Update rule metadata to prepare v3.3 (#897)

Author: andrea-guarino-sonarsource

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/OneStatementPerLine.json

@@ -7,7 +7,7 @@
     "constantCost": "1min"
   },
   "tags": [
-    "style"
+    "convention"
   ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-122",

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1045.html

@@ -58,6 +58,8 @@ <h2>Compliant Solution</h2>
         print(e)
 </pre>
 <h2>See</h2>
-<p> * Python Documentation - <a href="https://docs.python.org/3/reference/compound_stmts.html#the-try-statement">The <code>try</code>
-statement</a></p>
+<ul>
+  <li> Python Documentation - <a href="https://docs.python.org/3/reference/compound_stmts.html#the-try-statement">The <code>try</code> statement</a>
+  </li>
+</ul>
 

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S112.html

@@ -84,8 +84,7 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> PEP 352 <del></del> <a href="https://www.python.org/dev/peps/pep-0352/#exception-hierarchy-changes">Required Superclass for Exceptions</a>
-  </li>
+  <li> PEP 352 - <a href="https://www.python.org/dev/peps/pep-0352/#exception-hierarchy-changes">Required Superclass for Exceptions</a> </li>
   <li> Python Documentation - <a href="https://docs.python.org/3/library/exceptions.html#BaseException">Built-in exceptions</a> </li>
   <li> <a href="http://cwe.mitre.org/data/definitions/397.html">MITRE, CWE-397</a> - Declaration of Throws for Generic Exception </li>
   <li> <a href="https://wiki.sei.cmu.edu/confluence/x/_DdGBQ">CERT, ERR07-J.</a> - Do not throw RuntimeException, Exception, or Throwable </li>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S113.html

@@ -1,8 +1,8 @@
 <p>Some tools such as Git work better when files end with an empty line. This rule simply generates an issue if it is missing.</p>
 <p>For example, a Git diff looks like this if the empty line is missing at the end of the file:</p>
-<p>&lt;pre&gt;</p>
-<p>+class Test:</p>
-<p>+ pass</p>
-<p> \ No newline at end of file</p>
-<p>&lt;/pre&gt;</p>
+<pre>
++class Test:
++    pass
+ \ No newline at end of file
+</pre>
 

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1143.html

@@ -55,7 +55,6 @@ <h2>Noncompliant Code Example</h2>
             raise ValueError()
         finally:
             continue  # Noncompliant
-
 </pre>
 <h2>Compliant Solution</h2>
 <pre>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1144.html

@@ -51,7 +51,7 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="https://docs.python.org/3.8/tutorial/classes.html#private-variables">Python documentation <del></del> Private Variables</a> </li>
-  <li> <a href="https://www.python.org/dev/peps/pep-0008/#designing-for-inheritance">PEP8 <del></del> Designing for Inheritance</a> </li>
+  <li> <a href="https://docs.python.org/3.8/tutorial/classes.html#private-variables">Python documentation – Private Variables</a> </li>
+  <li> <a href="https://www.python.org/dev/peps/pep-0008/#designing-for-inheritance">PEP8 – Designing for Inheritance</a> </li>
 </ul>
 

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1186.html

@@ -12,7 +12,6 @@ <h2>Noncompliant Code Example</h2>
 class MyClass:
     def mymethod1(self, foo="Noncompliant"):
         pass
-
 </pre>
 <h2>Compliant Solution</h2>
 <pre>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1523.html

@@ -4,8 +4,8 @@
   <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9802">CVE-2017-9802</a> </li>
 </ul>
 <p>Some APIs enable the execution of dynamic code by providing it as strings at runtime. These APIs might be useful in some very specific
-meta-programming use-cases. However most of the time their use is frowned upon as they also increase the risk of <a
-href="https://www.owasp.org/index.php/Code_Injection">Injected Code</a>. Such attacks can either run on the server or in the client (exemple: XSS
+meta-programming use-cases. However most of the time their use is frowned upon because they also increase the risk of maliciously <a
+href="https://www.owasp.org/index.php/Code_Injection">Injected Code</a>. Such attacks can either run on the server or in the client (example: XSS
 attack) and have a huge impact on an application's security.</p>
 <p>This rule marks for review each occurrence of such dynamic code execution. This rule does not detect code injections. It only highlights the use of
 APIs which should be used sparingly and very carefully.</p>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1523.json

@@ -7,10 +7,20 @@
     "constantCost": "30min"
   },
   "tags": [
-
+    "cwe",
+    "owasp-a1"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-1523",
   "sqKey": "S1523",
-  "scope": "Main"
+  "scope": "Main",
+  "securityStandards": {
+    "CWE": [
+      95,
+      470
+    ],
+    "OWASP": [
+      "A1"
+    ]
+  }
 }

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2053.html

@@ -1,17 +1,13 @@
-<p>In cryptography, "salt" is extra piece of data which is included in a hashing algorithm. It makes dictionary attacks more difficult. Using a
-cryptographic hash function without an unpredictable salt increases the likelihood that an attacker will be able to successfully guess a hashed value
-such as a password with a dictionary attack.</p>
-<p>This rule raises an issue when a hashing function which has been specifically designed for hashing sensitive data, such as PBKDF2, is used with a
-non-random, reused or too short salt value. It does not raise an issue on base hashing algorithms such as sha1 or md5 as these are often used for
-other purposes.</p>
+<p>In cryptography, a "salt" is an extra piece of data which is included when hashing a password. This makes <code>rainbow-table attacks</code> more
+difficult. Using a cryptographic hash function without an unpredictable salt increases the likelihood that an attacker could successfully find the
+hash value in databases of precomputed hashes (called <code>rainbow-tables</code>).</p>
+<p>This rule raises an issue when a hashing function which has been specifically designed for hashing passwords, such as <code>PBKDF2</code>, is used
+with a non-random, reused or too short salt value. It does not raise an issue on base hashing algorithms such as <code>sha1</code> or <code>md5</code>
+as they should not be used to hash passwords.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
-  <li> Use hashing functions generating their own salt or generate a long random salt of at least 32 bytes. </li>
-  <li> The salt is at least as long as the resulting hash value. </li>
-  <li> Provide the salt to a safe hashing function such as PBKDF2. </li>
-  <li> Save both the salt and the hashed value in the relevant database record; during future validation operations, the salt and hash can then be
-  retrieved from the database. The hash is recalculated with the stored salt and the value being validated, and the result compared to the stored
-  hash. </li>
+  <li> Use hashing functions generating their own secure salt or generate a secure random value of at least 16 bytes. </li>
+  <li> The salt should be unique by user password. </li>
 </ul>
 <h2>Noncompliant Code Example</h2>
 <p>hashlib</p>