Update rules metadata (#1391)

maksim-grebeniuk-sonarsource · web-flow · commit 39210be88f3a · 2023-02-21T15:07:41.000+01:00
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2612.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2612.html
@@ -1,5 +1,7 @@
-<p>In Unix, "<code>others</code>" class refers to all users except the owner of the file and the members of the group assigned to this file.</p>
-<p>Granting permissions to this group can lead to unintended access to files.</p>
+<p>In Unix file system permissions, the "<code>others</code>" category refers to all users except the owner of the file system resource and the
+members of the group assigned to this resource.</p>
+<p>Granting permissions to this category can lead to unintended access to files or directories that could allow attackers to obtain sensitive
+information, disrupt services or elevate privileges.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> The application is designed to be run on a multi-user environment. </li>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4426.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4426.html
@@ -36,7 +36,6 @@ <h2>See</h2>
   Exposure </li>
   <li> <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">OWASP Top 10 2017 Category A6</a> - Security
   Misconfiguration </li>
-  <li> <a href="https://www.ssi.gouv.fr/uploads/2014/11/RGS_v-2-0_B1.pdf">ANSSI RGSv2</a> - Référentiel Général de Sécurité version 2 </li>
   <li> <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">NIST FIPS 186-4</a> - Digital Signature Standard (DSS) </li>
   <li> <a href="https://cwe.mitre.org/data/definitions/326">MITRE, CWE-326</a> - Inadequate Encryption Strength </li>
 </ul>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4433.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4433.html
@@ -1,5 +1,5 @@
 <p>An LDAP client authenticates to an LDAP server with a "bind request" which provides, among other, a <a
-href="https://ldapwiki.com/wiki/Simple%20Authentication">simple authentication method</a>.</p>
+href="https://web.archive.org/web/20220922153922/https://ldapwiki.com/wiki/Simple%20Authentication">simple authentication method</a>.</p>
 <p>Simple authentication in LDAP can be used with three different mechanisms:</p>
 <ul>
   <li> <em>Anonymous Authentication Mechanism</em> by performing a bind request with a username and password value of zero length. </li>
@@ -40,6 +40,7 @@ <h2>See</h2>
   <li> <a href="https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication">OWASP Top 10 2017 Category A2</a> - Broken Authentication
   </li>
   <li> <a href="https://cwe.mitre.org/data/definitions/521">MITRE, CWE-521</a> - Weak Password Requirements </li>
-  <li> <a href="https://ldapwiki.com/wiki/Simple%20Authentication">ldapwiki.com</a>- Simple Authentication </li>
+  <li> <a href="https://web.archive.org/web/20220922153922/https://ldapwiki.com/wiki/Simple%20Authentication">ldapwiki.com</a>- Simple Authentication
+  </li>
 </ul>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4507.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4507.html
@@ -1,19 +1,14 @@
-<p>Delivering code in production with debug features activated is security-sensitive. It has led in the past to the following vulnerabilities:</p>
-<ul>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999007">CVE-2018-1999007</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5306">CVE-2015-5306</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006">CVE-2013-2006</a> </li>
-</ul>
-<p>An application’s debug features enable developers to find bugs more easily and thus facilitate also the work of attackers. It often gives access to
-detailed information on both the system running the application and users.</p>
+<p>Development tools and frameworks usually have options to make debugging easier for developers. Although these features are useful during
+development, they should never be enabled for applications deployed in production. Debug instructions or error messages can leak detailed information
+about the system, like the application’s path or file names.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> The code or configuration enabling the application debug features is deployed on production servers or distributed to end users. </li>
   <li> The application runs by default with debug features activated. </li>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
-<p>Do not enable debug features on production servers or applications distributed to end users.</p>
+<p>Do not enable debugging features on production servers or applications distributed to end users.</p>
 <h2>Sensitive Code Example</h2>
 <pre>
 from django.conf import settings
diff --git a/sonarpedia.json b/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "PY"
   ],
-  "latest-update": "2023-02-03T14:24:32.827513Z",
+  "latest-update": "2023-02-21T12:35:43.435616Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": true
