Update rules metadata (#776)

Author: guillaume-dequenne

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/ClassComplexity.json

@@ -1,5 +1,5 @@
 {
-  "title": "Classes should not be too complex",
+  "title": "Cyclomatic Complexity of classes should not be too high",
   "type": "CODE_SMELL",
   "status": "deprecated",
   "remediation": {

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/FunctionComplexity.json

@@ -1,5 +1,5 @@
 {
-  "title": "Functions should not be too complex",
+  "title": "Cyclomatic Complexity of functions should not be too high",
   "type": "CODE_SMELL",
   "status": "ready",
   "remediation": {

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1313.html

@@ -13,11 +13,16 @@
 <p>Last but not least it has an effect on application security. Attackers might be able to decompile the code and thereby discover a potentially
 sensitive address. They can perform a Denial of Service attack on the service at this address or spoof the IP address. Such an attack is always
 possible, but in the case of a hardcoded IP address the fix will be much slower, which will increase an attack's impact.</p>
-<h2>Recommended Secure Coding Practices</h2>
+<h2>Ask Yourself Whether</h2>
+<p>The disclosed IP address is sensitive, eg:</p>
 <ul>
-  <li> make the IP address configurable. </li>
+  <li> Can give information to an attacker about the network topology. </li>
+  <li> It's a personal (assigned to an identifiable person) IP address. </li>
 </ul>
-<h2>Noncompliant Code Example</h2>
+<p>There is a risk if you answered yes to any of these questions.</p>
+<h2>Recommended Secure Coding Practices</h2>
+<p>Don't hard-code the IP address in the source code, instead make it configurable.</p>
+<h2>Sensitive Code Example</h2>
 <pre>
 ip = '192.168.12.42'
 sock = socket.socket()

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1523.html

@@ -14,8 +14,7 @@ <h2>Ask Yourself Whether</h2>
   <li> the executed code may come from an untrusted source and hasn't been sanitized. </li>
   <li> you really need to run code dynamically. </li>
 </ul>
-<p>You are at risk if you answered yes to the first question. You are increasing the security risks for no reason if you answered yes to the second
-question.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <p>Regarding the execution of unknown code, the best solution is to not run code provided by an untrusted source. If you really need to do it, run the
 code in a <a href="https://en.wikipedia.org/wiki/Sandbox_(computer_security)">sandboxed</a> environment. Use jails, firewalls and whatever means your

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2068.html

@@ -15,7 +15,7 @@ <h2>Ask Yourself Whether</h2>
   <li> Credentials are used in production environments. </li>
   <li> Application re-distribution is required before updating the credentials. </li>
 </ul>
-<p>You are at risk, if you answered yes to any of these questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Store the credentials in a configuration file that is not pushed to the code repository. </li>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2077.html

@@ -23,7 +23,7 @@ <h2>Ask Yourself Whether</h2>
   <li> the SQL query is built using string formatting technics, such as concatenating variables. </li>
   <li> some of the values are coming from an untrusted source and are not sanitized. </li>
 </ul>
-<p>You may be at risk if you answered yes to this question.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Avoid building queries manually using formatting. If you do it anyway, do not include user input in this building process. </li>
@@ -65,6 +65,16 @@ <h2>Sensitive Code Example</h2>
         },
     )
 </pre>
+<h2>Compliant Solution</h2>
+<pre>
+cursor = connection.cursor(prepared=True)
+sql_insert_query = """ select col from sometable here mycol = %s and othercol = %s """
+
+select_tuple = (1, value)
+
+cursor.execute(sql_insert_query, select_tuple) # Compliant, the query is parameterized
+connection.commit()
+</pre>
 <h2>See</h2>
 <ul>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A1-Injection">OWASP Top 10 2017 Category A1</a> - Injection </li>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2092.html

@@ -6,14 +6,14 @@ <h2>Ask Yourself Whether</h2>
   <li> it's not sure that the website contains <a href="https://developer.mozilla.org/fr/docs/S%C3%A9curit%C3%A9/MixedContent">mixed content</a> or
   not (ie HTTPS everywhere or not) </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> It is recommended to use <code>HTTPs</code> everywhere so setting the <code>secure</code> flag to <em>true</em> should be the default behaviour
   when creating cookies. </li>
   <li> Set the <code>secure</code> flag to <em>true</em> for session-cookies. </li>
 </ul>
-<h2>Sensitive Code Examples</h2>
+<h2>Sensitive Code Example</h2>
 <p>Flask</p>
 <pre>
 from flask import Response

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2245.html

@@ -14,7 +14,7 @@ <h2>Ask Yourself Whether</h2>
   <li> the generated value is used multiple times. </li>
   <li> an attacker can access the generated value. </li>
 </ul>
-<p>You are at risk if you answered yes to the first question and any of the following ones.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Only use random number generators which are <a

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2275.html

@@ -18,8 +18,10 @@ <h2>Compliant Solution</h2>
 
 print('User {a} has not been able to access {b}'.format(a='Alice', b='MyFile'))
 </pre>
-<h2>See also</h2>
+<h2>See</h2>
 <ul>
-  <li> {rule:python:S3457} - Strings should be formatted correctly. </li>
+  <li> <a href="https://docs.python.org/3/library/string.html#format-string-syntax">Python documentation - Format String Syntax</a> </li>
+  <li> <a href="https://docs.python.org/3/library/stdtypes.html#printf-style-string-formatting">Python documentation - printf-style String
+  Formatting</a> </li>
 </ul>
 

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3330.html

@@ -9,13 +9,13 @@ <h2>Ask Yourself Whether</h2>
   <li> the <code>HttpOnly</code> attribute offer an additional protection (not the case for an <em>XSRF-TOKEN cookie</em> / CSRF token for example)
   </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> By default the <code>HttpOnly</code> flag should be set to <em>true</em> for most of the cookies and it's mandatory for session /
   sensitive-security cookies. </li>
 </ul>
-<h2>Sensitive Code Examples</h2>
+<h2>Sensitive Code Example</h2>
 <p>Flask:</p>
 <pre>
 from flask import Response