NET-1040 Update RSPEC before 10.7 release

Author: mary-georgiou-sonarsource

analyzers/rspec/cs/S1133.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "CLEAR"
   },

analyzers/rspec/cs/S1135.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "COMPLETE"
   },

analyzers/rspec/cs/S1227.html

@@ -1,3 +1,4 @@
+<p>This rule is deprecated, and will eventually be removed.</p>
 <h2>Why is this an issue?</h2>
 <p><code>break;</code> is an unstructured control flow statement which makes code harder to read.</p>
 <p>Ideally, every loop should have a single termination condition.</p>

analyzers/rspec/cs/S1227.json

@@ -7,7 +7,7 @@
     },
     "attribute": "CLEAR"
   },
-  "status": "ready",
+  "status": "deprecated",
   "remediation": {
     "func": "Constant\/Issue",
     "constantCost": "10min"

analyzers/rspec/cs/S2115.json

@@ -3,7 +3,7 @@
   "type": "VULNERABILITY",
   "code": {
     "impacts": {
-      "SECURITY": "HIGH"
+      "SECURITY": "BLOCKER"
     },
     "attribute": "TRUSTWORTHY"
   },

analyzers/rspec/cs/S2245.html

@@ -57,15 +57,10 @@ <h2>See</h2>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
   Exposure</a> </li>
-  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-CRYPTO/">Mobile AppSec Verification Standard - Cryptography Requirements</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography">Mobile Top 10 2016 Category M5 -
-  Insufficient Cryptography</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/338">CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</a>
   </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/330">CWE-330 - Use of Insufficiently Random Values</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/326">CWE-326 - Inadequate Encryption Strength</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/1241">CWE-1241 - Use of Predictable Algorithm in Random Number Generator</a> </li>
-  <li> Derived from FindSecBugs rule <a href="https://h3xstream.github.io/find-sec-bugs/bugs.htm#PREDICTABLE_RANDOM">Predictable Pseudo Random Number
-  Generator</a> </li>
 </ul>
 

analyzers/rspec/cs/S2245.json

@@ -29,12 +29,6 @@
     "OWASP": [
       "A3"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-6"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/cs/S2755.json

@@ -3,7 +3,7 @@
   "type": "VULNERABILITY",
   "code": {
     "impacts": {
-      "SECURITY": "HIGH"
+      "SECURITY": "BLOCKER"
     },
     "attribute": "COMPLETE"
   },

analyzers/rspec/cs/S4423.json

@@ -30,12 +30,6 @@
       "A3",
       "A6"
     ],
-    "OWASP Mobile": [
-      "M3"
-    ],
-    "MASVS": [
-      "MSTG-NETWORK-2"
-    ],
     "OWASP Top 10 2021": [
       "A2",
       "A7"

analyzers/rspec/cs/S4426.html

@@ -116,7 +116,7 @@ <h3>How does this work?</h3>
 <h4>RSA (Rivest-Shamir-Adleman) and DSA (Digital Signature Algorithm)</h4>
 <p>The security of these algorithms depends on the difficulty of attacks attempting to solve their underlying mathematical problem.</p>
 <p>In general, a minimum key size of <strong>2048</strong> bits is recommended for both. It provides 112 bits of security. A key length of
-<strong>3072</strong> or <strong>4092</strong> should be preferred when possible.</p>
+<strong>3072</strong> or <strong>4096</strong> should be preferred when possible.</p>
 <h4>AES (Advanced Encryption Standard)</h4>
 <p>AES supports three key sizes: 128 bits, 192 bits and 256 bits. The security of the AES algorithm is based on the computational complexity of trying
 all possible keys.<br> A larger key size increases the number of possible keys and makes exhaustive search attacks computationally infeasible.
@@ -182,9 +182,6 @@ <h3>Standards</h3>
   Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
   Misconfiguration</a> </li>
-  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-CRYPTO/">Mobile AppSec Verification Standard - Cryptography Requirements</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography">Mobile Top 10 2016 Category M5 -
-  Insufficient Cryptography</a> </li>
   <li> <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf">NIST 800-131A</a> - Recommendation for Transitioning the
   Use of Cryptographic Algorithms and Key Lengths </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/326">CWE-326 - Inadequate Encryption Strength</a> </li>

analyzers/rspec/cs/S4426.json

@@ -28,12 +28,6 @@
       "A3",
       "A6"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-3"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/cs/S4487.html

@@ -17,7 +17,7 @@ <h2>Why is this an issue?</h2>
   {
     get
     {
-      return length * width;
+      return length * length;
     }
   }
 }

analyzers/rspec/cs/S4790.html

@@ -34,9 +34,6 @@ <h2>See</h2>
   Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
   Misconfiguration</a> </li>
-  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-CRYPTO/">Mobile AppSec Verification Standard - Cryptography Requirements</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography">Mobile Top 10 2016 Category M5 -
-  Insufficient Cryptography</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/1240">CWE-1240 - Use of a Risky Cryptographic Primitive</a> </li>
 </ul>
 

analyzers/rspec/cs/S4790.json

@@ -23,12 +23,6 @@
       "A3",
       "A6"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-4"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/cs/S4830.html

@@ -59,10 +59,6 @@ <h3>Standards</h3>
   Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
   Misconfiguration</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication">Mobile Top 10 2016 Category M3 - Insecure
-  Communication</a> </li>
-  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-NETWORK/">Mobile AppSec Verification Standard - Network Communication Requirements</a>
-  </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/295">CWE-295 - Improper Certificate Validation</a> </li>
   <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550">Application Security and
   Development: V-222550</a> - The application must validate certificates by constructing a certification path to an accepted trust anchor. </li>

analyzers/rspec/cs/S4830.json

@@ -29,12 +29,6 @@
       "A6",
       "A3"
     ],
-    "OWASP Mobile": [
-      "M3"
-    ],
-    "MASVS": [
-      "MSTG-NETWORK-3"
-    ],
     "OWASP Top 10 2021": [
       "A2",
       "A5",

analyzers/rspec/cs/S5332.html

@@ -96,10 +96,6 @@ <h3>Standards</h3>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
   Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
-  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-NETWORK/">Mobile AppSec Verification Standard - Network Communication Requirements</a>
-  </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication">Mobile Top 10 2016 Category M3 - Insecure
-  Communication</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/200">CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/319">CWE-319 - Cleartext Transmission of Sensitive Information</a> </li>
   <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397">Application Security and

analyzers/rspec/cs/S5332.json

@@ -23,12 +23,6 @@
     "OWASP": [
       "A3"
     ],
-    "OWASP Mobile": [
-      "M3"
-    ],
-    "MASVS": [
-      "MSTG-NETWORK-1"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/cs/S5542.json

@@ -29,12 +29,6 @@
       "A6",
       "A3"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-3"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/cs/S5547.json

@@ -29,12 +29,6 @@
       "A3",
       "A6"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-3"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/cs/S7131.json

@@ -9,7 +9,7 @@
   "tags": [
     "symbolic-execution"
   ],
-  "defaultSeverity": "Major",
+  "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-7131",
   "sqKey": "S7131",
   "scope": "All",

analyzers/rspec/cs/S7133.json

@@ -9,7 +9,7 @@
   "tags": [
     "symbolic-execution"
   ],
-  "defaultSeverity": "Major",
+  "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-7133",
   "sqKey": "S7133",
   "scope": "All",

analyzers/rspec/vbnet/S1133.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "CLEAR"
   },

analyzers/rspec/vbnet/S1135.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "COMPLETE"
   },

analyzers/rspec/vbnet/S4423.json

@@ -30,12 +30,6 @@
       "A3",
       "A6"
     ],
-    "OWASP Mobile": [
-      "M3"
-    ],
-    "MASVS": [
-      "MSTG-NETWORK-2"
-    ],
     "OWASP Top 10 2021": [
       "A2",
       "A7"

analyzers/rspec/vbnet/S4790.html

@@ -54,9 +54,6 @@ <h2>See</h2>
   Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
   Misconfiguration</a> </li>
-  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-CRYPTO/">Mobile AppSec Verification Standard - Cryptography Requirements</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography">Mobile Top 10 2016 Category M5 -
-  Insufficient Cryptography</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/1240">CWE-1240 - Use of a Risky Cryptographic Primitive</a> </li>
 </ul>
 

analyzers/rspec/vbnet/S4790.json

@@ -23,12 +23,6 @@
       "A3",
       "A6"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-4"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/vbnet/S4830.html

@@ -57,10 +57,6 @@ <h3>Standards</h3>
   Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
   Misconfiguration</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication">Mobile Top 10 2016 Category M3 - Insecure
-  Communication</a> </li>
-  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-NETWORK/">Mobile AppSec Verification Standard - Network Communication Requirements</a>
-  </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/295">CWE-295 - Improper Certificate Validation</a> </li>
   <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550">Application Security and
   Development: V-222550</a> - The application must validate certificates by constructing a certification path to an accepted trust anchor. </li>

analyzers/rspec/vbnet/S4830.json

@@ -29,12 +29,6 @@
       "A6",
       "A3"
     ],
-    "OWASP Mobile": [
-      "M3"
-    ],
-    "MASVS": [
-      "MSTG-NETWORK-3"
-    ],
     "OWASP Top 10 2021": [
       "A2",
       "A5",

analyzers/rspec/vbnet/S5542.json

@@ -29,12 +29,6 @@
       "A6",
       "A3"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-3"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/vbnet/S5547.json

@@ -29,12 +29,6 @@
       "A3",
       "A6"
     ],
-    "OWASP Mobile": [
-      "M5"
-    ],
-    "MASVS": [
-      "MSTG-CRYPTO-3"
-    ],
     "OWASP Top 10 2021": [
       "A2"
     ],

analyzers/rspec/vbnet/S7131.json

@@ -9,7 +9,7 @@
   "tags": [
     "symbolic-execution"
   ],
-  "defaultSeverity": "Major",
+  "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-7131",
   "sqKey": "S7131",
   "scope": "All",

analyzers/rspec/vbnet/S7133.json

@@ -9,7 +9,7 @@
   "tags": [
     "symbolic-execution"
   ],
-  "defaultSeverity": "Major",
+  "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-7133",
   "sqKey": "S7133",
   "scope": "All",

analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json

@@ -3,7 +3,7 @@
   "languages": [
     "CSH"
   ],
-  "latest-update": "2025-01-28T15:19:07.499237500Z",
+  "latest-update": "2025-02-26T15:40:04.929306Z",
   "options": {
     "no-language-in-filenames": true
   }

analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json

@@ -3,7 +3,7 @@
   "languages": [
     "VBNET"
   ],
-  "latest-update": "2025-01-28T15:22:46.290683900Z",
+  "latest-update": "2025-02-26T15:39:24.192698400Z",
   "options": {
     "no-language-in-filenames": true
   }