Update rule metadata (#1132)

Author: nils-werner-sonarsource

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6245.html

@@ -29,7 +29,7 @@ <h2>Recommended Secure Coding Practices</h2>
 <h2>Sensitive Code Example</h2>
 <p>Server-side encryption is not used:</p>
 <pre>
-bucket = s3.Bucket(self,"MyUnencryptedBucket",
+bucket = s3.Bucket(self,"bucket",
     encryption=s3.BucketEncryption.UNENCRYPTED       # Sensitive
 )
 </pre>
@@ -38,14 +38,14 @@ <h2>Sensitive Code Example</h2>
 <h2>Compliant Solution</h2>
 <p>Server-side encryption with Amazon S3-Managed Keys is used:</p>
 <pre>
-bucket = s3.Bucket(self,"MyEncryptedBucket",
-    encryption=s3.BucketEncryption.S3_MANAGED       # Compliant
+bucket = s3.Bucket(self,"bucket",
+    encryption=s3.BucketEncryption.S3_MANAGED
 )
 
 # Alternatively with a KMS key managed by the user.
 
-bucket = s3.Bucket(self,"MyEncryptedBucket",
-    encryptionKey=access_key                        # Compliant
+bucket = s3.Bucket(self,"bucket",
+    encryptionKey=access_key
 )
 </pre>
 <h2>See</h2>
@@ -59,7 +59,6 @@ <h2>See</h2>
   Misconfiguration </li>
   <li> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html">AWS documentation</a> - Protecting data using
   server-side encryption </li>
-  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketEncryption.html">CDK documentation</a> - BucketEncryption class
-  </li>
+  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketEncryption.html">AWS CDK version 2</a> - BucketEncryption </li>
 </ul>
 

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6252.html

@@ -10,15 +10,15 @@ <h2>Recommended Secure Coding Practices</h2>
 <p>It’s recommended to enable S3 versioning and thus to have the possibility to retrieve and restore different versions of an object.</p>
 <h2>Sensitive Code Example</h2>
 <pre>
-bucket = s3.Bucket(self, "MyUnversionedBucket",
+bucket = s3.Bucket(self, "bucket",
     versioned=False       # Sensitive
 )
 </pre>
 <p>The default value of <code>versioned</code> is <code>False</code> so the absence of this parameter is also sensitive.</p>
 <h2>Compliant Solution</h2>
 <pre>
-bucket = s3.Bucket(self, "MyVersionedBucket",
-    versioned=True       # Compliant
+bucket = s3.Bucket(self, "bucket",
+    versioned=True
 )
 </pre>
 <h2>See</h2>
@@ -27,7 +27,7 @@ <h2>See</h2>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration">OWASP Top 10 2017 Category A6</a> - Security
   Misconfiguration </li>
   <li> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html">AWS documentation</a> - Using versioning in S3 buckets </li>
-  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#versioned">CDK documentation</a> - Using versioning in S3
+  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#versioned">AWS CDK version 2</a> - Using versioning in S3
   buckets </li>
 </ul>
 

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6265.html

@@ -19,15 +19,11 @@ <h2>Sensitive Code Example</h2>
 <p>All users (ie: anyone in the world authenticated or not) have read and write permissions with the <code>PUBLIC_READ_WRITE</code> access
 control:</p>
 <pre>
-bucket = s3.Bucket(self,
-    "bucket",
+bucket = s3.Bucket(self, "bucket",
     access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE     # Sensitive
 )
 
-# Another example
-s3deploy.BucketDeployment(self,
-    "DeployWebsite",
-    ...,
+s3deploy.BucketDeployment(self, "DeployWebsite",
     access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE     # Sensitive
 )
 </pre>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6281.html

@@ -31,7 +31,7 @@ <h2>Recommended Secure Coding Practices</h2>
 <h2>Sensitive Code Example</h2>
 <p>By default, when not set, the <code>block_public_access</code> is fully deactivated (nothing is blocked):</p>
 <pre>
-bucket = s3.bucket(self,
+bucket = s3.Bucket(self,
     "bucket"        # Sensitive
 )
 </pre>
@@ -40,7 +40,7 @@ <h2>Sensitive Code Example</h2>
 bucket = s3.Bucket(self,
     "bucket",
     block_public_access=s3.BlockPublicAccess(
-        block_public_acls=False,       # NonCompliant should be TRUE
+        block_public_acls=False,       # Sensitive
         ignore_public_acls=True,
         block_public_policy=True,
         restrict_public_buckets=True
@@ -49,38 +49,22 @@ <h2>Sensitive Code Example</h2>
 </pre>
 <p>The attribute <code>BLOCK_ACLS</code> only blocks and ignores public ACLs:</p>
 <pre>
-bucket = s3.bucket(self,
-    "bucket",
-    block_public_access=s3.BlockPublicAccess.BLOCK_ACLS     # NonCompliant
-)
-</pre>
-<p>The <code>public_read_access</code> boolean property can grant the public read access to all objects in the bucket (by default False) :</p>
-<pre>
-bucket = s3.bucket(self,
-    "bucket",
-    public_read_access=True     # NonCompliant
-)
-</pre>
-<p>The same setting can be achieved through the function <code>grant_public_access()</code>:</p>
-<pre>
-bucket = s3.bucket(self,
+bucket = s3.Bucket(self,
     "bucket",
-    ...
+    block_public_access=s3.BlockPublicAccess.BLOCK_ACLS     # Sensitive
 )
-
-bucket.grant_public_access() # NonCompliant
 </pre>
 <h2>Compliant Solution</h2>
 <p>This <code>block_public_access</code> blocks public ACLs and policies, ignores existing public ACLs and restricts existing public policies:</p>
 <pre>
-bucket = s3.bucket(self,
-    "blockedBucket",
+bucket = s3.Bucket(self,
+    "bucket",
     block_public_access=s3.BlockPublicAccess.BLOCK_ALL # Compliant
 )
 </pre>
 <p>A similar configuration to the one above can obtained by setting all parameters of the <code>block_public_access</code></p>
 <pre>
-bucket = s3.Bucket(self, "MyBlockedBucket",
+bucket = s3.Bucket(self, "bucket",
     block_public_access=s3.BlockPublicAccess(       # Compliant
         block_public_acls=True,
         ignore_public_acls=True,

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6326.json

@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6326",
   "sqKey": "S6326",
   "scope": "Main",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6331.json

@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6331",
   "sqKey": "S6331",
   "scope": "Main",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6353.json

@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6353",
   "sqKey": "S6353",
   "scope": "Main",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.html

@@ -1,5 +1,5 @@
-<p>Sub-patterns can be wrapped by parentheses to build a group. This enables to restrict alternations, back reference the group or apply a quantifier
-to the sub-pattern.</p>
+<p>Sub-patterns can be wrapped by parentheses to build a group. This enables to restrict alternations, back reference the group or apply quantifier to
+the sub-pattern.</p>
 <p>If this group should not be part of the match result or if no reference to this group is required, a non-capturing group can be created by adding
 <code>:?</code> behind the opening parenthesis.</p>
 <p>However, if this non-capturing group does not have a quantifier, or does not wrap an alternation, then imaging this group is redundant.</p>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.json

@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6395",
   "sqKey": "S6395",
   "scope": "All",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6396.json

@@ -13,5 +13,5 @@
   "ruleSpecification": "RSPEC-6396",
   "sqKey": "S6396",
   "scope": "All",
-  "quickfix": "unknown"
+  "quickfix": "targeted"
 }