SONARJAVA-5021 Update Rules Metadata (#4801)

Author: alban-auzeill

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2053.html

@@ -70,5 +70,7 @@ <h3>Standards</h3>
   Exposure</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/759">CWE-759 - Use of a One-Way Hash without a Salt</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/760">CWE-760 - Use of a One-Way Hash with a Predictable Salt</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542">Application Security and
+  Development: V-222542</a> - The application must only store cryptographic representations of passwords. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2053.json

@@ -35,6 +35,9 @@
     ],
     "PCI DSS 4.0": [
       "6.2.4"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222542"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2092.html

@@ -38,5 +38,7 @@ <h2>See</h2>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/311">CWE-311 - Missing Encryption of Sensitive Data</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/315">CWE-315 - Cleartext Storage of Sensitive Information in a Cookie</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/614">CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222576">Application Security and
+  Development: V-222576</a> - The application must set the secure flag on session cookies. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2092.json

@@ -45,6 +45,9 @@
       "6.1.1",
       "6.1.2",
       "6.1.3"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222576"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2184.html

@@ -55,11 +55,14 @@ <h3>Compliant solution</h3>
 }
 </pre>
 <h2>Resources</h2>
+<h3>Standards</h3>
 <ul>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/190">CWE-190 - Integer Overflow or Wraparound</a> </li>
   <li> <a href="https://wiki.sei.cmu.edu/confluence/x/AjdGBQ">CERT, NUM50-J.</a> - Convert integers to floating point for floating-point operations
   </li>
   <li> <a href="https://wiki.sei.cmu.edu/confluence/x/I9cxBQ">CERT, INT18-C.</a> - Evaluate integer expressions in a larger size before comparing or
   assigning to that size </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612">Application Security and
+  Development: V-222612</a> - The application must not be vulnerable to overflow attacks. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2184.json

@@ -31,6 +31,9 @@
     ],
     "ASVS 4.0": [
       "5.4.3"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222612"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2226.html

@@ -134,7 +134,10 @@ <h2>Resources</h2>
 <h3>Articles &amp; blog posts</h3>
 <ul>
   <li> <a href="https://www.devinline.com/2013/08/how-to-make-thread-safe-servlet.html">Nikhil Ranjan: How to make thread safe servlet ?</a> </li>
-  <li> <a href="https://objectcomputing.com/resources/publications/sett/april-2000-tips-for-creating-thread-safe-code-avoiding-race-conditions">Object
-  Computing: Tips for creating thread-safe code</a> </li>
+</ul>
+<h3>Standards</h3>
+<ul>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567">Application Security and
+  Development: V-222567</a> - The application must not be vulnerable to race conditions. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2226.json

@@ -24,6 +24,9 @@
   "securityStandards": {
     "CERT": [
       "MSC11-J."
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222567"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2254.html

@@ -49,5 +49,7 @@ <h3>Standards</h3>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication">Top 10 2017 Category A2 - Broken Authentication</a>
   </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/807">CWE-807 - Reliance on Untrusted Inputs in a Security Decision</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582">Application Security and
+  Development: V-222582</a> - The application must not re-use or recycle session IDs. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2254.json

@@ -28,6 +28,9 @@
     ],
     "OWASP Top 10 2021": [
       "A4"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222582"
     ]
   },
   "quickfix": "unknown"