SONARXML-212 Update RSPEC before 2.13 release

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S1135.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "COMPLETE"
   },

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5322.html

@@ -55,6 +55,10 @@ <h2>See</h2>
   </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage">Mobile Top 10 2016 Category M1 - Improper
   Platform Usage</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m3-insecure-authentication-authorization">Mobile Top 10 2024 Category
+  M3 - Insecure Authentication/Authorization</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation">Mobile Top 10 2024 Category M4
+  - Insufficient Input/Output Validation</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/925">CWE-925 - Improper Verification of Intent by Broadcast Receiver</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/926">CWE-926 - Improper Export of Android Application Components</a> </li>
   <li> <a href="https://developer.android.com/guide/components/broadcasts.html#restricting_broadcasts_with_permissions">Android documentation</a> -

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5322.json

@@ -24,6 +24,10 @@
     "OWASP Mobile": [
       "M1"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M3",
+      "M4"
+    ],
     "MASVS": [
       "MSTG-PLATFORM-2"
     ]

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5332.html

@@ -88,10 +88,6 @@ <h3>Standards</h3>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
   Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
-  <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-NETWORK/">Mobile AppSec Verification Standard - Network Communication Requirements</a>
-  </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication">Mobile Top 10 2016 Category M3 - Insecure
-  Communication</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/200">CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/319">CWE-319 - Cleartext Transmission of Sensitive Information</a> </li>
   <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397">Application Security and

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5332.json

@@ -9,7 +9,8 @@
   },
   "status": "ready",
   "tags": [
-    "cwe"
+    "cwe",
+    "android"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-5332",
@@ -26,6 +27,9 @@
     "OWASP Mobile": [
       "M3"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M5"
+    ],
     "MASVS": [
       "MSTG-NETWORK-1"
     ],

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5594.html

@@ -1,3 +1,4 @@
+<p>This rule is deprecated, and will eventually be removed.</p>
 <p>Android components that are exported can be used by other applications. This may give access to functionalities that should remain private.</p>
 <h2>Why is this an issue?</h2>
 <p>Once an Android component has been exported, it can be used by attackers to launch malicious actions and might also give access to other components
@@ -94,6 +95,8 @@ <h3>Standards</h3>
   platform usage</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage">Mobile Top 10 2016 Category M2 - Insecure
   Data Storage</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration">Mobile Top 10 2024 Category M8 - Security
+  Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/926">CWE-926 - Improper Export of Android Application Components</a> </li>
 </ul>
 <h3>External coding guidelines</h3>

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5594.json

@@ -7,7 +7,7 @@
     },
     "attribute": "COMPLETE"
   },
-  "status": "ready",
+  "status": "deprecated",
   "remediation": {
     "func": "Constant\/Issue",
     "constantCost": "10min"
@@ -27,6 +27,9 @@
     "OWASP Mobile": [
       "M2"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M8"
+    ],
     "MASVS": [
       "MSTG-PLATFORM-1"
     ],

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5604.html

@@ -30,6 +30,10 @@ <h2>See</h2>
   </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage">Mobile Top 10 2016 Category M1 - Improper
   Platform Usage</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m6-inadequate-privacy-controls">Mobile Top 10 2024 Category M6 -
+  Inadequate Privacy Controls</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration">Mobile Top 10 2024 Category M8 - Security
+  Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/250">CWE-250 - Execution with Unnecessary Privileges</a> </li>
   <li> <a href="https://developer.android.com/training/permissions/usage-notes">developer.android.com</a> - App permissions best practices </li>
   <li> <a href="https://play.google.com/about/privacy-security-deception/permissions/">Google Play</a> - Privacy, Security, and Deception -

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S5604.json

@@ -28,6 +28,10 @@
     "OWASP Mobile": [
       "M1"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M6",
+      "M8"
+    ],
     "MASVS": [
       "MSTG-PLATFORM-1"
     ],

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S6358.html

@@ -56,18 +56,20 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
+  Exposure</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
+  Misconfiguration</a> </li>
   <li> OWASP - <a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/">Top 10 2021 Category A1 - Broken Access Control</a> </li>
-  <li> <a href="https://developer.android.com/guide/topics/data/autobackup">Back up user data with Auto Backup</a> </li>
   <li> OWASP - <a href="https://mas.owasp.org/checklists/MASVS-STORAGE/">Mobile AppSec Verification Standard - Data Storage and Privacy
   Requirements</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage">Mobile Top 10 2016 Category M1 - Improper
   platform usage</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage">Mobile Top 10 2016 Category M2 - Insecure
   Data Storage</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
-  Exposure</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
-  Misconfiguration</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m9-insecure-data-storage">Mobile Top 10 2024 Category M9 - Insecure
+  Data Storage</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/312">CWE-922 - Insecure Storage of Sensitive Information</a> </li>
+  <li> <a href="https://developer.android.com/guide/topics/data/autobackup">Back up user data with Auto Backup</a> </li>
 </ul>
 

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S6358.json

@@ -32,6 +32,9 @@
       "M1",
       "M2"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M9"
+    ],
     "MASVS": [
       "MSTG-STORAGE-8"
     ],

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S6359.html

@@ -53,6 +53,10 @@ <h3>Standards</h3>
   <li> Mobile AppSec Verification Standard - <a href="https://mas.owasp.org/checklists/MASVS-PLATFORM/">Platform Interaction Requirements</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage">Mobile Top 10 2016 Category M1 - Improper
   Platform Usage</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m3-insecure-authentication-authorization">Mobile Top 10 2024 Category
+  M3 - Insecure Authentication/Authorization</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration">Mobile Top 10 2024 Category M8 - Security
+  Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/265">CWE-265 - Privilege Issues</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/732">CWE-732 - Incorrect Permission Assignment for Critical Resource</a> </li>
 </ul>

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S6359.json

@@ -27,6 +27,10 @@
     "OWASP Mobile": [
       "M1"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M3",
+      "M8"
+    ],
     "MASVS": [
       "MSTG-PLATFORM-1"
     ],

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S6361.html

@@ -49,6 +49,10 @@ <h2>See</h2>
   platform usage</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m6-insecure-authorization">Mobile Top 10 2016 Category M6 - Insecure
   Authorization</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m3-insecure-authentication-authorization">Mobile Top 10 2024 Category
+  M3 - Insecure Authentication/Authorization</a> </li>
+  <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration">Mobile Top 10 2024 Category M8 - Security
+  Misconfiguration</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/1220">CWE-1220 - Insufficient Granularity of Access Control</a> </li>
 </ul>
 

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/S6361.json

@@ -28,6 +28,10 @@
       "M1",
       "M6"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M3",
+      "M8"
+    ],
     "MASVS": [
       "MSTG-PLATFORM-1"
     ]

sonar-xml-plugin/src/main/resources/org/sonar/l10n/xml/rules/xml/Sonar_way_profile.json

@@ -19,7 +19,6 @@
     "S5122",
     "S5322",
     "S5332",
-    "S5594",
     "S5604",
     "S6358",
     "S6359",

sonarpedia.json

@@ -3,7 +3,7 @@
   "languages": [
     "XML"
   ],
-  "latest-update": "2024-11-26T10:07:05.990512400Z",
+  "latest-update": "2025-04-03T15:02:09.825524Z",
   "options": {
     "no-language-in-filenames": true
   }