk if you answered yes to any of those questions. == Recommended Secure Coding Practices -It is recommended to restrict outgoing connections to a set of trusted -destinations. +The principles of defence-in-depth and least privilege suggest that outbound connections should be restricted to a set of trusted destinations. +Consider restricting the security group egress rules so that it can only contact specific locations, such as trusted IP address ranges or other security groups. If any resources require unrestricted outbound access, place them in their own security group. == Sensitive Code Example @@ -64,10 +62,8 @@ sg.add_egress_rule( == See -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control * https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html[AWS Documentation] - Control traffic to resources using security groups -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control -* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] ifdef::env-github,rspecator-view[] diff --git a/rules/S6466/python/rule.adoc b/rules/S6466/python/rule.adoc index c0be383a677..50c4d9dcfbf 100644 --- a/rules/S6466/python/rule.adoc +++ b/rules/S6466/python/rule.adoc @@ -63,7 +63,8 @@ Accessing a list with its length as the index is never correct: [source,python,diff-id=2,diff-type=noncompliant] ---- -def fun(ls: list[int]): +def fun(): + ls = [1, 2, 3] print(ls[len(ls)]) # Noncompliant: Indexing starts at 0, hence the list length will always be an invalid index. ---- @@ -72,7 +73,8 @@ def fun(ls: list[int]): [source,python,diff-id=2,diff-type=compliant] ---- -def fun(ls: list[int]): +def fun(): + ls = [1, 2, 3] # We can make sure ls is non-empty before trying to access its last element. # Also, the index `len(ls) - 1` or just `-1` will correctly select the last # element within bounds. diff --git a/rules/S6468/python/metadata.json b/rules/S6468/python/metadata.json index f3298b9eb87..34db1ea6e69 100644 --- a/rules/S6468/python/metadata.json +++ b/rules/S6468/python/metadata.json @@ -13,6 +13,8 @@ "constantCost": "5min" }, "tags": [ + "python3", + "error-handling" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6468", diff --git a/rules/S6469/docker/rule.adoc b/rules/S6469/docker/rule.adoc index 71cdad86c88..2f75ac40dfb 100644 --- a/rules/S6469/docker/rule.adoc +++ b/rules/S6469/docker/rule.adoc @@ -79,6 +79,7 @@ expose them to unintended parties. === Standards * CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430[Application Security and Development: V-222430] - The application must execute without excessive account permissions. ifdef::env-github,rspecator-view[] diff --git a/rules/S6469/metadata.json b/rules/S6469/metadata.json index 19f1a9c7f2e..af54383f1ea 100644 --- a/rules/S6469/metadata.json +++ b/rules/S6469/metadata.json @@ -19,6 +19,9 @@ "securityStandards": { "CWE": [ 732 + ], + "STIG ASD_V5R3": [ + "V-222430" ] }, "defaultSeverity": "Critical", diff --git a/rules/S6470/docker/rule.adoc b/rules/S6470/docker/rule.adoc index 2be0a762984..24f926007be 100644 --- a/rules/S6470/docker/rule.adoc +++ b/rules/S6470/docker/rule.adoc @@ -72,8 +72,8 @@ CMD /run.sh * https://docs.docker.com/engine/reference/builder/#copy[Dockerfile reference] - COPY directive * https://docs.docker.com/engine/reference/builder/#add[Dockerfile reference] - ADD directive -* https://cwe.mitre.org/data/definitions/668.html[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere -* https://cwe.mitre.org/data/definitions/497.html[MITRE, CWE-497] - Exposure of Sensitive System Information to an Unauthorized Control Sphere +* CWE - https://cwe.mitre.org/data/definitions/668[CWE-668 - Exposure of Resource to Wrong Sphere] +* CWE - https://cwe.mitre.org/data/definitions/497[CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere] ifdef::env-github,rspecator-view[] diff --git a/rules/S6471/docker/rule.adoc b/rules/S6471/docker/rule.adoc index ae4a176aca5..4f4892351ea 100644 --- a/rules/S6471/docker/rule.adoc +++ b/rules/S6471/docker/rule.adoc @@ -143,7 +143,7 @@ ENTRYPOINT ["/app/production_binary"] == See -* https://cwe.mitre.org/data/definitions/284.html[MITRE, CWE-284] - Improper Access Control +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] * https://hub.docker.com/r/nginxinc/nginx-unprivileged[nginxinc/nginx-unprivileged: Example of a non-root container by default] * https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/container-security#when-to-use-containeradmin-and-containeruser-user-accounts[Microsoft docs, When to use ContainerAdmin and ContainerUser user accounts] diff --git a/rules/S6472/docker/rule.adoc b/rules/S6472/docker/rule.adoc index c84e76d0b11..7e18d28bf6d 100644 --- a/rules/S6472/docker/rule.adoc +++ b/rules/S6472/docker/rule.adoc @@ -82,7 +82,7 @@ ENV ACCESS_TOKEN="" CMD /run.sh ---- -Store the runtime secrets in an https://docs.docker.com/compose/env-file/[environment file] (such as `.env`) and then start the container with the https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file[`--env-file`] argument: +Store the runtime secrets in an https://docs.docker.com/compose/env-file/[environment file] (such as `.env`) and then start the container with the https://docs.docker.com/engine/reference/commandline/run/#env[`--env-file`] argument: [source,docker] ---- @@ -94,7 +94,7 @@ docker run --env-file .env myImage * https://docs.docker.com/engine/reference/builder/#arg[Dockerfile reference] - ARG command * https://docs.docker.com/engine/reference/builder/#run---mounttypesecret[Dockerfile reference] - RUN command secrets mount points * https://docs.docker.com/engine/swarm/secrets/[Docker documentation] - Manage sensitive data with Docker secrets -* https://cwe.mitre.org/data/definitions/522.html[MITRE, CWE-522] - Insufficiently Protected Credentials +* CWE - https://cwe.mitre.org/data/definitions/522[CWE-522 - Insufficiently Protected Credentials] ifdef::env-github,rspecator-view[] diff --git a/rules/S6472/metadata.json b/rules/S6472/metadata.json index 3566b2c3b57..574396a5811 100644 --- a/rules/S6472/metadata.json +++ b/rules/S6472/metadata.json @@ -1,30 +1,32 @@ { - "title": "Using ENV or ARG to handle secrets is security-sensitive", - "type": "SECURITY_HOTSPOT", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "TRUSTWORTHY" + "title": "Using ENV or ARG to handle secrets is security-sensitive", + "type": "SECURITY_HOTSPOT", + "code": { + "impacts": { + "SECURITY": "BLOCKER" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "20min" - }, - "tags": [ - "dockerfile", - "cwe" - ], - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-6472", - "sqKey": "S6472", - "scope": "All", - "securityStandards": { - "CWE": [ - 522 - ] - }, - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "unknown" -} \ No newline at end of file + "attribute": "TRUSTWORTHY" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "20min" + }, + "tags": [ + "dockerfile", + "cwe" + ], + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6472", + "sqKey": "S6472", + "scope": "All", + "securityStandards": { + "CWE": [ + 522 + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S6473/ansible/metadata.json b/rules/S6473/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6473/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6473/ansible/rule.adoc b/rules/S6473/ansible/rule.adoc new file mode 100644 index 00000000000..7006011648d --- /dev/null +++ b/rules/S6473/ansible/rule.adoc @@ -0,0 +1,56 @@ +Exposing administration services can lead to unauthorized access to containers +or escalation of privilege inside of containers. + +Administration services like SSH might contain vulnerabilities, hard-coded +credentials, or other security issues that increase the attack surface of a +container deployment. + +Even if the ports of the services do not get forwarded to the host system, by +default they are reachable from other containers in the same network. A +malicious actor that gets access to one container could use such services to +escalate access and privileges. + +== Ask Yourself Whether + +* The container starts an administration service. + +There is a risk if you answered yes to the question. + + +== Recommended Secure Coding Practices + +* Do not start SSH, VNC, RDP or similar administration services in containers. + + +== Sensitive Code Example + +[source,yaml] +---- +- name: Podman tasks + hosts: server + tasks: + - name: Start SSH server + containers.podman.podman_container: + name: container + image: lscr.io/linuxserver/openssh-server:version-9.7_p1-r4 + publish: + - "22:2222" # Sensitive +---- + +include::../see.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../highlighting.adoc[] + +include::../parameters.adoc[] + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S6473/docker/metadata.json b/rules/S6473/docker/metadata.json index 2c63c085104..9e26dfeeb6e 100644 --- a/rules/S6473/docker/metadata.json +++ b/rules/S6473/docker/metadata.json @@ -1,2 +1 @@ -{ -} +{} \ No newline at end of file diff --git a/rules/S6473/docker/rule.adoc b/rules/S6473/docker/rule.adoc index f74950f00d2..3006ae69e16 100644 --- a/rules/S6473/docker/rule.adoc +++ b/rules/S6473/docker/rule.adoc @@ -1,5 +1,5 @@ -Exposing administration services can lead to unauthorized access of containers -or escalation of privileges inside of containers. +Exposing administration services can lead to unauthorized access to containers +or escalation of privilege inside of containers. A port that is commonly used for administration services is marked as being open through the `EXPOSE` command. Administration services like SSH might contain @@ -41,9 +41,8 @@ EXPOSE 22 CMD ["/usr/sbin/sshd", "-f", "/etc/ssh/sshd_config", "-D"] ---- -== See +include::../see.adoc[] -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control * https://docs.docker.com/engine/reference/builder/#expose[Dockerfile reference] - EXPOSE @@ -53,15 +52,12 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -== Message +include::../message.adoc[] -* Make sure that exposing administration services is safe here. +include::../highlighting.adoc[] -== Highlighting - -Highlight the sensitive port. +include::../parameters.adoc[] ''' endif::env-github,rspecator-view[] - diff --git a/rules/S6473/highlighting.adoc b/rules/S6473/highlighting.adoc new file mode 100644 index 00000000000..d8a46f974e6 --- /dev/null +++ b/rules/S6473/highlighting.adoc @@ -0,0 +1,3 @@ +== Highlighting + +Highlight the sensitive port. \ No newline at end of file diff --git a/rules/S6473/kubernetes/metadata.json b/rules/S6473/kubernetes/metadata.json new file mode 100644 index 00000000000..9e26dfeeb6e --- /dev/null +++ b/rules/S6473/kubernetes/metadata.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/rules/S6473/kubernetes/rule.adoc b/rules/S6473/kubernetes/rule.adoc new file mode 100644 index 00000000000..74f71a9a1cd --- /dev/null +++ b/rules/S6473/kubernetes/rule.adoc @@ -0,0 +1,76 @@ +Exposing administrative services can lead to unauthorized access to pods or escalation of privileges inside pods. + +A port that is commonly used for administration services is open or marked as being open. Administration services like SSH might contain vulnerabilities, hard-coded credentials, or other security issues that increase the attack surface of a Kubernetes deployment. +Even if the ports of the services do not get forwarded to the host system, by default they are reachable from other containers in the same network. A malicious actor that gets access to one container could use such services to escalate access and privileges. + +If the administrative port is forwarded through a load balancer, then in most cases this port should be removed from the configuration to make sure it is not reachable externally. +Setting the `containerPort` on a pod is purely informative. Therefore, removing the property is not sufficient to be secure. The port is still open and the service is still accessible. + +In both cases, it is most secure to not start any administrative services in deployments. Instead, try to access the required information using Kubernetes's own administrative tools. For example, to execute code inside a container, ``kubectl exec`` can be used. If the administration service is included to access logs, Kubernetes suggests using a sidecar container with a logging agent. + + +== Ask Yourself Whether + +* The pod starts an administrative service. + +There is a risk if you answered yes to the question. + + +== Recommended Secure Coding Practices + +* Do not start SSH, VNC, RDP or similar administrative services in pods. + +== Sensitive Code Example + +[source,yaml] +---- +apiVersion: v1 +kind: Pod +metadata: + labels: + app: example_app +spec: + containers: + - name: applications + image: my_image_with_ssh + ports: + - containerPort: 22 # Noncompliant: Merely informative, removing this property does not + # close port 22. +---- + +[source,yaml] +---- +apiVersion: apps/v1 +kind: Service +metadata: + name: example_lb +spec: + type: LoadBalancer + ports: + - port: 8022 + targetPort: 22 # Noncompliant + selector: + app: example_app +---- + +include::../see.adoc[] + +* https://kubernetes.io/docs/concepts/cluster-administration/logging/#sidecar-container-with-logging-agent[Kubernetes] - Logging Architecture: Using a sidecar container with the logging agent + +* https://kubernetes.io/docs/tasks/debug/debug-application/get-shell-running-container/[Kubernetes] - Get a Shell to a Running Container + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../highlighting.adoc[] + +include::../parameters.adoc[] + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S6473/message.adoc b/rules/S6473/message.adoc new file mode 100644 index 00000000000..bb63d33185d --- /dev/null +++ b/rules/S6473/message.adoc @@ -0,0 +1,3 @@ +== Message + +* Make sure that exposing administration services is safe here. diff --git a/rules/S6473/metadata.json b/rules/S6473/metadata.json index f920e474b97..20b1c1f5a7a 100644 --- a/rules/S6473/metadata.json +++ b/rules/S6473/metadata.json @@ -1,5 +1,5 @@ { - "title": "Exposing administration services is security-sensitive", + "title": "Exposing administration services in containers is security-sensitive", "type": "SECURITY_HOTSPOT", "code": { "impacts": { diff --git a/rules/S6473/parameters.adoc b/rules/S6473/parameters.adoc new file mode 100644 index 00000000000..dbefd68ee8d --- /dev/null +++ b/rules/S6473/parameters.adoc @@ -0,0 +1,11 @@ +=== Parameters + +.ports +**** + +---- +22, 23, 3389, 5800, 5900 +---- + +Comma separated list of sensitive ports that expose administration services. +**** diff --git a/rules/S6473/see.adoc b/rules/S6473/see.adoc new file mode 100644 index 00000000000..191e0f1f97c --- /dev/null +++ b/rules/S6473/see.adoc @@ -0,0 +1,3 @@ +== See + +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] \ No newline at end of file diff --git a/rules/S6474/docker/rule.adoc b/rules/S6474/docker/rule.adoc index 5f902e827ce..479a04a8125 100644 --- a/rules/S6474/docker/rule.adoc +++ b/rules/S6474/docker/rule.adoc @@ -210,9 +210,12 @@ RUN make install == See -* https://cwe.mitre.org/data/definitions/384.html[MITRE, CWE-345] - Insufficient Verification of Data Authenticity +* CWE - https://cwe.mitre.org/data/definitions/384[CWE-345 - Insufficient Verification of Data Authenticity] * https://learn.microsoft.com/en-us/windows-hardware/drivers/install/authenticode[Microsoft, Authenticode Digital Signatures] * https://www.linux.com/training-tutorials/pgp-web-trust-core-concepts-behind-trusted-communication/[Linux.com, PGP Web of Trust: Core Concepts Behind Trusted Communication] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222618[Application Security and Development: V-222618] - Unsigned Category 1A mobile code must not be used in the application in accordance with DoD policy. + + ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S6474/metadata.json b/rules/S6474/metadata.json index 8ca3503515c..f267434e33e 100644 --- a/rules/S6474/metadata.json +++ b/rules/S6474/metadata.json @@ -21,6 +21,9 @@ "sqKey": "S6474", "scope": "Main", "securityStandards": { + "STIG ASD_V5R3": [ + "V-222618" + ], "CWE": [ 345 ] diff --git a/rules/S6484/cfamily/rule.adoc b/rules/S6484/cfamily/rule.adoc index 8e313ae64a7..89f669045c8 100644 --- a/rules/S6484/cfamily/rule.adoc +++ b/rules/S6484/cfamily/rule.adoc @@ -1,12 +1,12 @@ == Why is this an issue? -`std::format` accepts a format string composed of ordinary text and replacement fields (surrounded with `{}`) that are replaced with a textual representation of the next `std::format` arguments. +`std::format` accepts a format string composed of ordinary text and replacement fields (surrounded with `{}`) that are replaced with a textual representation of the remaining `std::format` arguments. This allows generating a complex string with a single invocation of `std::format`. Since calls to `std::format` produce string objects, it is possible to concatenate them with other string objects or string literals. However, compared to a single `std::format` invocation with an adjusted format string, this concatenation is inefficient and less readable. -This rule raises an issue when a concatenation an `std::format` invocation can be replaced with a simple `std::format` invocation. +This rule raises an issue when the concatenation performed on the result of `std::format` can be replaced with a single `std::format` invocation. === Noncompliant code example @@ -16,6 +16,16 @@ void formatExamples(std::string str, char const* cstr, int i) { std::string s1 = "You have been greeted " + std::format("{}", i) + " times."; // Noncompliant std::string s2 = "Hello " + std::format("{:*^20}", str) + "! " + std::format("{:->15}", cstr) + '.'; // Noncompliant } +---- + +=== Compliant solution + +[source,cpp] +---- +void formatExamples(std::string str, char const* cstr, int i) { + std::string s1 = std::format("You have been greeted {} times.", i); // Compliant + std::string s2 = std::format("Hello {:*^20}! {:->15}.", str, cstr); // Compliant +} std::string fullName(std::string name, std::string secondName, std::string surname, std::size_t number) { // Compliant, as the formatted output depends on runtime properties @@ -29,14 +39,18 @@ std::string fullName(std::string name, std::string secondName, std::string surna } ---- -=== Compliant solution +== Resources -[source,cpp] ----- -void formatExamples(std::string str, char const* cstr, int i) { - std::string s1 = std::format("You have been greeted {} times.", i); // Compliant - std::string s2 = std::format("Hello {:*^20}! {:->15}.", str, cstr); // Compliant - std::string s3 = std::format("Welcome {:*^20}! {:->15}.", str, cstr); // Compliant -} ----- +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/format/format[`std::format`] + +=== Articles & blog posts + +* {cpp} Stories - https://www.cppstories.com/2022/custom-stdformat-cpp20/[Formatting Custom types with std::format from {cpp}20] + +=== Related rules +* S6185 - "std::format" should be used instead of string concatenation and "std::to_string" +* S6494 - {cpp} formatting functions should be used instead of C printf-like functions +* S6495 - "std::format" should be used instead of standard output manipulators diff --git a/rules/S6485/java/metadata.json b/rules/S6485/java/metadata.json index 966bfda4cc1..5b4f7bba999 100644 --- a/rules/S6485/java/metadata.json +++ b/rules/S6485/java/metadata.json @@ -18,7 +18,9 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6485", "sqKey": "S6485", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "targeted" + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "covered" } diff --git a/rules/S6493/cfamily/metadata.json b/rules/S6493/cfamily/metadata.json index dfbca95a9fe..0e179571179 100644 --- a/rules/S6493/cfamily/metadata.json +++ b/rules/S6493/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" }, @@ -19,6 +19,8 @@ "ruleSpecification": "RSPEC-6493", "sqKey": "S6493", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "targeted" } diff --git a/rules/S6494/cfamily/rule.adoc b/rules/S6494/cfamily/rule.adoc index dbb03714dac..9fc6d1a6402 100644 --- a/rules/S6494/cfamily/rule.adoc +++ b/rules/S6494/cfamily/rule.adoc @@ -1,61 +1,78 @@ == Why is this an issue? -In contrast to C printf-like functions, the `std::format` family of formatting functions provides -a safer and more robust interface for performing text formatting. +In contrast to C printf-like functions, {cpp} provides safer and more robust interfaces for performing text formatting: -Firstly, C++ formatting facilities perform validation of the format string against the type -of the formatted argument. If the validation fails, it is reported as a compilation error -for the calls of `std::format` and via exception for `std::vformat`. +* The `std::format` interface family ({cpp}20) allows formatting text into a string. +* The `std::print` interface family ({cpp}23) allows printing formatted text. + +{cpp} formatting facilities perform validation of the format string against the type of the formatted argument. If the validation fails, it is reported as a compilation error for the calls of `std::print` and `std::format`. When the format string is not available at compile-time, `std::vformat`, `std::vprint_unicode`, and `std::vprint_nonunicode` can be used. They will report failures at runtime by throwing an instance of `std::format_error`. Secondly, the relation between the type and format specifier is more abstract. In particular, `{:d}` can be used to format any integer type, regardless of its size and signedness. Similarly, `{:f}` works for any floating point type. Furthermore, `{}` can be used for any type with default format spec, which makes it usable in the generic context. -Finally, the `std::format` API can be extended to support custom types with the dedicated format specification via -`std::formatter` specializations. +Finally, the text formatting API was designed with adaptability in mind: + +* Formatting of user-defined types is possible with the dedicated format specification via `std::formatter` specializations. + +* The string formatting API provides functions for: + - receiving the formatted text by return - `std::format`. + - writing the formatted text to an output iterator - `std::format_to`. -This rule raises issues for calls of the `sprintf` and `snprintf` functions that can be replaced by the C++ formatting functions. +* The `std::print` API provides function overloads for: + - printing implicitly to the standard output. + - printing to a ``++FILE*++`` handle. + - printing to a `std::ostream&` object. + +This rule raises issues for calls of the `printf`, `fprintf`, `sprintf` and `snprintf` functions that can be replaced by the {cpp} formatting functions. === Noncompliant code example [source,cpp] ---- -void printFunc(char* out, size_t n) { - sprintf(out, "%u %s", 10u, “text”); // Noncompliant +void printTextIntoBuffer(char* out) { + // Assumes the buffer pointed-to by out is large enough + sprintf(out, "%u %s", 10u, "text"); // Noncompliant +} + +void printTextIntoSizedBuffer(char* out, size_t n) { std::snprintf(out, n, "%i %% %LG", 10, 10.0L); // Noncompliant } + +void printToFile(FILE* f) { + printf("%i", 10); // Noncompliant since C++23 + std::fprintf(f, "%f", 10.0); // Noncompliant since C++23 +} ---- === Compliant solution [source,cpp] ---- -void printFunc(char* out) { - std::format_to(out, “{:d} {:s}”, 10u, text); // Compliant - // or - std::format_to(out, “{} {}”, 10u, text); // Compliant - - std::format_to_n(out, ”{:d} % {:G}”, 10, 10.0L); // Compliant - // or - std::format_to_n(out, ”{} % {:G}”, 10, 10.0L); // Compliant +void printTextIntoBuffer(char* out) { + // Assumes the buffer pointed-to by out is large enough + std::format_to(out, "{} {}", 10u, "text"); // Compliant +} +// The function can also be redesigned to deal with memory allocation +// and return a string: +std::string getText() { + return std::format("{} {}", 10u, "text"); // Compliant } ----- -Other printf-like functions are not concerned by this rule: +void printTextIntoSizedBuffer(char* out, size_t n) { + std::format_to_n(out, n, "{} % {:G}", 10, 10.0L); // Compliant +} -[source,cpp] ----- -void printFunc(FILE* f) { - printf("%i", 10); // Compliant, no direct remplacment - std::fprintf(f, "%f", 10.0); // Compliant, no direct remplacment +void printToFile(FILE* f) { + std::print("{}", 10); // Compliant + std::print(f, "{}", 10.0); // Compliant } ---- === Exceptions -The rule does not raise an issue if the format string passed to a printf-like function is computed dynamically -instead of being spelled in the source code: +The rule does not raise an issue if the format string passed to a printf-like function is computed dynamically instead of being spelled in the source code: [source,cpp] ---- @@ -64,6 +81,24 @@ char const* localizedFormatString(unsigned id); snprintf(buffer, localizedFormatString(123), 10, 20) ---- -While `std::vformat` may be used in such cases, it would require a change of the format string, -which may not be actionable. +While `std::vformat` may be used in such cases, it requires changing the format string, which may not be actionable. + + +== Resources + +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/header/format[``] +* {cpp} reference - https://en.cppreference.com/w/cpp/header/print[``] +* {cpp} reference - https://en.cppreference.com/w/cpp/io/basic_ostream/print[`std::print(std::ostream)`] + + +=== Articles & blog posts + +* {cpp} Stories - https://www.cppstories.com/2022/custom-stdformat-cpp20/[Formatting Custom types with std::format from {cpp}20] + +=== Related rules +* S6185 - "std::format" should be used instead of string concatenation and "std::to_string" +* S6484 - Concatenated "std::format" outputs should be replaced by a single invocation +* S6495 - "std::format" should be used instead of standard output manipulators diff --git a/rules/S6495/cfamily/rule.adoc b/rules/S6495/cfamily/rule.adoc index 56464229653..8d2d9613c0c 100644 --- a/rules/S6495/cfamily/rule.adoc +++ b/rules/S6495/cfamily/rule.adoc @@ -1,18 +1,16 @@ == Why is this an issue? -{cpp}20 introduces a new text formatting API with the ```` header, -joining the ``printf`` family of functions -- inherited from C -- and ``iostreams``. -``std::format`` combines the convenience of ``printf``, separating formatting and -arguments, with the type-safety of ``iostreams``. +{cpp}20 introduces a new text formatting API with the ```` header, in addition to the ``printf`` function family -- inherited from C -- and ``iostreams``. +``std::format`` combines the convenience of ``printf``, separating formatting and arguments, with the type-safety of ``iostreams``. +{cpp}23 adds the `` header, which provides similar features that output to a stream instead of generating a string. Before {cpp}20, if you wanted to format an output stream, you had to use standard manipulators that control the output streams. -This approach is very verbose, is often stateful, and is not thread-safe. That is why we recommend replacing them with ``std::format`` -when possible. +This approach is very verbose, is often stateful, and is not thread-safe. That is why we recommend replacing them with ``std::print`` or ``std::format`` when possible. Some manipulators will have a temporary effect on the output. For example, ``std::setw``. This is due to the resetting of the width property of the stream when most of the ``operator<<`` is called. Other manipulators will have a lasting effect on the output. For example, ``std::boolalpha``. It will set the ``boolalpha`` flag of the output stream without resetting it. -This rule raises an issue when an output stream is used with standard manipulators to output a formattable type in a way that can be replaced by ``std::format``. +This rule raises an issue when an output stream is used with standard manipulators to output a formattable type in a way that can be replaced by `std::print` or ``std::format``. You should be careful to avoid undesirable side effects when replacing a manipulator with lasting effects. === Noncompliant code example @@ -39,12 +37,14 @@ int main() { ---- void printBool(bool b) { // Compliant, be aware of the side effect of not setting the boolalpha flag + std::print("{}", b); + // Or, in C++20 std::cout << std::format("{}", b); } void printInt(int b) { // Compliant, no side effect because setw has a temporary effect - std::cout << std::format("{:*>5}", b); + std::print("{:*>5}", b); } void setFlags() { @@ -71,3 +71,20 @@ void printQuoted(std::string_view s) { std::cout << std::quoted(s, '$', '-'); } ---- + +== Resources + +=== Documentation + +* {cpp} reference - https://en.cppreference.com/w/cpp/utility/format/format[`std::format`] +* {cpp} reference - https://en.cppreference.com/w/cpp/header/iomanip[``] + +=== Articles & blog posts + +* {cpp} Stories - https://www.cppstories.com/2022/custom-stdformat-cpp20/[Formatting Custom types with std::format from {cpp}20] + +=== Related rules + +* S6185 - "std::format" should be used instead of string concatenation and "std::to_string" +* S6484 - Concatenated "std::format" outputs should be replaced by a single invocation +* S6494 - {cpp} formatting functions should be used instead of C printf-like functions diff --git a/rules/S6497/docker/metadata.json b/rules/S6497/docker/metadata.json index 7368da79232..2ef5f7e115f 100644 --- a/rules/S6497/docker/metadata.json +++ b/rules/S6497/docker/metadata.json @@ -7,7 +7,7 @@ }, "attribute": "TRUSTWORTHY" }, - "status": "ready", + "status": "deprecated", "remediation": { "func": "Constant\/Issue", "constantCost": "15min" @@ -16,6 +16,11 @@ "dockerfile", "cwe" ], + "extra": { + "replacementRules": [ + "S6596" + ] + }, "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6497", "sqKey": "S6497", diff --git a/rules/S6502/docker/rule.adoc b/rules/S6502/docker/rule.adoc index a3ca2f75dad..d66bef74ea2 100644 --- a/rules/S6502/docker/rule.adoc +++ b/rules/S6502/docker/rule.adoc @@ -55,8 +55,8 @@ RUN --security=sandbox ./example.sh == See -* https://cwe.mitre.org/data/definitions/250[MITRE, CWE-250] - Execution with Unnecessary Privileges -* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control +* CWE - https://cwe.mitre.org/data/definitions/250[CWE-250 - Execution with Unnecessary Privileges] +* CWE - https://cwe.mitre.org/data/definitions/284[CWE-284 - Improper Access Control] * https://docs.docker.com/engine/reference/builder/#run---security[Dockerfile reference] - RUN diff --git a/rules/S6504/docker/rule.adoc b/rules/S6504/docker/rule.adoc index a7a0ae5d6a8..9bee7a41bc4 100644 --- a/rules/S6504/docker/rule.adoc +++ b/rules/S6504/docker/rule.adoc @@ -1,30 +1,28 @@ -Ownership of an executable has been assigned to a user other than root. More -often than not, resource owners have write permissions and thus can edit the -resource. +Ownership or write permissions for a file or directory copied to the Docker image have been assigned to a user other than root. -Write permissions enable malicious actors, who got a foothold on the container, -to tamper with the executable and thus manipulate the container's expected behavior. + -Manipulating executables could disrupt services or aid in escalating privileges -inside the container. + +Write permissions enable malicious actors, who have a foothold on the container, +to tamper with the resource and thus potentially manipulate the container's expected behavior. + +Manipulating files could disrupt services or aid in escalating privileges inside the container. + -This breaches the container immutability principle as it facilitates container +This also breaches the container immutability principle as it facilitates container changes during its life. Immutability, a container best practice, allows for a more reliable and reproducible behavior of Docker containers. -Resource ownership is not required; executables can be assigned execute -permissions using `chmod` if needed. +If a user is given ownership on a file but no write permissions, the user can still modify it by using his ownership to change the file permissions first. This is why both ownership and write permissions should be avoided. == Ask Yourself Whether -* A non-root user has write permissions for the executable. +* A non-root user owns the resource. +* A non-root user has been granted write permissions for the resource. -There is a risk if you answered yes to the question. +There is a risk if you answered yes to any of these questions. == Recommended Secure Coding Practices -* Use `--chmod` to change executable permissions at build-time. +* Use `--chmod` to change the permissions so that only root users can write to files. +* Use `--chown` to change the file/directory owner to a root user. * Be mindful of the container immutability principle. @@ -45,14 +43,14 @@ COPY --chown=exampleuser:exampleuser src.py dst.py ---- FROM example -COPY --chown=root:root --chmod=644 src.py dst.py +COPY --chown=root:root --chmod=755 src.py dst.py ---- == See * https://docs.docker.com/engine/reference/builder/#add[Dockerfile reference] - ADD instruction * https://docs.docker.com/engine/reference/builder/#copy[Dockerfile reference] - COPY instruction -* https://cwe.mitre.org/data/definitions/732.html[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource +* CWE - https://cwe.mitre.org/data/definitions/732[CWE-732 - Incorrect Permission Assignment for Critical Resource] * https://cloud.google.com/architecture/best-practices-for-operating-containers#immutability[Google Cloud, Immutability] - Best practices for operating containers @@ -64,12 +62,12 @@ ifdef::env-github,rspecator-view[] === Message -Make sure no write permissions are assigned to the executable. +Make sure no write permissions are assigned to the copied resource. === Highlighting -Highlight the executable name as primary location and the chown flag/command as secondary location. +Highlight the name of the copied resource as primary location and the chown flag/command as secondary location. ''' endif::env-github,rspecator-view[] diff --git a/rules/S6504/metadata.json b/rules/S6504/metadata.json index 179a628c37e..b696c60c7ff 100644 --- a/rules/S6504/metadata.json +++ b/rules/S6504/metadata.json @@ -1,5 +1,5 @@ { - "title": "Having executables not owned by root is security-sensitive", + "title": "Allowing non-root users to modify resources copied to an image is security-sensitive", "type": "SECURITY_HOTSPOT", "code": { "impacts": { diff --git a/rules/S6505/docker/rule.adoc b/rules/S6505/docker/rule.adoc index 5cf82c8abca..0e58e84bf8c 100644 --- a/rules/S6505/docker/rule.adoc +++ b/rules/S6505/docker/rule.adoc @@ -58,8 +58,8 @@ RUN yarn install --ignore-scripts == See -* https://cwe.mitre.org/data/definitions/506[MITRE, CWE-506] - Embedded Malicious Code -* https://cwe.mitre.org/data/definitions/829[MITRE, CWE-829] - Inclusion of Functionality from Untrusted Control Sphere +* CWE - https://cwe.mitre.org/data/definitions/506[CWE-506 - Embedded Malicious Code] +* CWE - https://cwe.mitre.org/data/definitions/829[CWE-829 - Inclusion of Functionality from Untrusted Control Sphere] * https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes/[ESLint blog] - Postmortem for Malicious Packages Published on July 12th, 2018 diff --git a/rules/S6506/docker/rule.adoc b/rules/S6506/docker/rule.adoc index 124339c4301..553aa911364 100644 --- a/rules/S6506/docker/rule.adoc +++ b/rules/S6506/docker/rule.adoc @@ -86,7 +86,7 @@ RUN wget --secure-protocol=TLSv1_2 --max-redirect=0 -q -O - https://might-redire == See -* https://cwe.mitre.org/data/definitions/757[MITRE, CWE-757] - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') +* CWE - https://cwe.mitre.org/data/definitions/757[CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')] * https://curl.se/docs/manpage.html#--proto[curl.1 the man page] - `--proto ` * https://www.gnu.org/software/wget/manual/wget.html#HTTP-Options[wget - GNU Wget Manual] - `--max-redirect=` * https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#41-encrypt-everything[SSL and TLS Deployment Best Practices] - Encrypt Everything diff --git a/rules/S6507/csharp/rule.adoc b/rules/S6507/csharp/rule.adoc index 07d3d294272..e9d7a01d7f9 100644 --- a/rules/S6507/csharp/rule.adoc +++ b/rules/S6507/csharp/rule.adoc @@ -37,8 +37,8 @@ private void DoSomething() == Resources * https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/lock[Lock Statement] - lock statement - ensure exclusive access to a shared resource -* https://cwe.mitre.org/data/definitions/412[MITRE, CWE-412] - Unrestricted Externally Accessible Lock -* https://cwe.mitre.org/data/definitions/413[MITRE, CWE-413] - Improper Resource Locking +* CWE - https://cwe.mitre.org/data/definitions/412[CWE-412 - Unrestricted Externally Accessible Lock] +* CWE - https://cwe.mitre.org/data/definitions/413[CWE-413 - Improper Resource Locking] ifdef::env-github,rspecator-view[] diff --git a/rules/S6518/kotlin/rule.adoc b/rules/S6518/kotlin/rule.adoc index b54c688d4a2..c6825092322 100644 --- a/rules/S6518/kotlin/rule.adoc +++ b/rules/S6518/kotlin/rule.adoc @@ -13,6 +13,11 @@ This change makes it easier to understand what a function does, because the semantics of indexed access operators is evident to the reader, while for a function call, the reader would need to know what the called function does. +==== Java interop + +The issue is also raised when Java API is used as a Kotlin compiler treats all `get(.)` methods as possible index access operators. Use `CompletableFuture[timeout, unit]` instead of `CompletableFuture.get(timeout, unit)` when accessing Java's `CompletableFuture`. + + == How to fix it Replace `instance.get(index)` with `instance[index]`. diff --git a/rules/S6524/kotlin/metadata.json b/rules/S6524/kotlin/metadata.json new file mode 100644 index 00000000000..d80fd3fde66 --- /dev/null +++ b/rules/S6524/kotlin/metadata.json @@ -0,0 +1,23 @@ +{ + "title": "Collection should be immutable if contents is not changed", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6524", + "sqKey": "S6524", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" +} diff --git a/rules/S6524/kotlin/rule.adoc b/rules/S6524/kotlin/rule.adoc new file mode 100644 index 00000000000..041e50c64af --- /dev/null +++ b/rules/S6524/kotlin/rule.adoc @@ -0,0 +1,100 @@ +== Why is this an issue? + +If a mutable collection type is used but no mutating functions such as `add` or `remove` are ever called, +and the collection instance does not leave the scope of the function, +it can be replaced with the corresponding immutable collection type. + +This is similar to why `val` should be used instead of `var` for local variables that are never re-assigned. + +=== What is the potential impact? + +==== Readability and Understanding + +If an immutable collection type is used, it is evident to the readers that its content is never changed. +This makes it easier to understand the code because readers do not need to keep track of possible state changes of the collection. + +==== Performance + +In some cases, optimized implementation variants of collection classes can be used when the collection is immutable. + +==== Wrong code + +Developers might intend for a collection to remain unchanged and have their code relying on that constraint. +For example, a map could be expected to contain specific elements. +Changing the contents of a collection breaks that constraint. +Also, users of an API might otherwise downcast an immutable collection they got from a library +into a mutable collection, and so cause unforeseen side effects. + +Declare collections that remain unchanged as immutable to avoid these mistakes. + +== How to fix it + +Replace mutable collection type names such as `MutableList` or `MutableMap` +with their immutable equivalents, such as `List` or `map`. + +Replace builder functions that return mutable collection instances, +such as `mutableListOf` with their immutable counterparts, such as `listOf`. + +=== Code examples + +==== Noncompliant code example + +[source,kotlin,diff-id=1,diff-type=noncompliant] +---- +fun sum123(): Int { + val list = mutableListOf(1,2,3) // Noncompliant, can be immutable + return list.reduce { acc, it -> acc + it} +} +---- + +==== Compliant solution + +[source,kotlin,diff-id=1,diff-type=compliant] +---- +fun sum123(): Int { + val list = listOf(1,2,3) // Compliant + return list.reduce { acc, it -> acc + it} +} +---- + +==== Noncompliant code example + +[source,kotlin,diff-id=2,diff-type=noncompliant] +---- +fun sumList(list: MutableList): Int { // Noncompliant, can be immutable + return list.reduce { acc, it -> acc + it} +} +---- + +==== Compliant solution + +[source,kotlin,diff-id=2,diff-type=compliant] +---- +fun sumList(list: List): Int { // Compliant + return list.reduce { acc, it -> acc + it} +} +---- + +==== Noncompliant code example + +[source,kotlin,diff-id=3,diff-type=noncompliant] +---- +fun MutableList.sum(): Int { // Noncompliant, can be immutable + return reduce { acc, it -> acc + it} +} +---- + +==== Compliant solution + +[source,kotlin,diff-id=3,diff-type=compliant] +---- +fun List.sum(): Int { // Compliant + return reduce { acc, it -> acc + it} +} +---- + +== Resources + +=== Articles & blog posts + +* https://www.baeldung.com/kotlin/immutable-collections[Baeldung, Kotlin Immutable Collections] diff --git a/rules/S6524/metadata.json b/rules/S6524/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6524/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6527/kotlin/metadata.json b/rules/S6527/kotlin/metadata.json new file mode 100644 index 00000000000..7681dabcde1 --- /dev/null +++ b/rules/S6527/kotlin/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "Function chain using \"filter\" should be simplified", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "EFFICIENT" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6527", + "sqKey": "S6527", + "scope": "All", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S6527/kotlin/rule.adoc b/rules/S6527/kotlin/rule.adoc new file mode 100644 index 00000000000..40c8bac7030 --- /dev/null +++ b/rules/S6527/kotlin/rule.adoc @@ -0,0 +1,52 @@ +== Why is this an issue? + +The `filter(predicate)` function is used to extract a subset of elements from a collection that match a given predicate. +Many collection functions such as `any()`, `count()`, `first()`, and more, come with an optional condition predicate. + +It is not recommended to invoke the `filter(predicate)` function prior to these terminal operations. +Instead, the predicate variant of the terminal operation should be used as a replacement. + +=== What is the potential impact? + +Using `filter(predicate)` before terminal operations can result in unnecessary iterations over the collection, which could negatively impact the performance of the code, especially with large collections. By directly using the predicate variant of the function, you can streamline the code and improve its efficiency and readability. + +== How to fix it + +Replace the `filter(predicate)` call with the predicate variant of the terminal operation. +As of Kotlin API version 1.8, the list of terminal operations supporting a predicate is: + +* `any()` +* `none()` +* `count()` +* `first()`, `firstOrNull()` +* `last()`, `lastOrNull()` +* `single()`, `singleOrNull()` + +=== Code examples + +==== Noncompliant code example + +[source,kotlin,diff-id=1,diff-type=noncompliant] +---- +val list = listOf(5,2,9,6,8,2,5,7,3) +val hasElementsGreater5 = list.filter { it > 5 }.any() // Noncompliant +val countElementsGreater5 = list.filter { it > 5 }.count() // Noncompliant +val lastElementGreater5 = list.filter { it > 5 }.lastOrNull() // Noncompliant +---- + +==== Compliant solution + +[source,kotlin,diff-id=1,diff-type=compliant] +---- +val list = listOf(5,2,9,6,8,2,5,7,3) +val hasElementsGreater5 = list.any { it > 5 } // Compliant +val countElementsGreater5 = list.count { it > 5 } // Compliant +val lastElementGreater5 = list.lastOrNull { it > 5 } // Compliant +---- + +== Resources + +=== Documentation + +* https://kotlinlang.org/api/latest/jvm/stdlib/kotlin.collections/[Kotlin API Docs, Package kotlin.collections] + diff --git a/rules/S6527/metadata.json b/rules/S6527/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6527/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6528/kotlin/metadata.json b/rules/S6528/kotlin/metadata.json new file mode 100644 index 00000000000..f839cf198b6 --- /dev/null +++ b/rules/S6528/kotlin/metadata.json @@ -0,0 +1,23 @@ +{ + "title": "\"find\" should be replaced with \"any\", \"none\" or \"contains\"", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6528", + "sqKey": "S6528", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" +} diff --git a/rules/S6528/kotlin/rule.adoc b/rules/S6528/kotlin/rule.adoc new file mode 100644 index 00000000000..af05617e5aa --- /dev/null +++ b/rules/S6528/kotlin/rule.adoc @@ -0,0 +1,79 @@ +The `kotlin.collections` package offers many functions to interact with collections. +In particular, functions `find(predicate)`, `findLast(predicate)`, `firstOrNull(predicate)` and "`lastOrNull(predicate)` return the element that matches the given predicate. + +== Why is this an issue? + +The functions `find(predicate)`, `findLast(predicate)`, `firstOrNull(predicate)` and "`lastOrNull(predicate)` +can be improperly used to check the presence of an element that matches the given predicate. +In such cases the code is more difficult to read and understand than it would be with the functions `any(predicate)`, `none(predicate)` or `contains(element)`. + +=== What is the potential impact? + +The pattern of using `find(predicate)`, `findLast(predicate)`, `firstOrNull(predicate)` and "`lastOrNull(predicate)` combined with a null check, +to check the presence of an element is not immediately clear to readers. +For example, the expression `list.find { it > 5 } != null` is more difficult to understand than `list.any { it > 5 }`. +The additional comparison operator increases the complexity of the expression and introduces confusion about the intent of the code. + +== How to fix it + +Replace the use of `find(predicate)`, `findLast(predicate)`, `firstOrNull(predicate)` and "`lastOrNull(predicate)` with `any(predicate)`, `none(predicate)` or `contains(element)`. + +There are four possible scenarios: + +1. The predicate is a simple binary expression checking for equality, and the found object is compared to not be `null`: + - Replace `find { it == element } != null` with `contains(element)`. + - Replace `findLast { it == element } != null` with `contains(element)`. + - Replace `firstOrNull { x -> x == element } != null` with `contains(element)`. + - Replace `lastOrNull { x -> x == element } != null` with `contains(element)`. + +2. The predicate is a simple binary expression checking for equality, and the found object is compared to be `null`: + - Replace `find { it == element } == null` with `!contains(element)`. + - Replace `findLast { it == element } == null` with `!contains(element)`. + - Replace `firstOrNull { x -> x == element } == null` with `!contains(element)`. + - Replace `lastOrNull { x -> x == element } == null` with `!contains(element)`. + +3. The predicate is any binary expression not checking for equality, and the found object is compared to not be `null`: + - Replace `find { it > 5 } != null` with `any { it > 5 }`. + - Replace `findLast { it != 5 } != null` with `any { it != 5 }`. + - Replace `firstOrNull { x -> x < 5 } != null` with `any { x -> x < 5 }`. + - Replace `lastOrNull { x -> x != 5 } != null` with `any { x -> x != 5 }`. + +4. The predicate is any binary expression not checking for equality, and the found object is compared to be `null`: + - Replace `find { it > 5 } == null` with `none { it > 5 }`. + - Replace `findLast { it != 5 } == null` with `none { it != 5 }`. + - Replace `firstOrNull { x -> x < 5 } == null` with `none { x -> x < 5 }`. + - Replace `lastOrNull { x -> x != 5 } == null` with `none { x -> x != 5 }`. + +=== Code examples + +==== Noncompliant code example + +[source,kotlin,diff-id=1,diff-type=noncompliant] +---- +fun example(list: List) { + list.find { it > 5 } != null // Noncompliant + list.findLast { it > 5 } == null // Noncompliant + list.firstOrNull { it == 5 } != null // Noncompliant + list.lastOrNull { x -> x == 5 } != null // Noncompliant + list.find { x -> 5 == 4 } != null // Noncompliant, note that this case cannot be fixed using contains +} +---- + +==== Compliant solution + +[source,kotlin,diff-id=1,diff-type=compliant] +---- +fun example(list: List) { + list.any { it > 5 } // Compliant + list.none { it > 5 } // Compliant + list.contains(5) // Compliant + !list.contains(5) // Compliant + list.any { x -> 5 == 4 } // Compliant, note that this case cannot be fixed using contains +} +---- + +== Resources + +=== Documentation + +* https://kotlinlang.org/api/latest/jvm/stdlib/kotlin.collections/[Kotlin API Docs, Package kotlin.collections] \ No newline at end of file diff --git a/rules/S6528/metadata.json b/rules/S6528/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6528/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6531/dart/metadata.json b/rules/S6531/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S6531/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S6531/dart/rule.adoc b/rules/S6531/dart/rule.adoc new file mode 100644 index 00000000000..1ca92136435 --- /dev/null +++ b/rules/S6531/dart/rule.adoc @@ -0,0 +1,94 @@ +== Why is this an issue? + +Dart provides the operator `as` to cast an expression to a specific type, and `is`/`is!` to check the assignment compatibility with a type. +These operators are used for downcasts, smart casts, and run-time type checking. + +In case the `as` operator is used for upcasting from a subtype to a supertype, the cast is redundant as it has no effect and can never fail. +If a specific type is expected, an expression of a subtype can always be inserted without casting (Substitution Principle and Assignment Compatibility). + +Likewise, the `is` operator is redundant and will always return `true` if the type of the expression on the left +side is assignment compatible with the type on the right. + +=== What is the potential impact? + +==== Code redundancy + +Since the operation will always succeed and has no side effects, it is pointless to use it. + +Conditions with `is` will lead to dead code branches because they will always or never be satisfied. + +== How to fix it + +Remove the operator and all dead code branches that result from it, or investigate why the expression that is cast or checked has an unexpected compile-time type. + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void types(num n) { + if (n is int) { + (n as int).isOdd; // Noncompliant: n is already known to be of type int + } +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +void types(num n) { + if (n is int) { + n.isOdd; + } +} +---- + +==== Noncompliant code example + +[source,dart,diff-id=2,diff-type=noncompliant] +---- +bool f(T a) => a is Object?; // Noncompliant: the type check is always true +---- + +==== Compliant solution + +[source,dart,diff-id=2,diff-type=compliant] +---- +bool f(T a) => a is Object; +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/diagnostic-messages?utm_source=dartdev&utm_medium=redir&utm_id=diagcode&utm_content=unnecessary_cast#unnecessary_cast[Dart Compiler diagnostic - unnecessary_cast] +* Dart Docs - https://dart.dev/tools/diagnostic-messages?utm_source=dartdev&utm_medium=redir&utm_id=diagcode&utm_content=unnecessary_cast#unnecessary_type_check[Dart Compiler diagnostic - unnecessary_type_check] +* Dart Docs - https://dart.dev/language/type-system[Dart type system] + +=== Articles & blog posts + +* Wikipedia - https://en.wikipedia.org/wiki/Liskov_substitution_principle[Liskov substitution principle] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Unnecessary cast. +* Unnecessary type check; the result is always 'true'. +* Unnecessary type check; the result is always 'false'. + +=== Highlighting + +The entire cast expression. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S6531/kotlin/metadata.json b/rules/S6531/kotlin/metadata.json index cb27db8f245..0db3279e44b 100644 --- a/rules/S6531/kotlin/metadata.json +++ b/rules/S6531/kotlin/metadata.json @@ -1,23 +1,3 @@ { - "title": "Redundant type casts and type checks should be removed", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6531", - "sqKey": "S6531", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "unknown" + } diff --git a/rules/S6531/metadata.json b/rules/S6531/metadata.json index 2c63c085104..0b8ba241184 100644 --- a/rules/S6531/metadata.json +++ b/rules/S6531/metadata.json @@ -1,2 +1,23 @@ { + "title": "Redundant type casts should be removed", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6531", + "sqKey": "S6531", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" } diff --git a/rules/S6535/dart/metadata.json b/rules/S6535/dart/metadata.json new file mode 100644 index 00000000000..0db3279e44b --- /dev/null +++ b/rules/S6535/dart/metadata.json @@ -0,0 +1,3 @@ +{ + +} diff --git a/rules/S6535/dart/rule.adoc b/rules/S6535/dart/rule.adoc new file mode 100644 index 00000000000..e87f4cb5e6e --- /dev/null +++ b/rules/S6535/dart/rule.adoc @@ -0,0 +1,67 @@ +== Why is this an issue? + +The ``++\++`` (backslash) character indicates that the next character should be treated as a literal character rather than as a special character or string delimiter. +For instance, it is common to escape single quotes inside a string literal using the single quote delimiter like ``++'It\'s a beautiful day'++``. Escaping is only meaningful for special characters. +Escaping non-special characters in strings, template literals, and regular expressions doesn't affect their value. + + +Therefore, useless escapes impact code readability and could even denote a bug in the code if the developer left it by mistake or intended to escape another special character instead. + +You should check if the escape character was not misplaced. Useless character escapes can safely be removed without changing the original value. + +Valid escape sequences are those escaping: + +* control characters like ``++\n++`` (newline), ``++\t++`` (tab), ``++\r++`` (carriage return), etc. +* the backslash character itself: ``++\\++`` +* the single and double quote characters: ``++\'++`` and ``++\"++`` +* the dollar sign ``++\$++`` character, used in a string interpolation +* unicode escape sequences like ``++\u{1F600}++`` or ``++\u1F600++`` +* hexadecimal escape sequences like ``++\x41++`` + + +=== Noncompliant code example + +[source,dart] +---- +const number = '\8'; +const hello = 'Hello, world\!'; // Noncompliant: '!' is not a special character +const string1 = 'this string contains 2 \"double quotes\"'; // Noncompliant: you can use double quotes here +const string2 = "this string contains 2 \'single quotes\'"; // Noncompliant: you can use single quotes here +---- + + +=== Compliant solution + +[source,dart] +---- +const number = '8'; +const hello = 'Hello, world!'; +const string1 = 'this string contains 2 "double quotes"'; +const string2 = "this string contains 2 'single quotes'"; +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/unnecessary_string_escapes[Dart Linter rule - unnecessary_string_escapes] +* Dart Docs - https://dart.dev/language/built-in-types#strings[Dart Language - Strings] +* Wikipedia - https://en.wikipedia.org/wiki/Escape_character[Escape character] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Unnecessary escape in string literal. + +=== Highlighting + +The escaping backslash character only. The next character is not highlighted. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S6535/javascript/metadata.json b/rules/S6535/javascript/metadata.json index 623335fb920..9b623610df8 100644 --- a/rules/S6535/javascript/metadata.json +++ b/rules/S6535/javascript/metadata.json @@ -1,23 +1,3 @@ { - "title": "Unnecessary character escapes should be removed", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6535", - "sqKey": "S6535", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], "quickfix": "covered" } diff --git a/rules/S6535/metadata.json b/rules/S6535/metadata.json index 2c63c085104..f8086cab1a0 100644 --- a/rules/S6535/metadata.json +++ b/rules/S6535/metadata.json @@ -1,2 +1,23 @@ { + "title": "Unnecessary character escapes should be removed", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6535", + "sqKey": "S6535", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" } diff --git a/rules/S6537/python/metadata.json b/rules/S6537/python/metadata.json index d4ff6f332b7..6ca7ac2afde 100644 --- a/rules/S6537/python/metadata.json +++ b/rules/S6537/python/metadata.json @@ -13,6 +13,8 @@ "constantCost": "5min" }, "tags": [ + "regex", + "confusing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6537", diff --git a/rules/S6538/python/metadata.json b/rules/S6538/python/metadata.json index b10389e4a3d..a3618b2996a 100644 --- a/rules/S6538/python/metadata.json +++ b/rules/S6538/python/metadata.json @@ -13,6 +13,8 @@ "constantCost": "5min" }, "tags": [ + "convention", + "typing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6538", diff --git a/rules/S6539/java/metadata.json b/rules/S6539/java/metadata.json index 80b1963d59e..87e0c82e84e 100644 --- a/rules/S6539/java/metadata.json +++ b/rules/S6539/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "MODULAR" }, @@ -19,7 +19,9 @@ "defaultSeverity": "Info", "ruleSpecification": "RSPEC-6539", "sqKey": "S6539", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "infeasible" } diff --git a/rules/S6540/python/metadata.json b/rules/S6540/python/metadata.json index 92c71667256..3e6f746e0c2 100644 --- a/rules/S6540/python/metadata.json +++ b/rules/S6540/python/metadata.json @@ -13,6 +13,8 @@ "constantCost": "5min" }, "tags": [ + "convention", + "typing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6540", diff --git a/rules/S6541/java/metadata.json b/rules/S6541/java/metadata.json index 856e517c02a..f888c1ab589 100644 --- a/rules/S6541/java/metadata.json +++ b/rules/S6541/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "FOCUSED" }, @@ -13,13 +13,15 @@ "constantCost": "0min" }, "tags": [ - "architecture", - "design" + "architecture", + "design" ], "defaultSeverity": "Info", "ruleSpecification": "RSPEC-6541", "sqKey": "S6541", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "infeasible" } diff --git a/rules/S6542/python/metadata.json b/rules/S6542/python/metadata.json index c6173cbbb24..69c2af094ef 100644 --- a/rules/S6542/python/metadata.json +++ b/rules/S6542/python/metadata.json @@ -13,6 +13,9 @@ "constantCost": "5min" }, "tags": [ + "convention", + "typing", + "bad-practice" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6542", diff --git a/rules/S6543/python/metadata.json b/rules/S6543/python/metadata.json index a97a3842f9e..92042fef415 100644 --- a/rules/S6543/python/metadata.json +++ b/rules/S6543/python/metadata.json @@ -13,6 +13,8 @@ "constantCost": "5min" }, "tags": [ + "convention", + "typing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6543", diff --git a/rules/S6545/python/metadata.json b/rules/S6545/python/metadata.json index 0384d4c449c..ac14a53bcc9 100644 --- a/rules/S6545/python/metadata.json +++ b/rules/S6545/python/metadata.json @@ -13,6 +13,8 @@ "constantCost": "2min" }, "tags": [ + "convention", + "typing" ], "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6545", diff --git a/rules/S6546/python/metadata.json b/rules/S6546/python/metadata.json index f4196d8d416..f3256435723 100644 --- a/rules/S6546/python/metadata.json +++ b/rules/S6546/python/metadata.json @@ -13,6 +13,7 @@ "constantCost": "5min" }, "tags": [ + "typing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6546", diff --git a/rules/S6547/common/resources/standards.adoc b/rules/S6547/common/resources/standards.adoc index 19ab6373134..b9bc1c30c7c 100644 --- a/rules/S6547/common/resources/standards.adoc +++ b/rules/S6547/common/resources/standards.adoc @@ -1,6 +1,8 @@ === Standards -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/454[MITRE, CWE-454] - External Initialization of Trusted Variables or Data Stores \ No newline at end of file +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/454[CWE-454 - External Initialization of Trusted Variables or Data Stores] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S6547/metadata.json b/rules/S6547/metadata.json index 2960ffd13e7..2dee525bf67 100644 --- a/rules/S6547/metadata.json +++ b/rules/S6547/metadata.json @@ -42,6 +42,9 @@ "ASVS 4.0": [ "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6548/java/metadata.json b/rules/S6548/java/metadata.json index 1f8dabfab61..336d220af98 100644 --- a/rules/S6548/java/metadata.json +++ b/rules/S6548/java/metadata.json @@ -3,7 +3,7 @@ "type": "CODE_SMELL", "code": { "impacts": { - "MAINTAINABILITY": "LOW" + "MAINTAINABILITY": "INFO" }, "attribute": "MODULAR" }, @@ -13,13 +13,15 @@ "constantCost": "0min" }, "tags": [ - "architecture", - "design" + "architecture", + "design" ], "defaultSeverity": "Info", "ruleSpecification": "RSPEC-6548", "sqKey": "S6548", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown" } diff --git a/rules/S6548/java/rule.adoc b/rules/S6548/java/rule.adoc index 166cd17f503..fd7cdf391ed 100644 --- a/rules/S6548/java/rule.adoc +++ b/rules/S6548/java/rule.adoc @@ -1,57 +1,87 @@ -The Singleton design pattern is a creational pattern. It ensures that only one instance of a class is created and provides a global point of access to it. -In Java, there are several ways to implement a Singleton, and the debate about the best approach has yet to be settled. +The Singleton design pattern is a creational pattern. +It ensures that only one class instance is created and provides a global point of access to it. +There are several ways to implement a Singleton in Java, and the debate about the best approach has yet to be settled. -This rule marks all classes that are considered as Singletons, regardless of how they are implemented. This helps developers identifying where in the code Singletons are used. Singletons should be reviewed to confirm whether or not a Singleton is truly necessary and whether the selected implementation is the most suitable for the context. +This rule marks all classes that are considered as Singletons, regardless of how they are implemented. +This helps developers identify where in the code Singletons are used. +Singletons should be reviewed to confirm whether a Singleton is truly necessary and whether the selected implementation is the most suitable for the context. -Every Singleton implementation has its advantages and disadvantages. This rule exists to bring attention to them, so that informed decisions can be made. - -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] +Every Singleton implementation has its advantages and disadvantages. +This rule exists to bring attention to them so that informed decisions can be made. == Why is this an issue? While the Singleton pattern can be useful in certain situations, overusing it can have several drawbacks: -* Tight coupling: The Singleton pattern can create tight coupling between the Singleton class and other classes that use it, which can make the code difficult to maintain and modify. -* Global state: The Singleton pattern can create global state, which can make it difficult to manage the state of the application and can lead to unexpected behavior. +* Tight coupling: The Singleton pattern can create tight coupling between the Singleton class and other classes that use it, making the code difficult to maintain and modify. +* Global state: The Singleton pattern can create a global state, making it difficult to manage the state of the application and leading to unexpected behavior. * Testing: The Singleton pattern can make it difficult to test classes that depend on the Singleton, as the Singleton cannot be easily substituted with a mock object. * Scalability: The Singleton pattern can make it difficult to scale an application, as it can create a bottleneck if multiple threads try to access the Singleton concurrently. * Dependency injection: The Singleton pattern can make it difficult to use dependency injection frameworks, as the Singleton instance is usually created statically. -In general, the Singleton pattern should be used sparingly and only in situations where it provides a clear benefit over other patterns or approaches. It is important to consider the drawbacks and tradeoffs of using the Singleton pattern before incorporating it into an application. +In general, the Singleton pattern should be used sparingly and only in situations where it provides a clear benefit over other patterns or approaches. +It is important to consider the drawbacks and tradeoffs of using the Singleton pattern before incorporating it into an application. === What is the potential impact? -==== Public Static Field Implementation +==== Enum Implementation [source,java] ---- -public class PublicStaticSingleton { +public enum EnumSingleton { - public static final PublicStaticSingleton INSTANCE = new PublicStaticSingleton(); + INSTANCE; - private PublicStaticSingleton() {} + private EnumSingleton() { + // Initialization code here... + } } ---- -*Advantage*: -This implementation is thread-safe. +*Advantages*: -*Disadvantage*: +This implementation is thread-safe by default because the initialization of an Enum value is guaranteed to be thread-safe and atomic. -This implementation does not allow lazy initialization: the constructor runs as soon as the class is initialized. +The Enum Singleton implementation allows for lazy initialization while also providing thread-safety guarantees. -==== Eager Initialization Implementation +==== Bill Pugh Implementation [source,java] ---- -public class EagerInitializedSingleton { +public class BillPughSingleton { - private static final EagerInitializedSingleton instance = new EagerInitializedSingleton(); + private BillPughSingleton(){} - private EagerInitializedSingleton() {} + private static class SingletonHelper { + private static final BillPughSingleton INSTANCE = new BillPughSingleton(); + } - public static EagerInitializedSingleton getInstance() { + public static BillPughSingleton getInstance() { + return SingletonHelper.INSTANCE; + } +} +---- + +*Advantages*: + +The instance is created only at the first call of the `getInstance()` method. + +This implementation is thread-safe. + +==== Thread Safe Implementation + +[source,java] +---- +public class ThreadSafeSingleton { + + private static ThreadSafeSingleton instance; + + private ThreadSafeSingleton(){} + + public static synchronized ThreadSafeSingleton getInstance() { + if (instance == null) { + instance = new ThreadSafeSingleton(); + } return instance; } } @@ -59,13 +89,12 @@ public class EagerInitializedSingleton { *Advantage*: -This implementation is thread-safe, as the instance variable is initialized when the class is loaded. +This implementation is thread-safe. -*Disadvantages*: +*Disadvantage*: -The instance is created even if it's never used, which can be wasteful in terms of memory usage. However, if the Singleton is expected to be used frequently or is not too memory-intensive, Eager Initialization can be a good choice. - -This implementation doesn’t provide any options for exception handling. +It reduces the performance because of the cost associated with the synchronized method. +To avoid this extra overhead every time, double-checked locking principle should be used. ==== Static Block Initialization Implementation @@ -99,20 +128,17 @@ Compared to the Eager Initialization, this implementation provides options for e The instance is created even if it's never used, like for the Eager Initialization implementation. -==== Lazy Initialization Implementation +==== Eager Initialization Implementation [source,java] ---- -public class LazyInitializedSingleton { +public class EagerInitializedSingleton { - private static LazyInitializedSingleton instance; + private static final EagerInitializedSingleton instance = new EagerInitializedSingleton(); - private LazyInitializedSingleton(){} + private EagerInitializedSingleton() {} - public static LazyInitializedSingleton getInstance() { - if (instance == null) { - instance = new LazyInitializedSingleton(); - } + public static EagerInitializedSingleton getInstance() { return instance; } } @@ -120,25 +146,28 @@ public class LazyInitializedSingleton { *Advantage*: -This implementation works fine in the case of the single-threaded environment. +This implementation is thread-safe, as the instance variable is initialized when the class is loaded. -*Disadvantage*: +*Disadvantages*: -This implementation is not thread-safe if multiple threads are at the same time in the `if` condition. +The instance is created even if it's never used, which can be wasteful in terms of memory usage. +However, if the Singleton is expected to be used frequently or is not too memory-intensive, Eager Initialization can be a good choice. -==== Thread Safe Implementation +This implementation doesn’t provide any options for exception handling. + +==== Lazy Initialization Implementation [source,java] ---- -public class ThreadSafeSingleton { +public class LazyInitializedSingleton { - private static ThreadSafeSingleton instance; + private static LazyInitializedSingleton instance; - private ThreadSafeSingleton(){} + private LazyInitializedSingleton(){} - public static synchronized ThreadSafeSingleton getInstance() { + public static LazyInitializedSingleton getInstance() { if (instance == null) { - instance = new ThreadSafeSingleton(); + instance = new LazyInitializedSingleton(); } return instance; } @@ -147,63 +176,28 @@ public class ThreadSafeSingleton { *Advantage*: -This implementation is thread-safe. +This implementation works fine in the case of the single-threaded environment. *Disadvantage*: -It reduces the performance because of the cost associated with the synchronized method. To avoid this extra overhead every time, double-checked locking principle should be used. +This implementation is not thread-safe if multiple threads are at the same time in the `if` condition. -==== Bill Pugh Implementation +==== Public Static Field Implementation [source,java] ---- -public class BillPughSingleton { - - private BillPughSingleton(){} +public class PublicStaticSingleton { - private static class SingletonHelper { - private static final BillPughSingleton INSTANCE = new BillPughSingleton(); - } + public static final PublicStaticSingleton INSTANCE = new PublicStaticSingleton(); - public static BillPughSingleton getInstance() { - return SingletonHelper.INSTANCE; - } + private PublicStaticSingleton() {} } ---- -*Advantages*: - -The instance is created only at the first call of the `getInstance()` method. +*Advantage*: This implementation is thread-safe. -==== Enum Implementation - -[source,java] ----- -public enum EnumSingleton { - - INSTANCE; - - private EnumSingleton() { - // Initialization code here... - } -} ----- - -*Advantages*: - -This implementation is thread-safe by default because the initialization of an Enum value is guaranteed to be thread-safe and atomic. - -The Enum Singleton implementation allows for lazy initialization while also providing thread-safety guarantees. - -== How to fix it +*Disadvantage*: -//=== How does this work? -//=== Pitfalls -//=== Going the extra mile -//== Resources -//=== Documentation -//=== Articles & blog posts -//=== Conference presentations -//=== Standards +This implementation does not allow lazy initialization: the constructor runs as soon as the class is initialized. diff --git a/rules/S6549/common/resources/standards.adoc b/rules/S6549/common/resources/standards.adoc index a36bf930771..97a216c1077 100644 --- a/rules/S6549/common/resources/standards.adoc +++ b/rules/S6549/common/resources/standards.adoc @@ -1,8 +1,10 @@ === Standards -* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control -* https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation -* https://cwe.mitre.org/data/definitions/22[MITRE, CWE-22] - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') \ No newline at end of file +* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S6549/csharp/how-to-fix-it/asp.net.adoc b/rules/S6549/csharp/how-to-fix-it/asp.net.adoc new file mode 100644 index 00000000000..e0d1c82c267 --- /dev/null +++ b/rules/S6549/csharp/how-to-fix-it/asp.net.adoc @@ -0,0 +1,98 @@ +== How to fix it in ASP.NET + +=== Code examples + +include::../../common/fix/code-rationale.adoc[] + +==== Noncompliant code example + +[source,csharp,diff-id=2,diff-type=noncompliant] +---- +using Microsoft.AspNetCore.Mvc; + +[ApiController] +[Route("Example")] +public class ExampleController : ControllerBase +{ + private const string TargetDirectory = "/path/to/target/directory"; + + public IActionResult FileExists() + { + string file = Request.Query["file"]; + string path = TargetDirectory + file; + if (!System.IO.File.Exists(path)) { // Noncompliant + return NotFound("File not found"); + } + return Ok("File found"); + } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=2,diff-type=compliant] +---- +using Microsoft.AspNetCore.Mvc; + +[ApiController] +[Route("Example")] +public class ExampleController : ControllerBase +{ + private const string TargetDirectory = "/path/to/target/directory"; + + public IActionResult FileExists() + { + string file = Request.Query["file"]; + string canonicalPath = Path.GetFullPath(TargetDirectory + file); + if (!canonicalPath.StartsWith(TargetDirectory)) { + return NotFound("Entry is outside of the target directory"); + } else if (!System.IO.File.Exists(canonicalPath)) { + return NotFound("File not found"); + } + return Ok("File found"); + } +} +---- + +=== How does this work? + +:canonicalization_function: Path.GetFullPath + +include::../../common/fix/canonical-path-validation.adoc[] + +=== Pitfalls + +include::../../common/pitfalls/partial-path-traversal.adoc[] + +For example, the following code is vulnerable to partial path injection. Note +that the string `targetDirectory` does not end with a path separator: + + +[source, csharp] +---- +using Microsoft.AspNetCore.Mvc; + +[ApiController] +[Route("Example")] +public class ExampleController : ControllerBase +{ + private const string TargetDirectory = "/Users/John"; + + public IActionResult FileExists() + { + string file = Request.Query["file"]; + string canonicalPath = Path.GetFullPath(TargetDirectory + file); + if (!canonicalPath.StartsWith(TargetDirectory)) { + return NotFound("Entry is outside of the target directory"); + } else if (!System.IO.File.Exists(canonicalPath)) { + return NotFound("File not found"); + } + return Ok(); + } +} +---- + +This check can be bypassed if other directories start with `John`. For instance, `"/Users/Johnny".StartsWith("/Users/John")` +returns `true`. Thus, for validation, `"/Users/John"` should actually be +`"/Users/John/"`. + diff --git a/rules/S6549/csharp/metadata.json b/rules/S6549/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6549/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6549/csharp/rule.adoc b/rules/S6549/csharp/rule.adoc new file mode 100644 index 00000000000..503469e6e14 --- /dev/null +++ b/rules/S6549/csharp/rule.adoc @@ -0,0 +1,24 @@ +== Why is this an issue? + +include::../rationale.adoc[] + +include::../impact.adoc[] + +// How to fix it section + +include::how-to-fix-it/asp.net.adoc[] + +== Resources + +include::../common/resources/standards.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + + +endif::env-github,rspecator-view[] diff --git a/rules/S6549/impact.adoc b/rules/S6549/impact.adoc new file mode 100644 index 00000000000..08e5fe9c394 --- /dev/null +++ b/rules/S6549/impact.adoc @@ -0,0 +1,13 @@ +=== What is the potential impact? + +An attacker exploiting a filesystem oracle vulnerability can determine if a file exists or not. + +The files that can be affected are limited by the permission of the process +that runs the application. Worst case scenario: the process runs with elevated privileges, and therefore any file can be affected. + +Below are some real-world scenarios that illustrate some impacts of an attacker +exploiting the vulnerability. + +==== Information gathering + +The vulnerability is exploited to gather information about the host system. The filesystem oracle can help identify user accounts, running services, or the exact version of installed software. \ No newline at end of file diff --git a/rules/S6549/java/rule.adoc b/rules/S6549/java/rule.adoc index a61ecb0a3b3..61fcf6b2d82 100644 --- a/rules/S6549/java/rule.adoc +++ b/rules/S6549/java/rule.adoc @@ -1,24 +1,8 @@ == Why is this an issue? -Applications behave as filesystem oracles when they disclose to attackers if resources from the filesystem exist or not. - -A user with malicious intent would inject specially crafted values, such as ``++../++``, to change the initially intended path. The resulting path would resolve to a location somewhere in the filesystem which the user should not normally have access to. - - -=== What is the potential impact? - -An attacker exploiting a filesystem oracle vulnerability can determine if a file exists or not. - -The files that can be affected are limited by the permission of the process -that runs the application. Worst case scenario: the process runs with elevated privileges, and therefore any file can be affected. - -Below are some real-world scenarios that illustrate some impacts of an attacker -exploiting the vulnerability. - -==== Information gathering - -The vulnerability is exploited to gather information about the host system. The filesystem oracle can help identify user accounts, running services, or the exact version of installed software. +include::../rationale.adoc[] +include::../impact.adoc[] // How to fix it section @@ -34,9 +18,7 @@ ifdef::env-github,rspecator-view[] == Implementation Specification (visible only on this page) -=== Message - -Change this code to not construct the path from user-controlled data. +include::../message.adoc[] endif::env-github,rspecator-view[] diff --git a/rules/S6549/message.adoc b/rules/S6549/message.adoc new file mode 100644 index 00000000000..fb31f26c3ac --- /dev/null +++ b/rules/S6549/message.adoc @@ -0,0 +1,3 @@ +=== Message + +Change this code to not construct the path from user-controlled data. \ No newline at end of file diff --git a/rules/S6549/metadata.json b/rules/S6549/metadata.json index cbe47024baa..53890d08aa7 100644 --- a/rules/S6549/metadata.json +++ b/rules/S6549/metadata.json @@ -42,9 +42,14 @@ "12.3.1", "5.1.3", "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [ + "Sonar way" + ], "educationPrinciples": [ "defense_in_depth", "never_trust_user_input" diff --git a/rules/S6549/rationale.adoc b/rules/S6549/rationale.adoc new file mode 100644 index 00000000000..b9086726d4d --- /dev/null +++ b/rules/S6549/rationale.adoc @@ -0,0 +1,4 @@ +Applications behave as filesystem oracles when they disclose to attackers if resources from the filesystem exist or not. + +A user with malicious intent would inject specially crafted values, such as ``++../++``, to change the initially intended path. The resulting path would resolve to a location somewhere in the filesystem which the user should not normally have access to. + diff --git a/rules/S6552/python/metadata.json b/rules/S6552/python/metadata.json index 02ca6167924..a7b4b9b7276 100644 --- a/rules/S6552/python/metadata.json +++ b/rules/S6552/python/metadata.json @@ -13,6 +13,8 @@ "constantCost": "5min" }, "tags": [ + "pitfall", + "django" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6552", diff --git a/rules/S6553/python/metadata.json b/rules/S6553/python/metadata.json index 8e467e24932..102bba1cc2e 100644 --- a/rules/S6553/python/metadata.json +++ b/rules/S6553/python/metadata.json @@ -13,6 +13,7 @@ "constantCost": "5min" }, "tags": [ + "django" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6553", diff --git a/rules/S6554/python/metadata.json b/rules/S6554/python/metadata.json index c79b16e0937..d24c7e55b4f 100644 --- a/rules/S6554/python/metadata.json +++ b/rules/S6554/python/metadata.json @@ -13,6 +13,7 @@ "constantCost": "10min" }, "tags": [ + "django" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6554", diff --git a/rules/S6555/java/metadata.json b/rules/S6555/java/metadata.json new file mode 100644 index 00000000000..789c49cb73d --- /dev/null +++ b/rules/S6555/java/metadata.json @@ -0,0 +1,37 @@ +{ + "title": "Null pointers should not be dereferenced", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "10min" + }, + "tags": [ + "cwe", + "cert", + "symbolic-execution" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6555", + "sqKey": "S6555", + "scope": "Main", + "securityStandards": { + "CERT": [ + "EXP34-C.", + "EXP01-J." + ], + "CWE": [ + 476 + ] + }, + "defaultQualityProfiles": [], + "quickfix": "unknown" +} diff --git a/rules/S6555/java/rule.adoc b/rules/S6555/java/rule.adoc new file mode 100644 index 00000000000..93439426515 --- /dev/null +++ b/rules/S6555/java/rule.adoc @@ -0,0 +1,79 @@ +== Why is this an issue? + +A reference to ``++null++`` should never be dereferenced/accessed. Doing so will cause a ``++NullPointerException++`` to be thrown. At best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or it could allow an attacker to bypass security measures. + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +public boolean isNameEmpty(String givenName, String familyName) { + if (givenName != null && familyName != null) { + return givenName.isEmpty() && familyName.isEmpty(); + } + return familyName.isEmpty(); // Noncompliant; familyName may be null +} +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +public boolean isNameEmpty(String givenName, String familyName) { + if (givenName != null && familyName != null) { + return givenName.isEmpty() && familyName.isEmpty(); + } + if (familyName != null) { + return familyName.isEmpty(); + } + return true; +} +---- + +==== Noncompliant code example + +[source,java,diff-id=2,diff-type=noncompliant] +---- +void paint(Color color) { + if (color == null) { + System.out.println("Unable to apply color " + color.toString()); // Noncompliant; NullPointerException will be thrown + return; + } + //... +} +---- + +==== Compliant solution + +[source,java,diff-id=2,diff-type=compliant] +---- +void paint(Color color) { + if (color == null) { + System.out.println("Unable to apply color."); + return; + } + //... +} +---- + +== Resources + +* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference +* https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[CERT, EXP34-C.] - Do not dereference null pointers +* https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[CERT, EXP01-J.] - Do not use a null in a case where an object is required + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* Fix this access on a value that can be null + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6555/metadata.json b/rules/S6555/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6555/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6556/python/metadata.json b/rules/S6556/python/metadata.json index 77723d974df..32038f6a1ae 100644 --- a/rules/S6556/python/metadata.json +++ b/rules/S6556/python/metadata.json @@ -13,6 +13,7 @@ "constantCost": "10min" }, "tags": [ + "django" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6556", diff --git a/rules/S6559/python/metadata.json b/rules/S6559/python/metadata.json index 9fcb342c818..6cacccb1710 100644 --- a/rules/S6559/python/metadata.json +++ b/rules/S6559/python/metadata.json @@ -13,6 +13,7 @@ "constantCost": "5min" }, "tags": [ + "django" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6559", diff --git a/rules/S6560/python/metadata.json b/rules/S6560/python/metadata.json index 30eae01db41..f56c945a280 100644 --- a/rules/S6560/python/metadata.json +++ b/rules/S6560/python/metadata.json @@ -13,6 +13,7 @@ "constantCost": "10min" }, "tags": [ + "django" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6560", diff --git a/rules/S6582/dart/metadata.json b/rules/S6582/dart/metadata.json new file mode 100644 index 00000000000..3e743c188da --- /dev/null +++ b/rules/S6582/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Null-aware operators should be preferred" +} diff --git a/rules/S6582/dart/rule.adoc b/rules/S6582/dart/rule.adoc new file mode 100644 index 00000000000..80d826e55e5 --- /dev/null +++ b/rules/S6582/dart/rule.adoc @@ -0,0 +1,68 @@ +== Why is this an issue? + +`null`-aware operators allow to safely access nested properties or methods of an object without having to check for the existence of each intermediate property manually. It provides a concise and safe way to access nested properties or methods without having to write complex and error-prone `null` checks. + +This rule flags logical operations that can be safely replaced with the `?.` `null`-aware operator. + +== How to fix it + +Replace with `?.` `null`-aware operator the logical expression that checks for `null` before accessing the property of an object, the element of an array, or calling a function. + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +void foo(Bar? bar) { + var x = bar == null ? null : bar.value; // Noncompliant +} +---- + +[source,dart,diff-id=2,diff-type=noncompliant] +---- +void foo(Function? function) { + if (function != null) function!(); // Noncompliant +} +---- + + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +void foo(Bar? bar) { + var x = bar?.value; +} +---- + +[source,dart,diff-id=2,diff-type=compliant] +---- +void foo(Function? function) { + function?.call(); +} +---- + +== Resources + +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_null_aware_operators[Dart Linter rule - prefer_null_aware_operators] +* Dart Docs - https://dart.dev/tools/linter-rules/prefer_null_aware_method_calls[Dart Linter rule - prefer_null_aware_method_calls] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* "Use the '??' operator rather than '?:' when testing for 'null'." +* Use a null-aware invocation of the 'call' method rather than explicitly testing for 'null'. + +=== Highlighting + +The whole ternary operator or if-statement + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S6582/javascript/metadata.json b/rules/S6582/javascript/metadata.json index ab3631cbe91..cc409f47e0a 100644 --- a/rules/S6582/javascript/metadata.json +++ b/rules/S6582/javascript/metadata.json @@ -1,23 +1,3 @@ { - "title": "Optional chaining should be preferred", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6582", - "sqKey": "S6582", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible" + "title": "Optional chaining should be preferred" } diff --git a/rules/S6582/javascript/rule.adoc b/rules/S6582/javascript/rule.adoc index 39e1c9a433b..49ea9e52e22 100644 --- a/rules/S6582/javascript/rule.adoc +++ b/rules/S6582/javascript/rule.adoc @@ -6,7 +6,7 @@ This rule flags logical operations that can be safely replaced with the `?.` opt == How to fix it -Replace with `?.` optional chaining the logical expression that checks for `null`/`undefined` before accessing the property of an object. +Replace with `?.` optional chaining the logical expression that checks for `null`/`undefined` before accessing the property of an object, the element of an array, or calling a function. === Code examples @@ -14,10 +14,10 @@ Replace with `?.` optional chaining the logical expression that checks for `null [source,javascript,diff-id=1,diff-type=noncompliant] ---- -function foo(param) { - if (param && param.value) { - bar(param.value); - } +function foo(obj, arr, fn) { + if (obj && obj.value) {} + if (arr && arr[0]) {} + if (fn && fn(42)) {} } ---- @@ -25,10 +25,10 @@ function foo(param) { [source,javascript,diff-id=1,diff-type=compliant] ---- -function foo(param) { - if (param?.value) { - bar(param.value); - } +function foo(obj, arr, fn) { + if (obj?.value) {} + if (arr?.[0]) {} + if (fn?.(42)) {} } ---- diff --git a/rules/S6582/metadata.json b/rules/S6582/metadata.json index 2c63c085104..5af88859c3f 100644 --- a/rules/S6582/metadata.json +++ b/rules/S6582/metadata.json @@ -1,2 +1,22 @@ { + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6582", + "sqKey": "S6582", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible" } diff --git a/rules/S6584/docker/rule.adoc b/rules/S6584/docker/rule.adoc index b4bbfb1d7eb..0c022546cd6 100644 --- a/rules/S6584/docker/rule.adoc +++ b/rules/S6584/docker/rule.adoc @@ -8,6 +8,7 @@ Suppose a package manager invocation is part of a script that is executed automa Then, execution is aborted because there is no confirming manual input. As a result, instructions, such as installation or update of packages, cannot be performed in an automated way. This applies, among others, to the package manager used in Debian-based systems, Advanced Package Tool (APT). +This also apply to `gdebi` package manager, which is used to install packages from a file. == How can I fix it? @@ -20,6 +21,7 @@ This applies, among others, to the package manager used in Debian-based systems, RUN apt-get install ca-certificates RUN aptitude install ca-certificates RUN apt install ca-certificates +RUN gdebi /tmp/package.deb ---- Here each line represents a package installation command command for the most popular package managers. @@ -32,6 +34,7 @@ Each of them is trying to perform an installation in interactive mode, it will w RUN apt-get -y install ca-certificates RUN aptitude -y install ca-certificates RUN apt -y install ca-certificates +RUN gdebi --n /tmp/package.deb ---- Here in each line we added the option `-y`, it will assume yes to all prompts and continue execution. diff --git a/rules/S6587/docker/rule.adoc b/rules/S6587/docker/rule.adoc index 42284813f99..e3141f41b47 100644 --- a/rules/S6587/docker/rule.adoc +++ b/rules/S6587/docker/rule.adoc @@ -1,13 +1,17 @@ -When installing packages an index is cached locally by default. -The index can be used on-the-fly and not stored locally. +In Docker, when packages are installed via a package manager, an index is cached locally by default. +This index should either be cleaned up or stored in a dedicated cache mount. == Why is this an issue? -Docker images should only contain necessary data. -The package index is optional for the correct working of the installed software. +Docker images should only contain the necessary data. +The package index is redundant for the correct operation of the installed software. Storing an index also increases the size of the Docker image. It should be reduced to speed up deployments and reduce storage and bandwidth. +=== Exceptions + +In multi-stage builds, the rule only scans instructions that are part of the final image. + == How to fix it === Code examples @@ -41,6 +45,13 @@ RUN apt update \ && apt install nginx ---- +For apt-get, without a cache mount: +[source,docker,diff-id=5,diff-type=noncompliant] +---- +RUN apt-get update \ + && apt-get install nginx +---- + ==== Compliant solution For apk: @@ -95,11 +106,21 @@ RUN apt update \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* ---- +For apt-get, with a cache mount: +[source,docker,diff-id=5,diff-type=compliant] +---- +RUN \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + apt-get update \ + && apt-get install nginx +---- + === How does this work? -When installing packages using `apt-get`, `aptitude` or `apt` they store an index in the Docker image layer in `/var/lib/apt/lists`. +When installing packages using `apt-get`, `aptitude` or `apt` these package managers store an index in the Docker image layer in `/var/lib/apt/lists`. Using `apk`, it will store an index in `/var/cache/apk/`. -In some distributions and configurations the cache will be created in `/etc/apk/cache`. +In some distributions and configurations, the cache will be created in `/etc/apk/cache`. This index is not needed after installation, so it can be removed. To do that, execute the `clean` command, or run `rm -rf ` for the cache location of you package manager tool. @@ -107,14 +128,32 @@ To do that, execute the `clean` command, or run `rm -rf ` for the cach Additionally, for `apt-get`, `aptitude` and `apt` some lock files are stored in `/var/cache/apt/archives`, which can also be removed safely. They are not removed by the `clean` command, so they need to be removed manually. +Alternatively, store the cache in a dedicated cache mount. A cache mount can be created by adding a flag `--mount type=cache` to the `RUN` command. + +This will store the cache in a Docker volume, which will be persisted between builds making the build faster. + +Also, each `RUN` instruction creates a new layer, and any changes made in one layer are not visible in the next. Thus, the cache should be removed in the same layer (i.e., the same `RUN` instruction) as the installation. + +The following code incorrectly cleans the cache: +[source,docker] +---- +RUN apt-get install nginx +RUN apt-get clean +---- +It should be written as: +[source,docker] +---- +RUN apt-get install nginx && apt-get clean +---- + == Resources === Documentation -* https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run[RUN - Best practices for writing Dockerfiles] +* Dockefile Best Practices - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run[RUN - Best practices for writing Dockerfiles] * https://man.archlinux.org/man/apk.8.en[apk man] * https://manpages.debian.org/bookworm/apt/apt-get.8.en.html[apt-get man] * https://manpages.debian.org/testing/aptitude/aptitude.8.en.html[aptitude man] -* https://askubuntu.com/questions/1050800/how-do-i-remove-the-apt-package-index[How do I remove the apt package index?] +* Ask Ubuntu - https://askubuntu.com/questions/1050800/how-do-i-remove-the-apt-package-index[How do I remove the apt package index?] +* Docker Build Cache - https://docs.docker.com/build/cache/#use-the-dedicated-run-cache[Use the dedicated `RUN` cache] ifdef::env-github,rspecator-view[] ''' diff --git a/rules/S6595/docker/rule.adoc b/rules/S6595/docker/rule.adoc index 4922ea2a079..0b0cf86c591 100644 --- a/rules/S6595/docker/rule.adoc +++ b/rules/S6595/docker/rule.adoc @@ -7,6 +7,10 @@ Leaving unnecessary files in Docker image increases its size. The Docker images should be small and only contain necessary data. The cache index is obsolete after installation. +=== Exceptions + +The rule does not raise when the update is followed by a `gdebi` package installation, as it can still install required dependencies when installing from a file, which would require the `apt` cache to be updated. + == How to fix it === Code examples @@ -29,6 +33,7 @@ Each of them stores the cache index in the newly created layer. ---- RUN apk update && apk add ... RUN apt-get update && apt-get install ... +RUN apt-get update && gdebi RUN aptitude update && aptitude install ... ---- diff --git a/rules/S6596/ansible/metadata.json b/rules/S6596/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6596/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6596/ansible/rule.adoc b/rules/S6596/ansible/rule.adoc new file mode 100644 index 00000000000..fc3dbd45b9d --- /dev/null +++ b/rules/S6596/ansible/rule.adoc @@ -0,0 +1,56 @@ +:image_type: container + +include::../common/description.adoc[] + +== How to fix it + +include::../common/how-to-fix.adoc[] + +=== Code examples + +==== Noncompliant code example +[source,yaml,diff-id=1,diff-type=noncompliant] +---- +- name: Create Pod + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Pod + metadata: + name: example + spec: + containers: + - name: nginx + image: nginx # Noncompliant + + - name: nginx + image: nginx:latest # Noncompliant +---- + +==== Compliant solution + +[source,yaml,diff-id=1,diff-type=compliant] +---- +- name: Create Pod + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Pod + metadata: + name: example + spec: + containers: + - name: nginx + image: nginx:1.14.2 # Compliant, fixed tag + + - name: nginx + image: nginx@sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661 # Compliant, SHA of the image +---- + +include::../common/how-does-this-work.adoc[] + +include::../common/extra-mile.adoc[] + +include::../common/resources.adoc[] + +include::../common/implementation-specific.adoc[] diff --git a/rules/S6596/common/description.adoc b/rules/S6596/common/description.adoc new file mode 100644 index 00000000000..c80b7c22f22 --- /dev/null +++ b/rules/S6596/common/description.adoc @@ -0,0 +1,15 @@ +When a {image_type} image is not tagged with a specific version, it is referred to as `latest`. +This means that every time the image is built, deployed, or run, it will always use the latest version of the image. + +== Why is this an issue? + +While using always the latest version may seem convenient, the build cannot be repeated because it is not clear which was the last version. In addition, it can lead to unpredictability and issues such as version mismatch and potential security vulnerabilities. + + +=== What is the potential impact? + +For example, if a developer builds and deploys an application using `my-image:latest`, they may unknowingly be using a different version of the image than another developer who also built and deployed the same application using `my-image:latest`. +This can lead to version mismatches, which can cause bugs or compatibility issues. + +In addition, using `latest` as the tag for {image_type} images can potentially introduce security vulnerabilities. +For instance, if a security vulnerability is discovered in an image and a new version is released to fix it, using `latest` as the tag means that the application will automatically use the updated image, even if it has not been properly tested and vetted for compatibility with the application. \ No newline at end of file diff --git a/rules/S6596/common/extra-mile.adoc b/rules/S6596/common/extra-mile.adoc new file mode 100644 index 00000000000..06e56859981 --- /dev/null +++ b/rules/S6596/common/extra-mile.adoc @@ -0,0 +1,3 @@ +=== Going the extra mile + +Adhering to this can also make it easier to track which version of the {image_type} image is being used, which can be useful for debugging and troubleshooting purposes. \ No newline at end of file diff --git a/rules/S6596/common/how-does-this-work.adoc b/rules/S6596/common/how-does-this-work.adoc new file mode 100644 index 00000000000..7297d6128f8 --- /dev/null +++ b/rules/S6596/common/how-does-this-work.adoc @@ -0,0 +1,3 @@ +=== How does this work? + +This way, the same version of the {image_type} image is used every time the application is built, deployed, or run, ensuring consistency and predictability across different environments. It is also not enough to use the latest tag, as this version also changes with each release. \ No newline at end of file diff --git a/rules/S6596/common/how-to-fix.adoc b/rules/S6596/common/how-to-fix.adoc new file mode 100644 index 00000000000..a2aa4730210 --- /dev/null +++ b/rules/S6596/common/how-to-fix.adoc @@ -0,0 +1,9 @@ +To avoid these issues, it is recommended to use specific version tags for {image_type} images. + +This can be done by appending the version number or tag to the {image_type} image name. +For example, instead of `my-image:latest`, it is better to use `my-image:1.2.3-alpine` or `my-image:1.2.3`. + +For even more control and traceability, it is also possible to specify your image by digest using the sha256 of the image. This will pin your image to a specific version in time, but will also exclude it from eventual security updates. +An example would be using `my-image@sha256:26c68657ccce2cb0a31b330cb0be2b5e108d467f641c62e13ab40cbec258c68d`. + +More information can be found in the documentation at the end. \ No newline at end of file diff --git a/rules/S6596/common/implementation-specific.adoc b/rules/S6596/common/implementation-specific.adoc new file mode 100644 index 00000000000..c85f04a4f2b --- /dev/null +++ b/rules/S6596/common/implementation-specific.adoc @@ -0,0 +1,15 @@ +ifdef::env-github,rspecator-view[] +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Use a specific version tag for the image. + +=== Highlighting + +Highlight the image without tag or highlight the image with the `latest` tag. + +''' +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6596/common/resources.adoc b/rules/S6596/common/resources.adoc new file mode 100644 index 00000000000..d32a768d041 --- /dev/null +++ b/rules/S6596/common/resources.adoc @@ -0,0 +1,6 @@ +== Resources +=== Documentation + +* https://helm.sh/docs/chart_best_practices/pods/#images[Helm chart best practices - Images] +* https://kubernetes.io/docs/concepts/containers/images/[Kubernetes - Images] +* https://docs.docker.com/engine/reference/commandline/image_pull/#pull-an-image-by-digest-immutable-identifier[Pull an image by digest (immutable identifier)] diff --git a/rules/S6596/docker/metadata.json b/rules/S6596/docker/metadata.json index 6abf9b07667..2c63c085104 100644 --- a/rules/S6596/docker/metadata.json +++ b/rules/S6596/docker/metadata.json @@ -1,23 +1,2 @@ { - "title": "Specific version tag for image should be used", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "LOGICAL" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6596", - "sqKey": "S6596", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "unknown" } diff --git a/rules/S6596/docker/rule.adoc b/rules/S6596/docker/rule.adoc index 3919148d3b1..2f899cbbdc5 100644 --- a/rules/S6596/docker/rule.adoc +++ b/rules/S6596/docker/rule.adoc @@ -1,24 +1,10 @@ -When a Dockerfile image is not tagged with a specific version, it is referred to as `latest`. -This means that every time the image is built, deployed, or run, it will always use the latest version of the image. - -== Why is this an issue? - -While using always the latest version may seem convenient, the build cannot be repeated because it is not clear which was the last version. In addition, it can lead to unpredictability and issues such as version mismatch and potential security vulnerabilities. - -=== What is the potential impact? - -For example, if a developer builds and deploys an application using `my-image:latest`, they may unknowingly be using a different version of the image than another developer who also built and deployed the same application using `my-image:latest`. -This can lead to version mismatches, which can cause bugs or compatibility issues. - -In addition, using `latest` as the tag for Docker images can potentially introduce security vulnerabilities. -For instance, if a security vulnerability is discovered in an image and a new version is released to fix it, using `latest` as the tag means that the application will automatically use the updated image, even if it has not been properly tested and vetted for compatibility with the application. +:image_type: Dockerfile +include::../common/description.adoc[] == How to fix it -To avoid these issues, it is recommended to use specific version tags for Dockerfile images. -This can be done by appending the version number or tag to the image name in the Dockerfile. -For example, instead of using `my-image:latest`, it is better to use `my-image:1.2.3-alpine` or `my-image:1.2.3`. +include::../common/how-to-fix.adoc[] === Code examples @@ -38,31 +24,15 @@ FROM my-image:1.2.3 FROM my-image:1.2.3-alpine ---- -=== How does this work? - -This way, the same version of the image is used every time the application is built, deployed, or run, ensuring consistency and predictability across different environments. It is also not enough to use the latest tag, as this version also changes with each release. - -=== Going the extra mile +include::../common/how-does-this-work.adoc[] -Adhering to this can also make it easier to track which version of the image is being used, which can be useful for debugging and troubleshooting purposes. +include::../common/extra-mile.adoc[] == Resources === Documentation + * https://docs.docker.com/engine/reference/builder/#from[Dockerfile reference - FROM] * https://docs.docker.com/develop/dev-best-practices/#how-to-keep-your-images-small[Docker development best practices] +* https://docs.docker.com/engine/reference/commandline/image_pull/#pull-an-image-by-digest-immutable-identifier[Pull an image by digest (immutable identifier)] -ifdef::env-github,rspecator-view[] -''' -== Implementation Specification -(visible only on this page) - -=== Message - -Use a specific version tag for the image. - -=== Highlighting - -Highlight the image without tag or highlight the image with the `latest` tag. - -''' -endif::env-github,rspecator-view[] +include::../common/implementation-specific.adoc[] diff --git a/rules/S6596/kubernetes/metadata.json b/rules/S6596/kubernetes/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6596/kubernetes/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6596/kubernetes/rule.adoc b/rules/S6596/kubernetes/rule.adoc new file mode 100644 index 00000000000..e3ac79bd06a --- /dev/null +++ b/rules/S6596/kubernetes/rule.adoc @@ -0,0 +1,50 @@ +:image_type: container + +include::../common/description.adoc[] + +== How to fix it + +include::../common/how-to-fix.adoc[] + +=== Code examples + +==== Noncompliant code example +[source,yaml,diff-id=1,diff-type=noncompliant] +---- +apiVersion: v1 +kind: Pod +metadata: + name: example +spec: + containers: + - name: nginx + image: nginx # Noncompliant + + - name: nginx + image: nginx:latest # Noncompliant +---- + +==== Compliant solution + +[source,yaml,diff-id=1,diff-type=compliant] +---- +apiVersion: v1 +kind: Pod +metadata: + name: example +spec: + containers: + - name: nginx + image: nginx:1.14.2 # Compliant, fixed tag + + - name: nginx + image: nginx@sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661 # Compliant, SHA of the image +---- + +include::../common/how-does-this-work.adoc[] + +include::../common/extra-mile.adoc[] + +include::../common/resources.adoc[] + +include::../common/implementation-specific.adoc[] diff --git a/rules/S6596/metadata.json b/rules/S6596/metadata.json index 2c63c085104..6abf9b07667 100644 --- a/rules/S6596/metadata.json +++ b/rules/S6596/metadata.json @@ -1,2 +1,23 @@ { + "title": "Specific version tag for image should be used", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6596", + "sqKey": "S6596", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" } diff --git a/rules/S6602/metadata.json b/rules/S6602/metadata.json index 64b2f1b8beb..ce6f45bc59d 100644 --- a/rules/S6602/metadata.json +++ b/rules/S6602/metadata.json @@ -21,6 +21,6 @@ "ruleSpecification": "RSPEC-6602", "sqKey": "S6602", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [], "quickfix": "targeted" } diff --git a/rules/S6602/resources-dotnet.adoc b/rules/S6602/resources-dotnet.adoc index 45322676dd5..3a480fb3ebd 100644 --- a/rules/S6602/resources-dotnet.adoc +++ b/rules/S6602/resources-dotnet.adoc @@ -11,55 +11,94 @@ [options="header"] |=== -| Method | Runtime | Mean | StdDev | Ratio | Allocated -| FirstOrDefault | .NET 7.0 | 5.373 ms | 0.1049 ms | 1.00 | 125 KB -| Find | .NET 7.0 | 1.691 ms | 0.0334 ms | 0.32 | 85.94 KB -| FirstOrDefault | .NET Framework 4.6.2 | 5.035 ms | 0.0421 ms | 1.00 | 125.38 KB -| Find | .NET Framework 4.6.2 | 1.779 ms | 0.0107 ms | 0.35 | 86.2 KB +| Method | Runtime | Categories | Mean | Standard Deviation | Allocated +| ArrayFirstOrDefault | .NET 8.0 | Array | 10.515 μs | 0.1410 μs | 32 B +| ArrayFind | .NET 8.0 | Array | 4.417 μs | 0.0729 μs | - +| | | | | | +| ArrayFirstOrDefault | .NET 9.0 | Array | 2.262 μs | 0.0135 μs | - +| ArrayFind | .NET 9.0 | Array | 3.428 μs | 0.0206 μs | - +| | | | | | +| ArrayFirstOrDefault | .NET Framework 4.8.1 | Array | 45.074 μs | 0.7517 μs | 32 B +| ArrayFind | .NET Framework 4.8.1 | Array | 13.948 μs | 0.1496 μs | - +| | | | | | +| ImmutableListFirstOrDefault | .NET 8.0 | ImmutableList<T> | 83.796 μs | 1.3199 μs | 72 B +| ImmutableListFind | .NET 8.0 | ImmutableList<T> | 59.720 μs | 1.0723 μs | - +| | | | | | +| ImmutableListFirstOrDefault | .NET 9.0 | ImmutableList<T> | 81.984 μs | 1.0886 μs | 72 B +| ImmutableListFind | .NET 9.0 | ImmutableList<T> | 58.288 μs | 0.8079 μs | - +| | | | | | +| ImmutableListFirstOrDefault | .NET Framework 4.8.1 | ImmutableList<T> | 446.893 μs | 9.8430 μs | 76 B +| ImmutableListFind | .NET Framework 4.8.1 | ImmutableList<T> | 427.476 μs | 3.3371 μs | - +| | | | | | +| ListFirstOrDefault | .NET 8.0 | List<T> | 14.808 μs | 0.1723 μs | 40 B +| ListFind | .NET 8.0 | List<T> | 6.040 μs | 0.1104 μs | - +| | | | | | +| ListFirstOrDefault | .NET 9.0 | List<T> | 2.233 μs | 0.0154 μs | - +| ListFind | .NET 9.0 | List<T> | 4.458 μs | 0.0745 μs | - +| | | | | | +| ListFirstOrDefault | .NET Framework 4.8.1 | List<T> | 57.290 μs | 1.0494 μs | 40 B +| ListFind | .NET Framework 4.8.1 | List<T> | 18.476 μs | 0.0504 μs | - |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] ---- -private List data; -private Random random = new Random(); - -[Params(1_000)] -public int N { get; set; } +// Explicitly cache the delegates to avoid allocations inside the benchmark. +private readonly static Func ConditionFunc = static x => x == 1; +private readonly static Predicate ConditionPredicate = static x => x == 1; +private List list; +private ImmutableList immutableList; +private int[] array; +public const int N = 10_000; [GlobalSetup] -public void Setup() => - data = Enumerable.Range(0, N).Select(x => Guid.NewGuid().ToString()).ToList(); - -[Benchmark(Baseline = true)] -public void FirstOrDefault() +public void GlobalSetup() { - for (var i = 0; i < N; i++) - { - var value = data[random.Next(N - 1)]; - _ = data.FirstOrDefault(x => x == value); // Enumerable.FirstOrDefault() - } + list = Enumerable.Range(0, N).Select(x => N - x).ToList(); + immutableList = ImmutableList.CreateRange(list); + array = list.ToArray(); } -[Benchmark] -public void Find() -{ - for (var i = 0; i < N; i++) - { - var value = data[random.Next(N - 1)]; - _ = data.Find(x => x == value); // List.Find() - } -} +[BenchmarkCategory("List"), Benchmark(Baseline = true)] +public int ListFirstOrDefault() => + list.FirstOrDefault(ConditionFunc); + +[BenchmarkCategory("List"), Benchmark] +public int ListFind() => + list.Find(ConditionPredicate); + +[BenchmarkCategory("ImmutableList"), Benchmark(Baseline = true)] +public int ImmutableListFirstOrDefault() => + immutableList.FirstOrDefault(ConditionFunc); + +[BenchmarkCategory("ImmutableList"), Benchmark] +public int ImmutableListFind() => + immutableList.Find(ConditionPredicate); + +[BenchmarkCategory("Array"), Benchmark(Baseline = true)] +public int ArrayFirstOrDefault() => + array.FirstOrDefault(ConditionFunc); + +[BenchmarkCategory("Array"), Benchmark] +public int ArrayFind() => + Array.Find(array, ConditionPredicate); ---- Hardware configuration: [source] ---- -BenchmarkDotNet=v0.13.5, OS=Windows 10 (10.0.19045.2846/22H2/2022Update) +BenchmarkDotNet v0.14.0, Windows 11 (10.0.22631.4317/23H2/2023Update/SunValley3) 11th Gen Intel Core i7-11850H 2.50GHz, 1 CPU, 16 logical and 8 physical cores - [Host] : .NET Framework 4.8 (4.8.4614.0), X64 RyuJIT VectorSize=256 - .NET 7.0 : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2 - .NET Framework 4.6.2 : .NET Framework 4.8 (4.8.4614.0), X64 RyuJIT VectorSize=256 + [Host] : .NET Framework 4.8.1 (4.8.9277.0), X64 RyuJIT VectorSize=256 + .NET 8.0 : .NET 8.0.10 (8.0.1024.46610), X64 RyuJIT AVX-512F+CD+BW+DQ+VL+VBMI + .NET 9.0 : .NET 9.0.0 (9.0.24.47305), X64 RyuJIT AVX-512F+CD+BW+DQ+VL+VBMI + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9277.0), X64 RyuJIT VectorSize=256 ---- diff --git a/rules/S6602/why-dotnet.adoc b/rules/S6602/why-dotnet.adoc index 416bed6fae7..24bc0f7afe4 100644 --- a/rules/S6602/why-dotnet.adoc +++ b/rules/S6602/why-dotnet.adoc @@ -1,9 +1,11 @@ == Why is this an issue? -Both the `List.Find` method and `IEnumerable.FirstOrDefault` method can be used to find the first element that satisfies a given condition in a collection. However, `List.Find` can be faster than `IEnumerable.FirstOrDefault` for `List` objects. For small collections, the performance difference may be minor, but for large collections, it can make a noticeable difference. The same applies for `ImmutableList` and arrays too. +Both the `List.Find` method and the `Enumerable.FirstOrDefault` method can be used to locate the first element that meets a specified condition within a collection. However, for `List` objects, `List.Find` may offer superior performance compared to `Enumerable.FirstOrDefault`. While the performance difference might be negligible for small collections, it can become significant for larger collections. This observation also holds true for `ImmutableList` and arrays. + +It is important to enable this rule with caution, as performance outcomes can vary significantly across different runtimes. Notably, the https://devblogs.microsoft.com/dotnet/performance-improvements-in-net-9/#collections[performance improvements in .NET 9] have brought `FirstOrDefault` closer to the performance of collection-specific `Find` methods in most scenarios. *Applies to* * https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.list-1.find[List] * https://learn.microsoft.com/en-us/dotnet/api/system.array.find[Array] -* https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablelist-1.find[ImmutableList] \ No newline at end of file +* https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablelist-1.find[ImmutableList] diff --git a/rules/S6603/metadata.json b/rules/S6603/metadata.json index a3028e7d8aa..4573cfb7b52 100644 --- a/rules/S6603/metadata.json +++ b/rules/S6603/metadata.json @@ -19,7 +19,7 @@ "ruleSpecification": "RSPEC-6603", "sqKey": "S6603", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [], "quickfix": "targeted" } \ No newline at end of file diff --git a/rules/S6603/resources-dotnet.adoc b/rules/S6603/resources-dotnet.adoc index 6c8d7df7472..198701610d5 100644 --- a/rules/S6603/resources-dotnet.adoc +++ b/rules/S6603/resources-dotnet.adoc @@ -2,63 +2,127 @@ === Documentation -* https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.list-1.trueforall[List.TrueForAll(Predicate)] -* https://learn.microsoft.com/en-us/dotnet/api/system.array.trueforall[Array.TrueForAll(T[\], Predicate)] -* https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablelist-1.trueforall[ImmutableList.TrueForAll(Predicate)] -* https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablelist-1.builder.trueforall[ImmutableList.Builder.TrueForAll(Predicate)] -* https://learn.microsoft.com/en-us/dotnet/api/system.linq.enumerable.all[Enumerable.All] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.list-1.trueforall[List.TrueForAll(Predicate)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.array.trueforall[Array.TrueForAll(T[\], Predicate)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablelist-1.trueforall[ImmutableList.TrueForAll(Predicate)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablelist-1.builder.trueforall[ImmutableList.Builder.TrueForAll(Predicate)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.linq.enumerable.all[Enumerable.All] === Benchmarks [options="header"] |=== -| Method | Runtime | Mean | StdDev | Ratio | Allocated -| TrueForAll | .NET 7.0 | 1.302 ms | 0.0027 ms | 0.21 | 1 B -| All | .NET 7.0 | 6.279 ms | 0.0181 ms | 1.00 | 40004 B -| TrueForAll | .NET Framework 4.6.2 | 1.105 ms | 0.0142 ms | 0.22 | - -| All | .NET Framework 4.6.2 | 4.968 ms | 0.0143 ms | 1.00 | 40128 B +| Method | Runtime | Categories | Mean | Standard Deviation | Allocated +| ArrayAll | .NET 8.0 | Array | 109.25 μs | 1.767 μs | 32 B +| ArrayTrueForAll | .NET 8.0 | Array | 45.01 μs | 0.547 μs | - +| | | | | | +| ArrayAll | .NET 9.0 | Array | 22.28 μs | 0.254 μs | - +| ArrayTrueForAll | .NET 9.0 | Array | 37.60 μs | 0.382 μs | - +| | | | | | +| ArrayAll | .NET Framework 4.8.1 | Array | 495.90 μs | 4.342 μs | 40 B +| ArrayTrueForAll | .NET Framework 4.8.1 | Array | 164.52 μs | 2.030 μs | - +| | | | | | +| ImmutableListAll | .NET 8.0 | ImmutableList | 940.29 μs | 5.600 μs | 72 B +| ImmutableListTrueForAll | .NET 8.0 | ImmutableList | 679.46 μs | 2.371 μs | - +| | | | | | +| ImmutableListAll | .NET 9.0 | ImmutableList | 922.43 μs | 14.564 μs | 72 B +| ImmutableListTrueForAll | .NET 9.0 | ImmutableList | 692.31 μs | 8.897 μs | - +| | | | | | +| ImmutableListAll | .NET Framework 4.8.1 | ImmutableList | 4,578.72 μs | 77.920 μs | 128 B +| ImmutableListTrueForAll | .NET Framework 4.8.1 | ImmutableList | 4,393.49 μs | 122.061 μs | - +| | | | | | +| ImmutableListBuilderAll | .NET 8.0 | ImmutableList.Builder | 970.45 μs | 13.598 μs | 73 B +| ImmutableListBuilderTrueForAll | .NET 8.0 | ImmutableList.Builder | 687.82 μs | 6.142 μs | - +| | | | | | +| ImmutableListBuilderAll | .NET 9.0 | ImmutableList.Builder | 981.17 μs | 12.966 μs | 72 B +| ImmutableListBuilderTrueForAll | .NET 9.0 | ImmutableList.Builder | 710.19 μs | 16.195 μs | - +| | | | | | +| ImmutableListBuilderAll | .NET Framework 4.8.1 | ImmutableList.Builder | 4,780.50 μs | 43.282 μs | 128 B +| ImmutableListBuilderTrueForAll | .NET Framework 4.8.1 | ImmutableList.Builder | 4,493.82 μs | 76.530 μs | - +| | | | | | +| ListAll | .NET 8.0 | List | 151.12 μs | 2.028 μs | 40 B +| ListTrueForAll | .NET 8.0 | List | 58.03 μs | 0.493 μs | - +| | | | | | +| ListAll | .NET 9.0 | List | 22.14 μs | 0.327 μs | - +| ListTrueForAll | .NET 9.0 | List | 46.01 μs | 0.327 μs | - +| | | | | | +| ListAll | .NET Framework 4.8.1 | List | 619.86 μs | 6.037 μs | 48 B +| ListTrueForAll | .NET Framework 4.8.1 | List | 208.49 μs | 2.340 μs | - |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] ---- -private List data; +// Explicitly cache the delegates to avoid allocations inside the benchmark. +private readonly static Func ConditionFunc = static x => x == Math.Abs(x); +private readonly static Predicate ConditionPredicate = static x => x == Math.Abs(x); -[Params(10_000)] +private List list; +private ImmutableList immutableList; +private ImmutableList.Builder immutableListBuilder; +private int[] array; + +[Params(100_000)] public int N { get; set; } [GlobalSetup] -public void Setup() => - data = Enumerable.Range(0, N).Select(x => 42).ToList(); - -[Benchmark] -public void TrueForAll() +public void GlobalSetup() { - for (var i = 0; i < N; i++) - { - _ = data.TrueForAll(x => x == 42); // List.TrueForAll - } + list = Enumerable.Range(0, N).Select(x => N - x).ToList(); + immutableList = ImmutableList.CreateRange(list); + immutableListBuilder = ImmutableList.CreateBuilder(); + immutableListBuilder.AddRange(list); + array = list.ToArray(); } -[Benchmark(Baseline = true)] -public void All() -{ - for (var i = 0; i < N; i++) - { - _ = data.All(x => x == 42); // Enumerable.All - } -} +[BenchmarkCategory("List"), Benchmark] +public bool ListAll() => + list.All(ConditionFunc); + +[BenchmarkCategory("List"), Benchmark(Baseline = true)] +public bool ListTrueForAll() => + list.TrueForAll(ConditionPredicate); + +[BenchmarkCategory("ImmutableList"), Benchmark(Baseline = true)] +public bool ImmutableListAll() => + immutableList.All(ConditionFunc); + +[BenchmarkCategory("ImmutableList"), Benchmark] +public bool ImmutableListTrueForAll() => + immutableList.TrueForAll(ConditionPredicate); + +[BenchmarkCategory("ImmutableList.Builder"), Benchmark(Baseline = true)] +public bool ImmutableListBuilderAll() => + immutableListBuilder.All(ConditionFunc); + +[BenchmarkCategory("ImmutableList.Builder"), Benchmark] +public bool ImmutableListBuilderTrueForAll() => + immutableListBuilder.TrueForAll(ConditionPredicate); + +[BenchmarkCategory("Array"), Benchmark(Baseline = true)] +public bool ArrayAll() => + array.All(ConditionFunc); + +[BenchmarkCategory("Array"), Benchmark] +public bool ArrayTrueForAll() => + Array.TrueForAll(array, ConditionPredicate); ---- Hardware configuration: [source] ---- -BenchmarkDotNet=v0.13.5, OS=Windows 10 (10.0.19045.2846/22H2/2022Update) -12th Gen Intel Core i7-12800H, 1 CPU, 20 logical and 14 physical cores -.NET SDK=7.0.203 - [Host] : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2 - .NET 7.0 : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2 - .NET Framework 4.6.2 : .NET Framework 4.8 (4.8.4614.0), X64 RyuJIT VectorSize=256 +BenchmarkDotNet v0.14.0, Windows 11 (10.0.22631.4317/23H2/2023Update/SunValley3) +11th Gen Intel Core i7-11850H 2.50GHz, 1 CPU, 16 logical and 8 physical cores + [Host] : .NET Framework 4.8.1 (4.8.9277.0), X64 RyuJIT VectorSize=256 + .NET 8.0 : .NET 8.0.10 (8.0.1024.46610), X64 RyuJIT AVX-512F+CD+BW+DQ+VL+VBMI + .NET 9.0 : .NET 9.0.0 (9.0.24.47305), X64 RyuJIT AVX-512F+CD+BW+DQ+VL+VBMI + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9277.0), X64 RyuJIT VectorSize=256 ---- \ No newline at end of file diff --git a/rules/S6603/why-dotnet.adoc b/rules/S6603/why-dotnet.adoc index f1ec951b32c..a4631e1bc31 100644 --- a/rules/S6603/why-dotnet.adoc +++ b/rules/S6603/why-dotnet.adoc @@ -2,6 +2,8 @@ Both the `List.TrueForAll` method and the `IEnumerable.All` method can be used to check if all list elements satisfy a given condition in a collection. However, `List.TrueForAll` can be faster than `IEnumerable.All` for `List` objects. The performance difference may be minor for small collections, but for large collections, it can be noticeable. +It is important to enable this rule with caution, as performance outcomes can vary significantly across different runtimes. Notably, the https://devblogs.microsoft.com/dotnet/performance-improvements-in-net-9/#collections[performance improvements in .NET 9] have brought `All` closer to the performance of collection-specific `TrueForAll` methods in most scenarios. + *Applies to* * https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.list-1.trueforall[List] diff --git a/rules/S6605/metadata.json b/rules/S6605/metadata.json index 01787ab4114..49acb5bb2d0 100644 --- a/rules/S6605/metadata.json +++ b/rules/S6605/metadata.json @@ -21,6 +21,6 @@ "ruleSpecification": "RSPEC-6605", "sqKey": "S6605", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [], "quickfix": "targeted" } \ No newline at end of file diff --git a/rules/S6605/resources-dotnet.adoc b/rules/S6605/resources-dotnet.adoc index fc0133e6a0c..adc20571c78 100644 --- a/rules/S6605/resources-dotnet.adoc +++ b/rules/S6605/resources-dotnet.adoc @@ -2,65 +2,107 @@ === Documentation -* https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.list-1.exists[List.Exists(Predicate)] -* https://learn.microsoft.com/en-us/dotnet/api/system.array.exists[Array.Exists(T[\], Predicate)] -* https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablelist-1.exists[ImmutableList.Exists(Predicate)] -* https://learn.microsoft.com/en-us/dotnet/api/system.linq.enumerable.any[Enumerable.Any(Predicate)] -* https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/ef/language-reference/linq-to-entities[LINQ to Entities] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.list-1.exists[List.Exists(Predicate)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.array.exists[Array.Exists(T[\], Predicate)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.collections.immutable.immutablelist-1.exists[ImmutableList.Exists(Predicate)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.linq.enumerable.any[Enumerable.Any(Predicate)] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/ef/language-reference/linq-to-entities[LINQ to Entities] === Benchmarks [options="header"] |=== -| Method | Runtime | Mean | StdDev | Ratio | Allocated -| Any | .NET 7.0 | 6.670 ms | 0.1413 ms | 1.00 | 40004 B -| Exists | .NET 7.0 | 1.364 ms | 0.0270 ms | 0.20 | 1 B -| Any | .NET Framework 4.6.2 | 5.380 ms | 0.0327 ms | 1.00 | 40128 B -| Exists | .NET Framework 4.6.2 | 1.575 ms | 0.0348 ms | 0.29 | - +| Method | Runtime | Categories | Mean | Standard Deviation | Allocated +| ArrayAny | .NET 8.0 | Array | 1,174.0 ns | 16.44 ns | 32 B +| ArrayExists | .NET 8.0 | Array | 570.6 ns | 7.12 ns | - +| | | | | | +| ArrayAny | .NET 9.0 | Array | 358.5 ns | 5.57 ns | - +| ArrayExists | .NET 9.0 | Array | 581.6 ns | 6.17 ns | - +| | | | | | +| ArrayAny | .NET Framework 4.8.1 | Array | 4,896.0 ns | 102.83 ns | 32 B +| ArrayExists | .NET Framework 4.8.1 | Array | 1,649.4 ns | 29.81 ns | - +| | | | | | +| ImmutableListAny | .NET 8.0 | ImmutableList | 7,859.3 ns | 91.45 ns | 72 B +| ImmutableListExists | .NET 8.0 | ImmutableList | 5,898.1 ns | 81.69 ns | - +| | | | | | +| ImmutableListAny | .NET 9.0 | ImmutableList | 7,748.9 ns | 119.10 ns | 72 B +| ImmutableListExists | .NET 9.0 | ImmutableList | 5,705.0 ns | 31.53 ns | - +| | | | | | +| ImmutableListAny | .NET Framework 4.8.1 | ImmutableList | 45,118.5 ns | 168.72 ns | 72 B +| ImmutableListExists | .NET Framework 4.8.1 | ImmutableList | 41,966.0 ns | 631.59 ns | - +| | | | | | +| ListAny | .NET 8.0 | List | 1,643.5 ns | 13.09 ns | 40 B +| ListExists | .NET 8.0 | List | 726.2 ns | 11.99 ns | - +| | | | | | +| ListAny | .NET 9.0 | List | 398.6 ns | 8.20 ns | - +| ListExists | .NET 9.0 | List | 612.4 ns | 18.73 ns | - +| | | | | | +| ListAny | .NET Framework 4.8.1 | List | 5,621.5 ns | 35.80 ns | 40 B +| ListExists | .NET Framework 4.8.1 | List | 1,748.0 ns | 11.76 ns | - |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] ---- -private List data; -private readonly Random random = new Random(); +// Explicitly cache the delegates to avoid allocations inside the benchmark. +private readonly static Func ConditionFunc = static x => x == -1 * Math.Abs(x); +private readonly static Predicate ConditionPredicate = static x => x == -1 * Math.Abs(x); + +private List list; +private ImmutableList immutableList; +private int[] array; [Params(1_000)] public int N { get; set; } [GlobalSetup] -public void Setup() => - data = Enumerable.Range(0, N).Select(x => 43).ToList(); - -[Benchmark(Baseline = true)] -public void Any() +public void GlobalSetup() { - for (var i = 0; i < N; i++) - { - _ = data.Any(x => x % 2 == 0); // Enumerable.Any - } + list = Enumerable.Range(0, N).Select(x => N - x).ToList(); + immutableList = ImmutableList.CreateRange(list); + array = list.ToArray(); } -[Benchmark] -public void Exists() -{ - for (var i = 0; i < N; i++) - { - _ = data.Exists(x => x % 2 == 0); // List.Exists - } -} +[BenchmarkCategory("List"), Benchmark] +public bool ListAny() => + list.Any(ConditionFunc); + +[BenchmarkCategory("List"), Benchmark(Baseline = true)] +public bool ListExists() => + list.Exists(ConditionPredicate); + +[BenchmarkCategory("ImmutableList"), Benchmark(Baseline = true)] +public bool ImmutableListAny() => + immutableList.Any(ConditionFunc); + +[BenchmarkCategory("ImmutableList"), Benchmark] +public bool ImmutableListExists() => + immutableList.Exists(ConditionPredicate); + +[BenchmarkCategory("Array"), Benchmark(Baseline = true)] +public bool ArrayAny() => + array.Any(ConditionFunc); +[BenchmarkCategory("Array"), Benchmark] +public bool ArrayExists() => + Array.Exists(array, ConditionPredicate); ---- Hardware configuration: [source] ---- -BenchmarkDotNet=v0.13.5, OS=Windows 10 (10.0.19045.2846/22H2/2022Update) +BenchmarkDotNet v0.14.0, Windows 11 (10.0.22631.4317/23H2/2023Update/SunValley3) 11th Gen Intel Core i7-11850H 2.50GHz, 1 CPU, 16 logical and 8 physical cores -.NET SDK=7.0.203 - [Host] : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2 - .NET 7.0 : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2 - .NET Framework 4.6.2 : .NET Framework 4.8.1 (4.8.9139.0), X64 RyuJIT VectorSize=256 + [Host] : .NET Framework 4.8.1 (4.8.9277.0), X64 RyuJIT VectorSize=256 + .NET 8.0 : .NET 8.0.10 (8.0.1024.46610), X64 RyuJIT AVX-512F+CD+BW+DQ+VL+VBMI + .NET 9.0 : .NET 9.0.0 (9.0.24.47305), X64 RyuJIT AVX-512F+CD+BW+DQ+VL+VBMI + .NET Framework 4.8.1 : .NET Framework 4.8.1 (4.8.9277.0), X64 RyuJIT VectorSize=256 ---- diff --git a/rules/S6605/why-dotnet.adoc b/rules/S6605/why-dotnet.adoc index d6d8bfd5390..5b8e9c70cc7 100644 --- a/rules/S6605/why-dotnet.adoc +++ b/rules/S6605/why-dotnet.adoc @@ -2,6 +2,8 @@ Both the `List.Exists` method and `IEnumerable.Any` method can be used to find the first element that satisfies a predicate in a collection. However, `List.Exists` can be faster than `IEnumerable.Any` for `List` objects, as well as requires significantly less memory. For small collections, the performance difference may be negligible, but for large collections, it can be noticeable. The same applies to `ImmutableList` and arrays too. +It is important to enable this rule with caution, as performance outcomes can vary significantly across different runtimes. Notably, the https://devblogs.microsoft.com/dotnet/performance-improvements-in-net-9/#collections[performance improvements in .NET 9] have brought `Any` closer to the performance of collection-specific `Exists` methods in most scenarios. + *Applies to* * https://learn.microsoft.com/en-us/dotnet/api/system.collections.generic.list-1.exists[List] diff --git a/rules/S6606/dart/metadata.json b/rules/S6606/dart/metadata.json new file mode 100644 index 00000000000..61e938de094 --- /dev/null +++ b/rules/S6606/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "If-null operator should be preferred" +} diff --git a/rules/S6606/dart/rule.adoc b/rules/S6606/dart/rule.adoc new file mode 100644 index 00000000000..b9e1d278fe5 --- /dev/null +++ b/rules/S6606/dart/rule.adoc @@ -0,0 +1,51 @@ +== Why is this an issue? + +The if-`null` operator `??` allows providing a default value when dealing with `null`. It only coalesces when the original value is `null`. Therefore, it is safer and shorter than relying upon testing against `null` or `undefined` explicitly. + +This rule reports when conditionals (`?`) can be safely replaced with coalescing (`??`). + +== How to fix it + +Rewrite the expression using `??` on the unchecked operands. + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +int either(int? x, int y) { + return x != null ? x : y; +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +int either(int? x, int y) { + return x ?? y; +} +---- + +== Resources + +* Dart Docs https://dart.dev/tools/linter-rules/prefer_if_null_operators[Dart Linter rule - prefer_if_null_operators] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* "Use the '??' operator rather than '?:' when testing for 'null'." + +=== Highlighting + +The whole ternary operator. + +''' + +endif::env-github,rspecator-view[] diff --git a/rules/S6606/javascript/metadata.json b/rules/S6606/javascript/metadata.json index 5a0511c37aa..a7194f988ab 100644 --- a/rules/S6606/javascript/metadata.json +++ b/rules/S6606/javascript/metadata.json @@ -1,26 +1,9 @@ { "title": "Nullish coalescing should be preferred", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW" - }, - "attribute": "CONVENTIONAL" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, "tags": [ "es2020", "nullish-coalescing", "type-dependent" ], - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-6606", - "sqKey": "S6606", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], "quickfix": "covered" } diff --git a/rules/S6606/metadata.json b/rules/S6606/metadata.json index 2c63c085104..b88bc5dea56 100644 --- a/rules/S6606/metadata.json +++ b/rules/S6606/metadata.json @@ -1,2 +1,21 @@ { + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + }, + "status": "ready", + "tags": [], + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6606", + "sqKey": "S6606", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" } diff --git a/rules/S6607/resources-dotnet.adoc b/rules/S6607/resources-dotnet.adoc index 54b9d58f17c..af17979bcd4 100644 --- a/rules/S6607/resources-dotnet.adoc +++ b/rules/S6607/resources-dotnet.adoc @@ -13,11 +13,16 @@ [options="header"] |=== -|Method | Runtime | Mean | StdDev | Ratio -| OrderByThenWhere | .NET 7.0 | 175.36 ms | 5.101 ms | 1.00 -| WhereThenOrderBy | .NET 7.0 | 85.58 ms | 1.697 ms | 0.48 +| Method | Runtime | Mean | Standard Deviation +| OrderByThenWhere | .NET 7.0 | 175.36 ms | 5.101 ms +| WhereThenOrderBy | .NET 7.0 | 85.58 ms | 1.697 ms |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] diff --git a/rules/S6608/resources-dotnet.adoc b/rules/S6608/resources-dotnet.adoc index 139b61cb54d..8394b9d1a9f 100644 --- a/rules/S6608/resources-dotnet.adoc +++ b/rules/S6608/resources-dotnet.adoc @@ -10,21 +10,20 @@ [options="header"] |=== -| Method | Runtime | Mean | StdDev -| ElementAt | .NET 7.0 | 15,193.1 ns | 233.47 ns -| Index | .NET 7.0 | 9,465.6 ns | 148.16 ns -| First | .NET 7.0 | 7,790.2 ns | 165.70 ns -| First_Index | .NET 7.0 | 398.5 ns | 5.36 ns -| Last | .NET 7.0 | 7,398.2 ns | 152.48 ns -| Last_Index | .NET 7.0 | 347.3 ns | 5.47 ns -| ElementAt | .NET Framework 4.6.2 | 12,205.7 ns | 298.49 ns -| Index | .NET Framework 4.6.2 | 8,917.8 ns | 51.55 ns -| First | .NET Framework 4.6.2 | 5,109.1 ns | 100.13 ns -| First_Index | .NET Framework 4.6.2 | 566.0 ns | 6.56 ns -| Last | .NET Framework 4.6.2 | 5,052.7 ns | 76.02 ns -| Last_Index | .NET Framework 4.6.2 | 680.7 ns | 9.56 ns +| Method | Runtime | Mean | Standard Deviation +| ElementAt | 3,403.4 ns | 28.52 ns | 26.67 ns +| Index | 478.0 ns | 6.93 ns | 6.48 ns +| First | 6,160.0 ns | 57.66 ns | 53.93 ns +| First_Index | 485.7 ns | 5.81 ns | 5.15 ns +| Last | 6,034.3 ns | 20.34 ns | 16.98 ns +| Last_Index | 408.3 ns | 2.54 ns | 2.38 ns |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] @@ -42,74 +41,96 @@ public int LoopSize; public void Setup() { random = new Random(42); + var bytes = new byte[SampleSize]; random.NextBytes(bytes); data = bytes.ToList(); } [Benchmark] -public void ElementAt() +public int ElementAt() { - for (int i = 0; i < LoopSize; i++) + int result = default; + + for (var i = 0; i < LoopSize; i++) { - var index = random.Next(0, SampleSize); - _ = data.ElementAt(index); + result = data.ElementAt(i); } + + return result; } [Benchmark] -public void Index() +public int Index() { - for (int i = 0; i < LoopSize; i++) + int result = default; + + for (var i = 0; i < LoopSize; i++) { - var index = random.Next(0, SampleSize); - _ = data[index]; + result = data[i]; } + + return result; } [Benchmark] -public void First() +public int First() { - for (int i = 0; i < LoopSize; i++) + int result = default; + + for (var i = 0; i < LoopSize; i++) { - _ = data.First(); + result = data.First(); } + + return result; } [Benchmark] -public void First_Index() +public int First_Index() { - for (int i = 0; i < LoopSize; i++) + int result = default; + + for (var i = 0; i < LoopSize; i++) { - _ = data[0]; + result = data[0]; } + + return result; } [Benchmark] -public void Last() +public int Last() { - for (int i = 0; i < LoopSize; i++) + int result = default; + + for (var i = 0; i < LoopSize; i++) { - _ = data.Last(); + result = data.Last(); } + + return result; } [Benchmark] -public void Last_Index() +public int Last_Index() { - for (int i = 0; i < LoopSize; i++) + int result = default; + + for (var i = 0; i < LoopSize; i++) { - _ = data[data.Count - 1]; + result = data[data.Count - 1]; } + + return result; } ---- Hardware configuration: ---- -BenchmarkDotNet=v0.13.5, OS=Windows 10 (10.0.19045.2846/22H2/2022Update) +BenchmarkDotNet=v0.13.5, OS=Windows 10 (10.0.19045.4412/22H2/2022Update) 11th Gen Intel Core i7-11850H 2.50GHz, 1 CPU, 16 logical and 8 physical cores -.NET SDK=7.0.203 - [Host] : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2 - .NET 7.0 : .NET 7.0.5 (7.0.523.17405), X64 RyuJIT AVX2 - .NET Framework 4.6.2 : .NET Framework 4.8.1 (4.8.9139.0), X64 RyuJIT VectorSize=256 +.NET SDK=8.0.301 + [Host] : .NET 8.0.6 (8.0.624.26715), X64 RyuJIT AVX2 + .NET 8.0 : .NET 8.0.6 (8.0.624.26715), X64 RyuJIT AVX2 ---- diff --git a/rules/S6609/resources-dotnet.adoc b/rules/S6609/resources-dotnet.adoc index 83df3648f30..9286e06238e 100644 --- a/rules/S6609/resources-dotnet.adoc +++ b/rules/S6609/resources-dotnet.adoc @@ -10,13 +10,19 @@ [options="header"] |=== -| Method | Runtime | Mean | StdDev | Allocated +| Method | Runtime | Mean | Standard Deviation | Allocated | MaxMethod | .NET 7.0 | 68,961.483 us | 499.6623 us | 248063 B | MaxProperty | .NET 7.0 | 4.638 us | 0.0634 us | - | MaxMethod | .NET Framework 4.6.2 | 85,827.359 us | 1,531.1611 us | 281259 B | MaxProperty | .NET Framework 4.6.2 | 67.682 us | 0.3757 us | 312919 B |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] diff --git a/rules/S6610/resources-dotnet.adoc b/rules/S6610/resources-dotnet.adoc index 5c41feafa93..6750ee13643 100644 --- a/rules/S6610/resources-dotnet.adoc +++ b/rules/S6610/resources-dotnet.adoc @@ -3,19 +3,24 @@ === Documentation * https://learn.microsoft.com/en-us/dotnet/api/system.string.startswith[string.StartsWith] -* https://learn.microsoft.com/en-us/dotnet/api/system.string.endswith[string.EndsWith] +* https://learn.microsoft.com/en-us/dotnet/api/system.string.endswith[string.EndsWith] === Benchmarks [options="header"] |=== -| Method | Mean | StdDev | Median -| StartsWith_String | 30.965 ms | 3.2732 ms | 29.932 ms -| StartsWith_Char | 7.568 ms | 0.3235 ms | 7.534 ms -| EndsWith_String | 30.421 ms | 5.1136 ms | 28.101 ms -| EndsWith_Char | 8.067 ms | 0.7092 ms | 7.935 ms +| Method | Mean | Standard Deviation +| StartsWith_String | 30.965 ms | 3.2732 ms +| StartsWith_Char | 7.568 ms | 0.3235 ms +| EndsWith_String | 30.421 ms | 5.1136 ms +| EndsWith_Char | 8.067 ms | 0.7092 ms |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] diff --git a/rules/S6612/resources-dotnet.adoc b/rules/S6612/resources-dotnet.adoc index 998adb43912..63dc96c5230 100644 --- a/rules/S6612/resources-dotnet.adoc +++ b/rules/S6612/resources-dotnet.adoc @@ -10,13 +10,19 @@ [options="header"] |=== -| Method | Runtime | Median | StdDev | Ratio | Allocated -| Capture | .NET 7.0 | 68.81 ms | 4.432 ms | 1.00 | 88000063 B -| Lambda | .NET 7.0 | 40.76 ms | 3.724 ms | 0.59 | 50 B -| Capture | .NET Framework 4.6.2 | 75.92 ms | 5.239 ms | 1.00 | 88259787 B -| Lambda | .NET Framework 4.6.2 | 41.82 ms | 2.730 ms | 0.55 | - +| Method | Runtime | Mean | Standard Deviation | Allocated +| Capture | .NET 7.0 | 68.52 ms | 4.450 ms | 88000063 B +| Lambda | .NET 7.0 | 39.29 ms | 3.712 ms | 50 B +| Capture | .NET Framework 4.6.2 | 74.58 ms | 5.199 ms | 88259787 B +| Lambda | .NET Framework 4.6.2 | 42.03 ms | 2.752 ms | - |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] diff --git a/rules/S6613/resources-dotnet.adoc b/rules/S6613/resources-dotnet.adoc index 4c13193a6de..bdbc430ed12 100644 --- a/rules/S6613/resources-dotnet.adoc +++ b/rules/S6613/resources-dotnet.adoc @@ -8,13 +8,19 @@ [options="header"] |=== -| Method | Runtime | Mean | StdDev | Allocated +| Method | Runtime | Mean | Standard Deviation | Allocated | LastMethod | .NET 7.0 | 919,577,629.0 ns | 44,299,688.61 ns | 48504 B | LastProperty | .NET 7.0 | 271.8 ns | 15.63 ns | - | LastMethod | .NET Framework 4.6.2 | 810,316,427.1 ns | 47,768,482.31 ns | 57344 B | LastProperty | .NET Framework 4.6.2 | 372.0 ns | 13.38 ns | - |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source,csharp] diff --git a/rules/S6617/resources-dotnet.adoc b/rules/S6617/resources-dotnet.adoc index d9d6cc39323..63f69342343 100644 --- a/rules/S6617/resources-dotnet.adoc +++ b/rules/S6617/resources-dotnet.adoc @@ -16,17 +16,23 @@ [options="header"] |=== -| Method | Runtime | Mean | StdDev | Allocated -| HashSet_Any | .NET 7.0 | 35,388.333 us | 620.1863 us | 40132 B -| HashSet_Contains | .NET 7.0 | 3.799 us | 0.1489 us | - -| List_Any | .NET 7.0 | 32,851.509 us | 667.1658 us | 40130 B -| List_Contains | .NET 7.0 | 375.132 us | 8.0764 us | - -| HashSet_Any | .NET Framework 4.6.2 | 28,979.763 us | 678.0093 us | 40448 B -| HashSet_Contains | .NET Framework 4.6.2 | 5.987 us | 0.1090 us | - -| List_Any | .NET Framework 4.6.2 | 25,830.221 us | 487.2470 us | 40448 B -| List_Contains | .NET Framework 4.6.2 | 5,935.812 us | 57.7569 us | - +| Method | Runtime | Mean | Standard Deviation | Allocated +| HashSet_Any | .NET 7.0 | 35,388.333 us | 620.1863 us | 40132 B +| HashSet_Contains | .NET 7.0 | 3.799 us | 0.1489 us | - +| List_Any | .NET 7.0 | 32,851.509 us | 667.1658 us | 40130 B +| List_Contains | .NET 7.0 | 375.132 us | 8.0764 us | - +| HashSet_Any | .NET Framework 4.6.2 | 28,979.763 us | 678.0093 us | 40448 B +| HashSet_Contains | .NET Framework 4.6.2 | 5.987 us | 0.1090 us | - +| List_Any | .NET Framework 4.6.2 | 25,830.221 us | 487.2470 us | 40448 B +| List_Contains | .NET Framework 4.6.2 | 5,935.812 us | 57.7569 us | - |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: [source, csharp] diff --git a/rules/S6618/csharp/rule.adoc b/rules/S6618/csharp/rule.adoc index 7f0d1c4d9b2..14a71684522 100644 --- a/rules/S6618/csharp/rule.adoc +++ b/rules/S6618/csharp/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -In order to produce a formatted string, both `string.Create` and either `FormattableString.Invariant` or `FormattableString.CurrentCulture` can be used. However, `string.Create` rents array buffers from `ArrayPool` making it more performant, as well as preventing unnecessary allocations and future stress on the Garbage Collector. +In order to produce a formatted string, both `string.Create` and either `FormattableString.Invariant` or `FormattableString.CurrentCulture` can be used. However, `string.Create` rents array buffers from `ArrayPool` making it more performant, as well as preventing unnecessary allocations and future stress on the Garbage Collector. This applies to .NET versions after .NET 6, when these `string.Create` overloads were introduced. @@ -63,11 +63,19 @@ The results were generated by running the following snippet with https://github. [options="header"] |=== -| Method | Runtime | Mean | StdDev | Allocated +| Method | Runtime | Mean | Standard Deviation | Allocated | StringCreate | .NET 7.0 | 152.5 ms | 3.09 ms | 83.92 MB | FormattableString | .NET 7.0 | 191.8 ms | 6.92 ms | 198.36 MB |=== +==== Glossary + +* https://en.wikipedia.org/wiki/Arithmetic_mean[Mean] +* https://en.wikipedia.org/wiki/Standard_deviation[Standard Deviation] +* https://en.wikipedia.org/wiki/Memory_management[Allocated] + +The results were generated by running the following snippet with https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet]: + [source,csharp] ---- int Value = 42; diff --git a/rules/S6619/dart/metadata.json b/rules/S6619/dart/metadata.json new file mode 100644 index 00000000000..9ffd8944fbf --- /dev/null +++ b/rules/S6619/dart/metadata.json @@ -0,0 +1,3 @@ +{ + "title": "Null checks in equality operators should be avoided" +} diff --git a/rules/S6619/dart/rule.adoc b/rules/S6619/dart/rule.adoc new file mode 100644 index 00000000000..0a23c31bec2 --- /dev/null +++ b/rules/S6619/dart/rule.adoc @@ -0,0 +1,79 @@ +== Why is this an issue? + +In Dart, nullability is a part of the type system. +By default, any given type `T` is non-nullable. +If you append a "?" to the type, it becomes nullable: `T?`. + +When accessing properties or functions of a nullable type, you need to handle the case when the target is `null`. +However, while accessing a non-nullable type, it is redundant to test for `null`, as the compiler statically ensures that the value can never be `null`. +So all the nullability checks on the non-nullable types are considered code smells. + +When overriding an equality operator it doesn't make sense to check for null, since you can directly check that the object is of a required type. In this example we can see that `other is A` will be true only if `other` is not `null`. + +[source,dart] +---- +class A { + final String? value; + + @override + operator ==(Object? other) => + other is A && value == other.value; +} +---- + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,dart,diff-id=1,diff-type=noncompliant] +---- +class A { + final String? value; + + @override + operator ==(Object? other) => + other != null && other is A && value == other.value; // Noncompliant, redundant null check +} +---- + +==== Compliant solution + +[source,dart,diff-id=1,diff-type=compliant] +---- +class A { + final String? value; + + @override + operator ==(Object? other) => + other is A && value == other.value; +} +---- + +== Resources + +=== Documentation + +* Dart Docs - https://dart.dev/tools/linter-rules/avoid_null_checks_in_equality_operators[Dart Linter rule - avoid_null_checks_in_equality_operators] +* Dart Docs - https://dart.dev/null-safety/understanding-null-safety[Dart Null Safety - Understanding null safety] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Unnecessary null comparison in implementation of '=='. + +=== Highlighting + +The entire null comparison expression, e.g. `o == null` or `o != null`. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S6619/kotlin/metadata.json b/rules/S6619/kotlin/metadata.json index 1a392ab92ca..0db3279e44b 100644 --- a/rules/S6619/kotlin/metadata.json +++ b/rules/S6619/kotlin/metadata.json @@ -1,23 +1,3 @@ { - "title": "Null checks should be useful", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "CLEAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6619", - "sqKey": "S6619", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "unknown" + } diff --git a/rules/S6619/kotlin/rule.adoc b/rules/S6619/kotlin/rule.adoc index 312cfcb5643..29358231633 100644 --- a/rules/S6619/kotlin/rule.adoc +++ b/rules/S6619/kotlin/rule.adoc @@ -1,25 +1,42 @@ == Why is this an issue? -In Kotlin, nullability is a part of the type system. This means that all types could be used in 2 ways. `T` - as non-nullable and `T?` as nullable. When you want to access properties or instance methods of a nullable type, you need to handle the potential null value. However, while accessing a non-nullable type, you don't need to test nullability as the compiler knows that the value can never be `null`. So all the nullability checks on the non-nullable types are considered code smells. +In Kotlin, nullability is a part of the type system. +By default, any given type `T` is non-nullable. +If you append a "?" to the type, it becomes nullable: `T?`. -Here is an example of non-nullable variable. `s` is of a type `String` and cannot be `null`. +When accessing properties or functions of a nullable type, you need to handle the case when the target is `null`. +However, while accessing a non-nullable type, it is redundant to test for `null`, as the compiler statically ensures that the value can never be `null`. +So all the nullability checks on the non-nullable types are considered code smells. -[source, kotlin] +On the other hand, performing a null-check on a value that is always null is equally as redundant. + +Here is an example of a non-nullable variable. +`s` is of a type `String` and cannot be `null`. + +[source,kotlin] ---- val s: String = "" ---- -Here is an example of nullable variable. Nullable variables are declared by using the `?`. +Here is an example of a nullable variable. +Nullable variables are declared by using the `?`. -[source, kotlin] +[source,kotlin] ---- val s: String? = null ---- +Explicit null checks are comparing a result to `null` using `==` or `!=` operators. +In Kotlin, there are various other means of implicitly or explicitly performing a null check or assertion, including the following: + +- Safe call operator `?.` +- Elvis operator `?:` +- Not-null assertion operator `!!` +- `requireNotNull` and `checkNotNull` functions == How to fix it -Avoid using null checks on non-nullable variables. +Avoid using null checks on non-nullable variables and values that are always null. === Code examples @@ -28,7 +45,7 @@ If your variable type is non-nullable, any null checks are redundant. For exampl ==== Noncompliant code example -[source, kotlin,diff-id=1,diff-type=noncompliant] +[source,kotlin,diff-id=1,diff-type=noncompliant] ---- val s: String = "" if (s != null) { doSomething() } // This statement is always true @@ -36,7 +53,7 @@ if (s != null) { doSomething() } // This statement is always true ==== Compliant solution -[source, kotlin,diff-id=1,diff-type=compliant] +[source,kotlin,diff-id=1,diff-type=compliant] ---- val s: String = "" doSomething() @@ -44,49 +61,67 @@ doSomething() ==== Noncompliant code example -[source, kotlin,diff-id=2,diff-type=noncompliant] +[source,kotlin,diff-id=2,diff-type=noncompliant] ---- -val s: String = "" -if (s == null) { doSomething() } // This statement is always false. +fun foo(s: String) { + if (s == null) { // Noncompliant, `s == null` is always false. + doSomething() + } +} ---- ==== Compliant solution -[source, kotlin,diff-id=2,diff-type=compliant] +[source,kotlin,diff-id=2,diff-type=compliant] ---- -val s: String = "" +fun foo(s: String) { + doSomething() +} ---- ==== Noncompliant code example -[source, kotlin,diff-id=3,diff-type=noncompliant] +[source,kotlin,diff-id=3,diff-type=noncompliant] ---- -val s: String = "ABC" -return s ?: "" // This ?: is useless. +fun foo(s: String): String { + return s ?: "" // Noncompliant, ?: is useless and the empty string will never be returned. +} ---- ==== Compliant solution -[source, kotlin,diff-id=3,diff-type=compliant] +[source,kotlin,diff-id=3,diff-type=compliant] ---- -val s: String = "ABC" -return s +fun foo(s: String): String { + return s +} +---- + +If `s` is nullable, the elvis operation makes sense: + +[source,kotlin] +---- +fun foo(s: String?): String { + return s ?: "" +} ---- ==== Noncompliant code example -[source, kotlin,diff-id=4,diff-type=noncompliant] +[source,kotlin,diff-id=4,diff-type=noncompliant] ---- -val s: String = "" -s!!.doSomething() //You do not need to assert that S is non-null. +fun foo(s: String) { + s!!.doSomething() // Noncompliant, `s` can never be null. +} ---- ==== Compliant solution -[source, kotlin,diff-id=4,diff-type=compliant] +[source,kotlin,diff-id=4,diff-type=compliant] ---- -val s: String = "" -s.doSomething +fun foo(s: String) { + s.doSomething() +} ---- diff --git a/rules/S6619/metadata.json b/rules/S6619/metadata.json index 2c63c085104..1a392ab92ca 100644 --- a/rules/S6619/metadata.json +++ b/rules/S6619/metadata.json @@ -1,2 +1,23 @@ { + "title": "Null checks should be useful", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CLEAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6619", + "sqKey": "S6619", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" } diff --git a/rules/S6620/java/a.adoc b/rules/S6620/a.adoc similarity index 100% rename from rules/S6620/java/a.adoc rename to rules/S6620/a.adoc diff --git a/rules/S6620/java/b.adoc b/rules/S6620/b.adoc similarity index 100% rename from rules/S6620/java/b.adoc rename to rules/S6620/b.adoc diff --git a/rules/S6620/cfamily/metadata.json b/rules/S6620/cfamily/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6620/cfamily/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6620/cfamily/rule.adoc b/rules/S6620/cfamily/rule.adoc new file mode 100644 index 00000000000..630e013c51a --- /dev/null +++ b/rules/S6620/cfamily/rule.adoc @@ -0,0 +1,2 @@ +include::../description.adoc[] + diff --git a/rules/S6620/description.adoc b/rules/S6620/description.adoc new file mode 100644 index 00000000000..a3d1b017189 --- /dev/null +++ b/rules/S6620/description.adoc @@ -0,0 +1,194 @@ +FIXME: add a description + +// If you want to factorize the description uncomment the following line and create the file. +//include::../description.adoc[] + +== Why is this an issue? + +This rule is not really a rule, but a demonstration of the features from Asciidoc that can appear in a rule description. + +=== All titles should be in sequence + +No title 3 directly below title 1 + +==== Titles + +There can be 4 different levels of titles, as demonstrated in this rule, usually with standard text. + +==== Character format + +It is not uncommon to have text in *bold*, _italic_, *_both_*. Less common are ^exponents^ and ~indices~. + +We don't directly use highlighting, but use a specific form of it to [.underline]#underline# and [.line-through]#strikethrough#. + +==== Source code + +Code appears in `embedded within a sentence`, in some cases as part of ``word``s, without spaces surrounding it. Embedded code can also be an https://en.wikipedia.org/wiki/Hyperlink[`hyperlink`]. + + +It can also appear as a separate block: +[source,csharp] +---- +private void OtherSourceCode() +{ + // We usually indicate what language is used for the code +} +---- + +---- +But not always +---- + +[source,cpp] +---- +private void YetAnotherSourceCode() +{ + // One rule may contain several languages +} +---- + +[source,javascript,diff-id=1,diff-type=noncompliant] +---- +// And the code can contain information +---- +[source,javascript,diff-id=1,diff-type=compliant] +---- +// And the code can contain diff information +---- + +Diff-views are documented https://github.com/SonarSource/rspec/blob/master/docs/description.adoc#diff-view[here]. + +[source,txt,diff-id=2,diff-type=noncompliant] +---- +When using diff-views, there should be one noncompliant example. +---- + +[source,txt,diff-id=2,diff-type=compliant] +---- +When using diff-views, there should be at least one compliant solution. +However, the diff-view feature was first designed to have only one compliant solution. +---- + +[source,txt,diff-id=2,diff-type=compliant] +---- +When using diff-views, +Be mindful that providing more than one compliant solution +is "supported" but may completely disable the diff highlighting. +---- + +This limitation is discussed https://discuss.sonarsource.com/t/support-for-multiple-compliant-code-snippets-in-the-rspec-code-diffs/14644[here]. + +---- +// We have cases where we are missing the [source,language] attributes +// TODO: Maybe we should detect and prevent this +---- + +==== Lists + +There can be bullet lists: + +* With +* three +** An sublists +** Up to +*** Three nested levels +*** But no more +* bullets + +Or numbered lists: + +. A list +. with numbers +.. And also possible sublists +.. with more items + + +==== Admonitions + +They are not supported. + +*Warning*: They are simulated with manual layout. + +==== Links + +There are links in the text, see https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#links for the various ways they can appear. Of course, the link can have https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#links[another text]. + +We can also link to other rules, such as S100. We cannot specify which language is the target of this link, it is always the same as the current RSPEC language. + +==== Tables + +[frame=all] +[cols="^1,<1, 2a"] +|=== +|Title|What we use | Details + +| Tables | A simple table | +| Alignment | Can differ between cols | +| Header | The first line is often a header | +| Strong s| A cell can be put in bold | +| Tables | A table | Nested asciidoc, with, for instance: + + +* Nested +* lists + +See for instance S5131 +| Merged cells | They are not supported | +| Borders | Most often all around | +| Nested tables | They are not supported | +|=== + +==== Includes + +It is possible to include other files. + +include::included1.adoc[] + +Sometimes, the content of the included files can vary, with the use of a variable. + +:var: variable text + +include::included2.adoc[] + +Which file is included can also depend on a variable: + +:inc: a.adoc + +include::{inc}[] + +:inc: b.adoc + +include::{inc}[] + + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,text,diff-id=3,diff-type=noncompliant] +---- +FIXME +---- + +==== Compliant solution + +[source,text,diff-id=3,diff-type=compliant] +---- +FIXME +---- + +//=== How does this work? + +//=== Pitfalls + +//=== Going the extra mile + + +//== Resources +//=== Documentation +//=== Articles & blog posts +//=== Conference presentations +//=== Standards +//=== Benchmarks diff --git a/rules/S6620/java/included1.adoc b/rules/S6620/included1.adoc similarity index 100% rename from rules/S6620/java/included1.adoc rename to rules/S6620/included1.adoc diff --git a/rules/S6620/java/included2.adoc b/rules/S6620/included2.adoc similarity index 100% rename from rules/S6620/java/included2.adoc rename to rules/S6620/included2.adoc diff --git a/rules/S6620/java/metadata.json b/rules/S6620/java/metadata.json index f6b97341698..2c63c085104 100644 --- a/rules/S6620/java/metadata.json +++ b/rules/S6620/java/metadata.json @@ -1,17 +1,2 @@ { - "title": "This is a rule showcasing which features avaibles in Asciidoc as available when writing a rule description", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6620", - "sqKey": "S6620", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "unknown" } diff --git a/rules/S6620/java/rule.adoc b/rules/S6620/java/rule.adoc index e5ed8ead145..630e013c51a 100644 --- a/rules/S6620/java/rule.adoc +++ b/rules/S6620/java/rule.adoc @@ -1,192 +1,2 @@ -FIXME: add a description +include::../description.adoc[] -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] - -== Why is this an issue? - -This rule is not really a rule, but a demonstration of the features from Asciidoc that can appear in a rule description. - -=== All titles should be in sequence - -No title 3 directly below title 1 - -==== Titles - -There can be 4 different levels of titles, as demonstrated in this rule, usually with standard text. - -==== Character format - -It is not uncommon to have text in *bold*, _italic_, *_both_*. Less common are ^exponents^ and ~indices~. - -We don't directly use highlighting, but use a specific form of it to [.underline]#underline# and [.line-through]#strikethrough#. - -==== Source code - -Code appears in two forms: `Embedded within a sentence`, in some cases as part of ``word``s, without spaces surrounding it. - -[source,csharp] ----- -private void OtherSourceCode() -{ - // We usually indicate what language is used for the code -} ----- - ----- -But not always ----- - -[source,cpp] ----- -private void YetAnotherSourceCode() -{ - // One rule may contain several languages -} ----- - -[source,javascript,diff-id=1,diff-type=noncompliant] ----- -// And the code can contain information ----- -[source,javascript,diff-id=1,diff-type=compliant] ----- -// And the code can contain diff information ----- - -Diff-views are documented https://github.com/SonarSource/rspec/blob/master/docs/description.adoc#diff-view[here]. - -[source,txt,diff-id=2,diff-type=noncompliant] ----- -When using diff-views, there should be one noncompliant example. ----- - -[source,txt,diff-id=2,diff-type=compliant] ----- -When using diff-views, there should be at least one compliant solution. -However, the diff-view feature was first designed to have only one compliant solution. ----- - -[source,txt,diff-id=2,diff-type=compliant] ----- -When using diff-views, -Be mindful that providing more than one compliant solution -is "supported" but may completely disable the diff highlighting. ----- - -This limitation is discussed https://discuss.sonarsource.com/t/support-for-multiple-compliant-code-snippets-in-the-rspec-code-diffs/14644[here]. - ----- -// We have cases where we are missing the [source,language] attributes -// TODO: Maybe we should detect and prevent this ----- - -==== Lists - -There can be bullet lists: - -* With -* three -** An sublists -** Up to -*** Three nested levels -*** But no more -* bullets - -Or numbered lists: - -. A list -. with numbers -.. And also possible sublists -.. with more items - - -==== Admonitions - -They are not supported. - -*Warning*: They are simulated with manual layout. - -==== Links - -There are links in the text, see https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#links for the various ways they can appear. Of course, the link can have https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#links[another text]. - -We can also link to other rules, such as S100. We cannot specify which language is the target of this link, it is always the same as the current RSPEC language. - -==== Tables - -[frame=all] -[cols="^1,<1, 2a"] -|=== -|Title|What we use | Details - -| Tables | A simple table | -| Alignment | Can differ between cols | -| Header | The first line is often a header | -| Strong s| A cell can be put in bold | -| Tables | A table | Nested asciidoc, with, for instance: - - -* Nested -* lists - -See for instance S5131 -| Merged cells | They are not supported | -| Borders | Most often all around | -| Nested tables | They are not supported | -|=== - -==== Includes - -It is possible to include other files. - -include::included1.adoc[] - -Sometimes, the content of the included files can vary, with the use of a variable. - -:var: variable text - -include::included2.adoc[] - -Which file is included can also depend on a variable: - -:inc: a.adoc - -include::{inc}[] - -:inc: b.adoc - -include::{inc}[] - - -== How to fix it - -=== Code examples - -==== Noncompliant code example - -[source,text,diff-id=3,diff-type=noncompliant] ----- -FIXME ----- - -==== Compliant solution - -[source,text,diff-id=3,diff-type=compliant] ----- -FIXME ----- - -//=== How does this work? - -//=== Pitfalls - -//=== Going the extra mile - - -//== Resources -//=== Documentation -//=== Articles & blog posts -//=== Conference presentations -//=== Standards -//=== Benchmarks diff --git a/rules/S6620/metadata.json b/rules/S6620/metadata.json index 2c63c085104..152453471e0 100644 --- a/rules/S6620/metadata.json +++ b/rules/S6620/metadata.json @@ -1,2 +1,22 @@ { + "title": "This is a rule showcasing which features are available in Asciidoc when writing a rule description", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "HIGH" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": ["rspec-showcase"], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6620", + "sqKey": "S6620", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" } diff --git a/rules/S6624/kotlin/rule.adoc b/rules/S6624/kotlin/rule.adoc index b408438c4db..2638723aef6 100644 --- a/rules/S6624/kotlin/rule.adoc +++ b/rules/S6624/kotlin/rule.adoc @@ -29,9 +29,7 @@ dependencies { [source,kotlin,diff-id=1,diff-type=compliant] ---- -ext { - mockitoVersion = "4.5.1" -} +const val mockitoVersion = "4.5.1" dependencies { testImplementation("org.mockito:mockito-core:$mockitoVersion") @@ -39,6 +37,8 @@ dependencies { } ---- +Alternatively, you can put `const val mockitoVersion = "4.5.1"` in any `.kt` file in `buildSrc/src/main/kotlin` or use a more robust dependency management mechanism like https://plugins.gradle.org/plugin/io.spring.dependency-management[Spring dependency management plugin] or https://www.youtube.com/watch?v=WvtcCCCLfOc&list=PL0UJI1nZ56yAHv9H9kZA6vat4N1kSRGis&index=21[Version Catalogs]. + == Resources === Documentation diff --git a/rules/S6627/common/how.adoc b/rules/S6627/common/how.adoc new file mode 100644 index 00000000000..9f33abc901b --- /dev/null +++ b/rules/S6627/common/how.adoc @@ -0,0 +1,3 @@ +Replace internal API usage with the public API designed for your use case. +This may imply a refactoring of the affected code if no one-to-one replacement is available in the public API. +If a specific functionality is required, copying the required parts of the implementation into your code may even be better than using the internal API. diff --git a/rules/S6627/common/potential_impact.adoc b/rules/S6627/common/potential_impact.adoc new file mode 100644 index 00000000000..e38558a5dc9 --- /dev/null +++ b/rules/S6627/common/potential_impact.adoc @@ -0,0 +1,3 @@ +==== Code Stability + +If not fixed, your code might break when the library is upgraded to a new version, even if only the minor version number or the patch number changes. diff --git a/rules/S6627/common/why.adoc b/rules/S6627/common/why.adoc new file mode 100644 index 00000000000..52deb57bba7 --- /dev/null +++ b/rules/S6627/common/why.adoc @@ -0,0 +1,5 @@ +The public API of a framework, plugin, or library is the way its provider intended it to be used. +API stability and compatibility (within the same major version number) of a library are guaranteed only for its public API. + +Internal APIs are mere implementation details and are prone to breaking changes as the implementation of the library changes. +No guarantees are being made about them. Therefore, users should not use internal APIs, even when visible. diff --git a/rules/S6627/javascript/metadata.json b/rules/S6627/javascript/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6627/javascript/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6627/javascript/rule.adoc b/rules/S6627/javascript/rule.adoc new file mode 100644 index 00000000000..825712560d8 --- /dev/null +++ b/rules/S6627/javascript/rule.adoc @@ -0,0 +1,35 @@ +== Why is this an issue? + +include::../common/why.adoc[] + +=== What is the potential impact? + +include::../common/potential_impact.adoc[] + +== How to fix it + +include::../common/how.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,javascript,diff-id=1,diff-type=noncompliant] +---- +import { _parseWith } from './node_modules/foo/helpers' +---- + +==== Compliant solution + +[source,javascript,diff-id=1,diff-type=compliant] +---- +import { parse } from 'foo' +---- + +//== Resources +//=== Documentation +//=== Articles & blog posts +//=== Conference presentations +//=== Standards +//=== External coding guidelines +//=== Benchmarks diff --git a/rules/S6627/kotlin/metadata.json b/rules/S6627/kotlin/metadata.json index a8cda009e38..2c63c085104 100644 --- a/rules/S6627/kotlin/metadata.json +++ b/rules/S6627/kotlin/metadata.json @@ -1,24 +1,2 @@ { - "title": "Users should not use internal APIs", - "type": "CODE_SMELL", - "code": { - "impacts": { - "MAINTAINABILITY": "MEDIUM" - }, - "attribute": "MODULAR" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "gradle" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6627", - "sqKey": "S6627", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "unknown" } diff --git a/rules/S6627/kotlin/rule.adoc b/rules/S6627/kotlin/rule.adoc index f22aa7c6dba..520402cba5a 100644 --- a/rules/S6627/kotlin/rule.adoc +++ b/rules/S6627/kotlin/rule.adoc @@ -1,22 +1,14 @@ == Why is this an issue? -The public API of a framework, plugin, or library is the way its provider intended it to be used. -API stability and compatibility (within the same major version number) of a library are guaranteed only for its public API. - -Internal APIs are mere implementation details and are prone to breaking changes as the implementation of the library changes. -No guarantees are being made about them. Therefore, users should not use internal APIs, even when visible. +include::../common/why.adoc[] === What is the potential impact? -==== Code Stability - -If not fixed, your code might break when the library is upgraded to a new version, even if only the minor version number or the patch number changes. +include::../common/potential_impact.adoc[] == How to fix it -Replace internal API usage with the public API designed for your use case. -This may imply a refactoring of the affected code if no one-to-one replacement is available in the public API. -If a specific functionality is required, copying the required parts of the implementation into your code may even be better than using the internal API. +include::../common/how.adoc[] === Code examples diff --git a/rules/S6627/metadata.json b/rules/S6627/metadata.json index 2c63c085104..a8cda009e38 100644 --- a/rules/S6627/metadata.json +++ b/rules/S6627/metadata.json @@ -1,2 +1,24 @@ { + "title": "Users should not use internal APIs", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "MODULAR" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "gradle" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6627", + "sqKey": "S6627", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown" } diff --git a/rules/S6639/common/resources/documentation.adoc b/rules/S6639/common/resources/documentation.adoc index 4bf21e10bb3..fb7402ddcc3 100644 --- a/rules/S6639/common/resources/documentation.adoc +++ b/rules/S6639/common/resources/documentation.adoc @@ -1,3 +1,3 @@ * https://owasp.org/www-community/attacks/Denial_of_Service[OWASP] - Denial of Service -* https://www.linux.org/docs/man8/pam_limits.html[Linux.org] - pam_limits - PAM module to limit resources -* https://access.redhat.com/solutions/1257953[RedHat] - How to set limits for services in RHEL and systemd \ No newline at end of file +* https://man.archlinux.org/man/core/pam/pam_limits.8.en[archlinux.org] - pam_limits - PAM module to limit resources +* https://access.redhat.com/solutions/1257953[RedHat] - How to set limits for services in RHEL and systemd diff --git a/rules/S6639/common/resources/standards.adoc b/rules/S6639/common/resources/standards.adoc index 70c30cdc1b7..367a10c0e80 100644 --- a/rules/S6639/common/resources/standards.adoc +++ b/rules/S6639/common/resources/standards.adoc @@ -1,3 +1,6 @@ -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection -* https://cwe.mitre.org/data/definitions/789.html[MITRE, CWE789] - Memory Allocation with Excessive Size Value \ No newline at end of file +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/789[CWE-789 - Memory Allocation with Excessive Size Value] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222594[Application Security and Development: V-222594] - The application must restrict the ability to launch Denial of Service (DoS) attacks against itself or other information systems. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6639/metadata.json b/rules/S6639/metadata.json index 146012ff05e..50d01aeb449 100644 --- a/rules/S6639/metadata.json +++ b/rules/S6639/metadata.json @@ -1,52 +1,56 @@ { - "title": "Memory allocations should not be vulnerable to Denial of Service attacks", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "MEDIUM" - }, - "attribute": "COMPLETE" + "title": "Memory allocations should not be vulnerable to Denial of Service attacks", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "MEDIUM" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "cwe" + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "cwe" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6639", + "sqKey": "S6639", + "scope": "All", + "securityStandards": { + "CWE": [ + 789 + ], + "OWASP": [ + "A1" + ], + "OWASP Top 10 2021": [ + "A3" + ], + "PCI DSS 3.2": [ + "6.5.1" + ], + "PCI DSS 4.0": [ + "6.2.4" ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6639", - "sqKey": "S6639", - "scope": "All", - "securityStandards": { - "CWE": [ - 789 - ], - "OWASP": [ - "A1" - ], - "OWASP Top 10 2021": [ - "A3" - ], - "PCI DSS 3.2": [ - "6.5.1" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "5.1.3", - "5.1.4" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" + "ASVS 4.0": [ + "5.1.3", + "5.1.4" ], - "educationPrinciples": [ - "defense_in_depth", - "never_trust_user_input" - ], - "quickfix": "unknown" - } - \ No newline at end of file + "STIG ASD_V5R3": [ + "V-222594", + "V-222609", + "V-222667" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "educationPrinciples": [ + "defense_in_depth", + "never_trust_user_input" + ], + "quickfix": "unknown" +} diff --git a/rules/S6640/csharp/rule.adoc b/rules/S6640/csharp/rule.adoc index 4c9f9c57a21..6972d286316 100644 --- a/rules/S6640/csharp/rule.adoc +++ b/rules/S6640/csharp/rule.adoc @@ -60,7 +60,7 @@ public int SubarraySum(int[] array, int start, int end) == See -* https://cwe.mitre.org/data/definitions/787.html[MITRE, CWE-787] - Out-of-bounds Write +* CWE - https://cwe.mitre.org/data/definitions/787[CWE-787 - Out-of-bounds Write] * https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/unsafe-code[Microsoft Learn] - Unsafe code, pointer types, and function pointers diff --git a/rules/S6641/common/resources/standards.adoc b/rules/S6641/common/resources/standards.adoc index ee9a1d4c601..eb761e25600 100644 --- a/rules/S6641/common/resources/standards.adoc +++ b/rules/S6641/common/resources/standards.adoc @@ -1,3 +1,4 @@ -* https://cwe.mitre.org/data/definitions/15.html[MITRE, CWE15] - External Control of System or Configuration Setting -* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection -* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection +* CWE - https://cwe.mitre.org/data/definitions/15[CWE-15 - External Control of System or Configuration Setting] +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. diff --git a/rules/S6641/csharp/metadata.json b/rules/S6641/csharp/metadata.json index ac316074c97..6658351c078 100644 --- a/rules/S6641/csharp/metadata.json +++ b/rules/S6641/csharp/metadata.json @@ -13,38 +13,41 @@ "constantCost": "5min" }, "tags": [ - "cwe" + "cwe" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6641", "sqKey": "S6641", "scope": "All", "securityStandards": { - "CWE": [ - 15 - ], - "OWASP": [ - "A1" - ], - "OWASP Top 10 2021": [ - "A3" - ], - "PCI DSS 3.2": [ - "6.5.1" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "5.1.3" - ] - }, + "CWE": [ + 15 + ], + "OWASP": [ + "A1" + ], + "OWASP Top 10 2021": [ + "A3" + ], + "PCI DSS 3.2": [ + "6.5.1" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "5.1.3" + ], + "STIG ASD_V5R3": [ + "V-222609" + ] + }, "defaultQualityProfiles": [ - "Sonar way" + "Sonar way" ], "educationPrinciples": [ - "defense_in_depth", - "never_trust_user_input" - ], + "defense_in_depth", + "never_trust_user_input" + ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6646/java/description-common.adoc b/rules/S6646/java/description-common.adoc new file mode 100644 index 00000000000..2b9a3fd5825 --- /dev/null +++ b/rules/S6646/java/description-common.adoc @@ -0,0 +1,7 @@ +include::introduction.adoc[] + +include::why-is-this-an-issue.adoc[] + +include::what-is-the-potential-impact.adoc[] + +include::how-to-fix-it.adoc[] diff --git a/rules/S6646/java/highlighting.adoc b/rules/S6646/java/highlighting.adoc new file mode 100644 index 00000000000..e76f7ce8ff4 --- /dev/null +++ b/rules/S6646/java/highlighting.adoc @@ -0,0 +1,3 @@ +=== Highlighting + +Primary: the gratuitous expression diff --git a/rules/S6646/java/how-to-fix-it.adoc b/rules/S6646/java/how-to-fix-it.adoc new file mode 100644 index 00000000000..b39b8b3d20f --- /dev/null +++ b/rules/S6646/java/how-to-fix-it.adoc @@ -0,0 +1,9 @@ +== How to fix it + +Gratuitous boolean expressions are suspicious and should be carefully removed from the code. + +First, the boolean expression in question should be closely inspected for logical errors. +If a mistake was made, it can be corrected so the condition is no longer gratuitous. + +If it becomes apparent that the condition is actually unnecessary, it can be removed. The associated control flow construct +(e.g., the `if`-statement containing the condition) will be adapted or even removed, leaving only the necessary branches. diff --git a/rules/S6646/java/introduction.adoc b/rules/S6646/java/introduction.adoc new file mode 100644 index 00000000000..382954e7cd3 --- /dev/null +++ b/rules/S6646/java/introduction.adoc @@ -0,0 +1,4 @@ +Gratuitous boolean expressions are conditions that do not change the evaluation +of a program. +This issue can indicate logical errors and affect the correctness of an +application, as well as its maintainability. diff --git a/rules/S6646/java/message.adoc b/rules/S6646/java/message.adoc new file mode 100644 index 00000000000..b40a59e9acc --- /dev/null +++ b/rules/S6646/java/message.adoc @@ -0,0 +1,3 @@ +=== Message + +* Fix this expression which always evaluates to "[true|false]". diff --git a/rules/S6646/java/metadata.json b/rules/S6646/java/metadata.json new file mode 100644 index 00000000000..c5de2d57969 --- /dev/null +++ b/rules/S6646/java/metadata.json @@ -0,0 +1,42 @@ +{ + "title": "Boolean expressions should not be gratuitous", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "10min" + }, + "tags": [ + "cwe", + "suspicious", + "redundant", + "symbolic-execution" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6646", + "sqKey": "S6646", + "scope": "All", + "securityStandards": { + "CWE": [ + 489, + 571, + 570 + ] + }, + "defaultQualityProfiles": [], + "quickfix": "unknown" +} diff --git a/rules/S6646/java/rule.adoc b/rules/S6646/java/rule.adoc new file mode 100644 index 00000000000..6ba481ef315 --- /dev/null +++ b/rules/S6646/java/rule.adoc @@ -0,0 +1,70 @@ +include::./description-common.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +public class MyClass { + public void doThings(boolean b, boolean c) { + boolean a = true; + if (a) { // Noncompliant + doSomething(); + } + + if (a && b) { // Noncompliant; "a" is always "true" + doSomething(); + } + + if (c || (!c && b)) { // Noncompliant; c || (!c && b) is equal to c || b + doSomething(); + } + } +} +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +public class MyClass { + public void doThings(boolean b, boolean c) { + a = true; + if (foo(a)) { + doSomething(); + } + + if (b) { + doSomething(); + } + + if (c) { + doSomething(); + } + + if (c || b) { + doSomething(); + } + } +} +---- + +include::./see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::./message.adoc[] + +include::./highlighting.adoc[] + +''' +== Comments And Links +(visible only on this page) + + +endif::env-github,rspecator-view[] diff --git a/rules/S6646/java/see.adoc b/rules/S6646/java/see.adoc new file mode 100644 index 00000000000..f8f5fb79575 --- /dev/null +++ b/rules/S6646/java/see.adoc @@ -0,0 +1,6 @@ +== Resources + +=== Articles & blog posts + +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] diff --git a/rules/S6646/java/what-is-the-potential-impact.adoc b/rules/S6646/java/what-is-the-potential-impact.adoc new file mode 100644 index 00000000000..3eccd9f8883 --- /dev/null +++ b/rules/S6646/java/what-is-the-potential-impact.adoc @@ -0,0 +1,13 @@ +=== What is the potential impact? + +The presence of gratuitous conditions can indicate a logical error. +For example, the programmer _intended_ to have the program branch into different +paths but made a mistake when formulating the branching condition. +In this case, this issue might result in a bug and thus affect the reliability +of the application. +For instance, it might lead to the computation of incorrect results. + +Additionally, gratuitous conditions and control flow constructs introduce +unnecessary complexity. +The source code becomes harder to understand, and thus, the application becomes +more difficult to maintain. diff --git a/rules/S6646/java/why-is-this-an-issue.adoc b/rules/S6646/java/why-is-this-an-issue.adoc new file mode 100644 index 00000000000..c94de6fd023 --- /dev/null +++ b/rules/S6646/java/why-is-this-an-issue.adoc @@ -0,0 +1,8 @@ +== Why is this an issue? + +Control flow constructs like `if`-statements allow the programmer to direct the +flow of a program depending on a boolean expression. +However, if the condition is always true or always false, only one of the +branches will ever be executed. +In that case, the control flow construct and the condition no longer serve a +purpose; they become _gratuitous_. diff --git a/rules/S6646/metadata.json b/rules/S6646/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6646/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc b/rules/S6648/azureresourcemanager/how-to-fix-it/json.adoc similarity index 94% rename from rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc rename to rules/S6648/azureresourcemanager/how-to-fix-it/json.adoc index d45c3814691..d90b7d32d3c 100644 --- a/rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc +++ b/rules/S6648/azureresourcemanager/how-to-fix-it/json.adoc @@ -1,4 +1,4 @@ -== How to fix it in ARM templates +== How to fix it in JSON templates === Code examples @@ -31,4 +31,4 @@ } } } ----- \ No newline at end of file +---- diff --git a/rules/S6648/azureresourcemanager/rule.adoc b/rules/S6648/azureresourcemanager/rule.adoc index 715f5e3788b..1fdb51f96d1 100644 --- a/rules/S6648/azureresourcemanager/rule.adoc +++ b/rules/S6648/azureresourcemanager/rule.adoc @@ -10,7 +10,7 @@ Secure parameters can be assigned a default value which will be used if the para If the default value contains a secret, it will be disclosed to all accounts that have read access to the deployment history. -include::how-to-fix-it/arm.adoc[] +include::how-to-fix-it/json.adoc[] include::how-to-fix-it/bicep.adoc[] @@ -22,8 +22,8 @@ include::how-to-fix-it/bicep.adoc[] === Standards -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor -* https://cwe.mitre.org/data/definitions/532[MITRE, CWE-532] - Insertion of Sensitive Information into Log File +* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] +* CWE - https://cwe.mitre.org/data/definitions/532[CWE-532 - Insertion of Sensitive Information into Log File] ifdef::env-github,rspecator-view[] == Implementation Specification diff --git a/rules/S6649/java/comments-and-links.adoc b/rules/S6649/java/comments-and-links.adoc new file mode 100644 index 00000000000..fc59c1cb1dd --- /dev/null +++ b/rules/S6649/java/comments-and-links.adoc @@ -0,0 +1,3 @@ +=== on 2 Feb 2016, 14:53:45 Ann Campbell wrote: +\[~freddy.mallet] I've removed modulo from the title since the first part of that operation is division + diff --git a/rules/S6649/java/highlighting.adoc b/rules/S6649/java/highlighting.adoc new file mode 100644 index 00000000000..087c6700eae --- /dev/null +++ b/rules/S6649/java/highlighting.adoc @@ -0,0 +1,4 @@ +=== Highlighting + +* primary: the expression with the division by zero +* secondary: where the denominator is set to 0 diff --git a/rules/S6649/java/impact.adoc b/rules/S6649/java/impact.adoc new file mode 100644 index 00000000000..64ea8e9f019 --- /dev/null +++ b/rules/S6649/java/impact.adoc @@ -0,0 +1,6 @@ +=== What is the potential impact? + +include::../../../shared_content/layc/exception-impact.adoc[] + +If the computation of the denominator is tied to user input data, this issue can +potentially even be exploited by attackers to disrupt your application. diff --git a/rules/S6649/java/introduction.adoc b/rules/S6649/java/introduction.adoc new file mode 100644 index 00000000000..9147a1fea5a --- /dev/null +++ b/rules/S6649/java/introduction.adoc @@ -0,0 +1,4 @@ +This error will crash your program in most cases. +To fix it, you need to ensure that the denominator value in all division +operations is always non-zero, or check the value against zero before performing +the division. diff --git a/rules/S6649/java/metadata.json b/rules/S6649/java/metadata.json new file mode 100644 index 00000000000..ce8114cb2e1 --- /dev/null +++ b/rules/S6649/java/metadata.json @@ -0,0 +1,47 @@ +{ + "title": "Zero should not be a possible denominator", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "HIGH" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5 min" + }, + "tags": [ + "cwe", + "denial-of-service", + "cert", + "symbolic-execution" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Critical", + "ruleSpecification": "RSPEC-6649", + "sqKey": "S6649", + "scope": "All", + "securityStandards": { + "CERT": [ + "NUM02-J.", + "INT33-C." + ], + "CWE": [ + 369 + ], + "STIG ASD_V5R3": [ + "V-222612" + ] + }, + "defaultQualityProfiles": [], + "quickfix": "infeasible" +} diff --git a/rules/S6649/java/rule.adoc b/rules/S6649/java/rule.adoc new file mode 100644 index 00000000000..fafe8aa8055 --- /dev/null +++ b/rules/S6649/java/rule.adoc @@ -0,0 +1,94 @@ + +If the denominator to an integer division or remainder operation is zero, a +`ArithmeticException` is thrown. + +include::./introduction.adoc[] + +== Why is this an issue? + +A division (`/`) or remainder operation (`%`) by zero indicates a bug or logical +error. +This is because in Java, a division or remainder operation where the denominator +is zero and not a floating point value always results in an +`ArithmeticException` being thrown. + +When working with ``++double++`` or ``++float++`` values, no exception will be +thrown, but the operation will result in special floating point values +representing either positive infinity, negative infinity, or `NaN`. +Unless these special values are explicitly handled by a program, zero +denominators should be avoided in floating point operations, too. +Otherwise, the application might produce unexpected results. + +include::./impact.adoc[] + +=== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +void test_divide() { + int z = 0; + if (unknown()) { + // .. + z = 3; + } else { + // .. + } + z = 1 / z; // Noncompliant, possible division by zero +} +---- + +=== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +void test_divide() { + int z = 0; + if (unknown()) { + // .. + z = 3; + } else { + // .. + z = 1; + } + z = 1 / z; +} +---- + +== Resources + +=== Documentation + +* https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/lang/ArithmeticException.html[ArithmeticException] +* https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.2[The Division Operator in the JLS] +* https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.3[The Remainder Operator in the JLS] + +=== Standards + +* CWE - https://cwe.mitre.org/data/definitions/369[CWE-369 - Divide by zero] +* https://wiki.sei.cmu.edu/confluence/x/CTZGBQ[CERT, NUM02-J.] - Ensure that division and remainder operations do not result in divide-by-zero errors +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +This rule supports primitive ``++int++``, ``++long++``, ``++double++``, and +``++float++`` values, as well as ``++BigDecimal++`` and ``++BigInteger++``. + +=== Message + +Fix this division by zero. + + +include::./highlighting.adoc[] + +''' +== Comments And Links +(visible only on this page) + +include::./comments-and-links.adoc[] + +endif::env-github,rspecator-view[] diff --git a/rules/S6649/metadata.json b/rules/S6649/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6649/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6651/java/metadata.json b/rules/S6651/java/metadata.json new file mode 100644 index 00000000000..1c3c0b1add6 --- /dev/null +++ b/rules/S6651/java/metadata.json @@ -0,0 +1,43 @@ +{ + "title": "Conditionally executed code should be reachable", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "15min" + }, + "tags": [ + "cwe", + "unused", + "suspicious", + "pitfall" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6651", + "sqKey": "S6651", + "scope": "All", + "securityStandards": { + "CWE": [ + 489, + 571, + 570 + ] + }, + "defaultQualityProfiles": [ + ], + "quickfix": "unknown" +} diff --git a/rules/S6651/java/rule.adoc b/rules/S6651/java/rule.adoc new file mode 100644 index 00000000000..a479b1a623a --- /dev/null +++ b/rules/S6651/java/rule.adoc @@ -0,0 +1,42 @@ +== Why is this an issue? + +Conditional expressions which are always `true` or `false` can lead to https://en.wikipedia.org/wiki/Unreachable_code[unreachable code]. + +=== Noncompliant code example + +[source,text] +---- +a = false; +if (a) { // Noncompliant + doSomething(); // never executed +} + +if (!a || b) { // Noncompliant; "!a" is always "true", "b" is never evaluated + doSomething(); +} else { + doSomethingElse(); // never executed +} +---- + + +== Resources + +* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False] +* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True] +* https://wiki.sei.cmu.edu/confluence/x/5dUxBQ[CERT, MSC12-C.] - Detect and remove code that has no effect or is never executed + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Change this condition so that it does not always evaluate to "[true|false]"; some subsequent code is never executed. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] diff --git a/rules/S6651/metadata.json b/rules/S6651/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6651/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6652/secrets/metadata.json b/rules/S6652/secrets/metadata.json index fc30f1339f0..5aa6b0693e9 100644 --- a/rules/S6652/secrets/metadata.json +++ b/rules/S6652/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6652", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6654/javascript/rule.adoc b/rules/S6654/javascript/rule.adoc index 1731cb5cdb9..0ee3318c973 100644 --- a/rules/S6654/javascript/rule.adoc +++ b/rules/S6654/javascript/rule.adoc @@ -1,21 +1,21 @@ == Why is this an issue? -JavaScript has a prototypical inheritance model. Each object has an internal property that points to another object, called a `prototype`. That prototype object has a prototype of its own, and the whole sequence is called a *prototype chain*. When accessing a property or a method of an object, if it is not found at the top level, the search continues through the object's prototype and then further down the prototype chain. This feature allows for very powerful dynamic inheritance patterns but can also lead to confusion when compared to the classic inheritance. +JavaScript has a prototypal inheritance model. Each object has an internal property that points to another object, called a `prototype`. That prototype object has a prototype of its own, and the whole sequence is called a *prototype chain*. When accessing a property or a method of an object, if it is not found at the top level, the search continues through the object's prototype and then further down the prototype chain. This feature allows for very powerful dynamic inheritance patterns but can also lead to confusion when compared to the classic inheritance. -To simplify the access to the prototype of an object some browsers introduced the ``++__proto__++`` property, which was later deprecated and removed from the language. The current ECMAScript standard includes `Object.getPrototype` and `Object.setPrototype` static methods that should be used instead of the ``++__proto__++`` property. +To simplify the access to the prototype of an object some browsers introduced the ``++__proto__++`` property, which was later deprecated and removed from the language. The current ECMAScript standard includes `Object.getPrototypeOf` and `Object.setPrototypeOf` static methods that should be used instead of the ``++__proto__++`` property. [source,javascript,diff-id=1,diff-type=noncompliant] ---- -let prototype = foo.__proto__; // Noncompliant: use Object.getPrototype -foo.__proto__ = bar; // Noncompliant: use Object.setPrototype +let prototype = foo.__proto__; // Noncompliant: use Object.getPrototypeOf +foo.__proto__ = bar; // Noncompliant: use Object.setPrototypeOf ---- -To fix your code replace ``++__proto__++`` with calls to `Object.getPrototype` and `Object.setPrototype` static methods. +To fix your code replace ``++__proto__++`` with calls to `Object.getPrototypeOf` and `Object.setPrototypeOf` static methods. [source,javascript,diff-id=1,diff-type=compliant] ---- -let prototype = Object.getPrototype(foo); -Object.setPrototype(foo, bar); +let prototype = Object.getPrototypeOf(foo); +Object.setPrototypeOf(foo, bar); ---- == Resources diff --git a/rules/S6655/cfamily/metadata.json b/rules/S6655/cfamily/metadata.json index b6d90d947c9..1f287b099ed 100644 --- a/rules/S6655/cfamily/metadata.json +++ b/rules/S6655/cfamily/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,12 +13,14 @@ "constantCost": "15min" }, "tags": [ - "symbolic-execution" + "symbolic-execution" ], "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6655", "sqKey": "S6655", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "infeasible" } diff --git a/rules/S6655/cfamily/rule.adoc b/rules/S6655/cfamily/rule.adoc index 75cf06552db..f5fea7914e6 100644 --- a/rules/S6655/cfamily/rule.adoc +++ b/rules/S6655/cfamily/rule.adoc @@ -4,7 +4,7 @@ access for local variables and lifetime-extended temporaries. == Why is this an issue? -Local variables in C++ are attached to the scope and destroyed when +Local variables in {cpp} are attached to the scope and destroyed when the end of the scope is reached. Any access to a variable outside of their scope has undefined behavior. diff --git a/rules/S6656/azureresourcemanager/how-to-fix-it/arm.adoc b/rules/S6656/azureresourcemanager/how-to-fix-it/json.adoc similarity index 98% rename from rules/S6656/azureresourcemanager/how-to-fix-it/arm.adoc rename to rules/S6656/azureresourcemanager/how-to-fix-it/json.adoc index 614b1ede297..5b8cd41546e 100644 --- a/rules/S6656/azureresourcemanager/how-to-fix-it/arm.adoc +++ b/rules/S6656/azureresourcemanager/how-to-fix-it/json.adoc @@ -1,4 +1,4 @@ -== How to fix it in ARM Templates +== How to fix it in JSON templates By setting `properties.expressionEvaluationOptions.scope` to `Inner` in the parent template, template evaluations are limited to the scope of the nested template. This makes it impossible to expose secure parameters defined in the parent template. diff --git a/rules/S6656/azureresourcemanager/rule.adoc b/rules/S6656/azureresourcemanager/rule.adoc index b6fcb9a5bf0..4b1dece7b3e 100644 --- a/rules/S6656/azureresourcemanager/rule.adoc +++ b/rules/S6656/azureresourcemanager/rule.adoc @@ -10,7 +10,7 @@ When used in nested deployments, however, it is possible to embed secure paramet If the nested deployment contains a secure parameter in this way, then the value of this parameter may be readable in the deployment history. This can lead to important credentials being leaked to unauthorized accounts. -include::how-to-fix-it/arm.adoc[] +include::how-to-fix-it/json.adoc[] include::how-to-fix-it/bicep.adoc[] @@ -19,8 +19,8 @@ include::how-to-fix-it/bicep.adoc[] * Microsoft Learn - https://learn.microsoft.com/en-us/azure/templates/microsoft.resources/deployments?pivots=deployment-language-arm-template[`Microsoft.Resources/deployments`] === Standards -* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor -* https://cwe.mitre.org/data/definitions/532[MITRE, CWE-532] - Insertion of Sensitive Information into Log File +* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor] +* CWE - https://cwe.mitre.org/data/definitions/532[CWE-532 - Insertion of Sensitive Information into Log File] ifdef::env-github,rspecator-view[] @@ -44,4 +44,4 @@ If `properties.expressionEvaluationOptions.scope` or `properties.expressionEvalu ==== Secondary Highlight Highlight the secure parameter in the nested template that is at risk here. -endif::env-github,rspecator-view[] \ No newline at end of file +endif::env-github,rspecator-view[] diff --git a/rules/S6659/python/metadata.json b/rules/S6659/python/metadata.json index e0b6e15d1e2..8e7fae418dd 100644 --- a/rules/S6659/python/metadata.json +++ b/rules/S6659/python/metadata.json @@ -7,7 +7,8 @@ "constantCost": "5min" }, "tags": [ - + "convention", + "pep" ], "extra": { "replacementRules": [ diff --git a/rules/S6660/javascript/metadata.json b/rules/S6660/javascript/metadata.json index 2b040b484d3..2e739eb2535 100644 --- a/rules/S6660/javascript/metadata.json +++ b/rules/S6660/javascript/metadata.json @@ -13,5 +13,11 @@ "sqKey": "S6660", "scope": "All", "defaultQualityProfiles": ["Sonar way"], - "quickfix": "covered" + "quickfix": "covered", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6660/python/metadata.json b/rules/S6660/python/metadata.json index 18538696e4d..ae048902d82 100644 --- a/rules/S6660/python/metadata.json +++ b/rules/S6660/python/metadata.json @@ -13,7 +13,7 @@ "constantCost": "2min" }, "tags": [ - + "typing" ], "extra": { "replacementRules": [ diff --git a/rules/S6661/javascript/metadata.json b/rules/S6661/javascript/metadata.json index 1cce444d491..30c79978b82 100644 --- a/rules/S6661/javascript/metadata.json +++ b/rules/S6661/javascript/metadata.json @@ -9,10 +9,16 @@ "tags": [ "es2018" ], - "defaultSeverity": "Minor", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6661", "sqKey": "S6661", "scope": "All", "defaultQualityProfiles": ["Sonar way"], - "quickfix": "covered" + "quickfix": "covered", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6661/javascript/rule.adoc b/rules/S6661/javascript/rule.adoc index e21909d3444..57e5901af12 100644 --- a/rules/S6661/javascript/rule.adoc +++ b/rules/S6661/javascript/rule.adoc @@ -1,9 +1,11 @@ == Why is this an issue? -When merging objects or copying properties from one object to another, use object spread syntax instead of `Object.assign()`. Object spread syntax was introduced in ES2018 and allows shallow-cloning or merging of objects with a more concise and readable syntax. +When merging objects or copying properties from one object to another, use the object spread syntax instead of `Object.assign()`. The object spread syntax was introduced in ES2018 and allows shallow-cloning or merging of objects with a more concise and readable syntax. The `Object.assign()` also allows to mutate an object, which is not possible with the spread syntax, so the rule only applies to cases where the first argument of the `Object.assign()` is an object literal. +The object spread syntax improves clarity when you're modifying an object, as demonstrated in this example: `foo = { bar: 42, ...baz }`. Additionally, it provides a more concise way to perform a shallow clone. Instead of using `foo = Object.assign({}, bar)`, you can simply write `foo = { ...bar }`. + [source,javascript,diff-id=1,diff-type=noncompliant] ---- const a = Object.assign({}, foo); // Noncompliant: Use spread syntax to clone or merge objects diff --git a/rules/S6664/csharp/compliant.adoc b/rules/S6664/csharp/compliant.adoc new file mode 100644 index 00000000000..60de16bd221 --- /dev/null +++ b/rules/S6664/csharp/compliant.adoc @@ -0,0 +1,19 @@ + +[source,csharp,diff-id=1,diff-type=compliant] +---- +void MyMethod(List items) +{ + logger.Debug("The operation started"); + foreach(var item in items) + { + logger.Information($"Evaluating {item.Name}"); + var result = Evaluate(item); + if (item.Name is string.Empty) + { + logger.Error("Invalid item name"); + } + logger.Information($"End item evaluation with result: {result}"); + } + logger.Debug("The operation ended"); +} +---- \ No newline at end of file diff --git a/rules/S6664/csharp/example.adoc b/rules/S6664/csharp/example.adoc new file mode 100644 index 00000000000..2b86de7cf33 --- /dev/null +++ b/rules/S6664/csharp/example.adoc @@ -0,0 +1,15 @@ + +[source,csharp] +---- +void MyMethod(List items) +{ + logger.Debug("The operation started"); + foreach(var item in items) + { + logger.Debug($"Evaluating {item.Name}"); + var result = Evaluate(item); + logger.Debug($"Evaluating resulted in {result}"); + } + logger.Debug("The operation ended"); +} +---- \ No newline at end of file diff --git a/rules/S6664/csharp/metadata.json b/rules/S6664/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6664/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6664/csharp/noncompliant.adoc b/rules/S6664/csharp/noncompliant.adoc new file mode 100644 index 00000000000..f0b3d775fb6 --- /dev/null +++ b/rules/S6664/csharp/noncompliant.adoc @@ -0,0 +1,20 @@ + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +void MyMethod(List items) +{ + logger.Debug("The operation started"); + foreach(var item in items) + { + logger.Information($"Evaluating {item.Name}"); // Noncompliant + var result = Evaluate(item); + logger.Information($"Evaluating resulted in {result}"); // Secondary 1 + if (item.Name is string.Empty) + { + logger.Error("Invalid item name"); + } + logger.Information("End item evaluation"); // Secondary 2 + } + logger.Debug("The operation ended"); +} +---- \ No newline at end of file diff --git a/rules/S6664/csharp/rule.adoc b/rules/S6664/csharp/rule.adoc new file mode 100644 index 00000000000..d9135d18361 --- /dev/null +++ b/rules/S6664/csharp/rule.adoc @@ -0,0 +1,3 @@ +:language: csharp + +include::../rule.adoc[] \ No newline at end of file diff --git a/rules/S6664/metadata.json b/rules/S6664/metadata.json new file mode 100644 index 00000000000..90926d02035 --- /dev/null +++ b/rules/S6664/metadata.json @@ -0,0 +1,28 @@ +{ + "title": "The code block contains too many logging calls", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "FOCUSED" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "logging" + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6664", + "sqKey": "S6664", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "infeasible" +} diff --git a/rules/S6664/rspecator.adoc b/rules/S6664/rspecator.adoc new file mode 100644 index 00000000000..974fc29fc87 --- /dev/null +++ b/rules/S6664/rspecator.adoc @@ -0,0 +1,57 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Reduce the XXX logging calls within this code block. + +=== Highlighting + +* Primary: 1st logging statement +* Secondary 1: 2nd logging statement +* Secondary 2: 3rd logging statement +* Secondary 3: 4th logging statement +... + +=== Parameters + +.debugThreshold +**** +---- +4 +---- +The maximum number of DEBUG, TRACE and VERBOSE statements allowed in the same code block +**** + +.informationThreshold +**** +---- +2 +---- +The maximum number of INFORMATION statements allowed in the same code block +**** + +.warningThreshold +**** +---- +1 +---- +The maximum number of WARNING statements allowed in the same code block +**** + +.errorThreshold +**** +---- +1 +---- +The maximum number of ERROR and FATAL statements allowed in the same code block +**** + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6664/rule.adoc b/rules/S6664/rule.adoc new file mode 100644 index 00000000000..f220126989b --- /dev/null +++ b/rules/S6664/rule.adoc @@ -0,0 +1,56 @@ +A code block should not contain too many logging statements of a specific level. + +== Why is this an issue? + +Excessive logging within a code block can lead to several problems: + +* *Log file overload*: generating an overwhelming number of log entries can fill up disk space quickly (thus increasing the storage space cost) and make it challenging to identify important log events promptly. +* *Performance degradation*: writing a large number of log statements can impact the performance of an application, especially when the logs are placed in frequently executed paths. +* *Code readability and maintainability*: excessive logging can clutter the code and increase the code's complexity, making it difficult for developers to identify essential logic. + +Only the logging statements that are directly within the https://learn.microsoft.com/en-us/dotnet/csharp/tour-of-csharp/program-building-blocks#statements[code block] will be counted, and any logging statements within nested blocks will count towards their own. For example consider the snippet below: + +include::{language}/example.adoc[] + +The rule will count 2 logging statements that are within the method block (namely `logger.Debug("The operation started")` and `logger.Debug("The operation ended")`). Any statements within nested blocks, such as the `foreach` block will be counted separately. +The rule considers the log level of the calls, as follows: + +* *Debug*, *Trace* and *Verbose* logging level statements will count together and raise when the *_Debug threshold_* parameter is exceeded (default value: _4_); +* *Information* logging level statements will raise when the *_Information threshold_* parameter is exceeded (default value: _2_); +* *Warning* logging level statements will raise when the *_Warning threshold_* parameter is exceeded (default value: _1_); +* *Error* and *Fatal* logging level statements will count together and raise when the *_Error threshold_* parameter is exceeded (default value: _1_); + +The most popular logging frameworks are supported: + +* Nuget package - https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] +* Nuget package - https://www.nuget.org/packages/Serilog[Serilog] +* Nuget package - https://www.nuget.org/packages/Castle.Core[Castle.Core] +* Nuget package - https://www.nuget.org/packages/NLog[NLog] +* Nuget package - https://www.nuget.org/packages/log4net[log4net] + +== How to fix it + +Reduce the number of specific logging level calls within the code block by identifying and selecting essential log statements with relevant information, necessary for understanding the flow of execution or diagnosing issues. + +=== Code examples + +==== Noncompliant code example + +With the default Information threshold parameter value 2: + +include::{language}/noncompliant.adoc[] + +==== Compliant solution + +With the default Information threshold parameter value 2: + +include::{language}/compliant.adoc[] + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/tour-of-csharp/program-building-blocks#statements[Code blocks] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/exception-handling-statements[Exception-handling statements] + +include::rspecator.adoc[] \ No newline at end of file diff --git a/rules/S6666/javascript/metadata.json b/rules/S6666/javascript/metadata.json index aafd8043a49..98450ac6ffc 100644 --- a/rules/S6666/javascript/metadata.json +++ b/rules/S6666/javascript/metadata.json @@ -8,10 +8,16 @@ }, "tags": [ ], - "defaultSeverity": "Minor", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6666", "sqKey": "S6666", "scope": "All", "defaultQualityProfiles": ["Sonar way"], - "quickfix": "covered" + "quickfix": "covered", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6667/csharp/metadata.json b/rules/S6667/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6667/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6667/csharp/rule.adoc b/rules/S6667/csharp/rule.adoc new file mode 100644 index 00000000000..6b421c671ec --- /dev/null +++ b/rules/S6667/csharp/rule.adoc @@ -0,0 +1,47 @@ +This rule raises an issue on logging calls inside a `catch` clause that does not pass the raised `Exception`. + +include::../why-dotnet.adoc[] + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +public bool Save() +{ + try + { + DoSave(); + return true; + } + catch(IOException) + { + logger.LogError("Saving failed."); // Noncompliant: No specifics about the error are logged + return false; + } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +public bool Save() +{ + try + { + DoSave(); + return true; + } + catch(IOException exception) + { + logger.LogError(exception, "Saving failed."); // Compliant: Exception details are logged + return false; + } +} +---- + +include::../resources-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S6667/metadata.json b/rules/S6667/metadata.json new file mode 100644 index 00000000000..d2365a124c3 --- /dev/null +++ b/rules/S6667/metadata.json @@ -0,0 +1,27 @@ +{ + "title": "Logging in a catch clause should pass the caught exception as a parameter.", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "error-handling", + "logging" + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6667", + "sqKey": "S6667", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted" +} diff --git a/rules/S6667/resources-dotnet.adoc b/rules/S6667/resources-dotnet.adoc new file mode 100644 index 00000000000..c1e08cf740f --- /dev/null +++ b/rules/S6667/resources-dotnet.adoc @@ -0,0 +1,10 @@ +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/logging?tabs=command-line#log-exceptions[Log exceptions] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.logging.loggerextensions[LoggerExtensions Class] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/logging-providers[Logging providers] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/exception-handling-statements#the-try-catch-statement[The `try-catch` statement] +* Serilog - https://github.com/serilog/serilog/wiki/Getting-Started#example-application[Example application] +* Serilog Analyzer - https://github.com/Suchiman/SerilogAnalyzer#serilog001-exception-usage[`Serilog001`: Exception Usage] \ No newline at end of file diff --git a/rules/S6667/why-dotnet.adoc b/rules/S6667/why-dotnet.adoc new file mode 100644 index 00000000000..32c021fe576 --- /dev/null +++ b/rules/S6667/why-dotnet.adoc @@ -0,0 +1,19 @@ +== Why is this an issue? + +A log entry should contain all the relevant information about the current execution context. The https://learn.microsoft.com/en-us/dotnet/api/system.exception[Exception] raised in a catch block not only provides the message but also: + +* the exception type +* the https://learn.microsoft.com/en-us/dotnet/api/system.exception.stacktrace[stack trace] +* any https://learn.microsoft.com/en-us/dotnet/api/system.exception.innerexception[inner exceptions] +* and more about the cause of the error. + +https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.logging.loggerextensions[Logging methods] provide overloads that accept an `Exception` as a parameter and +https://learn.microsoft.com/en-us/dotnet/core/extensions/logging-providers[logging providers] persist the `Exception` in a structured way to facilitate the tracking of system failures. Therefore `Exceptions` should be passed to the logger. + +The rule covers the following logging frameworks: + +* Nuget package - https://www.nuget.org/packages/Castle.Core[Castle.Core] +* Nuget package - https://www.nuget.org/packages/Common.Logging.Core[Common.Core] +* Nuget package - https://www.nuget.org/packages/log4net[log4net] +* Nuget package - https://www.nuget.org/packages/NLog[NLog] +* Nuget package - https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] diff --git a/rules/S6668/csharp/metadata.json b/rules/S6668/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6668/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6668/csharp/rule.adoc b/rules/S6668/csharp/rule.adoc new file mode 100644 index 00000000000..a7b33cacbab --- /dev/null +++ b/rules/S6668/csharp/rule.adoc @@ -0,0 +1,42 @@ +include::../why-dotnet.adoc[] + +== How to fix it + +Use the dedicated overload that takes the log level, event id, and/or exception as arguments. + +=== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +try { } +catch (Exception ex) +{ + logger.LogDebug("An exception occured {Exception} with {EventId}.", ex, eventId); // Noncompliant +} +---- + +=== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +try { } +catch (Exception ex) +{ + logger.LogDebug(eventId, ex, "An exception occured."); +} +---- + +include::../exceptions-dotnet.adoc[] + +[source,csharp] +---- +try { } +catch (Exception ex) +{ + logger.LogDebug(ex, "An exception occured {Exception}.", ex); // Compliant +} +---- + +include::../resources-dotnet.adoc[] + +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S6668/exceptions-dotnet.adoc b/rules/S6668/exceptions-dotnet.adoc new file mode 100644 index 00000000000..fd1848c7677 --- /dev/null +++ b/rules/S6668/exceptions-dotnet.adoc @@ -0,0 +1,3 @@ +=== Exceptions + +This rule will not raise an issue if one of the parameters mentioned above is passed twice, once as a separate argument to the invocation and once as an argument to the message format. \ No newline at end of file diff --git a/rules/S6668/metadata.json b/rules/S6668/metadata.json new file mode 100644 index 00000000000..bfe7812cc17 --- /dev/null +++ b/rules/S6668/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "Logging arguments should be passed to the correct parameter", + "type": "CODE_SMELL", + "code": { + "impacts": { + "RELIABILITY": "LOW" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "logging" + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6668", + "sqKey": "S6668", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted" +} diff --git a/rules/S6668/resources-dotnet.adoc b/rules/S6668/resources-dotnet.adoc new file mode 100644 index 00000000000..4afbdfbdf49 --- /dev/null +++ b/rules/S6668/resources-dotnet.adoc @@ -0,0 +1,5 @@ +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.logging.loggerextensions[LoggerExtensions Class] \ No newline at end of file diff --git a/rules/S6668/rspecator.adoc b/rules/S6668/rspecator.adoc new file mode 100644 index 00000000000..ca5ea968474 --- /dev/null +++ b/rules/S6668/rspecator.adoc @@ -0,0 +1,15 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Pass this [Exception|LogLevel|EventId] as the correct parameter to this logging invocation. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6668/why-dotnet.adoc b/rules/S6668/why-dotnet.adoc new file mode 100644 index 00000000000..8909b458108 --- /dev/null +++ b/rules/S6668/why-dotnet.adoc @@ -0,0 +1,10 @@ +== Why is this an issue? + +Most logging frameworks have methods that take a log level, an event ID or an exception as a separate input next to the log format and its arguments. There is a high chance that if the log level, the event ID or the exception are passed as the arguments to the message format, it was a mistake. This rule is going to raise in that scenario. + +The rule covers the following logging frameworks: + +* Nuget package - https://www.nuget.org/packages/Castle.Core[Castle.Core] +* Nuget package - https://www.nuget.org/packages/Serilog[Serilog] +* Nuget package - https://www.nuget.org/packages/NLog[NLog] +* Nuget package - https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] \ No newline at end of file diff --git a/rules/S6669/csharp/metadata.json b/rules/S6669/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6669/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6669/csharp/rule.adoc b/rules/S6669/csharp/rule.adoc new file mode 100644 index 00000000000..77fdff9a686 --- /dev/null +++ b/rules/S6669/csharp/rule.adoc @@ -0,0 +1,38 @@ +include::../why-dotnet.adoc[] + +== How to fix it + +Update the name of the field or property to follow the configured naming convention. By default, the following names are considered compliant: + +* `{logger}` +* ``++{_logger}++`` +* `{Logger}` +* ``++{_Logger}++`` +* `{log}` +* ``++{_log}++`` + +=== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +private readonly ILogger myLogger; // Noncompliant + +public ILogger MyLogger { get; set; } // Noncompliant +---- + +=== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +private readonly ILogger logger; // Compliant + +public ILogger Logger { get; set; } // Compliant +---- + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/csharp/fundamentals/coding-style/coding-conventions[Coding conventions] + +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S6669/metadata.json b/rules/S6669/metadata.json new file mode 100644 index 00000000000..08986912cc5 --- /dev/null +++ b/rules/S6669/metadata.json @@ -0,0 +1,28 @@ +{ + "title": "Logger field or property name should comply with a naming convention", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "2min" + }, + "tags": [ + "logging" + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6669", + "sqKey": "S6669", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "targeted" +} diff --git a/rules/S6669/rspecator.adoc b/rules/S6669/rspecator.adoc new file mode 100644 index 00000000000..979b252dcce --- /dev/null +++ b/rules/S6669/rspecator.adoc @@ -0,0 +1,27 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Rename this [field/property] "XXX" to match the regular expression ${format}. + +=== Parameters + +.format +**** + +---- +^_?[Ll]og(ger)?$ +---- + +Regular expression used to check the field or property names against. +**** + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6669/why-dotnet.adoc b/rules/S6669/why-dotnet.adoc new file mode 100644 index 00000000000..2bfef5bc970 --- /dev/null +++ b/rules/S6669/why-dotnet.adoc @@ -0,0 +1,12 @@ +== Why is this an issue? + +Sharing some naming conventions is a key point to make it possible for a team to efficiently collaborate. +This rule checks that the logger field or property name matches a provided regular expression. + +The rule supports the most popular logging frameworks: + +* Nuget package - https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] +* Nuget package - https://www.nuget.org/packages/Serilog[Serilog] +* Nuget package - https://www.nuget.org/packages/Castle.Core[Castle.Core] +* Nuget package - https://www.nuget.org/packages/NLog[NLog] +* Nuget package - https://www.nuget.org/packages/log4net[log4net] \ No newline at end of file diff --git a/rules/S6670/csharp/metadata.json b/rules/S6670/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6670/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6670/csharp/rule.adoc b/rules/S6670/csharp/rule.adoc new file mode 100644 index 00000000000..9886576fc18 --- /dev/null +++ b/rules/S6670/csharp/rule.adoc @@ -0,0 +1,39 @@ +include::../why-dotnet.adoc[] + +== How to fix it + +Use the https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceerror[Trace.TraceError], https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.tracewarning[Trace.TraceWarning], or https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceinformation[Trace.TraceInformation] methods. + +=== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +try +{ + var message = RetrieveMessage(); + Trace.Write($"Message received: {message}"); // Noncompliant +} +catch (Exception ex) +{ + Trace.WriteLine(ex); // Noncompliant +} +---- + +=== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +try +{ + var message = RetrieveMessage(); + Trace.TraceInformation($"Message received: {message}"); +} +catch (Exception ex) +{ + Trace.TraceError(ex); +} +---- + +include::../resources.adoc[] + +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S6670/metadata.json b/rules/S6670/metadata.json new file mode 100644 index 00000000000..74f8c5fe9fd --- /dev/null +++ b/rules/S6670/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "\"Trace.Write\" and \"Trace.WriteLine\" should not be used", + "type": "CODE_SMELL", + "code": { + "impacts": { + "RELIABILITY": "LOW" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "logging" + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6670", + "sqKey": "S6670", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted" +} diff --git a/rules/S6670/resources.adoc b/rules/S6670/resources.adoc new file mode 100644 index 00000000000..c929a45953e --- /dev/null +++ b/rules/S6670/resources.adoc @@ -0,0 +1,14 @@ +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceerror[Trace.TraceError Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceinformation[Trace.TraceInformation Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.tracewarning[Trace.TraceWarning Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.write[Trace.Write Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.writeline[Trace.WriteLine Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.tracelistener.traceevent[TraceListener.TraceEvent Method] + +=== Articles & blog posts + +* Stackoverflow - https://stackoverflow.com/q/26350620[Difference between Trace.Write() and Trace.TraceInformation()] \ No newline at end of file diff --git a/rules/S6670/rspecator.adoc b/rules/S6670/rspecator.adoc new file mode 100644 index 00000000000..ae032effd50 --- /dev/null +++ b/rules/S6670/rspecator.adoc @@ -0,0 +1,15 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Avoid using [Trace.Write/Trace.WriteLine], use instead methods that specify the trace event type. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6670/why-dotnet.adoc b/rules/S6670/why-dotnet.adoc new file mode 100644 index 00000000000..069e5a0be00 --- /dev/null +++ b/rules/S6670/why-dotnet.adoc @@ -0,0 +1,4 @@ +== Why is this an issue? + +https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.write[Trace.Write] and https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.writeline[Trace.WriteLine] methods are writing to the underlying output stream directly, bypassing the trace formatting and filtering performed by https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.tracelistener.traceevent[TraceListener.TraceEvent] implementations. +It is preferred to use https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceerror[Trace.TraceError], https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.tracewarning[Trace.TraceWarning], and https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceinformation[Trace.TraceInformation] methods instead because they call the https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.tracelistener.traceevent[TraceEvent method] which filters the trace output according to the https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.traceeventtype[TraceEventType] (Error, Warning or Information) and enhance the output with additional information. \ No newline at end of file diff --git a/rules/S6671/javascript/metadata.json b/rules/S6671/javascript/metadata.json index a893b8b7d75..3e9d52e860c 100644 --- a/rules/S6671/javascript/metadata.json +++ b/rules/S6671/javascript/metadata.json @@ -8,10 +8,16 @@ }, "tags": [ ], - "defaultSeverity": "Minor", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6671", "sqKey": "S6671", "scope": "All", "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible" + "quickfix": "infeasible", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6672/csharp/how-code-example.adoc b/rules/S6672/csharp/how-code-example.adoc new file mode 100644 index 00000000000..41dc699efbe --- /dev/null +++ b/rules/S6672/csharp/how-code-example.adoc @@ -0,0 +1,27 @@ +Change the generic type parameter of the `ILogger` interface to match the enclosing type. + +=== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +class EnclosingType +{ + public EnclosingType(ILogger logger) // Noncompliant + { + // ... + } +} +---- + +=== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +class EnclosingType +{ + public EnclosingType(ILogger logger) // Compliant + { + // ... + } +} +---- \ No newline at end of file diff --git a/rules/S6672/csharp/metadata.json b/rules/S6672/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6672/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6672/csharp/rule.adoc b/rules/S6672/csharp/rule.adoc new file mode 100644 index 00000000000..ad66f9d5d91 --- /dev/null +++ b/rules/S6672/csharp/rule.adoc @@ -0,0 +1,3 @@ +:language: csharp + +include::../rule.adoc[] diff --git a/rules/S6672/metadata.json b/rules/S6672/metadata.json new file mode 100644 index 00000000000..a5b1cf8f380 --- /dev/null +++ b/rules/S6672/metadata.json @@ -0,0 +1,29 @@ +{ + "title": "Generic logger injection should match enclosing type", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "confusing", + "logging" + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6672", + "sqKey": "S6672", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "targeted" +} diff --git a/rules/S6672/rspecator.adoc b/rules/S6672/rspecator.adoc new file mode 100644 index 00000000000..34803952385 --- /dev/null +++ b/rules/S6672/rspecator.adoc @@ -0,0 +1,19 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Update this logger to use its enclosing type. + +=== Highlighting + +The generic type parameter of the logger. + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6672/rule.adoc b/rules/S6672/rule.adoc new file mode 100644 index 00000000000..c669b0a3d82 --- /dev/null +++ b/rules/S6672/rule.adoc @@ -0,0 +1,31 @@ +== Why is this an issue? + +In most logging frameworks, it's good practice to set the logger name to match its enclosing type, as enforced by S3416. + +Logging frameworks can define or use https://learn.microsoft.com/en-us/dotnet/standard/generics/interfaces[Generic interfaces] for the logger, such as https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.logging.ilogger-1[`ILogger`]. + +The use of a logger of a generic type parameter `A` (e.g. `ILogger    `) in a type different than `A`, say `B`, goes against the convention. + +Because the instance of type `A` would log with a logger named after `B`, log items would appear as if they were logged by `B` instead, resulting in confusion and logging misconfiguration: + +* overriding defaults for the logger named after `A` would not take effect for entries logged in the type `A` +* fine-graned logging configuration would not be possible, since there would be no way to distinguish entries logged in the type `A` from entries logged in the type `B` + +Further details and examples are provided in S3416. + +This rule specifically targets the generic logging interface https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.logging.ilogger-1[`ILogger` Interface] defined by https://learn.microsoft.com/en-us/dotnet/core/extensions/logging[Microsoft Extensions Logging]. + +== How to fix it + +include::{language}/how-code-example.adoc[] + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/diagnostics/logging-tracing[.NET logging and tracing] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/standard/generics/interfaces[Generic interface] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.logging.ilogger-1[`ILogger` Interface] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/logging?tabs=command-line#log-category[Logging in C# and .NET - Log category] + +include::rspecator.adoc[] \ No newline at end of file diff --git a/rules/S6673/csharp/example_1_compliant.adoc b/rules/S6673/csharp/example_1_compliant.adoc new file mode 100644 index 00000000000..6cd3ca3e1ec --- /dev/null +++ b/rules/S6673/csharp/example_1_compliant.adoc @@ -0,0 +1,4 @@ +[source,csharp,diff-id=1,diff-type=compliant] +---- +logger.LogError("{First} placeholder and {Second} one.", first, second); +---- diff --git a/rules/S6673/csharp/example_1_noncompliant.adoc b/rules/S6673/csharp/example_1_noncompliant.adoc new file mode 100644 index 00000000000..aeba5c6c11f --- /dev/null +++ b/rules/S6673/csharp/example_1_noncompliant.adoc @@ -0,0 +1,6 @@ +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +// 'first' and 'second' are swapped +logger.LogError("{First} placeholder and {Second} one.", second, first); +// ^^^^^^ ^^^^^ +---- diff --git a/rules/S6673/csharp/example_2_compliant.adoc b/rules/S6673/csharp/example_2_compliant.adoc new file mode 100644 index 00000000000..cfef43c4e1f --- /dev/null +++ b/rules/S6673/csharp/example_2_compliant.adoc @@ -0,0 +1,4 @@ +[source,csharp,diff-id=2,diff-type=compliant] +---- +logger.LogError("File {FileName} not found in folder {Path}", fileName, path); +---- diff --git a/rules/S6673/csharp/example_2_noncompliant.adoc b/rules/S6673/csharp/example_2_noncompliant.adoc new file mode 100644 index 00000000000..2e9060e1436 --- /dev/null +++ b/rules/S6673/csharp/example_2_noncompliant.adoc @@ -0,0 +1,5 @@ +[source,csharp,diff-id=2,diff-type=noncompliant] +---- +logger.LogError("File {FileName} not found in folder {Path}", path, fileName); +// ^^^^ ^^^^^^^^ +---- diff --git a/rules/S6673/csharp/example_3_compliant.adoc b/rules/S6673/csharp/example_3_compliant.adoc new file mode 100644 index 00000000000..c4a8677eb0c --- /dev/null +++ b/rules/S6673/csharp/example_3_compliant.adoc @@ -0,0 +1,4 @@ +[source,csharp,diff-id=3,diff-type=compliant] +---- +logger.LogError("File {Name} not found in folder {DirectoryName}", file.Name, file.DirectoryName); +---- diff --git a/rules/S6673/csharp/example_3_noncompliant.adoc b/rules/S6673/csharp/example_3_noncompliant.adoc new file mode 100644 index 00000000000..a3755a0858d --- /dev/null +++ b/rules/S6673/csharp/example_3_noncompliant.adoc @@ -0,0 +1,6 @@ +[source,csharp,diff-id=3,diff-type=noncompliant] +---- +logger.LogError("File {Name} not found in folder {Folder}", file.DirectoryName, file.Name); +// ^^^^ +---- + diff --git a/rules/S6673/csharp/example_4_compliant.adoc b/rules/S6673/csharp/example_4_compliant.adoc new file mode 100644 index 00000000000..f6ff167f6ff --- /dev/null +++ b/rules/S6673/csharp/example_4_compliant.adoc @@ -0,0 +1,6 @@ +[source,csharp,diff-id=4,diff-type=compliant] +---- +var sum = x + y; +var product = x * y; +logger.LogError("Sum is {Sum} and product is {Product}", sum, product); +---- diff --git a/rules/S6673/csharp/example_4_noncompliant.adoc b/rules/S6673/csharp/example_4_noncompliant.adoc new file mode 100644 index 00000000000..b9b35790063 --- /dev/null +++ b/rules/S6673/csharp/example_4_noncompliant.adoc @@ -0,0 +1,4 @@ +[source,csharp,diff-id=4,diff-type=noncompliant] +---- +logger.LogError("Sum is {Sum} and product is {Product}", x * y, x + y); // Not detected +---- diff --git a/rules/S6673/csharp/metadata.json b/rules/S6673/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6673/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6673/csharp/rule.adoc b/rules/S6673/csharp/rule.adoc new file mode 100644 index 00000000000..aeae556be14 --- /dev/null +++ b/rules/S6673/csharp/rule.adoc @@ -0,0 +1,9 @@ +:language: csharp + +include::../description.adoc[] + +include::../why-dotnet.adoc[] + +include::../how-dotnet.adoc[] + +include::../resources-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S6673/description.adoc b/rules/S6673/description.adoc new file mode 100644 index 00000000000..32752709953 --- /dev/null +++ b/rules/S6673/description.adoc @@ -0,0 +1 @@ +The positions of arguments in a logging call should match the positions of their https://messagetemplates.org[message template] placeholders. \ No newline at end of file diff --git a/rules/S6673/how-dotnet.adoc b/rules/S6673/how-dotnet.adoc new file mode 100644 index 00000000000..e672c3fd933 --- /dev/null +++ b/rules/S6673/how-dotnet.adoc @@ -0,0 +1,41 @@ +== How to fix it + +Make sure that the placeholder positions and the argument positions match. Use local variables, fields, or properties for the arguments and name the placeholders accordingly. + +=== Code examples + +==== Noncompliant code example + +'path' and 'fileName' are swapped and therefore assigned to the wrong placeholders. + +include::{language}/example_2_noncompliant.adoc[] + +==== Compliant solution + +Swap the arguments. + +include::{language}/example_2_compliant.adoc[] + +==== Noncompliant code example + +'Name' is detected but 'Folder' is not. The placeholder's name should correspond to the name from the argument. + +include::{language}/example_3_noncompliant.adoc[] + +==== Compliant solution + +Swap the arguments and rename the placeholder to 'DirectoryName'. + +include::{language}/example_3_compliant.adoc[] + +==== Noncompliant code example + +Not detected: A name for the arguments can not be inferred. Use locals to support detection. + +include::{language}/example_4_noncompliant.adoc[] + +==== Compliant solution + +Help detection by using arguments with a name. + +include::{language}/example_4_compliant.adoc[] \ No newline at end of file diff --git a/rules/S6673/impact.adoc b/rules/S6673/impact.adoc new file mode 100644 index 00000000000..2d9ad13e5dc --- /dev/null +++ b/rules/S6673/impact.adoc @@ -0,0 +1,6 @@ +=== What is the potential impact? + +Logging providers use placeholder names to create key/value pairs in the log entry. The key corresponds to the placeholder and the value is the argument passed in the log call. + +If the positions of the placeholder and the argument do not match, the value is associated with the wrong key. This corrupts the logs entry and makes log analytics unreliable. + diff --git a/rules/S6673/metadata.json b/rules/S6673/metadata.json new file mode 100644 index 00000000000..f4c242ce6cb --- /dev/null +++ b/rules/S6673/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "Log message template placeholders should be in the right order", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "logging" + ], + "extra": { + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6673", + "sqKey": "S6673", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible" +} diff --git a/rules/S6673/resources-dotnet.adoc b/rules/S6673/resources-dotnet.adoc new file mode 100644 index 00000000000..6effbc7ea69 --- /dev/null +++ b/rules/S6673/resources-dotnet.adoc @@ -0,0 +1,8 @@ +== Resources + +=== Documentation + +* Message Templates - https://messagetemplates.org[Message template specification] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/logging?tabs=command-line#log-message-template[Log message template] +* Serilog - https://github.com/serilog/serilog/wiki/Structured-Data[Structured Data] +* NLog - https://github.com/NLog/NLog/wiki/How-to-use-structured-logging[How to use structured logging] diff --git a/rules/S6673/why-dotnet.adoc b/rules/S6673/why-dotnet.adoc new file mode 100644 index 00000000000..f68d3d38d59 --- /dev/null +++ b/rules/S6673/why-dotnet.adoc @@ -0,0 +1,11 @@ +== Why is this an issue? + +The placeholders of a https://messagetemplates.org[message template] are defined by their name and their position. Log methods specify the values for the placeholder at runtime by passing them in a https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/params[params array]: + +include::{language}/example_1_compliant.adoc[] + +This rule raises an issue if the position of an argument does not match the position of the corresponding placeholder: + +include::{language}/example_1_noncompliant.adoc[] + +include::impact.adoc[] diff --git a/rules/S6674/csharp/metadata.json b/rules/S6674/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6674/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6674/csharp/rule.adoc b/rules/S6674/csharp/rule.adoc new file mode 100644 index 00000000000..2f3a5eacf6c --- /dev/null +++ b/rules/S6674/csharp/rule.adoc @@ -0,0 +1,33 @@ +include::../description.adoc[] + +== Why is this an issue? + +include::../why-dotnet.adoc[] + +include::../how-dotnet.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +logger.LogError("Login failed for {User", user); // Noncompliant: Syntactically incorrect +logger.LogError("Login failed for {}", user); // Noncompliant: Empty placeholder +logger.LogError("Login failed for {User-Name}", user); // Noncompliant: Only letters, numbers, and underscore are allowed for placeholders +logger.LogDebug("Retry attempt {Cnt,r}", cnt); // Noncompliant: The alignment specifier must be numeric +logger.LogDebug("Retry attempt {Cnt:}", cnt); // Noncompliant: Empty format specifier is not allowed +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +logger.LogError("Login failed for {User}", user); +logger.LogError("Login failed for {User}", user); +logger.LogError("Login failed for {User_Name}", user); +logger.LogDebug("Retry attempt {Cnt,-5}", cnt); +logger.LogDebug("Retry attempt {Cnt:000}", cnt); +---- + +include::../resources-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S6674/description.adoc b/rules/S6674/description.adoc new file mode 100644 index 00000000000..1adc83e4ade --- /dev/null +++ b/rules/S6674/description.adoc @@ -0,0 +1 @@ +A https://messagetemplates.org/[message template] must conform to the specification. The rule raises an issue if the template string violates the template string grammar. \ No newline at end of file diff --git a/rules/S6674/how-dotnet.adoc b/rules/S6674/how-dotnet.adoc new file mode 100644 index 00000000000..02d1bcd8468 --- /dev/null +++ b/rules/S6674/how-dotnet.adoc @@ -0,0 +1,3 @@ +== How to fix it + +Follow the syntax described on https://messagetemplates.org/. diff --git a/rules/S6674/metadata.json b/rules/S6674/metadata.json new file mode 100644 index 00000000000..9b89038acad --- /dev/null +++ b/rules/S6674/metadata.json @@ -0,0 +1,24 @@ +{ + "title": "Log message template should be syntactically correct", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "HIGH" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": ["logging"], + "extra": { + }, + "defaultSeverity": "Critical", + "ruleSpecification": "RSPEC-6674", + "sqKey": "S6674", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible" +} diff --git a/rules/S6674/resources-dotnet.adoc b/rules/S6674/resources-dotnet.adoc new file mode 100644 index 00000000000..c7863872a94 --- /dev/null +++ b/rules/S6674/resources-dotnet.adoc @@ -0,0 +1,9 @@ +== Resources + +=== Documentation + +* Message Templates - https://messagetemplates.org/[Message template specification] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/logging?tabs=command-line#log-message-template-formatting[Log message template formatting] +* NLog - https://github.com/NLog/NLog/wiki/How-to-use-structured-logging[How to use structured logging] +* Serilog - https://github.com/serilog/serilog/wiki/Structured-Data[Structured Data] +* Serilog - https://github.com/Suchiman/SerilogAnalyzer/blob/master/README.md#serilog002-message-template-syntax-verifier[`Serilog002`: Message template syntax verifier] \ No newline at end of file diff --git a/rules/S6674/why-dotnet.adoc b/rules/S6674/why-dotnet.adoc new file mode 100644 index 00000000000..e2aed09a459 --- /dev/null +++ b/rules/S6674/why-dotnet.adoc @@ -0,0 +1,7 @@ +A message template needs to comply with a set of rules. https://learn.microsoft.com/en-us/dotnet/core/extensions/logging-providers[Logging provider] parse the template and enrich log entries with the information found in the template. An unparsable message template leads to corrupted log entries and might result in a loss of information in the logs. + +The rule covers the following logging frameworks: + +* Nuget package - https://www.nuget.org/packages/Serilog[Serilog] +* Nuget package - https://www.nuget.org/packages/NLog[Nlog] +* Nuget package - https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] \ No newline at end of file diff --git a/rules/S6675/csharp/metadata.json b/rules/S6675/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6675/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6675/csharp/rule.adoc b/rules/S6675/csharp/rule.adoc new file mode 100644 index 00000000000..7f36eece5fc --- /dev/null +++ b/rules/S6675/csharp/rule.adoc @@ -0,0 +1 @@ +include::../rule.adoc[] \ No newline at end of file diff --git a/rules/S6675/metadata.json b/rules/S6675/metadata.json new file mode 100644 index 00000000000..b40390efe37 --- /dev/null +++ b/rules/S6675/metadata.json @@ -0,0 +1,28 @@ +{ + "title": "\"Trace.WriteLineIf\" should not be used with \"TraceSwitch\" levels", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "confusing", + "clumsy", + "logging" + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6675", + "sqKey": "S6675", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted" +} diff --git a/rules/S6675/rspecator.adoc b/rules/S6675/rspecator.adoc new file mode 100644 index 00000000000..69500536ca5 --- /dev/null +++ b/rules/S6675/rspecator.adoc @@ -0,0 +1,19 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Use `Trace.WriteXXX` instead. + +=== Highlighting + +`Trace.WriteLineIf(switch.TraceXXX, ...)` + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6675/rule.adoc b/rules/S6675/rule.adoc new file mode 100644 index 00000000000..bbffc9c4124 --- /dev/null +++ b/rules/S6675/rule.adoc @@ -0,0 +1,43 @@ +== Why is this an issue? + +The https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.writelineif[`Trace.WriteLineIf` Method] from the https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace[`System.Diagnostic.Trace`] facility writes a trace if the condition passed as the first parameter is `true`. + +https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.traceswitch[`TraceSwitch`] allows trace control via `bool` properties for each relevant https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.tracelevel[`TraceLevel`], such as https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.traceswitch.traceerror[`TraceSwitch.TraceError`]. + +Using `Trace.WriteLineIf` with such properties should be avoided since it can lead to misinterpretation and produce confusion. + +In particular, `Trace.WriteLineIf` may appear as equivalent to the level-specific tracing methods provided by `Trace`, such as https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceerror[`Trace.Error`], but it is not. + +The difference is that `Trace.WriteLineIf(switch.TraceError, ...)` conditionally writes the trace, based on the switch, whereas `Trace.TraceError` always writes the trace, no matter whether `switch.TraceError` is `true` or `false`. + +Moreover, unlike `Trace.TraceError`, `Trace.WriteLineIf(switch.TraceError, ...)` would behave like `Trace.WriteLine(...)` when `switch.TraceError` is `true`, writing unfiltered to the underlying trace listeners and not categorizing the log entry by level, as described more in detail in S6670. + +== How to fix it + +The fix depends on the intent behind the use of https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.traceswitch[`TraceSwitch`] levels with https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.writelineif[`Trace.WriteLineIf`]. + +If it is *trace categorization*, level-specific tracing methods, such as https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.traceerror[`Trace.TraceError`] or https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.tracewarning[`Trace.TraceWarning]`, should be used instead. + +If it is *trace filtering*, https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.tracesource[`TraceSource`] should be used instead. + +If it is *log filtering*, `Trace` should be replaced by logging APIs, such as the https://learn.microsoft.com/en-us/dotnet/core/diagnostics/logging-tracing#net-logging-apis[`ILogger` API]. + +Modern logging APIs are also more suitable than `Trace` when https://learn.microsoft.com/en-us/dotnet/core/extensions/high-performance-logging[high-performance logging] is required. + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.writelineif[`Trace.WriteLineIf` Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.traceswitch[`TraceSwitch`] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.tracesource[`TraceSource`] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.trace.writeline[`Trace.WriteLine` Method] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/high-performance-logging[High-performance logging in .NET] + +=== Articles & blog posts + +* StackOverflow - https://stackoverflow.com/a/5118040[Difference between Trace.WriteLineIf and Trace.Error] +* StackOverflow - https://stackoverflow.com/a/3691841[Difference between TraceSwitch and SourceSwitch] +* InfoSupport Blogs - https://blogs.infosupport.com/please-be-careful-when-using-trace-writelineif/[Please be careful when using Trace.WriteLineIf()] + +include::rspecator.adoc[] \ No newline at end of file diff --git a/rules/S6676/javascript/metadata.json b/rules/S6676/javascript/metadata.json index 75ff38b81e2..9d732590578 100644 --- a/rules/S6676/javascript/metadata.json +++ b/rules/S6676/javascript/metadata.json @@ -8,10 +8,16 @@ }, "tags": [ ], - "defaultSeverity": "Minor", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6676", "sqKey": "S6676", "scope": "All", "defaultQualityProfiles": ["Sonar way"], - "quickfix": "covered" + "quickfix": "covered", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6677/csharp/metadata.json b/rules/S6677/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6677/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6677/csharp/rule.adoc b/rules/S6677/csharp/rule.adoc new file mode 100644 index 00000000000..84be1521d3a --- /dev/null +++ b/rules/S6677/csharp/rule.adoc @@ -0,0 +1,27 @@ +include::../why-dotnet.adoc[] + +include::../how-dotnet.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +public void Checkout(ILogger logger, User user, Order order) +{ + logger.LogDebug("User {Id} purchased order {Id}", user.Id, order.Id); +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +public void Checkout(ILogger logger, User user, Order order) +{ + logger.LogDebug("User {UserId} purchased order {OrderId}", user.Id, order.Id); +} +---- + +include::../resources-dotnet.adoc[] \ No newline at end of file diff --git a/rules/S6677/how-dotnet.adoc b/rules/S6677/how-dotnet.adoc new file mode 100644 index 00000000000..33ddaad8dce --- /dev/null +++ b/rules/S6677/how-dotnet.adoc @@ -0,0 +1,3 @@ +== How to fix it + +Assign unique names to each template placeholder. diff --git a/rules/S6677/metadata.json b/rules/S6677/metadata.json new file mode 100644 index 00000000000..7d109a71245 --- /dev/null +++ b/rules/S6677/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "Message template placeholders should be unique", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "logging" + ], + "extra": { + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6677", + "sqKey": "S6677", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible" +} diff --git a/rules/S6677/resources-dotnet.adoc b/rules/S6677/resources-dotnet.adoc new file mode 100644 index 00000000000..3bfdbae92de --- /dev/null +++ b/rules/S6677/resources-dotnet.adoc @@ -0,0 +1,9 @@ +== Resources + +=== Documentation + +* Message Templates - https://messagetemplates.org/[Message template specification] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/core/extensions/logging?tabs=command-line#log-message-template-formatting[Log message template formatting] +* NLog - https://github.com/NLog/NLog/wiki/How-to-use-structured-logging[How to use structured logging] +* Serilog - https://github.com/serilog/serilog/wiki/Structured-Data[Structured Data] +* Serilog - https://github.com/Suchiman/SerilogAnalyzer/blob/master/README.md#serilog005-unique-property-name-verifier[`Serilog005`: Unique Property Name Verifier] \ No newline at end of file diff --git a/rules/S6677/why-dotnet.adoc b/rules/S6677/why-dotnet.adoc new file mode 100644 index 00000000000..96ebd90a7cc --- /dev/null +++ b/rules/S6677/why-dotnet.adoc @@ -0,0 +1,14 @@ +== Why is this an issue? + +Named placeholders in https://messagetemplates.org[message templates] should be unique. The meaning of the named placeholders is to store the value of the provided argument under that name, enabling easier log querying. Since the named placeholder is used multiple times, it cannot store the different values uniquely with each name hence not serving its original purpose. +There can be different behaviours when using the same named placeholder multiple times: + +* https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] saves the different values under the same name +* https://www.nuget.org/packages/Serilog[Serilog] stores only the latest assigned value +* https://www.nuget.org/packages/NLog[Nlog] makes the name unique by suffixing it with ``++_index++`` + +The rule covers the following logging frameworks: + +* https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] +* https://www.nuget.org/packages/Serilog[Serilog] +* https://www.nuget.org/packages/NLog[Nlog] \ No newline at end of file diff --git a/rules/S6678/csharp/metadata.json b/rules/S6678/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6678/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6678/csharp/rule.adoc b/rules/S6678/csharp/rule.adoc new file mode 100644 index 00000000000..3703a2b7de8 --- /dev/null +++ b/rules/S6678/csharp/rule.adoc @@ -0,0 +1,25 @@ +include::../description-dotnet.adoc[] + +include::../why-dotnet.adoc[] + +include::../how-dotnet.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +logger.LogDebug("User {firstName} logged in", firstName); // Noncompliant +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +logger.LogDebug("User {FirstName} logged in", firstName); // Compliant +---- + +include::../resources-dotnet.adoc[] + +include::../rspecator.adoc[] \ No newline at end of file diff --git a/rules/S6678/description-dotnet.adoc b/rules/S6678/description-dotnet.adoc new file mode 100644 index 00000000000..ce201a7e91a --- /dev/null +++ b/rules/S6678/description-dotnet.adoc @@ -0,0 +1 @@ +Within a https://messagetemplates.org/[message template] each named placeholder should be in PascalCase. \ No newline at end of file diff --git a/rules/S6678/how-dotnet.adoc b/rules/S6678/how-dotnet.adoc new file mode 100644 index 00000000000..ddbe14dbf2e --- /dev/null +++ b/rules/S6678/how-dotnet.adoc @@ -0,0 +1,3 @@ +== How to fix it + +Use PascalCase for named placeholders. \ No newline at end of file diff --git a/rules/S6678/metadata.json b/rules/S6678/metadata.json new file mode 100644 index 00000000000..b3fb444f4bf --- /dev/null +++ b/rules/S6678/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "Use PascalCase for named placeholders", + "type": "CODE_SMELL", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "1min" + }, + "tags": [ + "logging" + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6678", + "sqKey": "S6678", + "scope": "Main", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted" +} diff --git a/rules/S6678/resources-dotnet.adoc b/rules/S6678/resources-dotnet.adoc new file mode 100644 index 00000000000..cc99cfa86e7 --- /dev/null +++ b/rules/S6678/resources-dotnet.adoc @@ -0,0 +1,6 @@ +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca1727[CA1727: Use PascalCase for named placeholders] +* Serilog Analyzer - https://github.com/Suchiman/SerilogAnalyzer/blob/master/README.md#serilog006-pascal-cased-property-verifier[Serilog006: Pascal Cased Property Verifier] \ No newline at end of file diff --git a/rules/S6678/rspecator.adoc b/rules/S6678/rspecator.adoc new file mode 100644 index 00000000000..f4b8b215a90 --- /dev/null +++ b/rules/S6678/rspecator.adoc @@ -0,0 +1,19 @@ +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Use PascalCase for named placeholders. + +=== Highlighting + +`{placeholder}` + +''' +== Comments And Links +(visible only on this page) + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S6678/why-dotnet.adoc b/rules/S6678/why-dotnet.adoc new file mode 100644 index 00000000000..e7917c565e8 --- /dev/null +++ b/rules/S6678/why-dotnet.adoc @@ -0,0 +1,9 @@ +== Why is this an issue? + +Using consistent naming conventions is important for the readability and maintainability of code. In the case of message templates, using PascalCase for named placeholders ensures consistency with structured logging conventions, where each named placeholder is used as a property name in the structured data. + +The rule covers the following logging frameworks: + +* Nuget package - https://www.nuget.org/packages/Microsoft.Extensions.Logging[Microsoft.Extensions.Logging] +* Nuget package - https://www.nuget.org/packages/Serilog[Serilog] +* Nuget package - https://www.nuget.org/packages/NLog[Nlog] \ No newline at end of file diff --git a/rules/S6679/javascript/metadata.json b/rules/S6679/javascript/metadata.json index 10c8feea381..b997ae23b70 100644 --- a/rules/S6679/javascript/metadata.json +++ b/rules/S6679/javascript/metadata.json @@ -8,10 +8,16 @@ }, "tags": [ ], - "defaultSeverity": "Minor", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6679", "sqKey": "S6679", "scope": "All", "defaultQualityProfiles": ["Sonar way"], - "quickfix": "covered" + "quickfix": "covered", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6680/common/resources/standards.adoc b/rules/S6680/common/resources/standards.adoc index 444925fef86..8ce26598f8d 100644 --- a/rules/S6680/common/resources/standards.adoc +++ b/rules/S6680/common/resources/standards.adoc @@ -1,5 +1,7 @@ === Standards * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] -* OWASP - https://www.owasp.org/index.php/Top_10-2017_A1-Injection[Top 10 2017 Category A1 - Injection] -* CWE - https://cwe.mitre.org/data/definitions/606[606 - Unchecked Input for Loop Condition] +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/606[CWE-606 - Unchecked Input for Loop Condition] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S6680/metadata.json b/rules/S6680/metadata.json index 3f36c80e54f..38c7e62a554 100644 --- a/rules/S6680/metadata.json +++ b/rules/S6680/metadata.json @@ -2,6 +2,12 @@ "title": "Loop boundaries should not be vulnerable to injection attacks", "type": "VULNERABILITY", "status": "ready", + "code": { + "impacts": { + "SECURITY": "HIGH" + }, + "attribute": "COMPLETE" + }, "remediation": { "func": "Constant\/Issue", "constantCost": "5min" @@ -23,7 +29,7 @@ "scope": "Main", "securityStandards": { "CWE": [ - 606 + 606 ], "OWASP": [ "A1" @@ -32,10 +38,16 @@ "A3" ], "PCI DSS 3.2": [ + ], "PCI DSS 4.0": [ + ], "ASVS 4.0": [ + + ], + "STIG ASD_V5R3": [ + "V-222609" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6684/secrets/metadata.json b/rules/S6684/secrets/metadata.json index 717ca5e61c6..6770c2e4273 100644 --- a/rules/S6684/secrets/metadata.json +++ b/rules/S6684/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6684", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6686/secrets/metadata.json b/rules/S6686/secrets/metadata.json index 87c877ee0e8..3c7569f5e70 100644 --- a/rules/S6686/secrets/metadata.json +++ b/rules/S6686/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6686", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6687/secrets/metadata.json b/rules/S6687/secrets/metadata.json index 090f9660e96..b09330c009d 100644 --- a/rules/S6687/secrets/metadata.json +++ b/rules/S6687/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6687", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6688/secrets/metadata.json b/rules/S6688/secrets/metadata.json index 62056eb8542..8a4599f2d6e 100644 --- a/rules/S6688/secrets/metadata.json +++ b/rules/S6688/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6688", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6689/secrets/metadata.json b/rules/S6689/secrets/metadata.json index 5d6f403eba5..34665e93059 100644 --- a/rules/S6689/secrets/metadata.json +++ b/rules/S6689/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6689", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6690/secrets/metadata.json b/rules/S6690/secrets/metadata.json index fcb21712881..ff4202a0b17 100644 --- a/rules/S6690/secrets/metadata.json +++ b/rules/S6690/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6690", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6691/secrets/metadata.json b/rules/S6691/secrets/metadata.json index 4096c304b42..5a3b42bb27c 100644 --- a/rules/S6691/secrets/metadata.json +++ b/rules/S6691/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6691", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6692/secrets/metadata.json b/rules/S6692/secrets/metadata.json index de13e235485..7bf949ef9fc 100644 --- a/rules/S6692/secrets/metadata.json +++ b/rules/S6692/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6692", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6693/secrets/metadata.json b/rules/S6693/secrets/metadata.json index de963d701b4..99a7b2526d0 100644 --- a/rules/S6693/secrets/metadata.json +++ b/rules/S6693/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6693", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6694/secrets/metadata.json b/rules/S6694/secrets/metadata.json index cd771bcd3c9..63006d3a878 100644 --- a/rules/S6694/secrets/metadata.json +++ b/rules/S6694/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6694", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6695/secrets/metadata.json b/rules/S6695/secrets/metadata.json index 82341418648..dc44d4f6e87 100644 --- a/rules/S6695/secrets/metadata.json +++ b/rules/S6695/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6695", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6696/secrets/metadata.json b/rules/S6696/secrets/metadata.json index fbab291dd24..738fece39ba 100644 --- a/rules/S6696/secrets/metadata.json +++ b/rules/S6696/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6696", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6697/secrets/metadata.json b/rules/S6697/secrets/metadata.json index af5b1728502..24570e68f14 100644 --- a/rules/S6697/secrets/metadata.json +++ b/rules/S6697/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6697", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6698/secrets/metadata.json b/rules/S6698/secrets/metadata.json index c3f49779313..ec6c82e5272 100644 --- a/rules/S6698/secrets/metadata.json +++ b/rules/S6698/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6698", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6699/secrets/metadata.json b/rules/S6699/secrets/metadata.json index 6830dcf0b32..9a73903fc2c 100644 --- a/rules/S6699/secrets/metadata.json +++ b/rules/S6699/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6699", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6700/secrets/metadata.json b/rules/S6700/secrets/metadata.json index 1d28a86c97a..9045ad81f93 100644 --- a/rules/S6700/secrets/metadata.json +++ b/rules/S6700/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6700", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6701/secrets/metadata.json b/rules/S6701/secrets/metadata.json index bdd168d12bf..7ed9a5dd59a 100644 --- a/rules/S6701/secrets/metadata.json +++ b/rules/S6701/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6701", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6702/secrets/metadata.json b/rules/S6702/secrets/metadata.json index 4116f413866..60570616cf0 100644 --- a/rules/S6702/secrets/metadata.json +++ b/rules/S6702/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6702", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6703/secrets/metadata.json b/rules/S6703/secrets/metadata.json index f934fc5540f..5505ed0a030 100644 --- a/rules/S6703/secrets/metadata.json +++ b/rules/S6703/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6703", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6704/secrets/metadata.json b/rules/S6704/secrets/metadata.json index 6eeca51bb1e..16ddb398ac6 100644 --- a/rules/S6704/secrets/metadata.json +++ b/rules/S6704/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6704", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6705/secrets/metadata.json b/rules/S6705/secrets/metadata.json index 5b6002c0bf7..0e69497fb84 100644 --- a/rules/S6705/secrets/metadata.json +++ b/rules/S6705/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6705", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6706/secrets/metadata.json b/rules/S6706/secrets/metadata.json index 6f2e842db63..4fb94bcec5a 100644 --- a/rules/S6706/secrets/metadata.json +++ b/rules/S6706/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6706", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6707/java/metadata.json b/rules/S6707/java/metadata.json new file mode 100644 index 00000000000..e815d0501e6 --- /dev/null +++ b/rules/S6707/java/metadata.json @@ -0,0 +1,33 @@ +{ + "title": "Optional values should only be accessed after calling isPresent()", + "type": "BUG", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "COMPLETE" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "10min" + }, + "tags": [ + "cwe", + "symbolic-execution" + ], + "extra": { + "replacementRules": [ + + ], + "legacyKeys": [ + + ] + }, + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6707", + "sqKey": "S6707", + "scope": "All", + "defaultQualityProfiles": [ ], + "quickfix": "unknown" +} diff --git a/rules/S6707/java/rule.adoc b/rules/S6707/java/rule.adoc new file mode 100644 index 00000000000..7595b947645 --- /dev/null +++ b/rules/S6707/java/rule.adoc @@ -0,0 +1,97 @@ +== Why is this an issue? + +``++Optional++`` value can hold either a value or not. The value held in the ``++Optional++`` can be accessed using the ``++get()++`` method, but it will throw a + +``++NoSuchElementException++`` if there is no value present. To avoid the exception, calling the ``++isPresent()++`` or ``++! isEmpty()++`` method should always be done before any call to ``++get()++``. + + +Alternatively, note that other methods such as ``++orElse(...)++``, ``++orElseGet(...)++`` or ``++orElseThrow(...)++`` can be used to specify what to do with an empty ``++Optional++``. + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +public static Optional getOptionalValue(boolean condition) { + if (condition) { + return Optional.of("Value text"); + } + return Optional.empty(); +} + +public void example(boolean condition) { + Optional optional = getOptionalValue(condition); + String value = optional.get(); // Noncompliant; getOptionalValue may return an empty optional +} +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +public static Optional getOptionalValue(boolean condition) { + if (condition) { + return Optional.of("Value text"); + } + return Optional.empty(); +} + +public void example(boolean condition) { + getOptionalValue(condition).ifPresent(value -> { + // Do something with the value + }); +} +---- + +or + +[source,java] +---- +Optional value = this.getOptionalValue(); + +// ... + +if (value.isPresent()) { + String stringValue = value.get(); +} +---- + +or + +[source,java] +---- +Optional value = this.getOptionalValue(); + +// ... + +String stringValue = value.orElse("default"); +---- + +[source,java] +---- +Optional optional = methodThatReturnsOptional(); +if (optional.isEmpty()) { + throw new NotFoundException(); +} +String value = optional.get(); +---- + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +call "xxx.isPresent()" before accessing the value. + + +''' + +endif::env-github,rspecator-view[] + + diff --git a/rules/S6707/metadata.json b/rules/S6707/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6707/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6708/secrets/metadata.json b/rules/S6708/secrets/metadata.json index 5fbc41171f4..f447471da44 100644 --- a/rules/S6708/secrets/metadata.json +++ b/rules/S6708/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6708", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6709/python/how-to-fix-it/numpy.adoc b/rules/S6709/python/how-to-fix-it/numpy.adoc new file mode 100644 index 00000000000..d1a3b13157b --- /dev/null +++ b/rules/S6709/python/how-to-fix-it/numpy.adoc @@ -0,0 +1,27 @@ +== How to fix it in Numpy + +To fix this issue, provide a predictable seed to the random number generator. + +=== Code examples + +==== Noncompliant code example + +[source,python,diff-id=1,diff-type=noncompliant] +---- +import numpy as np + +def foo(): + generator = np.random.default_rng() # Noncompliant: no seed parameter is provided + x = generator.uniform() +---- + +==== Compliant solution + +[source,python,diff-id=1,diff-type=compliant] +---- +import numpy as np + +def foo(): + generator = np.random.default_rng(42) # Compliant + x = generator.uniform() +---- diff --git a/rules/S6709/python/how-to-fix-it/sklearn.adoc b/rules/S6709/python/how-to-fix-it/sklearn.adoc new file mode 100644 index 00000000000..d49badf0472 --- /dev/null +++ b/rules/S6709/python/how-to-fix-it/sklearn.adoc @@ -0,0 +1,29 @@ +== How to fix it in Scikit-Learn + +To fix this issue, provide a predictable seed to the estimator or the utility function. + +=== Code examples + +==== Noncompliant code example + +[source,python,diff-id=2,diff-type=noncompliant] +---- +from sklearn.model_selection import train_test_split +from sklearn.datasets import load_iris + +X, y = load_iris(return_X_y=True) +X_train, _, y_train, _ = train_test_split(X, y) # Noncompliant: no seed parameter is provided +---- + +==== Compliant solution + +[source,python,diff-id=2,diff-type=compliant] +---- +from sklearn.model_selection import train_test_split +from sklearn.datasets import load_iris +import numpy as np + +rng = np.random.default_rng(42) +X, y = load_iris(return_X_y=True) +X_train, _, y_train, _ = train_test_split(X, y, random_state=rng.integers(1)) # Compliant +---- diff --git a/rules/S6709/python/metadata.json b/rules/S6709/python/metadata.json index dfb35a9b9ad..dbd15e77e2a 100644 --- a/rules/S6709/python/metadata.json +++ b/rules/S6709/python/metadata.json @@ -8,17 +8,25 @@ }, "tags": [ "numpy", - "data-science" + "data-science", + "scientific-computing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6709", "sqKey": "S6709", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "securityStandards": { + "STIG ASD_V5R3": [ + "V-222642" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "HIGH", + "MAINTAINABILITY": "MEDIUM", "RELIABILITY": "MEDIUM", "SECURITY": "LOW" }, diff --git a/rules/S6709/python/rule.adoc b/rules/S6709/python/rule.adoc index 0be25e2920f..88445c3b9b2 100644 --- a/rules/S6709/python/rule.adoc +++ b/rules/S6709/python/rule.adoc @@ -26,39 +26,26 @@ Note that a global seed for `RandomState` can be set using `numpy.random.seed` o In contexts that are not related to data science and machine learning, having a predictable seed may not be the desired behavior. Therefore, this rule will only raise issues if machine learning and data science libraries are being used. -== How to fix it -To fix this issue, provide a predictable seed to the random number generator. +// How to fix it section -=== Code examples +include::how-to-fix-it/numpy.adoc[] -==== Noncompliant code example +include::how-to-fix-it/sklearn.adoc[] -[source,python,diff-id=1,diff-type=noncompliant] ----- -import numpy as np - -def foo(): - generator = np.random.default_rng() # Noncompliant: no seed parameter is provided - x = generator.uniform() ----- - -==== Compliant solution - -[source,python,diff-id=1,diff-type=compliant] ----- -import numpy as np - -def foo(): - generator = np.random.default_rng(42) # Compliant - x = generator.uniform() ----- == Resources === Documentation * NumPy documentation - https://numpy.org/neps/nep-0019-rng-policy.html[NEP 19 RNG Policy] +* Scikit-learn documentation - https://scikit-learn.org/stable/glossary.html#term-random_state[Glossary random_state] +* Scikit-learn documentation - https://scikit-learn.org/stable/common_pitfalls.html#controlling-randomness[Controlling randomness] + +=== Standards + +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222642[Application Security and Development: V-222642] - The application must not contain embedded authentication data. === Related rules * S6711 - `numpy.random.Generator` should be preferred to `numpy.random.RandomState` + diff --git a/rules/S6710/secrets/metadata.json b/rules/S6710/secrets/metadata.json index c5387cf8851..29a7e5a2ffa 100644 --- a/rules/S6710/secrets/metadata.json +++ b/rules/S6710/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6710", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6711/python/metadata.json b/rules/S6711/python/metadata.json index a609ba564a0..dff5fcf7dd8 100644 --- a/rules/S6711/python/metadata.json +++ b/rules/S6711/python/metadata.json @@ -18,9 +18,7 @@ "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "MEDIUM", - "RELIABILITY": "MEDIUM", - "SECURITY": "LOW" + "MAINTAINABILITY": "MEDIUM" }, "attribute": "CONVENTIONAL" } diff --git a/rules/S6711/python/rule.adoc b/rules/S6711/python/rule.adoc index f01f1c5db25..c47c1b59d0d 100644 --- a/rules/S6711/python/rule.adoc +++ b/rules/S6711/python/rule.adoc @@ -308,9 +308,8 @@ To fix this issue, replace usages of `numpy.random.RandomState` to `numpy.random [source,python,diff-id=1,diff-type=noncompliant] ---- import numpy as np -def foo(): - np.random.seed(42) - x = np.random.randn() # Noncompliant: this relies on numpy.random.RandomState, which is deprecated +np.random.seed(42) +x = np.random.randn() # Noncompliant: this relies on numpy.random.RandomState, which is deprecated ---- ==== Compliant solution @@ -318,9 +317,8 @@ def foo(): [source,python,diff-id=1,diff-type=compliant] ---- import numpy as np -def foo(): - generator = np.random.default_rng(42) - x = generator.standard_normal() +generator = np.random.default_rng(42) +x = generator.standard_normal() ---- == Resources diff --git a/rules/S6713/secrets/metadata.json b/rules/S6713/secrets/metadata.json index ea919c66086..6283c1d1ebd 100644 --- a/rules/S6713/secrets/metadata.json +++ b/rules/S6713/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6713", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6717/secrets/metadata.json b/rules/S6717/secrets/metadata.json index 1b143eab244..bc4fb6d18e2 100644 --- a/rules/S6717/secrets/metadata.json +++ b/rules/S6717/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6717", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6718/secrets/metadata.json b/rules/S6718/secrets/metadata.json index bea682afb49..bcf632eb8cb 100644 --- a/rules/S6718/secrets/metadata.json +++ b/rules/S6718/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6718", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6719/secrets/metadata.json b/rules/S6719/secrets/metadata.json index fdca8b23f58..27a6cea8dd8 100644 --- a/rules/S6719/secrets/metadata.json +++ b/rules/S6719/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6719", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6720/secrets/metadata.json b/rules/S6720/secrets/metadata.json index 957f15fc53b..bdec5531c5b 100644 --- a/rules/S6720/secrets/metadata.json +++ b/rules/S6720/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6720", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6721/secrets/metadata.json b/rules/S6721/secrets/metadata.json index d1a0ca3a9f3..af0fc1d07dd 100644 --- a/rules/S6721/secrets/metadata.json +++ b/rules/S6721/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6721", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6721/secrets/rule.adoc b/rules/S6721/secrets/rule.adoc index 78bb15fbcbd..3d4571ccb52 100644 --- a/rules/S6721/secrets/rule.adoc +++ b/rules/S6721/secrets/rule.adoc @@ -6,12 +6,9 @@ include::../../../shared_content/secrets/rationale.adoc[] === What is the potential impact? -Teams Workflow webhook URLs have different effects depending on their -permissions: They can be used only to write Teams posts or to trigger other -workflows. +Below are some real-world scenarios that illustrate the potential impact of an attacker exploiting this secret. -Below are some real-world scenarios that illustrate some impacts of an attacker -exploiting the secret. +:secret_type: webhook include::../../../shared_content/secrets/impact/phishing.adoc[] diff --git a/rules/S6722/secrets/metadata.json b/rules/S6722/secrets/metadata.json index 2b6c0b6050c..e9c564a21d2 100644 --- a/rules/S6722/secrets/metadata.json +++ b/rules/S6722/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6722", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6723/secrets/metadata.json b/rules/S6723/secrets/metadata.json index 8d27d7bb7cf..7b2c9b4fc5b 100644 --- a/rules/S6723/secrets/metadata.json +++ b/rules/S6723/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6723", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6725/python/metadata.json b/rules/S6725/python/metadata.json index 9491f08b264..6e739b1857c 100644 --- a/rules/S6725/python/metadata.json +++ b/rules/S6725/python/metadata.json @@ -3,7 +3,7 @@ "type": "BUG", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "LOGICAL" }, @@ -13,13 +13,10 @@ "constantCost": "2min" }, "tags": [ - "python3", "numpy" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6725", diff --git a/rules/S6727/python/metadata.json b/rules/S6727/python/metadata.json index b0e8e800a17..311ab8cad31 100644 --- a/rules/S6727/python/metadata.json +++ b/rules/S6727/python/metadata.json @@ -7,8 +7,9 @@ "constantCost": "5min" }, "tags": [ + "scientific-computing" ], - "defaultSeverity": "Major", + "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-6727", "sqKey": "S6727", "scope": "All", diff --git a/rules/S6729/python/metadata.json b/rules/S6729/python/metadata.json index 15ae580143d..cf99237b8ad 100644 --- a/rules/S6729/python/metadata.json +++ b/rules/S6729/python/metadata.json @@ -10,7 +10,7 @@ "numpy", "data-science" ], - "defaultSeverity": "Major", + "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-6729", "sqKey": "S6729", "scope": "All", diff --git a/rules/S6731/secrets/metadata.json b/rules/S6731/secrets/metadata.json index 71eddcda1e6..3b55706a6a7 100644 --- a/rules/S6731/secrets/metadata.json +++ b/rules/S6731/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6731", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6732/secrets/metadata.json b/rules/S6732/secrets/metadata.json index 7aa425465b3..34daf0935df 100644 --- a/rules/S6732/secrets/metadata.json +++ b/rules/S6732/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6732", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6733/secrets/metadata.json b/rules/S6733/secrets/metadata.json index bc340acf375..fa6bf1814cf 100644 --- a/rules/S6733/secrets/metadata.json +++ b/rules/S6733/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6733", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6734/python/metadata.json b/rules/S6734/python/metadata.json index ca34e9f0fa6..300183adbf8 100644 --- a/rules/S6734/python/metadata.json +++ b/rules/S6734/python/metadata.json @@ -10,7 +10,7 @@ "pandas", "data-science" ], - "defaultSeverity": "Major", + "defaultSeverity": "Critical", "ruleSpecification": "RSPEC-6734", "sqKey": "S6734", "scope": "All", diff --git a/rules/S6735/python/metadata.json b/rules/S6735/python/metadata.json index ac5a1d1ef0a..b30d280af45 100644 --- a/rules/S6735/python/metadata.json +++ b/rules/S6735/python/metadata.json @@ -18,7 +18,7 @@ "quickfix": "covered", "code": { "impacts": { - "MAINTAINABILITY": "HIGH" + "MAINTAINABILITY": "MEDIUM" }, "attribute": "CLEAR" } diff --git a/rules/S6736/secrets/metadata.json b/rules/S6736/secrets/metadata.json index 940f6f5f216..928b89cb8cf 100644 --- a/rules/S6736/secrets/metadata.json +++ b/rules/S6736/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6736", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6739/secrets/metadata.json b/rules/S6739/secrets/metadata.json index 2c8f47d8c28..4e7cf5fd7d2 100644 --- a/rules/S6739/secrets/metadata.json +++ b/rules/S6739/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6739", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6740/python/metadata.json b/rules/S6740/python/metadata.json index 384eb2d69e5..fb1cc7f26b9 100644 --- a/rules/S6740/python/metadata.json +++ b/rules/S6740/python/metadata.json @@ -18,7 +18,7 @@ "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "HIGH", + "MAINTAINABILITY": "MEDIUM", "RELIABILITY": "MEDIUM" }, "attribute": "CLEAR" diff --git a/rules/S6741/python/metadata.json b/rules/S6741/python/metadata.json index 3d19554c5e2..5de3a19dcf2 100644 --- a/rules/S6741/python/metadata.json +++ b/rules/S6741/python/metadata.json @@ -8,7 +8,8 @@ }, "tags": [ "data-science", - "pandas" + "pandas", + "numpy" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6741", diff --git a/rules/S6741/python/rule.adoc b/rules/S6741/python/rule.adoc index e2d3ef3d7ae..985fc53a4be 100644 --- a/rules/S6741/python/rule.adoc +++ b/rules/S6741/python/rule.adoc @@ -50,5 +50,5 @@ arr = df.to_numpy() # Compliant == Resources === Documentation -* Pandas Documentation - https://pandas.pydata.org/docs/reference/api/pandas.DataFrame.to_numpy.html[pandas.DataFrame.to_numpy()] +* Pandas Documentation - https://pandas.pydata.org/pandas-docs/version/2.1/reference/api/pandas.DataFrame.to_numpy.html[pandas.DataFrame.to_numpy()] * Pandas Documentation - https://pandas.pydata.org/docs/reference/api/pandas.DataFrame.values.html[pandas.DataFrame.values] diff --git a/rules/S6745/java/metadata.json b/rules/S6745/java/metadata.json index 72f0be367b0..ddeda85f81f 100644 --- a/rules/S6745/java/metadata.json +++ b/rules/S6745/java/metadata.json @@ -1,25 +1,25 @@ { "title": "Detection of the Local Butterfly object dependencies anti-pattern", "type": "CODE_SMELL", - "status": "ready", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "MODULAR" + }, + "status": "beta", "remediation": { "func": "Constant\/Issue", - "constantCost": "5min" + "constantCost": "0min" }, "tags": [ + "architecture", + "design" ], "defaultSeverity": "Info", "ruleSpecification": "RSPEC-6745", "sqKey": "S6745", "scope": "All", "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW", - "RELIABILITY": "LOW", - "SECURITY": "LOW" - }, - "attribute": "CONVENTIONAL" - } + "quickfix": "infeasible" } diff --git a/rules/S6745/java/rule.adoc b/rules/S6745/java/rule.adoc index d62c23ed6db..32bfe2840e2 100644 --- a/rules/S6745/java/rule.adoc +++ b/rules/S6745/java/rule.adoc @@ -17,6 +17,16 @@ As the number of immediate dependents increases, the component's scalability can Only basic Interfaces or utility classes should be allowed to become Local Butterflies. +=== Exceptions + +* The rule ignores simple components (class/record/interface). Simple components are less subject to being changed, so + the likelihood of breaking a lot of other places is reduced. The rule considers a component simple when the number + of "public field count + public method count + public method parameter count" <= 10. And `Object` methods `equals`, + `hashCode`, `toString` and `compareTo` are ignored in the computation. +* The rule has a different threshold for "data classes", classes with only public constructors/getters/setters/fields, + and a maximum of one other public method (ignoring `equals`, `hashCode`, `toString` and `compareTo`). In this case, + the threshold is doubled. + == How to fix it To mitigate these issues, it is recommended to consider alternative design patterns that promote loose coupling and separation of concerns. diff --git a/rules/S6749/javascript/metadata.json b/rules/S6749/javascript/metadata.json index 4dc1b5235a0..006e4ec4329 100644 --- a/rules/S6749/javascript/metadata.json +++ b/rules/S6749/javascript/metadata.json @@ -9,7 +9,7 @@ "tags": [ "react" ], - "defaultSeverity": "Major", + "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6749", "sqKey": "S6749", "scope": "All", diff --git a/rules/S6751/secrets/metadata.json b/rules/S6751/secrets/metadata.json index 709a0dfc79b..0905d19156c 100644 --- a/rules/S6751/secrets/metadata.json +++ b/rules/S6751/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6752/secrets/metadata.json b/rules/S6752/secrets/metadata.json index b51f01910a0..d1192b2e857 100644 --- a/rules/S6752/secrets/metadata.json +++ b/rules/S6752/secrets/metadata.json @@ -1,59 +1,59 @@ { - "title": "Artifactory tokens should not be disclosed", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "TRUSTWORTHY" + "title": "Artifactory tokens should not be disclosed", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "BLOCKER" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe", - "cert" + "attribute": "TRUSTWORTHY" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe", + "cert" + ], + "extra": { + "replacementRules": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6752", + "sqKey": "S6752", + "scope": "All", + "securityStandards": { + "CWE": [ + 798, + 259 ], - "extra": { - "replacementRules": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-6752", - "sqKey": "S6752", - "scope": "All", - "securityStandards": { - "CWE": [ - 798, - 259 - ], - "OWASP": [ - "A3" - ], - "CERT": [ - "MSC03-J." - ], - "OWASP Top 10 2021": [ - "A7" - ], - "PCI DSS 3.2": [ - "6.5.10" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "2.10.4", - "3.5.2", - "6.4.1" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" + "OWASP": [ + "A3" + ], + "CERT": [ + "MSC03-J." + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" ], - "quickfix": "unknown" - } - \ No newline at end of file + "STIG ASD_V5R3": [ + "V-222642" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S6753/secrets/metadata.json b/rules/S6753/secrets/metadata.json index b45c5250eeb..d26e61c66ca 100644 --- a/rules/S6753/secrets/metadata.json +++ b/rules/S6753/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6754/javascript/metadata.json b/rules/S6754/javascript/metadata.json index 5a5db9f9ddf..5edcb13229b 100644 --- a/rules/S6754/javascript/metadata.json +++ b/rules/S6754/javascript/metadata.json @@ -8,7 +8,7 @@ }, "tags": [ ], - "defaultSeverity": "Major", + "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6754", "sqKey": "S6754", "scope": "All", diff --git a/rules/S6755/secrets/metadata.json b/rules/S6755/secrets/metadata.json index fad0db405d2..1231104bc59 100644 --- a/rules/S6755/secrets/metadata.json +++ b/rules/S6755/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6758/secrets/metadata.json b/rules/S6758/secrets/metadata.json index dfbc734e8e2..abdbb5cd746 100644 --- a/rules/S6758/secrets/metadata.json +++ b/rules/S6758/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6759/javascript/metadata.json b/rules/S6759/javascript/metadata.json index 0e4f40df309..61c6fd74ad5 100644 --- a/rules/S6759/javascript/metadata.json +++ b/rules/S6759/javascript/metadata.json @@ -10,7 +10,7 @@ "react", "type-dependent" ], - "defaultSeverity": "Major", + "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6759", "sqKey": "S6759", "scope": "All", diff --git a/rules/S6760/secrets/metadata.json b/rules/S6760/secrets/metadata.json index f4696aec2ed..09d4514c225 100644 --- a/rules/S6760/secrets/metadata.json +++ b/rules/S6760/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6762/secrets/metadata.json b/rules/S6762/secrets/metadata.json index 5cb766b5998..f494e903553 100644 --- a/rules/S6762/secrets/metadata.json +++ b/rules/S6762/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6762/secrets/rule.adoc b/rules/S6762/secrets/rule.adoc index eace6babd21..f19db1d306e 100644 --- a/rules/S6762/secrets/rule.adoc +++ b/rules/S6762/secrets/rule.adoc @@ -10,13 +10,11 @@ If an attacker gains access to a Grafana personal access token or Granafa Cloud Depending on the permissions given to the secret, the impact might range from the compromise of the data of some dashboards to a full takeover of the Grafana environment. -include::../../../shared_content/secrets/impact/data_compromise.adoc[] - -==== Application takeover +:service_name: Grafana -With control over the Grafana application, the attacker can modify dashboards, alter data sources, or inject malicious code. This can result in the manipulation of displayed data, misleading visualizations, or even the introduction of backdoors for further exploitation. +include::../../../shared_content/secrets/impact/data_compromise.adoc[] -The attacker may even attempt to escalate their privileges within the Grafana environment. By gaining administrative access or higher-level permissions, they can perform more significant actions, such as modifying access controls, adding or deleting users, or changing system configurations. +include::../../../shared_content/secrets/impact/dataviz_takeover.adoc[] == How to fix it diff --git a/rules/S6764/secrets/metadata.json b/rules/S6764/secrets/metadata.json index 3c14aaa369e..b26f1391b63 100644 --- a/rules/S6764/secrets/metadata.json +++ b/rules/S6764/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6765/secrets/metadata.json b/rules/S6765/secrets/metadata.json index b62bec841e1..9b482124e04 100644 --- a/rules/S6765/secrets/metadata.json +++ b/rules/S6765/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6767/javascript/metadata.json b/rules/S6767/javascript/metadata.json index d98c2561bdd..d9abd67c033 100644 --- a/rules/S6767/javascript/metadata.json +++ b/rules/S6767/javascript/metadata.json @@ -9,7 +9,7 @@ "tags": [ "react" ], - "defaultSeverity": "Major", + "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6767", "sqKey": "S6767", "scope": "All", diff --git a/rules/S6768/secrets/metadata.json b/rules/S6768/secrets/metadata.json index 6c9dbf9e195..aec7f255e59 100644 --- a/rules/S6768/secrets/metadata.json +++ b/rules/S6768/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6769/secrets/metadata.json b/rules/S6769/secrets/metadata.json index 59cf0e78959..dafbafd947d 100644 --- a/rules/S6769/secrets/metadata.json +++ b/rules/S6769/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -47,10 +47,13 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6770/javascript/metadata.json b/rules/S6770/javascript/metadata.json index 4a79740f6af..888c18c5430 100644 --- a/rules/S6770/javascript/metadata.json +++ b/rules/S6770/javascript/metadata.json @@ -9,7 +9,7 @@ "tags": [ "react" ], - "defaultSeverity": "Major", + "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6770", "sqKey": "S6770", "scope": "All", diff --git a/rules/S6771/secrets/metadata.json b/rules/S6771/secrets/metadata.json index 531ff3c7fb2..5e1fef849e8 100644 --- a/rules/S6771/secrets/metadata.json +++ b/rules/S6771/secrets/metadata.json @@ -1,59 +1,59 @@ { - "title": "Postman tokens should not be disclosed", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "TRUSTWORTHY" + "title": "Postman tokens should not be disclosed", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "BLOCKER" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe", - "cert" + "attribute": "TRUSTWORTHY" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe", + "cert" + ], + "extra": { + "replacementRules": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6771", + "sqKey": "S6771", + "scope": "All", + "securityStandards": { + "CWE": [ + 798, + 259 ], - "extra": { - "replacementRules": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-6771", - "sqKey": "S6771", - "scope": "All", - "securityStandards": { - "CWE": [ - 798, - 259 - ], - "OWASP": [ - "A3" - ], - "CERT": [ - "MSC03-J." - ], - "OWASP Top 10 2021": [ - "A7" - ], - "PCI DSS 3.2": [ - "6.5.10" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "2.10.4", - "3.5.2", - "6.4.1" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" + "OWASP": [ + "A3" + ], + "CERT": [ + "MSC03-J." + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" ], - "quickfix": "unknown" - } - \ No newline at end of file + "STIG ASD_V5R3": [ + "V-222642" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S6773/secrets/metadata.json b/rules/S6773/secrets/metadata.json index 0602a0324ba..504cd54e247 100644 --- a/rules/S6773/secrets/metadata.json +++ b/rules/S6773/secrets/metadata.json @@ -1,59 +1,59 @@ { - "title": "Hashicorp tokens should not be disclosed", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "TRUSTWORTHY" + "title": "Hashicorp tokens should not be disclosed", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "BLOCKER" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe", - "cert" + "attribute": "TRUSTWORTHY" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe", + "cert" + ], + "extra": { + "replacementRules": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6773", + "sqKey": "S6773", + "scope": "All", + "securityStandards": { + "CWE": [ + 798, + 259 ], - "extra": { - "replacementRules": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-6773", - "sqKey": "S6773", - "scope": "All", - "securityStandards": { - "CWE": [ - 798, - 259 - ], - "OWASP": [ - "A3" - ], - "CERT": [ - "MSC03-J." - ], - "OWASP Top 10 2021": [ - "A7" - ], - "PCI DSS 3.2": [ - "6.5.10" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "2.10.4", - "3.5.2", - "6.4.1" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" + "OWASP": [ + "A3" + ], + "CERT": [ + "MSC03-J." + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" ], - "quickfix": "unknown" - } - \ No newline at end of file + "STIG ASD_V5R3": [ + "V-222642" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S6775/javascript/metadata.json b/rules/S6775/javascript/metadata.json index dda8e387ca9..c4c7e768c94 100644 --- a/rules/S6775/javascript/metadata.json +++ b/rules/S6775/javascript/metadata.json @@ -9,7 +9,7 @@ "tags": [ "react" ], - "defaultSeverity": "Major", + "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6775", "sqKey": "S6775", "scope": "All", diff --git a/rules/S6776/csharp/how-to-fix-it/asp.net.adoc b/rules/S6776/csharp/how-to-fix-it/asp.net.adoc new file mode 100644 index 00000000000..904d9b0a719 --- /dev/null +++ b/rules/S6776/csharp/how-to-fix-it/asp.net.adoc @@ -0,0 +1,56 @@ +== How to fix it in ASP.NET + +Implement proper error handling by reporting customized error messages that do not contain a detailed stack trace. Log the exception stack trace if needed. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +[ApiController] +[Route("/")] +public class StacktraceController : ControllerBase +{ + [HttpGet("Exception")] + public string ExceptionEndpoint() + { + try { + throw new InvalidOperationException(ExceptionMessage); + } + catch (Exception ex) { + return ex.StackTrace; // Noncompliant + } + return "Ok"; + } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +[ApiController] +[Route("/")] +public class StacktraceController : ControllerBase +{ + private readonly ILogger Logger; + + public StacktraceController(ILogger logger) + { + Logger = logger; + } + + [HttpGet("Exception")] + public string ExceptionEndpoint() + { + try { + throw new InvalidOperationException(ExceptionMessage); + } + catch (Exception ex) { + Logger.LogError(ex.StackTrace); + } + return "Ok"; + } +} +---- diff --git a/rules/S6776/csharp/how-to-fix-it/blazor.adoc b/rules/S6776/csharp/how-to-fix-it/blazor.adoc new file mode 100644 index 00000000000..338778c0b9c --- /dev/null +++ b/rules/S6776/csharp/how-to-fix-it/blazor.adoc @@ -0,0 +1,55 @@ +== How to fix it in Blazor + +Implement proper error handling by reporting customized error messages that do not contain a detailed stack trace. Log the exception stack trace if needed. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=2,diff-type=noncompliant] +---- +@page "/" + +

    @Content

    + +@code { + private String Content = ""; + + protected override void OnInitialized() + { + try + { + throw new InvalidOperationException(""); + } + catch (Exception ex) + { + Content = ex.StackTrace; + } + } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=2,diff-type=compliant] +---- +@page "/" +@using Microsoft.Extensions.Logging +@inject ILogger Logger + +

    Internal Server Error

    + +@code { + protected override void OnInitialized() + { + try + { + throw new InvalidOperationException(""); + } + catch (Exception ex) + { + Logger.LogError(ex.StackTrace); + } + } +} +---- diff --git a/rules/S6776/csharp/metadata.json b/rules/S6776/csharp/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6776/csharp/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6776/csharp/rule.adoc b/rules/S6776/csharp/rule.adoc new file mode 100644 index 00000000000..0bab83b20d2 --- /dev/null +++ b/rules/S6776/csharp/rule.adoc @@ -0,0 +1,41 @@ +Exception stack traces contain sensitive data that the application's code should +not disclose as error messages. + +== Why is this an issue? + +Stack traces contain sensitive data like filenames or folder hierarchies. +They can expose implementation details, including the application's +architecture, logic, and potential vulnerabilities. Attackers can leverage these +valuable insights to identify weaknesses, devise attack strategies, and exploit +vulnerabilities. + +// How to fix it section + +include::how-to-fix-it/asp.net.adoc[] + +include::how-to-fix-it/blazor.adoc[] + +== Resources + +=== Standards + +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/209[CWE-209 - Generation of Error Message Containing Sensitive Information] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Source: this invocation returns a stack trace. +Sink: this invocation outputs sensitive content to the HTTP response. + + +endif::env-github,rspecator-view[] diff --git a/rules/S6776/metadata.json b/rules/S6776/metadata.json new file mode 100644 index 00000000000..b783f0ab937 --- /dev/null +++ b/rules/S6776/metadata.json @@ -0,0 +1,48 @@ +{ + "title": "Stack traces should not be disclosed", + "type": "VULNERABILITY", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6776", + "sqKey": "S6776", + "scope": "All", + "securityStandards": { + "CWE": [ + 489, + 209 + ], + "OWASP": [ + "A3" + ], + "OWASP Top 10 2021": [ + "A4" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "14.3.1", + "14.3.2" + ], + "STIG ASD_V5R3": [ + "V-222610" + ] + }, + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "SECURITY": "LOW" + }, + "attribute": "COMPLETE" + } +} diff --git a/rules/S6776/python/how-to-fix-it/flask.adoc b/rules/S6776/python/how-to-fix-it/flask.adoc new file mode 100644 index 00000000000..41c5ed62522 --- /dev/null +++ b/rules/S6776/python/how-to-fix-it/flask.adoc @@ -0,0 +1,26 @@ +== How to fix it in Flask + +Implement proper error handling by reporting customized error messages that do not contain a detailed stack trace. Log the exception stack trace if needed. + +=== Code examples + +==== Noncompliant code example + +[source,python,diff-id=1,diff-type=noncompliant] +---- +@app.errorhandler(500) +def internal_server_error(error): + error_message = traceback.format_stack() + return render_template('error.html', error_message=error_message), 500 +---- + +==== Compliant solution + +[source,python,diff-id=1,diff-type=compliant] +---- +@app.errorhandler(500) +def internal_server_error(error): + error_message = "Internal Server Error" + logging.exception() + return render_template('error.html', error_message=error_message), 500 +---- diff --git a/rules/S6776/python/metadata.json b/rules/S6776/python/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6776/python/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6776/python/rule.adoc b/rules/S6776/python/rule.adoc new file mode 100644 index 00000000000..2fcf7124546 --- /dev/null +++ b/rules/S6776/python/rule.adoc @@ -0,0 +1,39 @@ +Exception stack traces contain sensitive data that the application's code should not disclose as error messages. + +== Why is this an issue? + +Stack traces contain sensitive data like filenames or folder hierarchies. +They can expose implementation details, including the application's architecture, logic, and potential vulnerabilities. +Attackers can leverage these valuable insights to identify weaknesses, devise attack strategies, and exploit vulnerabilities. + +// How to fix it section + +include::how-to-fix-it/flask.adoc[] + +== Resources +=== Documentation + +Python Documentation - https://docs.python.org/3/library/traceback.html[traceback — Print or retrieve a stack traceback] + +=== Standards + +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* CWE - https://cwe.mitre.org/data/definitions/209[CWE-209 - Generation of Error Message Containing Sensitive Information] +* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222610[Application Security and Development: V-222610] - The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Source: this invocation returns a stack trace. +Sink: this invocation outputs sensitive content to the HTTP response. + + +endif::env-github,rspecator-view[] diff --git a/rules/S6777/secrets/metadata.json b/rules/S6777/secrets/metadata.json index 15ec071519a..a4b9370b500 100644 --- a/rules/S6777/secrets/metadata.json +++ b/rules/S6777/secrets/metadata.json @@ -1,59 +1,59 @@ { - "title": "Shippo tokens should not be disclosed", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "TRUSTWORTHY" + "title": "Shippo tokens should not be disclosed", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "BLOCKER" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe", - "cert" + "attribute": "TRUSTWORTHY" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe", + "cert" + ], + "extra": { + "replacementRules": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6777", + "sqKey": "S6777", + "scope": "All", + "securityStandards": { + "CWE": [ + 798, + 259 ], - "extra": { - "replacementRules": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-6777", - "sqKey": "S6777", - "scope": "All", - "securityStandards": { - "CWE": [ - 798, - 259 - ], - "OWASP": [ - "A3" - ], - "CERT": [ - "MSC03-J." - ], - "OWASP Top 10 2021": [ - "A7" - ], - "PCI DSS 3.2": [ - "6.5.10" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "2.10.4", - "3.5.2", - "6.4.1" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" + "OWASP": [ + "A3" + ], + "CERT": [ + "MSC03-J." + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" ], - "quickfix": "unknown" - } - \ No newline at end of file + "STIG ASD_V5R3": [ + "V-222642" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S6778/java/metadata.json b/rules/S6778/java/metadata.json index 281d58ea96b..0fd2ed0a5ed 100644 --- a/rules/S6778/java/metadata.json +++ b/rules/S6778/java/metadata.json @@ -1,13 +1,12 @@ { - "title": "This is a rule showcasing a rule with mutliple frameworks", + "title": "This is a rule showcasing a rule with multiple frameworks", "type": "CODE_SMELL", "status": "ready", "remediation": { "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - ], + "tags": ["rspec-showcase"], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6778", "sqKey": "S6778", diff --git a/rules/S6779/python/metadata.json b/rules/S6779/python/metadata.json index 72eede3b818..17590e8ef38 100644 --- a/rules/S6779/python/metadata.json +++ b/rules/S6779/python/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -14,12 +14,11 @@ }, "tags": [ "cwe", - "cert" + "cert", + "flask" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6779", @@ -55,4 +54,4 @@ "Sonar way" ], "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6780/java/metadata.json b/rules/S6780/java/metadata.json new file mode 100644 index 00000000000..4a076c0d3ba --- /dev/null +++ b/rules/S6780/java/metadata.json @@ -0,0 +1,23 @@ +{ + "title": "Assertion conditions should not evaluate to false", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6780", + "sqKey": "S6780", + "scope": "All", + "defaultQualityProfiles": [], + "quickfix": "unknown", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } +} diff --git a/rules/S6780/java/rule.adoc b/rules/S6780/java/rule.adoc new file mode 100644 index 00000000000..0bd785a2a21 --- /dev/null +++ b/rules/S6780/java/rule.adoc @@ -0,0 +1,18 @@ +== Why is this an issue? + +Assertions in Java are used to test assumptions that should hold true at a certain point in the program. An assertion with a condition that is always false will fail, which can lead to unexpected program termination. Moreover, an assertion that is always false often indicates a logic error or misunderstanding in the code, which could lead to further issues. + +=== Noncompliant code example + +[source,java] +---- + void caller() { + // Noncompliant: triggers an AssertionError because the array length is 2 + printFifth(new int[2]); + } + + void printFifth(int[] a) { + assert a.length == 5; + System.out.println(a[4]); + } +---- diff --git a/rules/S6780/metadata.json b/rules/S6780/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6780/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6781/csharp/how-to-fix/net-core.adoc b/rules/S6781/csharp/how-to-fix/net-core.adoc new file mode 100644 index 00000000000..c7593a57ebf --- /dev/null +++ b/rules/S6781/csharp/how-to-fix/net-core.adoc @@ -0,0 +1,144 @@ +== How to fix it in ASP.NET Core + +=== Code examples + +==== Noncompliant code example + +Secrets stored in `appsettings.json` can be read by anyone with access to the file. + +[source,csharp,diff-id=101,diff-type=noncompliant] +---- +[ApiController] +[Route("login-example")] +public class LoginExampleController : ControllerBase +{ + private readonly IConfiguration _config; + public LoginExampleController(IConfiguration config) + { + _config = config; + } + + [HttpPost] + public IActionResult Post([FromBody] LoginModel login) + { + // Code to validate the login information is omitted + + var key = _config["Jwt:Key"] ?? + throw new ApplicationException("JWT key is not configured."); + var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); // Noncompliant + var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); + + var Sectoken = new JwtSecurityToken( + "example.com", + "example.com", + null, + expires: DateTime.Now.AddMinutes(120), + signingCredentials: credentials); + + var token = new JwtSecurityTokenHandler().WriteToken(Sectoken); + return Ok(token); + } +} +---- + +Secrets that are hard-coded into the application can be read by anyone with access to the source code or can be decompiled from the application binaries. + +[source,csharp] +---- +[ApiController] +[Route("login-example")] +public class LoginExampleController : ControllerBase +{ + private const string key = "SecretSecretSecretSecretSecretSecretSecretSecret"; + + [HttpPost] + public IActionResult Post([FromBody] LoginModel login) + { + // Code to validate the login information is omitted + + var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); // Noncompliant + var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); + + var Sectoken = new JwtSecurityToken( + "example.com", + "example.com", + null, + expires: DateTime.Now.AddMinutes(120), + signingCredentials: credentials); + + var token = new JwtSecurityTokenHandler().WriteToken(Sectoken); + return Ok(token); + } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=101,diff-type=compliant] +---- +[ApiController] +[Route("login-example")] +public class LoginExampleController : ControllerBase +{ + [HttpPost] + public IActionResult Post([FromBody] LoginModel login) + { + // Code to validate the login information is omitted + + var key = Environment.GetEnvironmentVariable("JWT_KEY") ?? + throw new ApplicationException("JWT key is not configured."); + var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); + var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); + + var Sectoken = new JwtSecurityToken( + "example.com", + "example.com", + null, + expires: DateTime.Now.AddMinutes(120), + signingCredentials: credentials); + + var token = new JwtSecurityTokenHandler().WriteToken(Sectoken); + return Ok(token); + } +} +---- + +=== How does this work? + +Here, the compliant solution uses an environment variable to hold the secret. Environment variables are easy to change and are not easily accessible outside of the application. + +=== Going the extra mile + +==== Use a secret vault + +Secret vaults provide secure methods for storing and accessing secrets. They protect against the unexpected disclosure of the secrets they store. + +Microsoft recommends using Azure Key Vault with .NET Core applications. + +[source,csharp] +---- +var builder = WebApplication.CreateBuilder(args); + +// Get the name of the key vault +var keyVaultName = Environment.GetEnvironmentVariable("AZURE_KEYVAULT") ?? + throw new ApplicationException("Azure Key Vault location is not configured."); +// Add Azure Key Vault in the configuration +builder.Configuration.AddAzureKeyVault(new Uri($"https://{keyVaultName}.vault.azure.net/"), new EnvironmentCredential()); +// Get the JWT secret from Azure Key Vault +var jwtKey = builder.Configuration.GetSection("JWT-KEY").Get() ?? + throw new ApplicationException("JWT key is not configured."); + +builder.Services + .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddJwtBearer(options => { + options.TokenValidationParameters = new TokenValidationParameters{ + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey!)), + ValidateIssuerSigningKey = true, + ValidIssuer = "example.com", + ValidateIssuer = true, + ValidAudience = "example.com", + ValidateAudience = true, + ValidateLifetime = true, + }; + }); +---- diff --git a/rules/S6781/csharp/how-to-fix/net-framework.adoc b/rules/S6781/csharp/how-to-fix/net-framework.adoc new file mode 100644 index 00000000000..c1df5218073 --- /dev/null +++ b/rules/S6781/csharp/how-to-fix/net-framework.adoc @@ -0,0 +1,96 @@ +== How to fix it in ASP.NET + +=== Code examples + +==== Noncompliant code example + +Secrets stored in `web.config` can be read by anyone with access to the file. + +[source,csharp,diff-id=201,diff-type=noncompliant] +---- +public class LoginExampleController : ApiController +{ + public IHttpActionResult Post([FromBody] LoginModel login) + { + // Code to validate the login information is omitted + + var key = ConfigurationManager.AppSettings["key"] ?? + throw new ApplicationException("JWT key is not configured."); + var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); + var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); + + var secToken = new JwtSecurityToken( + "example.com", + "example.com", + null, + expires: DateTime.Now.AddMinutes(120), + signingCredentials: credentials + ); + + var token = new JwtSecurityTokenHandler().WriteToken(secToken); + return Ok(token); + } +} +---- + +Secrets that are hard-coded into the application can be read by anyone with access to the source code or can be decompiled from the application binaries. + +[source,csharp] +---- +public class LoginExampleController : ApiController +{ + private const string key = "SecretSecretSecretSecretSecretSecretSecretSecret"; + + public IHttpActionResult Post([FromBody] LoginModel login) + { + // Code to validate the login information is omitted + + var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); + var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); + + var secToken = new JwtSecurityToken( + "example.com", + "example.com", + null, + expires: DateTime.Now.AddMinutes(120), + signingCredentials: credentials + ); + + var token = new JwtSecurityTokenHandler().WriteToken(secToken); + return Ok(token); + } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=201,diff-type=compliant] +---- +public class LoginExampleController : ApiController +{ + public IHttpActionResult Post([FromBody] LoginModel login) + { + // Code to validate the login information is omitted + + var key = Environment.GetEnvironmentVariable("JWT_KEY") ?? + throw new ApplicationException("JWT key is not configured."); + var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); + var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); + + var secToken = new JwtSecurityToken( + "example.com", + "example.com", + null, + expires: DateTime.Now.AddMinutes(120), + signingCredentials: credentials + ); + + var token = new JwtSecurityTokenHandler().WriteToken(secToken); + return Ok(token); + } +} +---- + +=== How does this work? + +Here, the compliant solution uses an environment variable to hold the secret. Environment variables are easy to change and are not easily accessible outside of the application. diff --git a/rules/S6781/csharp/metadata.json b/rules/S6781/csharp/metadata.json new file mode 100644 index 00000000000..598adf23a3c --- /dev/null +++ b/rules/S6781/csharp/metadata.json @@ -0,0 +1,7 @@ +{ + "tags": [ + "cwe", + "cert", + "symbolic-execution" + ] +} \ No newline at end of file diff --git a/rules/S6781/csharp/rule.adoc b/rules/S6781/csharp/rule.adoc new file mode 100644 index 00000000000..9145187932b --- /dev/null +++ b/rules/S6781/csharp/rule.adoc @@ -0,0 +1,44 @@ +include::../../../shared_content/secrets/description.adoc[] + +== Why is this an issue? + +include::../../../shared_content/secrets/rationale.adoc[] + +=== What is the potential impact? + +include::../impact.adoc[] + +// How to fix it section + +include::./how-to-fix/net-core.adoc[] + +include::./how-to-fix/net-framework.adoc[] + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytoken?view=msal-web-dotnet-latest[JwtSecurityToken Class Class] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.symmetricsecuritykey?view=dotnet-plat-ext-8.0[SymmetricSecurityKey Class] + +include::../../../shared_content/secrets/resources/standards.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +* When secrets are stored in configuration files: +** Make sure that JWT secret keys used in production are not stored in source control. +* Other cases: +** JWT secret keys should not be disclosed. + +=== Highlight + +The call to create a new instance of `SymmetricSecurityKey`. + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6781/impact.adoc b/rules/S6781/impact.adoc new file mode 100644 index 00000000000..10b097ecb33 --- /dev/null +++ b/rules/S6781/impact.adoc @@ -0,0 +1,12 @@ +If a JWT secret key leaks to an unintended audience, it can have serious +security implications for the corresponding application. The secret key is used +to encode and decode JWTs when using a symmetric signing algorithm, and an +attacker could potentially use it to perform malicious actions. + +For example, an attacker could use the secret key to create their own +authentication tokens that appear to be legitimate, allowing them to bypass +authentication and gain access to sensitive data or functionality. + +In the worst-case scenario, an attacker could be able to execute arbitrary code +on the application by abusing administrative features, and take over its hosting +server. diff --git a/rules/S6781/metadata.json b/rules/S6781/metadata.json index 2c63c085104..f005b6164d4 100644 --- a/rules/S6781/metadata.json +++ b/rules/S6781/metadata.json @@ -1,2 +1,55 @@ { + "title": "JWT secret keys should not be disclosed", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "BLOCKER" + }, + "attribute": "TRUSTWORTHY" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe", + "cert" + ], + "extra": { + "replacementRules": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6781", + "sqKey": "S6781", + "scope": "All", + "securityStandards": { + "CWE": [ + 798, + 259 + ], + "OWASP": [ + "A3" + ], + "CERT": [ + "MSC03-J." + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "6.4.1" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" } diff --git a/rules/S6781/python/how-to-fix-it/django.adoc b/rules/S6781/python/how-to-fix-it/django.adoc new file mode 100644 index 00000000000..61cd8efce10 --- /dev/null +++ b/rules/S6781/python/how-to-fix-it/django.adoc @@ -0,0 +1,75 @@ +== How to fix it in Django + +=== Code examples + +==== Noncompliant code example + +The following noncompliant Django REST framework application contains a hard-coded secret that can be exposed unintentionally. + +[source,python,diff-id=401,diff-type=noncompliant] +---- +INSTALLED_APPS = [ + 'django.contrib.admin', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.messages', + 'django.contrib.staticfiles', + 'rest_framework', +] + +REST_FRAMEWORK = { + 'DEFAULT_PERMISSION_CLASSES': [ + 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly', + ], + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework_simplejwt.authentication.JWTAuthentication', + ) +} + +SIMPLE_JWT = { + "ALGORITHM": "HS256", + "SIGNING_KEY": "secret" # Noncompliant +} +---- + +==== Compliant solution + +A solution is to set this secret in an environment variable. + +[source,python,diff-id=401,diff-type=compliant] +---- +INSTALLED_APPS = [ + 'django.contrib.admin', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.messages', + 'django.contrib.staticfiles', + 'rest_framework', +] + +REST_FRAMEWORK = { + 'DEFAULT_PERMISSION_CLASSES': [ + 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly', + ], + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework_simplejwt.authentication.JWTAuthentication', + ) +} + +SIMPLE_JWT = { + "ALGORITHM": "HS256", + "SIGNING_KEY": os.environ["SIGNING_KEY"] +} +---- + + +//=== How does this work? + +//=== Pitfalls + +=== Going the extra mile + +include::../../../../shared_content/secrets/fix/vault.adoc[] + diff --git a/rules/S6781/python/how-to-fix-it/flask.adoc b/rules/S6781/python/how-to-fix-it/flask.adoc new file mode 100644 index 00000000000..df91366b394 --- /dev/null +++ b/rules/S6781/python/how-to-fix-it/flask.adoc @@ -0,0 +1,40 @@ +== How to fix it in Flask + +include::revoke.adoc[] + +=== Code examples + +==== Noncompliant code example + +The following noncompliant code contains a hard-coded secret that can be exposed unintentionally. + +[source,python,diff-id=101,diff-type=noncompliant] +---- +from flask import Flask + +app = Flask(__name__) +app.config['JWT_SECRET_KEY'] = secret_key # Noncompliant +---- + +==== Compliant solution + +A solution is to set this secret in an environment string. + +[source,python,diff-id=101,diff-type=compliant] +---- +from flask import Flask +import os + +app = Flask(__name__) +app.config['JWT_SECRET_KEY'] = os.environ["JWT_SECRET_KEY"] +---- + + +//=== How does this work? + +//=== Pitfalls + +=== Going the extra mile + +include::../../../../shared_content/secrets/fix/vault.adoc[] + diff --git a/rules/S6781/python/how-to-fix-it/pyjwt.adoc b/rules/S6781/python/how-to-fix-it/pyjwt.adoc new file mode 100644 index 00000000000..be8b28254a1 --- /dev/null +++ b/rules/S6781/python/how-to-fix-it/pyjwt.adoc @@ -0,0 +1,155 @@ +== How to fix it in PyJWT + +=== Code examples + +==== Noncompliant code example + +The following noncompliant FastAPI application contains a hard-coded secret that can be exposed unintentionally. + +[source,python,diff-id=301,diff-type=noncompliant] +---- +from typing import Dict +from fastapi import Depends, FastAPI +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +import jwt + + +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") +secret_key = 'secret' + + +def create_access_token(data: dict): + to_encode = data.copy() + to_encode.update({"exp": datetime.now(timezone.utc) + + timedelta(minutes=15)}) + return jwt.encode(to_encode, secret_key, algorithm="HS256") # Noncompliant + +def validate_login(username: str, password: str) -> None: + ... + + +@app.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends() +) -> Dict[str, str]: + validate_login(form_data.username, form_data.password) + return dict(access_token=create_access_token(data={"sub": form_data.username})) +---- + +==== Compliant solution + +A solution is to set this secret in an environment string. + +[source,python,diff-id=301,diff-type=compliant] +---- +from typing import Dict +from fastapi import Depends, FastAPI +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +import jwt +import os + + +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") +secret_key = os.environ["JWT_SECRET_KEY"] + + +def create_access_token(data: dict): + to_encode = data.copy() + to_encode.update({"exp": datetime.now(timezone.utc) + + timedelta(minutes=15)}) + return jwt.encode(to_encode, secret_key, algorithm="HS256") + +def validate_login(username: str, password: str) -> None: + ... + + +@app.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends() +) -> Dict[str, str]: + validate_login(form_data.username, form_data.password) + return dict(access_token=create_access_token(data={"sub": form_data.username})) +---- + +==== Noncompliant code example + +[source,python,diff-id=302,diff-type=noncompliant] +---- +from typing import Dict +from fastapi import Depends, FastAPI +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +import jwt + + +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") + +private_key = '''-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAK5Lsx5Ow0N+d +... +-----END PRIVATE KEY-----''' + + +def create_access_token(data: dict): + to_encode = data.copy() + to_encode.update({"exp": datetime.now(timezone.utc) + + timedelta(minutes=15)}) + return jwt.encode(to_encode, private_key, algorithm="RS256") # Noncompliant + +def validate_login(username: str, password: str) -> None: + ... + + +@app.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends() +) -> Dict[str, str]: + validate_login(form_data.username, form_data.password) + return dict(access_token=create_access_token(data={"sub": form_data.username})) +---- + +==== Compliant solution + +When using an asymmetric encryption algorithm, the keys can be loaded from a file instead of being hardcoded. + +[source,python,diff-id=302,diff-type=compliant] +---- +from typing import Dict +from fastapi import Depends, FastAPI +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +import jwt + + +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") + +private_key = '' +with open('resources/rs256.pem', 'r') as f: + private_key = f.read() + + +def create_access_token(data: dict): + to_encode = data.copy() + to_encode.update({"exp": datetime.now(timezone.utc) + + timedelta(minutes=15)}) + return jwt.encode(to_encode, private_key, algorithm="RS256") + +def validate_login(username: str, password: str) -> None: + ... + + +@app.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends() +) -> Dict[str, str]: + validate_login(form_data.username, form_data.password) + return dict(access_token=create_access_token(data={"sub": form_data.username})) +---- + + +//=== How does this work? + +//=== Pitfalls + +=== Going the extra mile + +include::../../../../shared_content/secrets/fix/vault.adoc[] + diff --git a/rules/S6781/python/how-to-fix-it/python-jose.adoc b/rules/S6781/python/how-to-fix-it/python-jose.adoc new file mode 100644 index 00000000000..acb4d42826f --- /dev/null +++ b/rules/S6781/python/how-to-fix-it/python-jose.adoc @@ -0,0 +1,155 @@ +== How to fix it in python-jose + +=== Code examples + +==== Noncompliant code example + +The following noncompliant FastAPI application contains a hard-coded secret that can be exposed unintentionally. + +[source,python,diff-id=201,diff-type=noncompliant] +---- +from typing import Dict +from fastapi import Depends, FastAPI +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +from jose import jwt + + +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") +secret_key = 'secret' + + +def create_access_token(data: dict): + to_encode = data.copy() + to_encode.update({"exp": datetime.now(timezone.utc) + + timedelta(minutes=15)}) + return jwt.encode(to_encode, secret_key, algorithm="HS256") # Noncompliant + +def validate_login(username: str, password: str) -> None: + ... + + +@app.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends() +) -> Dict[str, str]: + validate_login(form_data.username, form_data.password) + return dict(access_token=create_access_token(data={"sub": form_data.username})) +---- + +==== Compliant solution + +A solution is to set this secret in an environment variable. + +[source,python,diff-id=201,diff-type=compliant] +---- +from typing import Dict +from fastapi import Depends, FastAPI +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +from jose import jwt +import os + + +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") +secret_key = os.environ["JWT_SECRET_KEY"] + + +def create_access_token(data: dict): + to_encode = data.copy() + to_encode.update({"exp": datetime.now(timezone.utc) + + timedelta(minutes=15)}) + return jwt.encode(to_encode, secret_key, algorithm="HS256") + +def validate_login(username: str, password: str) -> None: + ... + + +@app.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends() +) -> Dict[str, str]: + validate_login(form_data.username, form_data.password) + return dict(access_token=create_access_token(data={"sub": form_data.username})) +---- + +==== Noncompliant code example + +[source,python,diff-id=202,diff-type=noncompliant] +---- +from typing import Dict +from fastapi import Depends, FastAPI +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +from jose import jwt + + +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") + +private_key = '''-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAK5Lsx5Ow0N+d +... +-----END PRIVATE KEY-----''' + + +def create_access_token(data: dict): + to_encode = data.copy() + to_encode.update({"exp": datetime.now(timezone.utc) + + timedelta(minutes=15)}) + return jwt.encode(to_encode, private_key, algorithm="RS256") # Noncompliant + +def validate_login(username: str, password: str) -> None: + ... + + +@app.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends() +) -> Dict[str, str]: + validate_login(form_data.username, form_data.password) + return dict(access_token=create_access_token(data={"sub": form_data.username})) +---- + +==== Compliant solution + +When using an asymmetric encryption algorithm, the keys can be loaded from a file instead of being hardcoded. + +[source,python,diff-id=202,diff-type=compliant] +---- +from typing import Dict +from fastapi import Depends, FastAPI +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +from jose import jwt + + +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login") + +private_key = '' +with open('resources/rs256.pem', 'r') as f: + private_key = f.read() + + +def create_access_token(data: dict): + to_encode = data.copy() + to_encode.update({"exp": datetime.now(timezone.utc) + + timedelta(minutes=15)}) + return jwt.encode(to_encode, private_key, algorithm="RS256") + +def validate_login(username: str, password: str) -> None: + ... + + +@app.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends() +) -> Dict[str, str]: + validate_login(form_data.username, form_data.password) + return dict(access_token=create_access_token(data={"sub": form_data.username})) +---- + + +//=== How does this work? + +//=== Pitfalls + +=== Going the extra mile + +include::../../../../shared_content/secrets/fix/vault.adoc[] + diff --git a/rules/S6781/python/how-to-fix-it/revoke.adoc b/rules/S6781/python/how-to-fix-it/revoke.adoc new file mode 100644 index 00000000000..5ce3b916f79 --- /dev/null +++ b/rules/S6781/python/how-to-fix-it/revoke.adoc @@ -0,0 +1,3 @@ +include::../../../../shared_content/secrets/fix/revoke.adoc[] + +Changing the secret value is sufficient to invalidate any data that it protected. diff --git a/rules/S6781/python/metadata.json b/rules/S6781/python/metadata.json index 64d7f37effd..2c63c085104 100644 --- a/rules/S6781/python/metadata.json +++ b/rules/S6781/python/metadata.json @@ -1,57 +1,2 @@ { - "title": "JWT secret keys should not be disclosed", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "TRUSTWORTHY" - }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe", - "cert" - ], - "extra": { - "replacementRules": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-6781", - "sqKey": "S6781", - "scope": "All", - "securityStandards": { - "CWE": [ - 798, - 259 - ], - "OWASP": [ - "A3" - ], - "CERT": [ - "MSC03-J." - ], - "OWASP Top 10 2021": [ - "A7" - ], - "PCI DSS 3.2": [ - "6.5.10" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "2.10.4", - "6.4.1" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" - ], - "quickfix": "unknown" -} \ No newline at end of file +} diff --git a/rules/S6781/python/rule.adoc b/rules/S6781/python/rule.adoc index b9fa10b098b..b59216a1327 100644 --- a/rules/S6781/python/rule.adoc +++ b/rules/S6781/python/rule.adoc @@ -6,56 +6,17 @@ include::../../../shared_content/secrets/rationale.adoc[] === What is the potential impact? -If a JWT secret key leaks to an unintended audience, it can have serious -security implications for the corresponding application. The secret key is used -to encode and decode JWTs when using a symmetric signing algorithm, and an -attacker could potentially use it to perform malicious actions. +include::../impact.adoc[] -For example, an attacker could use the secret key to create their own -authentication tokens that appear to be legitimate, allowing them to bypass -authentication and gain access to sensitive data or functionality. +// How to fix it section -In the worst-case scenario, an attacker could be able to execute arbitrary code -on the application by abusing administrative features, and take over its hosting -server. +include::how-to-fix-it/flask.adoc[] -== How to fix it +include::how-to-fix-it/python-jose.adoc[] -include::../../../shared_content/secrets/fix/revoke.adoc[] +include::how-to-fix-it/pyjwt.adoc[] -Changing the secret value is sufficient to invalidate any data that it protected. - -include::../../../shared_content/secrets/fix/vault.adoc[] - -=== Code examples - -==== Noncompliant code example - -[source,python,diff-id=1,diff-type=noncompliant,subs="attributes"] ----- -from flask import Flask - -app = Flask(__name__) -app.config['JWT_SECRET_KEY'] = "secret" # Noncompliant ----- - -==== Compliant solution - -[source,python,diff-id=1,diff-type=compliant,subs="attributes"] ----- -from flask import Flask -import os - -app = Flask(__name__) -app.config['JWT_SECRET_KEY'] = os.environ["JWT_SECRET_KEY"] ----- - - -//=== How does this work? - -//=== Pitfalls - -//=== Going the extra mile +include::how-to-fix-it/django.adoc[] == Resources @@ -64,5 +25,8 @@ include::../../../shared_content/secrets/resources/standards.adoc[] === Documentation * Flask JWT documentation - https://flask-jwt-extended.readthedocs.io/en/stable/options.html#jwt-secret-key[Config - JWT_SECRET_KEY] +* Python-Jose documentation - https://python-jose.readthedocs.io/en/latest/jwt/index.html[JSON Web Token] +* PyJWT documentation - https://pyjwt.readthedocs.io/en/stable/api.html[API Reference] +* Simple JWT documentation - https://django-rest-framework-simplejwt.readthedocs.io/en/latest/settings.html#signing-key[SIGNING_KEY] //=== Benchmarks diff --git a/rules/S6782/secrets/metadata.json b/rules/S6782/secrets/metadata.json index a1b71235978..2c0bba67537 100644 --- a/rules/S6782/secrets/metadata.json +++ b/rules/S6782/secrets/metadata.json @@ -1,59 +1,59 @@ { - "title": "Docker Hub tokens should not be disclosed", - "type": "VULNERABILITY", - "code": { - "impacts": { - "SECURITY": "HIGH" - }, - "attribute": "TRUSTWORTHY" + "title": "Docker Hub tokens should not be disclosed", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "BLOCKER" }, - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "30min" - }, - "tags": [ - "cwe", - "cert" + "attribute": "TRUSTWORTHY" + }, + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [ + "cwe", + "cert" + ], + "extra": { + "replacementRules": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6782", + "sqKey": "S6782", + "scope": "All", + "securityStandards": { + "CWE": [ + 798, + 259 ], - "extra": { - "replacementRules": [ - - ] - }, - "defaultSeverity": "Blocker", - "ruleSpecification": "RSPEC-6782", - "sqKey": "S6782", - "scope": "All", - "securityStandards": { - "CWE": [ - 798, - 259 - ], - "OWASP": [ - "A3" - ], - "CERT": [ - "MSC03-J." - ], - "OWASP Top 10 2021": [ - "A7" - ], - "PCI DSS 3.2": [ - "6.5.10" - ], - "PCI DSS 4.0": [ - "6.2.4" - ], - "ASVS 4.0": [ - "2.10.4", - "3.5.2", - "6.4.1" - ] - }, - "defaultQualityProfiles": [ - "Sonar way" + "OWASP": [ + "A3" + ], + "CERT": [ + "MSC03-J." + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" ], - "quickfix": "unknown" - } - \ No newline at end of file + "STIG ASD_V5R3": [ + "V-222642" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} diff --git a/rules/S6783/secrets/metadata.json b/rules/S6783/secrets/metadata.json index 0ef2bd86ec1..4432eb01192 100644 --- a/rules/S6783/secrets/metadata.json +++ b/rules/S6783/secrets/metadata.json @@ -3,7 +3,7 @@ "type": "VULNERABILITY", "code": { "impacts": { - "SECURITY": "HIGH" + "SECURITY": "BLOCKER" }, "attribute": "TRUSTWORTHY" }, @@ -17,9 +17,7 @@ "cert" ], "extra": { - "replacementRules": [ - - ] + "replacementRules": [] }, "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6783", @@ -49,6 +47,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] }, "defaultQualityProfiles": [ diff --git a/rules/S6784/secrets/metadata.json b/rules/S6784/secrets/metadata.json index 3632573c025..43f5cfd11c9 100644 --- a/rules/S6784/secrets/metadata.json +++ b/rules/S6784/secrets/metadata.json @@ -51,6 +51,9 @@ "2.10.4", "3.5.2", "6.4.1" + ], + "STIG ASD_V5R3": [ + "V-222642" ] } } diff --git a/rules/S6785/metadata.json b/rules/S6785/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6785/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6785/python/metadata.json b/rules/S6785/python/metadata.json new file mode 100644 index 00000000000..95a5a08119d --- /dev/null +++ b/rules/S6785/python/metadata.json @@ -0,0 +1,49 @@ +{ + "title": "GraphQL queries should not be vulnerable to Denial of Service attacks", + "type": "VULNERABILITY", + "status": "ready", + "remediation": { + "func": "Constant/Issue", + "constantCost": "1d" + }, + "tags": [ + "graphql", + "denial-of-service" + ], + "securityStandards": { + "CWE": [ + 770 + ], + "OWASP": [ + "A6" + ], + "OWASP Top 10 2021": [ + "A4", + "A5" + ], + "PCI DSS 3.2": [ + "6.5" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "13.4.1" + ], + "STIG ASD_V5R3": [ + "V-222667" + ] + }, + "defaultSeverity": "Critical", + "ruleSpecification": "RSPEC-6785", + "sqKey": "S6785", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "SECURITY": "HIGH" + }, + "attribute": "COMPLETE" + } +} diff --git a/rules/S6785/python/rule.adoc b/rules/S6785/python/rule.adoc new file mode 100644 index 00000000000..99bcb7bd9f2 --- /dev/null +++ b/rules/S6785/python/rule.adoc @@ -0,0 +1,117 @@ +GraphQL servers are vulnerable to Denial of Service attacks when they fail to +limit the depth of queries. In such a case, an attacker is able to craft complex, +deeply nested queries to make the application unwillingly consume an important +amount of resources. + +== Why is this an issue? + +When a server receives a deeply nested query, it attempts to resolve all the +requested data. This process can consume a substantial amount of computational +resources, leading to a slowdown in server response times. + +=== What is the potential impact? + +A server that faces a resource exhaustion situation can become unstable. +The exact impact will depend on how the affected application is deployed and +how well the hosting server configuration is hardened. + +In the worst case, when the application is deployed in an uncontained +environment, directly on its host system, the memory exhaustion will affect +the whole hosting server. The server’s operating system might start killing +arbitrary memory-intensive processes, including the main application or other +sensitive ones. This will result in a general operating failure, also known +as a Denial of Service (DoS). + +In cases where the application is deployed in a virtualized or otherwise +contained environment, or where resource usage limits are in place, the +consequences are limited to the vulnerable application only. In that case, +other processes and applications hosted on the same server may keep on +running without perturbation. The vulnerable application will still +stop working properly. + +In general, that kind of DoS attack can have severe financial consequences. +They are particularly important when the affected systems are business-critical. + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,python,diff-id=1,diff-type=noncompliant] +---- +from graphql_server.flask import GraphQLView + +app.add_url_rule("/api", + view_func=GraphQLView.as_view( # Noncompliant + name="api", + schema=schema, + ) +) +---- + +==== Compliant solution + +[source,python,diff-id=1,diff-type=compliant] +---- +from graphql_server.flask import GraphQLView +from graphene.validation import depth_limit_validator + +app.add_url_rule("/api", + view_func=GraphQLView.as_view( + name="api", + schema=schema, + validation_rules=[ + depth_limit_validator(10) # Choose a value that fits your application's requirements + ] + ) +) +---- + +=== How does this work? + +==== Avoid circular references + +A prerequisite for deeply nested query to be executed is the presence of +circular references in the database schema. Avoid or minimize +circular references when designing the application's database schema. + +==== Set limits + +Limit the depth of the queries your server will accept. By setting a maximum +depth, you can ensure that excessively nested queries are rejected. Remember, +the values for maximum depth and complexity should be set according to your +application's specific needs. Setting these limits too low could restrict +legitimate queries, while setting them too high could leave your server +vulnerable to attacks. + +The easiest way to set such a limit is to use the query validation API available from Graphene 3. Applications running Graphene 2 should consider upgrading to Graphene 3 to benefit from this API. + +== Resources + +=== Standards + +* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] +* CWE - https://cwe.mitre.org/data/definitions/770[CWE-707 - Allocation of Resources Without Limits or Throttling] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222667[Application Security and Development: V-222667] - Protections against DoS attacks must be implemented. + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +- Change this code to limit the depth of GraphQL queries +- This relationship creates circular references + +=== Highlighting + +- Highlight the call to ``++GraphQLView.as_view++`` (primary location) +- Highlight all calls to ``++sqlalchemy.orm.relationship++`` that create circular references (secondary location) + +''' +endif::env-github,rspecator-view[] diff --git a/rules/S6786/python/metadata.json b/rules/S6786/python/metadata.json index fa2e7659a2a..ef294299688 100644 --- a/rules/S6786/python/metadata.json +++ b/rules/S6786/python/metadata.json @@ -1,5 +1,5 @@ { - "title": "GraphQL introspection should not be allowed", + "title": "GraphQL introspection should be disabled in production", "type": "VULNERABILITY", "status": "ready", "remediation": { @@ -7,7 +7,8 @@ "constantCost": "1h" }, "tags": [ - "cwe" + "cwe", + "graphql" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6786", diff --git a/rules/S6786/python/rule.adoc b/rules/S6786/python/rule.adoc index 9477990f719..7f96dacdb34 100644 --- a/rules/S6786/python/rule.adoc +++ b/rules/S6786/python/rule.adoc @@ -9,7 +9,11 @@ GraphQL introspection is a feature that allows client applications to query the schema of a GraphQL API at runtime. It provides a way for developers to explore and understand the available data and operations supported by the API. -While this feature is useful, it also creates risks if not properly secured. +This feature is a diagnostic tool that should only be used in the development +phase as its presence also creates risks. + +Clear documentation and API references should be considered better +discoverability tools for a public GraphQL API. === What is the potential impact? @@ -59,12 +63,18 @@ app.add_url_rule("/api", ==== Compliant solution +Make sure that introspection is disabled in production environments. You can use +the following code sample as a reference, in conjunction with your own methods +for distinguishing between production and non-production environments. + [source,python,diff-id=1,diff-type=compliant] ---- from graphql_server.flask import GraphQLView + # Only one of the following needs to be used -from graphql.validation import NoSchemaIntrospectionCustomRule # graphql-core v3 -from graphene.validation import DisableIntrospection # graphene v3 +from graphql.validation import NoSchemaIntrospectionCustomRule # graphql-core v3 +from graphene.validation import DisableIntrospection # graphene v3 + app.add_url_rule("/api", view_func=GraphQLView.as_view( @@ -82,8 +92,9 @@ app.add_url_rule("/api", ==== Disabling introspection -The GraphQL server framework should be instructed to disable introspection. This -prevents any attempt to retrieve schema information from the server at runtime. +The GraphQL server framework should be instructed to disable introspection in +production environments. This prevents any attacker attempt to retrieve schema +information from the server at runtime. Each GraphQL framework will have a different method of doing this, possibly including: @@ -105,9 +116,9 @@ specific right, or requests from a specific set of IP addresses. === Standards -* OWASP Top 10 - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[2021:A5 - Security Misconfiguration] -* OWASP Top 10 - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html[2017:A3 - Sensitive Data Exposure] -* OWASP Top 10 - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[2017:A6 - Security Misconfiguration] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] +* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] ifdef::env-github,rspecator-view[] @@ -118,7 +129,7 @@ ifdef::env-github,rspecator-view[] === Message -Disable introspection on this GraphQL server endpoint. +Disable GraphQL introspection on production environments. === Highlighting @@ -126,4 +137,4 @@ Highlight the method or constructor call that is used to create the GraphQL framework's request handler. ''' -endif::env-github,rspecator-view[] \ No newline at end of file +endif::env-github,rspecator-view[] diff --git a/rules/S6790/javascript/rule.adoc b/rules/S6790/javascript/rule.adoc index 2d665b995c8..826c292c931 100644 --- a/rules/S6790/javascript/rule.adoc +++ b/rules/S6790/javascript/rule.adoc @@ -11,11 +11,11 @@ Older React versions allowed the ref attribute to be a string, like `"textInput" [source,javascript,diff-id=1,diff-type=noncompliant] ---- const Hello = createReactClass({ - componentDidMount: function() { + componentDidMount() { const component = this.refs.hello; // Noncompliant // ... }, - render: function() { + render() { return
    Hello, world.
    ; } }); @@ -26,7 +26,7 @@ Instead, reference callbacks should be used. These do not have the limitations m [source,javascript,diff-id=1,diff-type=compliant] ---- const Hello = createReactClass({ - componentDidMount: function() { + componentDidMount() { const component = this.hello; // ... }, diff --git a/rules/S6792/python/metadata.json b/rules/S6792/python/metadata.json index c4a1a4097eb..2775e31c20d 100644 --- a/rules/S6792/python/metadata.json +++ b/rules/S6792/python/metadata.json @@ -7,6 +7,7 @@ "constantCost": "5min" }, "tags": [ + "typing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6792", diff --git a/rules/S6793/common/rule.adoc b/rules/S6793/common/rule.adoc new file mode 100644 index 00000000000..99a631069f1 --- /dev/null +++ b/rules/S6793/common/rule.adoc @@ -0,0 +1,31 @@ +== Why is this an issue? + +include::../../../shared_content/jsts/aria-intro-1.adoc[] + +This rule checks that the values of ARIA attributes "aria-*" in DOM elements are valid. + +== How to fix + +Check that each element with a defined ARIA attribute has a valid value. + +[source,html,diff-id=1,diff-type=noncompliant] +---- +foo +---- + +To fix the code use a valid value for the aria-* attribute. + +[source,html,diff-id=1,diff-type=compliant] +---- + +---- + +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes[ARIA states and properties (Reference)] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] diff --git a/rules/S6793/html/metadata.json b/rules/S6793/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6793/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6793/html/rule.adoc b/rules/S6793/html/rule.adoc new file mode 100644 index 00000000000..5f710f9ed83 --- /dev/null +++ b/rules/S6793/html/rule.adoc @@ -0,0 +1 @@ +include::../common/rule.adoc[] diff --git a/rules/S6793/javascript/metadata.json b/rules/S6793/javascript/metadata.json index 383f731122e..44fbcbe538f 100644 --- a/rules/S6793/javascript/metadata.json +++ b/rules/S6793/javascript/metadata.json @@ -1,26 +1,6 @@ { - "title": "ARIA properties in DOM elements should have valid values", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "react", - "accessibility" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6793", - "sqKey": "S6793", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW", - "RELIABILITY": "MEDIUM" - }, - "attribute": "LOGICAL" - } + "tags": [ + "react", + "accessibility" + ] } diff --git a/rules/S6793/javascript/rule.adoc b/rules/S6793/javascript/rule.adoc index 675acb6be1a..5f710f9ed83 100644 --- a/rules/S6793/javascript/rule.adoc +++ b/rules/S6793/javascript/rule.adoc @@ -1,31 +1 @@ -== Why is this an issue? - -include::../../../shared_content/jsts/aria-intro-1.adoc[] - -This rule checks that the values of ARIA attributes "aria-*" in DOM elements are valid. - -== How to fix it in JSX - -Check that each element with a defined ARIA attribute has a valid value. - -[source,javascript,diff-id=1,diff-type=noncompliant] ----- -foo ----- - -To fix the code use a valid value for the aria-* attribute. - -[source,javascript,diff-id=1,diff-type=compliant] ----- - ----- - -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes[ARIA states and properties (Reference)] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +include::../common/rule.adoc[] diff --git a/rules/S6793/metadata.json b/rules/S6793/metadata.json index 2c63c085104..98904a4f75c 100644 --- a/rules/S6793/metadata.json +++ b/rules/S6793/metadata.json @@ -1,2 +1,25 @@ { + "title": "ARIA properties in DOM elements should have valid values", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6793", + "sqKey": "S6793", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW", + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } } diff --git a/rules/S6794/python/metadata.json b/rules/S6794/python/metadata.json index 00e7978bf6b..cd31af2106c 100644 --- a/rules/S6794/python/metadata.json +++ b/rules/S6794/python/metadata.json @@ -1,5 +1,5 @@ { -"title": "Type aliases should be declared with a \"type\" statement", + "title": "Type aliases should be declared with a \"type\" statement", "type": "CODE_SMELL", "status": "ready", "remediation": { @@ -7,6 +7,7 @@ "constantCost": "5min" }, "tags": [ + "typing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6794", diff --git a/rules/S6795/python/metadata.json b/rules/S6795/python/metadata.json index d2938dc2f36..42bca70858c 100644 --- a/rules/S6795/python/metadata.json +++ b/rules/S6795/python/metadata.json @@ -7,6 +7,7 @@ "constantCost": "5min" }, "tags": [ + "typing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6795", diff --git a/rules/S6796/python/metadata.json b/rules/S6796/python/metadata.json index ec7febe8bc9..be65b387b18 100644 --- a/rules/S6796/python/metadata.json +++ b/rules/S6796/python/metadata.json @@ -7,6 +7,7 @@ "constantCost": "5min" }, "tags": [ + "typing" ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6796", diff --git a/rules/S6797/csharp/metadata.json b/rules/S6797/csharp/metadata.json new file mode 100644 index 00000000000..b971495a42f --- /dev/null +++ b/rules/S6797/csharp/metadata.json @@ -0,0 +1,24 @@ +{ + "title": "Blazor query parameter type should be supported", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "blazor" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6797", + "sqKey": "S6797", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } +} diff --git a/rules/S6797/csharp/rule.adoc b/rules/S6797/csharp/rule.adoc new file mode 100644 index 00000000000..c2c8a7c3671 --- /dev/null +++ b/rules/S6797/csharp/rule.adoc @@ -0,0 +1,60 @@ +== Why is this an issue? + +The https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.components.supplyparameterfromqueryattribute[SupplyParameterFromQuery] attribute can be used to specify that a component parameter, of a routable component, comes from the query string. + +Component parameters supplied from the query string support the following types: + +* bool, DateTime, decimal, double, float, Guid, int, long, string. +* Nullable variants of the preceding types. +* Arrays of the preceding types, whether they're nullable or not nullable. + +Query parameters should have one of the supported types. Otherwise, an unhandled exception will be raised at runtime. + +[source,text] +---- +Unhandled exception rendering component: Querystring values cannot be parsed as type ''. +System.NotSupportedException: Querystring values cannot be parsed as type '' +... +---- + +== How to fix it + +Change the parameter type to one of the following ones: + +* bool, DateTime, decimal, double, float, Guid, int, long, string. +* Nullable variants of the preceding types. +* Arrays of the preceding types, whether they're nullable or not nullable. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +@page "/print" +

    Parameter value is: @Value

    +@code { + [Parameter] + [SupplyParameterFromQuery()] + public TimeSpan Value { get; set; } // Noncompliant +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +@page "/print" +

    Parameter value is: @Value

    +@code { + [Parameter] + [SupplyParameterFromQuery()] + public long Value { get; set; } // Compliant +} +---- + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.components.supplyparameterfromqueryattribute[SupplyParameterFromQueryAttribute] diff --git a/rules/S6797/metadata.json b/rules/S6797/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6797/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6798/csharp/metadata.json b/rules/S6798/csharp/metadata.json index 33cd8322fb3..bb3ff81ab60 100644 --- a/rules/S6798/csharp/metadata.json +++ b/rules/S6798/csharp/metadata.json @@ -17,7 +17,7 @@ "quickfix": "infeasible", "code": { "impacts": { - "RELIABILITY": "HIGH" + "RELIABILITY": "MEDIUM" }, "attribute": "LOGICAL" } diff --git a/rules/S6800/csharp/metadata.json b/rules/S6800/csharp/metadata.json new file mode 100644 index 00000000000..4ec76736793 --- /dev/null +++ b/rules/S6800/csharp/metadata.json @@ -0,0 +1,24 @@ +{ + "title": "Component parameter type should match the route parameter type constraint", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "blazor" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6800", + "sqKey": "S6800", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } +} diff --git a/rules/S6800/csharp/rule.adoc b/rules/S6800/csharp/rule.adoc new file mode 100644 index 00000000000..a351c7d7057 --- /dev/null +++ b/rules/S6800/csharp/rule.adoc @@ -0,0 +1,52 @@ +== Why is this an issue? + +In Blazor, when a https://learn.microsoft.com/en-us/aspnet/core/blazor/fundamentals/routing#route-constraints[route parameter constraint] is applied, the value is automatically cast to the corresponding component parameter type. If the constraint type does not match the component parameter type, it can lead to confusion and potential runtime errors due to unsuccessful casting. Therefore, it is crucial to ensure that the types of route parameters and component parameters match to prevent such issues and maintain code clarity. + +== How to fix it + +Ensure the component parameter type matches the route parameter constraint type. + +[options="header"] +|================== +|Constraint Type|.NET Type +|bool|bool +|datetime|DateTime +|decimal|decimal +|double|double +|float|float +|guid|Guid +|int|int +|long|long +|string|string +|================== + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +@page "/my-route/{Param:datetime}" + +@code { + [Parameter] + public string Param { get; set; } // Noncompliant +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +@page "/my-route/{Param:datetime}" + +@code { + [Parameter] + public DateTime Param { get; set; } // Compliant +} +---- + +== Resources +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/aspnet/core/blazor/fundamentals/routing#route-constraints[Blazor routing and navigation - Route Constraints] diff --git a/rules/S6800/metadata.json b/rules/S6800/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6800/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6802/csharp/metadata.json b/rules/S6802/csharp/metadata.json new file mode 100644 index 00000000000..ebbd40c9ea1 --- /dev/null +++ b/rules/S6802/csharp/metadata.json @@ -0,0 +1,24 @@ +{ + "title": "Using lambda expressions in loops should be avoided in Blazor markup section", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "1h" + }, + "tags": [ + "blazor" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6802", + "sqKey": "S6802", + "scope": "All", + "defaultQualityProfiles": [], + "quickfix": "infeasible", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "EFFICIENT" + } +} diff --git a/rules/S6802/csharp/rule.adoc b/rules/S6802/csharp/rule.adoc new file mode 100644 index 00000000000..d4c9f6ca2fe --- /dev/null +++ b/rules/S6802/csharp/rule.adoc @@ -0,0 +1,175 @@ +== Why is this an issue? + +In Blazor, using https://learn.microsoft.com/en-us/aspnet/core/blazor/components/event-handling#lambda-expressions[lambda expressions] as https://learn.microsoft.com/en-us/aspnet/core/blazor/components/event-handling#lambda-expressions[event handlers] when the UI elements are rendered in a loop can lead to negative user experiences and performance issues. This is particularly noticeable when rendering a large number of elements. + +The reason behind this is that Blazor rebuilds all lambda expressions within the loop every time the UI elements are rendered. + +== How to fix it + +Ensure to not use a delegate in elements rendered in loops, you can try: + +* using a collection of objects containing the delegate as an https://learn.microsoft.com/en-us/dotnet/api/system.action[Action], +* or extracting the elements into a dedicated component and using an https://learn.microsoft.com/en-us/aspnet/core/blazor/components/event-handling#eventcallback[EventCallback] to call the delegate + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +@for (var i = 1; i < 100; i++) +{ + var buttonNumber = i; + + +} + +@code { + private void DoAction(MouseEventArgs e, int button) + { + // Do something here + } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +@foreach (var button in Buttons) +{ + +} + +@code { + private List +} + +@code { + private void DoAction(MouseEventArgs e, int button) + { + // Do something here + } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=2,diff-type=compliant] +---- +@* MyButton.razor *@ + + + +@code { + [Parameter] + public int Id { get; set; } + + [Parameter] + public EventCallback OnClick { get; set; } + + [Parameter] + public RenderFragment ChildContent { get; set; } + + private void OnClickCallback() + { + OnClick.InvokeAsync(Id); + } +} + +@* Component.razor *@ + +@for (var i = 1; i < 100; i++) +{ + var buttonNumber = i; + + Button #@buttonNumber + +} + +@code { + private void DoAction(int button) + { + // Do something here + } +} +---- + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/aspnet/core/blazor/performance#avoid-recreating-delegates-for-many-repeated-elements-or-components[ASP.NET Core Blazor performance best practices] +* Microsoft Learn - https://learn.microsoft.com/en-us/aspnet/core/blazor/components/event-handling#lambda-expressions[ASP.NET Core Blazor event handling - Lambda expressions] +* Microsoft Learn - https://learn.microsoft.com/en-us/aspnet/core/blazor/components/event-handling#eventcallback[Event handling - EventCallback Struct] + +=== Benchmarks + +The results were generated with the help of https://github.com/dotnet/BenchmarkDotNet[BenchmarkDotNet] and https://github.com/egil/Benchmark.Blazor/tree/main[Benchmark.Blazor]: + +[options="header"] +|=== +| Method | NbButtonRendered | Mean | StdDev | Ratio +| UseDelegate | 10 | 6.603 us | 0.0483 us | 1.00 +| UseAction | 10 | 1.994 us | 0.0592 us | 0.29 +| UseDelegate | 100 | 50.666 us | 0.5449 us | 1.00 +| UseAction | 100 | 2.016 us | 0.0346 us | 0.04 +| UseDelegate | 1000 | 512.513 us | 9.7561 us | 1.000 +| UseAction | 1000 | 2.005 us | 0.0243 us | 0.004 +|=== + +Hardware configuration: + +[source,text] +---- +BenchmarkDotNet v0.13.9+228a464e8be6c580ad9408e98f18813f6407fb5a, Windows 10 (10.0.19045.3448/22H2/2022Update) +12th Gen Intel Core i7-12800H, 1 CPU, 20 logical and 14 physical cores +.NET SDK 8.0.100-rc.1.23463.5 + [Host] : .NET 7.0.11 (7.0.1123.42427), X64 RyuJIT AVX2 + .NET 7.0 : .NET 7.0.11 (7.0.1123.42427), X64 RyuJIT AVX2 +---- diff --git a/rules/S6802/metadata.json b/rules/S6802/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6802/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6803/csharp/metadata.json b/rules/S6803/csharp/metadata.json new file mode 100644 index 00000000000..1b44dd96fae --- /dev/null +++ b/rules/S6803/csharp/metadata.json @@ -0,0 +1,24 @@ +{ + "title": "Parameters with SupplyParameterFromQuery attribute should be used only in routable components", + "type": "CODE_SMELL", + "status": "deprecated", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "blazor" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6803", + "sqKey": "S6803", + "scope": "All", + "defaultQualityProfiles": [], + "quickfix": "infeasible", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } +} diff --git a/rules/S6803/csharp/rule.adoc b/rules/S6803/csharp/rule.adoc new file mode 100644 index 00000000000..fe011915d58 --- /dev/null +++ b/rules/S6803/csharp/rule.adoc @@ -0,0 +1,51 @@ +*This rule is deprecated, and will eventually be removed.* + +Component parameters can only receive query parameter values in routable components with an @page directive. + +== Why is this an issue? + +https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.components.supplyparameterfromqueryattribute[SupplyParameterFromQuery] attribute is used to specify that a component parameter of a routable component comes from the https://en.wikipedia.org/wiki/Query_string[query string]. + +In the case of non-routable components, the `SupplyParameterFromQuery` does not contribute to the functionality, and removing it will not affect the behavior. + +== How to fix it + +Either make the component routable or remove the `SupplyParameterFromQuery` attribute. + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +

    Component

    + +@code { + [Parameter] + [SupplyParameterFromQuery] // Noncompliant + public bool Param { get; set; } +} +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +@page "/component" + +

    Component

    + +@code { + [Parameter] + [SupplyParameterFromQuery] // Compliant + public bool Param { get; set; } +} +---- + +== Resources + +=== Documentation + +* Microsoft Learn - https://learn.microsoft.com/en-us/aspnet/core/blazor/fundamentals/routing#query-strings[Query strings] +* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.components.supplyparameterfromqueryattribute[SupplyParameterFromQueryAttribute Class] +* Wikipedia - https://en.wikipedia.org/wiki/Query_string[query string] diff --git a/rules/S6803/metadata.json b/rules/S6803/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6803/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6804/java/metadata.json b/rules/S6804/java/metadata.json index a3660d89c60..af855f6ca4c 100644 --- a/rules/S6804/java/metadata.json +++ b/rules/S6804/java/metadata.json @@ -6,12 +6,16 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": ["spring"], + "tags": [ + "spring" + ], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6804", "sqKey": "S6804", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { diff --git a/rules/S6807/common/how.adoc b/rules/S6807/common/how.adoc new file mode 100644 index 00000000000..c51d940f301 --- /dev/null +++ b/rules/S6807/common/how.adoc @@ -0,0 +1,3 @@ +== How to fix it + +Check that each element with a defined ARIA role also has all required attributes. \ No newline at end of file diff --git a/rules/S6807/common/resources.adoc b/rules/S6807/common/resources.adoc new file mode 100644 index 00000000000..83644c2a857 --- /dev/null +++ b/rules/S6807/common/resources.adoc @@ -0,0 +1,10 @@ +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes[ARIA states and properties (Reference)] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] diff --git a/rules/S6807/common/why.adoc b/rules/S6807/common/why.adoc new file mode 100644 index 00000000000..8c05053bc8b --- /dev/null +++ b/rules/S6807/common/why.adoc @@ -0,0 +1,9 @@ +== Why is this an issue? + +include::../../../shared_content/jsts/aria-intro-1.adoc[] + +Each role in ARIA has a set of required attributes that must be included for the role to be properly understood by assistive technologies. These attributes are known as "required aria-* properties". + +For example, if an element has a role of "checkbox", it must also include the aria-checked property. This property indicates whether the checkbox is checked (true), unchecked (false), or in a mixed state (mixed). + +This rule checks that each element with a defined ARIA role also has all required attributes. diff --git a/rules/S6807/html/metadata.json b/rules/S6807/html/metadata.json new file mode 100644 index 00000000000..27c20bbd1d1 --- /dev/null +++ b/rules/S6807/html/metadata.json @@ -0,0 +1,5 @@ +{ + "tags": [ + "accessibility" + ] +} \ No newline at end of file diff --git a/rules/S6807/html/rule.adoc b/rules/S6807/html/rule.adoc new file mode 100644 index 00000000000..76019f21e26 --- /dev/null +++ b/rules/S6807/html/rule.adoc @@ -0,0 +1,17 @@ +include::../common/why.adoc[] + +include::../common/how.adoc[] + +[source,html,diff-id=1,diff-type=noncompliant] +---- +
    Unchecked
    +---- + +To fix the code add missing aria-* attributes. + +[source,html,diff-id=1,diff-type=compliant] +---- +
    Unchecked
    +---- + +include::../common/resources.adoc[] diff --git a/rules/S6807/javascript/metadata.json b/rules/S6807/javascript/metadata.json index 20c21d9e082..d79173ef449 100644 --- a/rules/S6807/javascript/metadata.json +++ b/rules/S6807/javascript/metadata.json @@ -1,26 +1,6 @@ { - "title": "DOM elements with ARIA roles should have the required properties", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, "tags": [ "accessibility", "react" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6807", - "sqKey": "S6807", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW", - "RELIABILITY": "LOW" - }, - "attribute": "CONVENTIONAL" - } + ] } diff --git a/rules/S6807/javascript/rule.adoc b/rules/S6807/javascript/rule.adoc index 3a457e7eef6..0c28b431dd9 100644 --- a/rules/S6807/javascript/rule.adoc +++ b/rules/S6807/javascript/rule.adoc @@ -1,16 +1,6 @@ -== Why is this an issue? +include::../common/why.adoc[] -include::../../../shared_content/jsts/aria-intro-1.adoc[] - -Each role in ARIA has a set of required attributes that must be included for the role to be properly understood by assistive technologies. These attributes are known as "required aria-* properties". - -For example, if an element has a role of "checkbox", it must also include the aria-checked property. This property indicates whether the checkbox is checked (true), unchecked (false), or in a mixed state (mixed). - -This rule checks that each element with a defined ARIA role also has all required attributes. - -== How to fix it in JSX - -Check that each element with a defined ARIA role also has all required attributes. +include::../common/how.adoc[] [source,javascript,diff-id=1,diff-type=noncompliant] ---- @@ -24,13 +14,4 @@ To fix the code add missing aria-* attributes.
    Unchecked
    ---- -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes[ARIA states and properties (Reference)] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +include::../common/resources.adoc[] \ No newline at end of file diff --git a/rules/S6807/metadata.json b/rules/S6807/metadata.json index 2c63c085104..299e638e619 100644 --- a/rules/S6807/metadata.json +++ b/rules/S6807/metadata.json @@ -1,2 +1,23 @@ { + "title": "DOM elements with ARIA roles should have the required properties", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6807", + "sqKey": "S6807", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW", + "RELIABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6809/java/metadata.json b/rules/S6809/java/metadata.json index a34b80ae898..96c4cde44af 100644 --- a/rules/S6809/java/metadata.json +++ b/rules/S6809/java/metadata.json @@ -6,19 +6,18 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - ], + "tags": [], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6809", "sqKey": "S6809", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "HIGH", - "RELIABILITY": "MEDIUM", - "SECURITY": "LOW" + "MAINTAINABILITY": "HIGH" }, "attribute": "CONVENTIONAL" } diff --git a/rules/S6809/java/rule.adoc b/rules/S6809/java/rule.adoc index bae14282d9c..4d3be7d48e6 100644 --- a/rules/S6809/java/rule.adoc +++ b/rules/S6809/java/rule.adoc @@ -1,16 +1,16 @@ == Why is this an issue? -A method annotated with Spring's `@Async` or `@Transactional` annotations will not work as expected +A method annotated with Spring's `@Async`, `@Cacheable` or `@Transactional` annotations will not work as expected if invoked directly from within its class. -This is because Spring generates a proxy class with wrapper code to manage the method's asynchronicity (`@Async`) +This is because Spring generates a proxy class with wrapper code to manage the method's asynchronicity (`@Async`), to cache methods invocations (`@Cacheable`), or to handle the transaction (`@Transactional`). However, when called using `this`, the proxy instance is bypassed, and the method is invoked directly without the required wrapper code. == How to fix it -Replace calls to `@Async` or `@Transactional` methods via `this` +Replace calls to `@Async`, `@Cacheable` or `@Transactional` methods via `this` with calls on an instance that was injected by Spring (`@Autowired`, `@Resource` or `@Inject`). The injected instance is a proxy on which the methods can be invoked safely. @@ -26,12 +26,19 @@ public class AsyncNotificationProcessor implements NotificationProcessor { @Override public void process(Notification notification) { processAsync(notification); // Noncompliant, call bypasses proxy + retrieveNotification(notification.id); // Noncompliant, call bypasses proxy and will not be cached } @Async public processAsync(Notification notification) { // ... } + + @Cacheable + public Notification retrieveNotification(Long id) { + // ... + } + } ---- @@ -48,12 +55,18 @@ public class AsyncNotificationProcessor implements NotificationProcessor { @Override public void process(Notification notification) { asyncNotificationProcessor.processAsync(notification); // Compliant, call via injected proxy + asyncNotificationProcessor.retrieveNotification(notification.id); // Compliant, the call will be cached } @Async public processAsync(Notification notification) { // ... } + + @Cacheable + public Notification retrieveNotification(Long id) { + // ... + } } ---- @@ -63,9 +76,11 @@ public class AsyncNotificationProcessor implements NotificationProcessor { - https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/scheduling/annotation/Async.html[Spring Framework API - Annotation Interface Async] - https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/transaction/annotation/Transactional.html[Spring Framework API - Annotation Interface Transactional] +- https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/cache/annotation/Cacheable.html[Spring Framework API - Annotation Interface Cacheable] === Articles & blog posts - https://www.baeldung.com/spring-async[Baeldung - How To Do @Async in Spring] - https://stackoverflow.com/questions/22561775/spring-async-ignored[Stack Overflow - Spring @Async ignored] - https://stackoverflow.com/questions/4396284/does-spring-transactional-attribute-work-on-a-private-method[Stack Overflow - Does Spring @Transactional attribute work on a private method?] +- https://docs.spring.io/spring-framework/reference/integration/cache/annotations.html#cache-annotations-cacheable[Spring docs, The @Cacheable Annotation] diff --git a/rules/S6810/java/metadata.json b/rules/S6810/java/metadata.json index bee23a171ae..ffcd8ee75c4 100644 --- a/rules/S6810/java/metadata.json +++ b/rules/S6810/java/metadata.json @@ -6,13 +6,14 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - ], + "tags": [], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6810", "sqKey": "S6810", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { diff --git a/rules/S6811/common/how.adoc b/rules/S6811/common/how.adoc new file mode 100644 index 00000000000..9cf2d696d4c --- /dev/null +++ b/rules/S6811/common/how.adoc @@ -0,0 +1,3 @@ +== How to fix it + +Check the spelling of the aria-* attributes and verify that they are actually supported by the element role. Remove non-compatible attributes or replace them with the correct ones. diff --git a/rules/S6811/common/resources.adoc b/rules/S6811/common/resources.adoc new file mode 100644 index 00000000000..6d299506cbd --- /dev/null +++ b/rules/S6811/common/resources.adoc @@ -0,0 +1,10 @@ +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes[ARIA states and properties (Reference)] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] diff --git a/rules/S6811/common/why.adoc b/rules/S6811/common/why.adoc new file mode 100644 index 00000000000..b8cceea187c --- /dev/null +++ b/rules/S6811/common/why.adoc @@ -0,0 +1,7 @@ +== Why is this an issue? + +ARIA properties, also known as "aria-* properties", are special attributes used in HTML to enhance the accessibility of web elements. They provide additional semantics to help assistive technologies, like screen readers, interpret the element. + +Roles, on the other hand, define what an element is or does in the context of a web page. Some elements have explicit roles, which are directly defined by the developer. For example, a div element might be given a role of "button". Other elements have implicit roles, which are inferred based on the type of the element. For example, an anchor tag     has an implicit role of "link". + +This rule ensures that the ARIA properties used on an element are ones that are supported by the role of that element. For instance, the ARIA property `aria-required` is not supported by the role `link`. Therefore, using `aria-required` on an anchor tag would violate this rule. \ No newline at end of file diff --git a/rules/S6811/html/metadata.json b/rules/S6811/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6811/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6811/html/rule.adoc b/rules/S6811/html/rule.adoc new file mode 100644 index 00000000000..892c620926a --- /dev/null +++ b/rules/S6811/html/rule.adoc @@ -0,0 +1,15 @@ +include::../common/why.adoc[] + +[source,html,diff-id=1,diff-type=noncompliant] +---- +
    Unchecked
    {/* Noncompliant: aria-chekd is not supported */} +---- + +include::../common/how.adoc[] + +[source,html,diff-id=1,diff-type=compliant] +---- +
    Unchecked
    +---- + +include::../common/resources.adoc[] \ No newline at end of file diff --git a/rules/S6811/javascript/metadata.json b/rules/S6811/javascript/metadata.json index 3575b94f1d1..f4c37c6761b 100644 --- a/rules/S6811/javascript/metadata.json +++ b/rules/S6811/javascript/metadata.json @@ -1,26 +1,6 @@ { - "title": "DOM elements with ARIA role should only have supported properties", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "accessibility", - "react" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6811", - "sqKey": "S6811", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW", - "RELIABILITY": "LOW" - }, - "attribute": "CONVENTIONAL" - } + "tags": [ + "accessibility", + "react" + ] } diff --git a/rules/S6811/javascript/rule.adoc b/rules/S6811/javascript/rule.adoc index 3ca1bae7deb..6cf1762a8da 100644 --- a/rules/S6811/javascript/rule.adoc +++ b/rules/S6811/javascript/rule.adoc @@ -1,34 +1,15 @@ -== Why is this an issue? - -ARIA properties, also known as "aria-* properties", are special attributes used in HTML to enhance the accessibility of web elements. They provide additional semantics to help assistive technologies, like screen readers, interpret the element. - -Roles, on the other hand, define what an element is or does in the context of a web page. Some elements have explicit roles, which are directly defined by the developer. For example, a div element might be given a role of "button". Other elements have implicit roles, which are inferred based on the type of the element. For example, an anchor tag     has an implicit role of "link". - -This rule ensures that the ARIA properties used on an element are ones that are supported by the role of that element. For instance, the ARIA property `aria-required` is not supported by the role `link`. Therefore, using `aria-required` on an anchor tag would violate this rule. - -== How to fix it in JSX - -Check the spelling of the aria-* attributes and verify that they are actually supported by the element role. +include::../common/why.adoc[] [source,javascript,diff-id=1,diff-type=noncompliant] ----
    Unchecked
    {/* Noncompliant: aria-chekd is not supported */} ---- -To fix the code remove non-compatible attributes or replace them with the correct ones. +include::../common/how.adoc[] [source,javascript,diff-id=1,diff-type=compliant] ----
    Unchecked
    ---- -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes[ARIA states and properties (Reference)] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +include::../common/resources.adoc[] \ No newline at end of file diff --git a/rules/S6811/metadata.json b/rules/S6811/metadata.json index 2c63c085104..9a66edf369e 100644 --- a/rules/S6811/metadata.json +++ b/rules/S6811/metadata.json @@ -1,2 +1,25 @@ { + "title": "DOM elements with ARIA role should only have supported properties", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6811", + "sqKey": "S6811", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW", + "RELIABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6813/java/metadata.json b/rules/S6813/java/metadata.json index 232432891c9..21475066065 100644 --- a/rules/S6813/java/metadata.json +++ b/rules/S6813/java/metadata.json @@ -6,13 +6,14 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - ], + "tags": [], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6813", "sqKey": "S6813", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { diff --git a/rules/S6813/java/rule.adoc b/rules/S6813/java/rule.adoc index 0387b68a0a6..efdc13f1050 100644 --- a/rules/S6813/java/rule.adoc +++ b/rules/S6813/java/rule.adoc @@ -1,6 +1,6 @@ == Why is this an issue? -Dependency injection frameworks such as Spring support dependency injection by using annotations such as `@Inject` and `@Autowired`. +Dependency injection frameworks such as Spring, Quarkus, and others support dependency injection by using annotations such as `@Inject` and `@Autowired`. These annotations can be used to inject beans via constructor, setter, and field injection. Generally speaking, field injection is discouraged. @@ -56,3 +56,4 @@ public class SomeService { * Baeldung - https://www.baeldung.com/java-spring-field-injection-cons[Why Is Field Injection Not Recommended?] * Baeldung - https://www.baeldung.com/constructor-injection-in-spring[Constructor Dependency Injection in Spring] * Oliver Drotbohm - https://odrotbohm.de/2013/11/why-field-injection-is-evil/[Why field injection is evil] +* GitHub Discussions - https://github.com/quarkusio/quarkus/discussions/38474[Field injection in quarkus] diff --git a/rules/S6814/java/metadata.json b/rules/S6814/java/metadata.json index e2f09b6a6db..6efcfc75fc6 100644 --- a/rules/S6814/java/metadata.json +++ b/rules/S6814/java/metadata.json @@ -6,13 +6,14 @@ "func": "Constant\/Issue", "constantCost": "5min" }, - "tags": [ - ], + "tags": [], "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6814", "sqKey": "S6814", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { diff --git a/rules/S6816/java/metadata.json b/rules/S6816/java/metadata.json new file mode 100644 index 00000000000..baa6ee31b7a --- /dev/null +++ b/rules/S6816/java/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "Nullable injected fields and parameters should provide a default value", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "spring" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6816", + "sqKey": "S6816", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "covered", + "code": { + "impacts": { + "RELIABILITY": "HIGH" + }, + "attribute": "COMPLETE" + } +} diff --git a/rules/S6816/java/rule.adoc b/rules/S6816/java/rule.adoc new file mode 100644 index 00000000000..4e70b08bcef --- /dev/null +++ b/rules/S6816/java/rule.adoc @@ -0,0 +1,40 @@ +SpEL, the Spring Expression Languages allows developers fine-grained control over the values injected into fields and parameters. +Using the `@Value` annotation, it is possible to inject values from sources such as system properties. + +== Why is this an issue? + +The `@Value` annotation does not guarantee that the property is defined. +Particularly if a field or parameter is annotated as nullable, it indicates that the developer assumes that the property may be undefined. + +An undefined property may lead to runtime exceptions when the Spring framework tries to inject the autowired dependency during bean creation. + +This rule raises an issue when a nullable field or parameter is annotated with `@Value` and no default value is provided. + +== How to fix it +Add a default value to the `@Value` annotation. +A default value can be supplied by using the colon (`:`) operator. +As the field is nullable, the default value should most likely be `#{null}`. + +=== Code examples + +==== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +@Nullable +@Value("${my.property}") // Noncompliant, no default value is provided, even though the field is nullable +private String myProperty; +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +@Nullable +@Value("${my.property:#{null}}") // Compliant, a default value is provided +private String myProperty; +---- + +== Resources +=== Articles & blog posts +* Baeldung - https://www.baeldung.com/spring-value-defaults[Using Spring @Value With Defaults] diff --git a/rules/S6816/metadata.json b/rules/S6816/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6816/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6818/java/metadata.json b/rules/S6818/java/metadata.json index f633a3dec7e..6d15c886474 100644 --- a/rules/S6818/java/metadata.json +++ b/rules/S6818/java/metadata.json @@ -12,8 +12,10 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6818", "sqKey": "S6818", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { diff --git a/rules/S6819/common/fix.adoc b/rules/S6819/common/fix.adoc new file mode 100644 index 00000000000..29c45d7ddec --- /dev/null +++ b/rules/S6819/common/fix.adoc @@ -0,0 +1 @@ +Replace the ARIA role with an appropriate HTML tag. \ No newline at end of file diff --git a/rules/S6819/common/resources.adoc b/rules/S6819/common/resources.adoc new file mode 100644 index 00000000000..43d33c2673d --- /dev/null +++ b/rules/S6819/common/resources.adoc @@ -0,0 +1,9 @@ +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] diff --git a/rules/S6819/common/why.adoc b/rules/S6819/common/why.adoc new file mode 100644 index 00000000000..b7c4f453c10 --- /dev/null +++ b/rules/S6819/common/why.adoc @@ -0,0 +1,7 @@ +== Why is this an issue? + +ARIA (Accessible Rich Internet Applications) roles are used to make web content and web applications more accessible to people with disabilities. However, you should not use an ARIA role on a generic element (like `span` or `div`) if there is a semantic HTML tag with similar functionality, just use that tag instead. + +For example, instead of using a div element with a button role (`
    Click me
    `), you should just use a button element (``). + +Semantic HTML tags are generally preferred over ARIA roles for accessibility due to their built-in functionality, universal support by browsers and assistive technologies, simplicity, and maintainability. They come with inherent behaviors and keyboard interactions, reducing the need for additional JavaScript. Semantic HTML also enhances SEO by helping search engines better understand the content and structure of web pages. While ARIA roles are useful, they should be considered a last resort when no suitable HTML element can provide the required behavior or semantics. \ No newline at end of file diff --git a/rules/S6819/html/metadata.json b/rules/S6819/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6819/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6819/html/rule.adoc b/rules/S6819/html/rule.adoc new file mode 100644 index 00000000000..f81bed7fe16 --- /dev/null +++ b/rules/S6819/html/rule.adoc @@ -0,0 +1,15 @@ +include::../common/why.adoc[] + +[source,html,diff-id=1,diff-type=noncompliant] +---- +
    Click me
    +---- + +include::../common/fix.adoc[] + +[source,html,diff-id=1,diff-type=compliant] +---- + +---- + +include::../common/resources.adoc[] \ No newline at end of file diff --git a/rules/S6819/javascript/metadata.json b/rules/S6819/javascript/metadata.json index 4750fc3f626..d79173ef449 100644 --- a/rules/S6819/javascript/metadata.json +++ b/rules/S6819/javascript/metadata.json @@ -1,25 +1,6 @@ { - "title": "Prefer tag over ARIA role", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, "tags": [ "accessibility", "react" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6819", - "sqKey": "S6819", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW" - }, - "attribute": "CONVENTIONAL" - } + ] } diff --git a/rules/S6819/javascript/rule.adoc b/rules/S6819/javascript/rule.adoc index 297232a89df..7c9fc432509 100644 --- a/rules/S6819/javascript/rule.adoc +++ b/rules/S6819/javascript/rule.adoc @@ -1,37 +1,15 @@ -== Why is this an issue? - -ARIA (Accessible Rich Internet Applications) roles are used to make web content and web applications more accessible to people with disabilities. However, you should not use an ARIA role on a generic element (like `span` or `div`) if there is a semantic HTML tag with similar functionality, just use that tag instead. - -For example, instead of using a div element with a button role (`
    Click me
    `), you should just use a button element (``). - -Semantic HTML tags are generally preferred over ARIA roles for accessibility due to their built-in functionality, universal support by browsers and assistive technologies, simplicity, and maintainability. They come with inherent behaviors and keyboard interactions, reducing the need for additional JavaScript. Semantic HTML also enhances SEO by helping search engines better understand the content and structure of web pages. While ARIA roles are useful, they should be considered a last resort when no suitable HTML element can provide the required behavior or semantics. - -== How to fix it in JSX - -Replace the ARIA role with an appropriate HTML tag. - -=== Code examples - -==== Noncompliant code example +include::../common/why.adoc[] [source,javascript,diff-id=1,diff-type=noncompliant] ---- -
    Click me
    +
    Click me
    ---- -==== Compliant solution +include::../common/fix.adoc[] [source,javascript,diff-id=1,diff-type=compliant] ---- ---- -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +include::../common/resources.adoc[] \ No newline at end of file diff --git a/rules/S6819/metadata.json b/rules/S6819/metadata.json index 2c63c085104..e4520e1237b 100644 --- a/rules/S6819/metadata.json +++ b/rules/S6819/metadata.json @@ -1,2 +1,24 @@ { + "title": "Prefer tag over ARIA role", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6819", + "sqKey": "S6819", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6821/fix.adoc b/rules/S6821/fix.adoc new file mode 100644 index 00000000000..72ea0500c13 --- /dev/null +++ b/rules/S6821/fix.adoc @@ -0,0 +1,3 @@ +== How to fix it + +Check that each element with a defined ARIA role has a valid non-abstract value. \ No newline at end of file diff --git a/rules/S6821/html/metadata.json b/rules/S6821/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6821/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6821/html/rule.adoc b/rules/S6821/html/rule.adoc new file mode 100644 index 00000000000..b0e9df3333a --- /dev/null +++ b/rules/S6821/html/rule.adoc @@ -0,0 +1,21 @@ +include::../rationale.adoc[] + +include::../fix.adoc[] + +[source,html,diff-id=1,diff-type=noncompliant] +---- +
    + a2 + b2 = c2 +
    +---- + +To fix the code use a valid value for the ARIA role attribute. + +[source,html,diff-id=1,diff-type=compliant] +---- +
    + a2 + b2 = c2 +
    +---- + +include::../resources.adoc[] \ No newline at end of file diff --git a/rules/S6821/javascript/metadata.json b/rules/S6821/javascript/metadata.json index e4496895a14..2c63c085104 100644 --- a/rules/S6821/javascript/metadata.json +++ b/rules/S6821/javascript/metadata.json @@ -1,26 +1,2 @@ { - "title": "DOM elements with ARIA roles should have a valid non-abstract role", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "react", - "accessibility" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6821", - "sqKey": "S6821", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW", - "RELIABILITY": "MEDIUM" - }, - "attribute": "LOGICAL" - } } diff --git a/rules/S6821/javascript/rule.adoc b/rules/S6821/javascript/rule.adoc index 71f6c09ebfe..76b10046aef 100644 --- a/rules/S6821/javascript/rule.adoc +++ b/rules/S6821/javascript/rule.adoc @@ -1,14 +1,8 @@ -== Why is this an issue? - -include::../../../shared_content/jsts/aria-intro-1.adoc[] - -This rule checks that when using the `role` property in DOM elements, its value is a valid non-abstract ARIA role. +include::../rationale.adoc[] This rule does not cover non-DOM elements, such as custom components. -== How to fix it in JSX - -Check that each element with a defined ARIA role has a valid non-abstract value. +include::../fix.adoc[] [source,javascript,diff-id=1,diff-type=noncompliant] ---- @@ -26,12 +20,4 @@ To fix the code use a valid value for the ARIA role attribute. ---- -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +include::../resources.adoc[] diff --git a/rules/S6821/metadata.json b/rules/S6821/metadata.json index 2c63c085104..e4496895a14 100644 --- a/rules/S6821/metadata.json +++ b/rules/S6821/metadata.json @@ -1,2 +1,26 @@ { + "title": "DOM elements with ARIA roles should have a valid non-abstract role", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "react", + "accessibility" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6821", + "sqKey": "S6821", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW", + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } } diff --git a/rules/S6821/rationale.adoc b/rules/S6821/rationale.adoc new file mode 100644 index 00000000000..ecda7dda2f9 --- /dev/null +++ b/rules/S6821/rationale.adoc @@ -0,0 +1,5 @@ +== Why is this an issue? + +include::../../shared_content/jsts/aria-intro-1.adoc[] + +This rule checks that when using the `role` property in DOM elements, its value is a valid non-abstract ARIA role. \ No newline at end of file diff --git a/rules/S6821/resources.adoc b/rules/S6821/resources.adoc new file mode 100644 index 00000000000..43d33c2673d --- /dev/null +++ b/rules/S6821/resources.adoc @@ -0,0 +1,9 @@ +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] diff --git a/rules/S6822/common/fix.adoc b/rules/S6822/common/fix.adoc new file mode 100644 index 00000000000..f2c19c5ea8c --- /dev/null +++ b/rules/S6822/common/fix.adoc @@ -0,0 +1,6 @@ +Remove ARIA role attributes when they are redundant. + +[source,html,diff-id=1,diff-type=compliant] +---- + +---- \ No newline at end of file diff --git a/rules/S6822/common/introduction.adoc b/rules/S6822/common/introduction.adoc new file mode 100644 index 00000000000..0d6899d6d2f --- /dev/null +++ b/rules/S6822/common/introduction.adoc @@ -0,0 +1,12 @@ +== Why is this an issue? + +include::../../../shared_content/jsts/aria-intro-1.adoc[] + +In HTML, certain elements have default roles. Default roles, also known as implicit roles, are roles that are inherently associated with certain HTML elements. These roles provide information about what an element does or the type of content it contains, which is especially useful for assistive technologies like screen readers. + +For example, a ` +---- \ No newline at end of file diff --git a/rules/S6822/common/resources.adoc b/rules/S6822/common/resources.adoc new file mode 100644 index 00000000000..27f7be7df29 --- /dev/null +++ b/rules/S6822/common/resources.adoc @@ -0,0 +1,9 @@ +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] \ No newline at end of file diff --git a/rules/S6822/html/metadata.json b/rules/S6822/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6822/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6822/html/rule.adoc b/rules/S6822/html/rule.adoc new file mode 100644 index 00000000000..86fdd4b1074 --- /dev/null +++ b/rules/S6822/html/rule.adoc @@ -0,0 +1,5 @@ +include::../common/introduction.adoc[] + +include::../common/fix.adoc[] + +include::../common/resources.adoc[] \ No newline at end of file diff --git a/rules/S6822/javascript/metadata.json b/rules/S6822/javascript/metadata.json index c08bfe34647..2c63c085104 100644 --- a/rules/S6822/javascript/metadata.json +++ b/rules/S6822/javascript/metadata.json @@ -1,26 +1,2 @@ { - "title": "No redundant ARIA role", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "accessibility", - "react" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6822", - "sqKey": "S6822", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "targeted", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW", - "RELIABILITY": "LOW" - }, - "attribute": "CONVENTIONAL" - } } diff --git a/rules/S6822/javascript/rule.adoc b/rules/S6822/javascript/rule.adoc index 0b926198299..86fdd4b1074 100644 --- a/rules/S6822/javascript/rule.adoc +++ b/rules/S6822/javascript/rule.adoc @@ -1,37 +1,5 @@ -== Why is this an issue? +include::../common/introduction.adoc[] -include::../../../shared_content/jsts/aria-intro-1.adoc[] +include::../common/fix.adoc[] -In HTML, certain elements have default roles. Default roles, also known as implicit roles, are roles that are inherently associated with certain HTML elements. These roles provide information about what an element does or the type of content it contains, which is especially useful for assistive technologies like screen readers. - -For example, a ` ----- - -==== Compliant solution - -[source,javascript,diff-id=1,diff-type=compliant] ----- - ----- - -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +include::../common/resources.adoc[] \ No newline at end of file diff --git a/rules/S6822/metadata.json b/rules/S6822/metadata.json index 2c63c085104..c08bfe34647 100644 --- a/rules/S6822/metadata.json +++ b/rules/S6822/metadata.json @@ -1,2 +1,26 @@ { + "title": "No redundant ARIA role", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility", + "react" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6822", + "sqKey": "S6822", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW", + "RELIABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6823/common/rule.adoc b/rules/S6823/common/rule.adoc new file mode 100644 index 00000000000..8d82fb5660a --- /dev/null +++ b/rules/S6823/common/rule.adoc @@ -0,0 +1,30 @@ +:doctype: book + +# tag::header[] + +== Why is this an issue? + +include::../../../shared_content/jsts/aria-intro-1.adoc[] + +The `aria-activedescendant` attribute is used to enhance the accessibility of composite widgets by managing focus within them. It allows a parent element to retain active document focus while indicating which of its child elements has secondary focus. This attribute is particularly useful in interactive components like search typeahead select lists, where the user can navigate through a list of options while continuing to type in the input field. + +This rule checks that DOM elements with the `aria-activedescendant` property either have an inherent tabIndex or declare one. + +# end::header[] + +# tag::footer[] + +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-activedescendant[`aria-activedescendant` attribute] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/tabindex[`tabIndex` attribute] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +* W3C - https://www.w3.org/TR/wai-aria/#composite[Composite role] + +# end::footer[] diff --git a/rules/S6823/html/metadata.json b/rules/S6823/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6823/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6823/html/rule.adoc b/rules/S6823/html/rule.adoc new file mode 100644 index 00000000000..1525302215c --- /dev/null +++ b/rules/S6823/html/rule.adoc @@ -0,0 +1,27 @@ +include::../common/rule.adoc[tag=header] + +== How to fix it + +Make sure that DOM elements with the `aria-activedescendant` property have a `tabindex` property, or use an element with an inherent one. + +=== Code examples + +==== Noncompliant code example + +[source,html,diff-id=1,diff-type=noncompliant] +---- +
    +
    +
    +---- + +==== Compliant solution + +[source,html,diff-id=1,diff-type=compliant] +---- +
    +
    +
    +---- + +include::../common/rule.adoc[tag=footer] \ No newline at end of file diff --git a/rules/S6823/javascript/metadata.json b/rules/S6823/javascript/metadata.json index dbb2f6c7201..caa254b9fc4 100644 --- a/rules/S6823/javascript/metadata.json +++ b/rules/S6823/javascript/metadata.json @@ -1,25 +1,6 @@ { - "title": "DOM elements with the `aria-activedescendant` property should be accessible via the tab key", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, "tags": [ "react", "accessibility" - ], - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-6823", - "sqKey": "S6823", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "targeted", - "code": { - "impacts": { - "RELIABILITY": "MEDIUM" - }, - "attribute": "LOGICAL" - } + ] } diff --git a/rules/S6823/javascript/rule.adoc b/rules/S6823/javascript/rule.adoc index 98b947a1ffd..3ce90500996 100644 --- a/rules/S6823/javascript/rule.adoc +++ b/rules/S6823/javascript/rule.adoc @@ -1,10 +1,4 @@ -== Why is this an issue? - -include::../../../shared_content/jsts/aria-intro-1.adoc[] - -The `aria-activedescendant` attribute is used to enhance the accessibility of composite widgets by managing focus within them. It allows a parent element to retain active document focus while indicating which of its child elements has secondary focus. This attribute is particularly useful in interactive components like search typeahead select lists, where the user can navigate through a list of options while continuing to type in the input field. - -This rule checks that DOM elements with the `aria-activedescendant` property either have an inherent tabIndex or declare one. +include::../common/rule.adoc[tag=header] == How to fix it in JSX @@ -30,15 +24,4 @@ Make sure that DOM elements with the `aria-activedescendant` property have a `ta ---- -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-activedescendant[`aria-activedescendant` attribute] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/tabindex[`tabIndex` attribute] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] -* W3C - https://www.w3.org/TR/wai-aria/#composite[Composite role] +include::../common/rule.adoc[tag=footer] \ No newline at end of file diff --git a/rules/S6823/metadata.json b/rules/S6823/metadata.json index 2c63c085104..e9527aa92d7 100644 --- a/rules/S6823/metadata.json +++ b/rules/S6823/metadata.json @@ -1,2 +1,24 @@ { + "title": "DOM elements with the `aria-activedescendant` property should be accessible via the tab key", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility" + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6823", + "sqKey": "S6823", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } } diff --git a/rules/S6824/common/rule.adoc b/rules/S6824/common/rule.adoc new file mode 100644 index 00000000000..6caa6fa566a --- /dev/null +++ b/rules/S6824/common/rule.adoc @@ -0,0 +1,31 @@ +== Why is this an issue? + +include::../../../shared_content/jsts/aria-intro-1.adoc[] + +This rule checks that ARIA roles or `aria-*` attributes are not used in unsupported DOM elements, which are mostly invisible such as `meta`, `html` or `head`. + +== How to fix it + +Check if you are using ARIA roles or `aria-*` attributes in unsupported DOM elements. + +[source,javascript,diff-id=1,diff-type=noncompliant] +---- +My beautiful web page +---- + +To fix the code, remove the extra ARIA role or `aria-*` attributes from the unsupported DOM elements. + +[source,javascript,diff-id=1,diff-type=compliant] +---- +My beautiful web page +---- + +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] diff --git a/rules/S6824/html/metadata.json b/rules/S6824/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6824/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6824/html/rule.adoc b/rules/S6824/html/rule.adoc new file mode 100644 index 00000000000..5f710f9ed83 --- /dev/null +++ b/rules/S6824/html/rule.adoc @@ -0,0 +1 @@ +include::../common/rule.adoc[] diff --git a/rules/S6824/javascript/metadata.json b/rules/S6824/javascript/metadata.json index 34957bd54ac..2c63c085104 100644 --- a/rules/S6824/javascript/metadata.json +++ b/rules/S6824/javascript/metadata.json @@ -1,26 +1,2 @@ { - "title": "No ARIA role or property for unsupported DOM elements", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "react", - "accessibility" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6824", - "sqKey": "S6824", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "targeted", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW", - "RELIABILITY": "LOW" - }, - "attribute": "CONVENTIONAL" - } } diff --git a/rules/S6824/javascript/rule.adoc b/rules/S6824/javascript/rule.adoc index 4239e3d3b5d..5f710f9ed83 100644 --- a/rules/S6824/javascript/rule.adoc +++ b/rules/S6824/javascript/rule.adoc @@ -1,31 +1 @@ -== Why is this an issue? - -include::../../../shared_content/jsts/aria-intro-1.adoc[] - -This rule checks that ARIA roles or `aria-*` attributes are not used in unsupported DOM elements, which are mostly invisible such as `meta`, `html` or `head`. - -== How to fix it in JSX - -Check if you are using ARIA roles or `aria-*` attributes in unsupported DOM elements. - -[source,javascript,diff-id=1,diff-type=noncompliant] ----- -My beautiful web page ----- - -To fix the code, remove the extra ARIA role or `aria-*` attributes from the unsupported DOM elements. - -[source,javascript,diff-id=1,diff-type=compliant] ----- -My beautiful web page ----- - -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles[ARIA roles (Reference)] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +include::../common/rule.adoc[] diff --git a/rules/S6824/metadata.json b/rules/S6824/metadata.json index 2c63c085104..34957bd54ac 100644 --- a/rules/S6824/metadata.json +++ b/rules/S6824/metadata.json @@ -1,2 +1,26 @@ { + "title": "No ARIA role or property for unsupported DOM elements", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "react", + "accessibility" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6824", + "sqKey": "S6824", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW", + "RELIABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6825/common/rule.adoc b/rules/S6825/common/rule.adoc new file mode 100644 index 00000000000..b6c84c8775b --- /dev/null +++ b/rules/S6825/common/rule.adoc @@ -0,0 +1,39 @@ +== Why is this an issue? + +ARIA (Accessible Rich Internet Applications) is a set of attributes that define ways to make web content and web applications more accessible to people with disabilities. The `aria-hidden` attribute is used to indicate that an element and all of its descendants are not visible or perceivable to any user as implemented by assistive technologies. + +However, when `aria-hidden` is used on a focusable element, it can create a confusing and inaccessible experience for screen reader users. This is because the element will still be included in the tab order, so a screen reader user can navigate to it, but it will not be announced by the screen reader due to the `aria-hidden` attribute. + +This rule ensures that focusable elements are not hidden from screen readers using the `aria-hidden` attribute. + +== How to fix it + +Check if the element is focusable. Focusable elements should not have `aria-hidden` attribute. + +=== Code examples + +==== Noncompliant code example + +[source,html,diff-id=1,diff-type=noncompliant] +---- + +---- + +Remove `aria-hidden` attribute. + +==== Compliant solution + +[source,html,diff-id=1,diff-type=compliant] +---- + +---- + +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-hidden[aria-hidden attribute (Reference)] + +=== Standards + +* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] diff --git a/rules/S6825/html/metadata.json b/rules/S6825/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6825/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6825/html/rule.adoc b/rules/S6825/html/rule.adoc new file mode 100644 index 00000000000..5f710f9ed83 --- /dev/null +++ b/rules/S6825/html/rule.adoc @@ -0,0 +1 @@ +include::../common/rule.adoc[] diff --git a/rules/S6825/javascript/metadata.json b/rules/S6825/javascript/metadata.json index c6f5f752e44..d79173ef449 100644 --- a/rules/S6825/javascript/metadata.json +++ b/rules/S6825/javascript/metadata.json @@ -1,25 +1,6 @@ { - "title": "Focusable elements should not have \"aria-hidden\" attribute", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, "tags": [ "accessibility", "react" - ], - "defaultSeverity": "Major", - "ruleSpecification": "RSPEC-6825", - "sqKey": "S6825", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "targeted", - "code": { - "impacts": { - "RELIABILITY": "MEDIUM" - }, - "attribute": "CONVENTIONAL" - } + ] } diff --git a/rules/S6825/javascript/rule.adoc b/rules/S6825/javascript/rule.adoc index 6633b928bd5..5f710f9ed83 100644 --- a/rules/S6825/javascript/rule.adoc +++ b/rules/S6825/javascript/rule.adoc @@ -1,39 +1 @@ -== Why is this an issue? - -ARIA (Accessible Rich Internet Applications) is a set of attributes that define ways to make web content and web applications more accessible to people with disabilities. The `aria-hidden` attribute is used to indicate that an element and all of its descendants are not visible or perceivable to any user as implemented by assistive technologies. - -However, when `aria-hidden` is used on a focusable element, it can create a confusing and inaccessible experience for screen reader users. This is because the element will still be included in the tab order, so a screen reader user can navigate to it, but it will not be announced by the screen reader due to the `aria-hidden` attribute. - -This rule ensures that focusable elements are not hidden from screen readers using the `aria-hidden` attribute. - -== How to fix it - -Check if the element is focusable. Focusable elements should not have `aria-hidden` attribute. - -=== Code examples - -==== Noncompliant code example - -[source,javascript,diff-id=1,diff-type=noncompliant] ----- - ----- - -Remove `aria-hidden` attribute. - -==== Compliant solution - -[source,javascript,diff-id=1,diff-type=compliant] ----- - ----- - -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques[Using ARIA: Roles, states, and properties] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-hidden[aria-hidden attribute (Reference)] - -=== Standards - -* W3C - https://www.w3.org/TR/wai-aria-1.2/[Accessible Rich Internet Applications (WAI-ARIA) 1.2] +include::../common/rule.adoc[] diff --git a/rules/S6825/metadata.json b/rules/S6825/metadata.json index 2c63c085104..03ad1383836 100644 --- a/rules/S6825/metadata.json +++ b/rules/S6825/metadata.json @@ -1,2 +1,24 @@ { + "title": "Focusable elements should not have \"aria-hidden\" attribute", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6825", + "sqKey": "S6825", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "targeted", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6826/java/asciidocs.adoc b/rules/S6826/java/asciidocs.adoc new file mode 100644 index 00000000000..6e2a3e6bd6e --- /dev/null +++ b/rules/S6826/java/asciidocs.adoc @@ -0,0 +1,98 @@ +:data-uri: + +There are two AsciiDoc image macro types, block and inline. As with all macros, +the block and inline forms differ by the number of colons that follow the macro +name. The block form uses two colons (``++::++``), whereas the inline form only +uses one (``++:++``). + +==== Block image macro + +https://docs.asciidoctor.org/asciidoc/latest/macros/images/ + +---- +// Example 1 + +Content in document. + +image::image.png[] + +Content in document +---- + +Content in document. + +image::image.png[] + +Content in document + +include::lorem.adoc[] + +==== Position and Frame Images + +https://docs.asciidoctor.org/asciidoc/latest/macros/image-position/ + +==== Positioning attributes + +---- +// Example 1. A block image pulled to the right and centered within the block + +image::image.png[Tiger,200,200,float="right",align="center"] +---- + +image::image.png[Tiger,200,200,float="right",align="center"] + +include::lorem.adoc[] + +---- +// Example 2. An inline image pulled to the right of the paragraph text + +image:image.png[Linux,150,150,float="right"] +You can find Linux everywhere these days! +---- + +image:image.png[Linux,150,150,float="right"] +You can find Linux everywhere these days! + +include::lorem.adoc[] + +==== Control the float + +---- +[.float-group] +-- +[.left] +.Image A +image::image.png[A,240,180] + +[.left] +.Image B +image::image.png[B,240,180] +-- + +Text below images. +---- + +[.float-group] +-- +[.left] +.Image A +image::image.png[A,240,180] + +[.left] +.Image B +image::image.png[B,240,180] +-- + +Text below images. + +include::lorem.adoc[] + +==== SVG images + +https://docs.asciidoctor.org/asciidoc/latest/macros/image-svg/ + +---- +image::icon.svg[Static,300] +---- + +image::icon.svg[Static,300] diff --git a/rules/S6826/java/icon.svg b/rules/S6826/java/icon.svg new file mode 100644 index 00000000000..ec0e152da0e --- /dev/null +++ b/rules/S6826/java/icon.svg @@ -0,0 +1 @@ +SonarCloud icon \ No newline at end of file diff --git a/rules/S6826/java/image.png b/rules/S6826/java/image.png new file mode 100644 index 00000000000..7a17df3d2f4 Binary files /dev/null and b/rules/S6826/java/image.png differ diff --git a/rules/S6826/java/lorem.adoc b/rules/S6826/java/lorem.adoc new file mode 100644 index 00000000000..1b85bc7854d --- /dev/null +++ b/rules/S6826/java/lorem.adoc @@ -0,0 +1,7 @@ +_Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce a massa sit +amet lectus pellentesque auctor. Mauris efficitur egestas elementum. Morbi +placerat quam ut hendrerit porta. Nulla vitae orci sit amet elit pellentesque +interdum. Sed tincidunt ipsum at hendrerit ornare. Ut orci magna, fringilla et +finibus eu, consectetur vestibulum massa. Pellentesque habitant morbi tristique +senectus et netus et malesuada fames ac turpis egestas. Fusce sed lorem urna._ + diff --git a/rules/S6826/java/metadata.json b/rules/S6826/java/metadata.json new file mode 100644 index 00000000000..9f02b01ae9f --- /dev/null +++ b/rules/S6826/java/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "This is a rule showcasing images in rules", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "rspec-showcase" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6826", + "sqKey": "S6826", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "HIGH", + "RELIABILITY": "MEDIUM", + "SECURITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } +} diff --git a/rules/S6826/java/rule.adoc b/rules/S6826/java/rule.adoc new file mode 100644 index 00000000000..36962c79947 --- /dev/null +++ b/rules/S6826/java/rule.adoc @@ -0,0 +1,45 @@ +== Why is this an issue? + +This rule is not really a rule, but a demonstration of the images that can +appear in a rule description. The Asciidoc docs are copied, but only their code +samples. + +A version containing links is available in +[the initial PR](https://github.com/SonarSource/rspec/blob/b83c150164ae37a77a978d6729c09a5178cbf1aa/rules/S6826/java/asciidocs-links.adoc?plain=1). + +=== What is the potential impact? + +:random_variable: 42 + +include::asciidocs.adoc[] + +== How to fix it in Spring + +=== Code examples + +==== Noncompliant code example + +[source,text,diff-id=1,diff-type=noncompliant] +---- +FIXME +---- + +==== Compliant solution + +[source,text,diff-id=1,diff-type=compliant] +---- +FIXED +---- + +=== How does this work? + +:random_variable: 1337 + +include::asciidocs.adoc[] + +== Resources + +=== Documentation + +* None + diff --git a/rules/S6826/metadata.json b/rules/S6826/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6826/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6827/common/rule.adoc b/rules/S6827/common/rule.adoc new file mode 100644 index 00000000000..7dba589eca3 --- /dev/null +++ b/rules/S6827/common/rule.adoc @@ -0,0 +1,38 @@ +== Why is this an issue? + +Anchors, represented by the `a` tag in HTML, usually contain a hyperlink that users can click to navigate to different sections of a website or different websites altogether. + +However, when anchors do not have content or when the content is hidden from screen readers using the `aria-hidden` property, +it creates a significant accessibility issue. If an anchor's content is hidden or non-existent, visually impaired users may not be able to understand the purpose of the anchor or navigate the website effectively. + +This rule checks that anchors do not use the `aria-hidden` property and have content provided either between the tags or as `aria-label` or `title` property. + +== How to fix it + +Ensure that anchors either have content or an `aria-label` or `title` attribute, and they should not use the `aria-hidden` property. + +=== Code examples + +==== Noncompliant code example + +[source,html,diff-id=1,diff-type=noncompliant] +---- +    link to my site +---- + +==== Compliant solution + +[source,html,diff-id=1,diff-type=compliant] +---- +link to my site +---- + +== Resources +=== Documentation + +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a[``++++``: The Anchor element] +* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-hidden[``++aria-hidden++`` attribute] + +=== Standards + +* W3C - https://www.w3.org/WAI/WCAG21/Understanding/link-purpose-in-context[Link purpose] diff --git a/rules/S6827/html/metadata.json b/rules/S6827/html/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6827/html/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6827/html/rule.adoc b/rules/S6827/html/rule.adoc new file mode 100644 index 00000000000..5f710f9ed83 --- /dev/null +++ b/rules/S6827/html/rule.adoc @@ -0,0 +1 @@ +include::../common/rule.adoc[] diff --git a/rules/S6827/javascript/metadata.json b/rules/S6827/javascript/metadata.json index ed0ea1c92a7..44fbcbe538f 100644 --- a/rules/S6827/javascript/metadata.json +++ b/rules/S6827/javascript/metadata.json @@ -1,26 +1,6 @@ { - "title": "Anchors should contain accessible content", - "type": "CODE_SMELL", - "status": "ready", - "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" - }, - "tags": [ - "react", - "accessibility" - ], - "defaultSeverity": "Minor", - "ruleSpecification": "RSPEC-6827", - "sqKey": "S6827", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "infeasible", - "code": { - "impacts": { - "MAINTAINABILITY": "LOW", - "RELIABILITY": "LOW" - }, - "attribute": "CONVENTIONAL" - } + "tags": [ + "react", + "accessibility" + ] } diff --git a/rules/S6827/javascript/rule.adoc b/rules/S6827/javascript/rule.adoc index d5e712d8f58..5f710f9ed83 100644 --- a/rules/S6827/javascript/rule.adoc +++ b/rules/S6827/javascript/rule.adoc @@ -1,38 +1 @@ -== Why is this an issue? - -Anchors, represented by the `a` tag in HTML, usually contain a hyperlink that users can click to navigate to different sections of a website or different websites altogether. - -However, when anchors do not have content or when the content is hidden from screen readers using the `aria-hidden` property, -it creates a significant accessibility issue. If an anchor's content is hidden or non-existent, visually impaired users may not be able to understand the purpose of the anchor or navigate the website effectively. - -This rule checks that anchors do not use the `aria-hidden` property and have content provided either between the tags or as `aria-label` or `title` property. - -== How to fix it in JSX - -Ensure that anchors either have content or an `aria-label` or `title` attribute, and they should not use the `aria-hidden` property. - -=== Code examples - -==== Noncompliant code example - -[source,javascript,diff-id=1,diff-type=noncompliant] ----- -link to my site ----- - -==== Compliant solution - -[source,javascript,diff-id=1,diff-type=compliant] ----- -link to my site ----- - -== Resources -=== Documentation - -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a[``++++``: The Anchor element] -* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-hidden[``++aria-hidden++`` attribute] - -=== Standards - -* W3C - https://www.w3.org/WAI/WCAG21/Understanding/link-purpose-in-context[Link purpose] +include::../common/rule.adoc[] diff --git a/rules/S6827/metadata.json b/rules/S6827/metadata.json index 2c63c085104..5f60f9acd99 100644 --- a/rules/S6827/metadata.json +++ b/rules/S6827/metadata.json @@ -1,2 +1,25 @@ { + "title": "Anchors should contain accessible content", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "accessibility" + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6827", + "sqKey": "S6827", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "infeasible", + "code": { + "impacts": { + "MAINTAINABILITY": "LOW", + "RELIABILITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } } diff --git a/rules/S6829/java/metadata.json b/rules/S6829/java/metadata.json index bae3410360b..a3a6588f0d6 100644 --- a/rules/S6829/java/metadata.json +++ b/rules/S6829/java/metadata.json @@ -12,8 +12,10 @@ "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-6829", "sqKey": "S6829", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "infeasible", "code": { "impacts": { diff --git a/rules/S6830/java/metadata.json b/rules/S6830/java/metadata.json new file mode 100644 index 00000000000..97f35bdcb4e --- /dev/null +++ b/rules/S6830/java/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "Bean names should adhere to the naming conventions", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + "spring" + ], + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-6830", + "sqKey": "S6830", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "IDENTIFIABLE" + } +} diff --git a/rules/S6830/java/rule.adoc b/rules/S6830/java/rule.adoc new file mode 100644 index 00000000000..6be51965ef0 --- /dev/null +++ b/rules/S6830/java/rule.adoc @@ -0,0 +1,71 @@ +== Why is this an issue? + +Consistent naming of beans is important for the readability and maintainability of the code. More precisely, according to the Spring documentation: +---- +Naming beans consistently makes your configuration easier to read and understand. Also, if you use Spring AOP, it helps a lot when applying advice to a set of beans related by name. +---- + +Not following accepted conventions can introduce inconsistent naming, especially when multiple developers work on the same project, leading to technical debt. + +The spring documentation establishes a naming convention that consists of camel-cased names with a leading lowercase letter. + +This rule raises an issue when a bean name defined in one of the following annotations does not adhere to the naming convention: + +* `@Bean` +* `@Configuration` +* `@Controller` +* `@Component` +* `@Qualifier` +* `@Repository` +* `@Service` + +== How to fix it + +Change the bean's name to adhere to the naming conventions. +Names should be camel-cased and start with a lowercase letter, for example, `myBean`. + +=== Code examples + +==== Noncompliant code example + +[source,java,diff-id=1,diff-type=noncompliant] +---- +@Bean(name = "MyBean") // Noncompliant, the first letter of the name should be lowercase +public MyBean myBean() { + ... +---- + +==== Compliant solution + +[source,java,diff-id=1,diff-type=compliant] +---- +@Bean(name = "myBean") // Compliant +public MyBean myBean() { + ... +---- + +==== Noncompliant code example + +[source,java,diff-id=2,diff-type=noncompliant] +---- +@Service("my_service") // Noncompliant, the name should be camel-cased +public class MyService { + ... +---- + +==== Compliant solution + +[source,java,diff-id=2,diff-type=compliant] +---- +@Service("myService") // Compliant +public class MyService { + ... +---- + +== Resources + +=== Documentation +* Spring Framework Documentation - https://docs.spring.io/spring-framework/reference/core/beans/definition.html#beans-beanname[3.3 Bean overview] + +=== Articles & blog posts +* Java Guides - https://www.javaguides.net/2019/03/spring-boot-best-practices.html[Spring Boot Best Practices] diff --git a/rules/S6830/metadata.json b/rules/S6830/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6830/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6831/java/metadata.json b/rules/S6831/java/metadata.json index 252a01a1a77..5a7531e4d5f 100644 --- a/rules/S6831/java/metadata.json +++ b/rules/S6831/java/metadata.json @@ -14,7 +14,7 @@ "sqKey": "S6831", "scope": "Main", "defaultQualityProfiles": ["Sonar way"], - "quickfix": "targeted", + "quickfix": "covered", "code": { "impacts": { "MAINTAINABILITY": "MEDIUM", diff --git a/rules/S6832/java/metadata.json b/rules/S6832/java/metadata.json index 5ec7969a6a9..213b5cfa82d 100644 --- a/rules/S6832/java/metadata.json +++ b/rules/S6832/java/metadata.json @@ -12,8 +12,10 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6832", "sqKey": "S6832", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "infeasible", "code": { "impacts": { @@ -21,4 +23,4 @@ }, "attribute": "LOGICAL" } -} \ No newline at end of file +} diff --git a/rules/S6833/java/metadata.json b/rules/S6833/java/metadata.json index d115b2bf881..b66b189d9a7 100644 --- a/rules/S6833/java/metadata.json +++ b/rules/S6833/java/metadata.json @@ -12,8 +12,10 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6833", "sqKey": "S6833", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "covered", "code": { "impacts": { diff --git a/rules/S6836/javascript/metadata.json b/rules/S6836/javascript/metadata.json index 2b6860eb574..5fbdcab7362 100644 --- a/rules/S6836/javascript/metadata.json +++ b/rules/S6836/javascript/metadata.json @@ -8,7 +8,7 @@ }, "tags": [ ], - "defaultSeverity": "Minor", + "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6836", "sqKey": "S6836", "scope": "All", diff --git a/rules/S6837/java/metadata.json b/rules/S6837/java/metadata.json index e804d003bc2..47ca67fc447 100644 --- a/rules/S6837/java/metadata.json +++ b/rules/S6837/java/metadata.json @@ -12,8 +12,10 @@ "defaultSeverity": "Major", "ruleSpecification": "RSPEC-6837", "sqKey": "S6837", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "targeted", "code": { "impacts": { diff --git a/rules/S6838/java/metadata.json b/rules/S6838/java/metadata.json new file mode 100644 index 00000000000..f1fe7bca4c8 --- /dev/null +++ b/rules/S6838/java/metadata.json @@ -0,0 +1,26 @@ +{ + "title": "\"@Bean\" methods for Singleton should not be invoked in \"@Configuration\" when proxyBeanMethods is false", + "type": "BUG", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "10min" + }, + "tags": [ + "spring" + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-6838", + "sqKey": "S6838", + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "infeasible", + "code": { + "impacts": { + "RELIABILITY": "MEDIUM" + }, + "attribute": "LOGICAL" + } +} diff --git a/rules/S6838/java/rule.adoc b/rules/S6838/java/rule.adoc new file mode 100644 index 00000000000..7d029a392e5 --- /dev/null +++ b/rules/S6838/java/rule.adoc @@ -0,0 +1,111 @@ +Spring proxies are based on the *Proxy design pattern* and serve as intermediaries to other resources, offering extra features at a slight performance penalty. +For example, they facilitate lazy resource initialization and data caching. + +The `@Configuration` annotation enables this mechanism by default through the `proxyBeanMethods` attribute set to `true`. +This ensures that the `@Bean` methods are proxied in order to enforce bean lifecycle behavior, e.g. to return shared singleton bean instances even in case of direct `@Bean` method calls in user code. +This functionality is achieved via method interception, implemented through a runtime-generated *https://github.com/cglib/cglib/wiki[CGLIB]* subclass. + +== Why is this an issue? + +When setting the `proxyBeanMethods` attribute to `false` the `@Bean` methods are not proxied and this is similar to removing the `@Configuration` stereotype. +In this scenario, `@Bean` methods within the `@Configuration` annotated class operate in https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/context/annotation/Bean.html[_lite mode_], resulting in a new bean creation each time the method is invoked. + +For `Singleton` beans, this could cause unexpected outcomes as the bean is created multiple times instead of being created once and cached. + +The rule raises an issue when the `proxyBeanMethods` attribute is set to `false` and the `@Bean` method of a `Singleton` bean is directly invoked in the `@Configuration` annotated class code. + +== How to fix it + +The issue can be fixed in the following ways: + +* Not invoking the `@Bean` method directly, but rather injecting the bean in the context and using it, by means of `@Bean` https://docs.spring.io/spring-framework/reference/core/beans/java/bean-annotation.html#beans-java-dependencies[method parameters]. + +* If the performance penalty is negligible, consider not disabling the `proxyBeanMethods` attribute, so that the `@Bean` methods are proxied and the bean lifecycle is enforced. + +=== Code examples + +==== Noncompliant code example + +In the example below, every instance of `PrototypeBean` will have a different instance of `SingletonBean`, as `singletonBean()` is called directly from `prototypeBean()`. + +[source,java,diff-id=1,diff-type=noncompliant] +---- +@Configuration(proxyBeanMethods = false) +class ConfigurationExample { + @Bean + public SingletonBean singletonBean() { + return new SingletonBean(); + } + + @Bean + @Scope("prototype") + public PrototypeBean prototypeBean() { + return new PrototypeBean(singletonBean()); // Noncompliant, the singletonBean is created every time a prototypeBean is created + } + + class SingletonBean { + // ... + } + + class PrototypeBean { + // ... + + public PrototypeBean(SingletonBean singletonBean) { + // ... + } + + // ... + } +} +---- + +==== Compliant solution + +The compliant solution relies on the `@Bean` method parameter to automatically inject the `SingletonBean` from the `ApplicationContext`. +This way every instance of `PrototypeBean` will have the same instance of `SingletonBean`. + +[source,java,diff-id=1,diff-type=compliant] +---- +@Configuration(proxyBeanMethods = false) +class ConfigurationExample { + @Bean + public SingletonBean singletonBean() { + return new SingletonBean(); + } + + @Bean + @Scope("prototype") + public PrototypeBean prototypeBean(SingletonBean singletonBean) { // Compliant, the singletonBean is injected in the context and used by every prototypeBean + return new PrototypeBean(singletonBean); + } + + class SingletonBean { + // ... + } + + class PrototypeBean { + // ... + + public PrototypeBean(SingletonBean singletonBean) { + // ... + } + + // ... + } +} +---- + +== Resources +=== Documentation + +* Spring - https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/context/annotation/Configuration.html#proxyBeanMethods()[Configuration - proxyBeanMethods] + +* Spring - https://docs.spring.io/spring-framework/reference/core/aop/proxying.html[Proxying Mechanisms] + +* Spring - https://docs.spring.io/spring-framework/reference/core/beans/java/bean-annotation.html#beans-java-dependencies[Bean Annotation - Dependencies] + +* GitHub - https://github.com/cglib/cglib/wiki[CGLIB] + +=== Articles & blog posts + +* Medium - https://blog.devgenius.io/demystifying-proxy-in-spring-3ab536046b11[Demystifying Proxy in Spring] diff --git a/rules/S6838/metadata.json b/rules/S6838/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6838/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6839/description.adoc b/rules/S6839/description.adoc new file mode 100644 index 00000000000..1e80b2806b9 --- /dev/null +++ b/rules/S6839/description.adoc @@ -0,0 +1,23 @@ +HTTP Response Splitting is a type of web application vulnerability that occurs when an attacker manipulates the data input into HTTP headers. This manipulation can lead to the creation of additional, unauthorized HTTP responses. The vulnerability arises when user-supplied data is not properly validated and sanitized before being included in an HTTP response header. This can potentially allow an attacker to control the contents of the HTTP response received by other users, leading to a variety of consequences such as cross-site scripting (XSS), session hijacking, cache poisonning, or malware delivery. + +== Why is this an issue? + +Without proper validation or sanitation, an attacker with control over a header's content could insert line return characters in it and inject arbitrary content in the HTTP response. This includes headers, their content, and the response body. + +=== What is the potential impact + +HTTP Response Splitting is a significant security concern due to its potential to compromise the integrity and confidentiality of web applications and their users' data. Typical exploitation scenarios include Cross-Site Scripting (XSS), phishing attacks or cache poisonning. + +==== Cross-Site Scripting (XSS) + +When an attacker successfully exploits an HTTP Response Splitting vulnerability, they can inject malicious scripts into the HTTP response. These scripts can be executed in the user's browser, leading to an XSS attack. This can result in unauthorized access to sensitive user data, such as login credentials or personal information. + +==== Phishing Attacks + +An attacker can use this vulnerability to redirect users to a malicious website that looks identical to the original one. Unaware users might provide sensitive information like usernames, passwords, or credit card details, thinking they are on a legitimate site. + +==== Cache poisonning + +By controlling the content and headers of the HTTP response, an attacker can force the application's hosting infrastructure to store a maliciously crafted web page in a cache. Every user that will later try to access the page or resource which cached version has been poisoned will therefore be presented with malicious content. + +Such an attack can make the impact of other mentioned exploitation scenario higher. \ No newline at end of file diff --git a/rules/S6839/how-to-fix-it.adoc b/rules/S6839/how-to-fix-it.adoc new file mode 100644 index 00000000000..ab9dd7356b2 --- /dev/null +++ b/rules/S6839/how-to-fix-it.adoc @@ -0,0 +1,5 @@ +== How to fix it + +As a best practice, applications that construct response headers using user-provided data should always implement rigorous validation or sanitation of this data. + +Also, note that most high-level and modern web development frameworks integrate a built-in protection measure and are thus immune to response splitting attacks. Using such a framework should be considered. \ No newline at end of file diff --git a/rules/S6839/metadata.json b/rules/S6839/metadata.json new file mode 100644 index 00000000000..38f0c7ab8ee --- /dev/null +++ b/rules/S6839/metadata.json @@ -0,0 +1,57 @@ +{ + "title": "HTTP response headers should not be vulnerable to response splitting attacks", + "type": "VULNERABILITY", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "30min" + }, + "tags": [], + "extra": { + "replacementRules": [], + "legacyKeys": [] + }, + "defaultSeverity": "Blocker", + "ruleSpecification": "RSPEC-6839", + "sqKey": "S6839", + "scope": "Main", + "securityStandards": { + "CWE": [ + 20, + 113 + ], + "OWASP": [ + "A1" + ], + "OWASP Top 10 2021": [ + "A3" + ], + "PCI DSS 3.2": [ + "6.5.1" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "5.1.3", + "5.1.4" + ], + "STIG ASD_V5R3": [ + "V-222609" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "code": { + "impacts": { + "SECURITY": "BLOCKER" + }, + "attribute": "COMPLETE" + }, + "quickfix": "unknown", + "educationPrinciples": [ + "defense_in_depth", + "never_trust_user_input" + ] +} diff --git a/rules/S6839/python/metadata.json b/rules/S6839/python/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S6839/python/metadata.json @@ -0,0 +1,2 @@ +{ +} diff --git a/rules/S6839/python/rule.adoc b/rules/S6839/python/rule.adoc new file mode 100644 index 00000000000..a961826f049 --- /dev/null +++ b/rules/S6839/python/rule.adoc @@ -0,0 +1,77 @@ +include::../description.adoc[] + +include::../how-to-fix-it.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,python,diff-id=1,diff-type=noncompliant] +---- +from http.server import BaseHTTPRequestHandler +from urllib.parse import urlparse, parse_qs + +class ReqHandler(BaseHTTPRequestHandler): + def do_GET(self): + parsed = urlparse(self.path) + params = parse_qs(parsed.query) + self.send_response(200) + self.send_header("Content-Type", params.get('accept')[0]) # Noncompliant + self.end_headers() + self.wfile.write(bytes("Hello World!", "utf-8")) +---- + +==== Compliant solution + +[source,python,diff-id=1,diff-type=compliant] +---- +from http.server import BaseHTTPRequestHandler +from urllib.parse import urlparse, parse_qs, quote + +class ReqHandler(BaseHTTPRequestHandler): + def do_GET(self): + parsed = urlparse(self.path) + params = parse_qs(parsed.query) + self.send_response(200) + self.send_header("Content-Type", quote(params.get('accept')[0])) # Compliant + self.end_headers() + self.wfile.write(bytes("Hello World!", "utf-8")) +---- + +=== How does this work? + +By applying a URL encoding to an untrusted header value, the application ensures that all special characters are properly escaped before they are added to the HTTP response. Especially `\r` (Carriage Return) and `\n` (Line Feed) characters will be encoded to `%0D` and `%OA` and won't be able to alter the HTTP response's semantics. + +//=== Pitfalls + +//=== Going the extra mile + + +//== Resources + +include::../see.adoc[] + +//=== Documentation +//=== Articles & blog posts +//=== Conference presentations +//=== Standards +//=== External coding guidelines +//=== Benchmarks + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message + +Change this code to not set an HTTP response header based on a user-controlled +value. + +=== Highlighting + +Highlight the tainted argument in the sink parameters. + +endif::env-github,rspecator-view[] diff --git a/rules/S6839/see.adoc b/rules/S6839/see.adoc new file mode 100644 index 00000000000..80238451b7c --- /dev/null +++ b/rules/S6839/see.adoc @@ -0,0 +1,14 @@ +== Resources + +=== Documentation + +* OWASP - https://www.owasp.org/index.php/HTTP_Response_Splitting[HTTP Response Splitting] + +=== Standards + +* OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection] +* OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection] +* CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation] +* CWE - https://cwe.mitre.org/data/definitions/113[CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')] +* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities. + diff --git a/rules/S6840/common/rule.adoc b/rules/S6840/common/rule.adoc new file mode 100644 index 00000000000..fb74387fb74 --- /dev/null +++ b/rules/S6840/common/rule.adoc @@ -0,0 +1,32 @@ +:doctype: book + +# tag::header[] +== Why is this an issue? + +Not providing autocomplete values in form fields can lead to content inaccessibility. The function of each standard input field, which gathers a person's personal data, is systematically determined according to the list of https://www.w3.org/TR/WCAG21/#input-purposes[53 Input Purposes for User Interface Components]. If the necessary autocomplete attribute values are absent, screen readers will not be able to identify and read these fields. This lack of information can hinder users, particularly those using screen readers, from properly navigating and interacting with forms. + +For screen readers to operate effectively, it is imperative that the autocomplete attribute values are not only valid but also correctly applied. + +== How to fix it + +Ensure the autocomplete attribute is correct and suitable for the form field it is used with: + +* Identify the input type: The autocomplete attribute should be used with form elements like ``++++``, ``++