SONARPY-2368 Update rules metadata (#2178)

Author: guillaume-dequenne

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/BackticksUsage.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CONVENTIONAL"
   },

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/ExecStatementUsage.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CONVENTIONAL"
   },

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1451.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "LAWFUL"
   },

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1845.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "IDENTIFIABLE"
   },

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2068.json

@@ -3,7 +3,7 @@
   "type": "SECURITY_HOTSPOT",
   "code": {
     "impacts": {
-      "SECURITY": "HIGH"
+      "SECURITY": "BLOCKER"
     },
     "attribute": "TRUSTWORTHY"
   },

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2190.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2245.html

@@ -1,16 +1,24 @@
-<p>Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities:</p>
+<p>PRNGs are algorithms that produce sequences of numbers that only approximate true randomness. While they are suitable for applications like
+simulations or modeling, they are not appropriate for security-sensitive contexts because their outputs can be predictable if the internal state is
+known.</p>
+<p>In contrast, cryptographically secure pseudorandom number generators (CSPRNGs) are designed to be secure against prediction attacks. CSPRNGs use
+cryptographic algorithms to ensure that the generated sequences are not only random but also unpredictable, even if part of the sequence or the
+internal state becomes known. This unpredictability is crucial for security-related tasks such as generating encryption keys, tokens, or any other
+values that must remain confidential and resistant to guessing attacks.</p>
+<p>For example, the use of non-cryptographic PRNGs has led to vulnerabilities such as:</p>
 <ul>
   <li> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386">CVE-2013-6386</a> </li>
   <li> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419">CVE-2006-3419</a> </li>
   <li> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102">CVE-2008-4102</a> </li>
 </ul>
 <p>When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that
-will be generated, and use this guess to impersonate another user or access sensitive information.</p>
+will be generated, and use this guess to impersonate another user or access sensitive information. Therefore, it is critical to use CSPRNGs in any
+security-sensitive application to ensure the robustness and security of the system.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> the code using the generated value requires it to be unpredictable. It is the case for all encryption mechanisms or when a secret value, such
   as a password, is hashed. </li>
-  <li> the function you use generates a value which can be predicted (pseudo-random). </li>
+  <li> the function you use is a non-cryptographic PRNG. </li>
   <li> the generated value is used multiple times. </li>
   <li> an attacker can access the generated value. </li>
 </ul>
@@ -38,10 +46,12 @@ <h2>Sensitive Code Example</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> OWASP - <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation">Secure
+  Random Number Generation Cheat Sheet</a> </li>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
   Exposure</a> </li>
-  <li> <a href="https://mas.owasp.org/checklists/MASVS-CRYPTO/">Mobile AppSec Verification Standard - Cryptography Requirements</a> </li>
+  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-CRYPTO/">Mobile AppSec Verification Standard - Cryptography Requirements</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography">Mobile Top 10 2016 Category M5 -
   Insufficient Cryptography</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/338">CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</a>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2275.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2711.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2712.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },