Update RSPEC metadata

sonaranalyzer-dotnet/rspec/cs/S113_c#.html

@@ -7,4 +7,4 @@
 +}
 \ No newline at end of file
 </pre>
-
+

sonaranalyzer-dotnet/rspec/cs/S113_c#.json

@@ -12,4 +12,4 @@
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-113",
   "sqKey": "S113"
-}
+}

sonaranalyzer-dotnet/rspec/cs/S2068_c#.html

@@ -20,8 +20,7 @@ <h2>See</h2>
   <li> <a href="http://cwe.mitre.org/data/definitions/259">MITRE, CWE-259</a> - Use of Hard-coded Password </li>
   <li> <a href="http://www.sans.org/top25-software-errors/">SANS Top 25</a> - Porous Defenses </li>
   <li> <a href="https://www.securecoding.cert.org/confluence/x/qQCHAQ">CERT, MSC03-J.</a> - Never hard code sensitive information </li>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management">OWASP Top Ten 2013 Category A2</a> -
-  Broken Authentication and Session Management </li>
+  <li> OWASP Top 10 2017 Category A2 - Broken Authentication </li>
   <li> Derived from FindSecBugs rule <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD">Hard Coded Password</a> </li>
 </ul>
 

sonaranalyzer-dotnet/rspec/cs/S2070_c#.html

@@ -22,8 +22,7 @@ <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/328">MITRE, CWE-328</a> - Reversible One-Way Hash </li>
   <li> <a href="http://cwe.mitre.org/data/definitions/327">MITRE, CWE-327</a> - Use of a Broken or Risky Cryptographic Algorithm </li>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure">OWASP Top Ten 2013 Category A6</a> - Sensitive Data Exposure
-  </li>
+  <li> OWASP Top 10 2017 Category A3 - Sensitive Data Exposure </li>
   <li> <a href="http://www.sans.org/top25-software-errors/">SANS Top 25</a> - Porous Defenses </li>
   <li> Derived from FindSecBugs rule <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#WEAK_MESSAGE_DIGEST">MessageDigest Is Weak</a> </li>
 </ul>

sonaranalyzer-dotnet/rspec/cs/S2070_c#.json

@@ -8,8 +8,8 @@
   },
   "tags": [
     "cwe",
-    "owasp-a6",
-    "sans-top25-porous"
+    "sans-top25-porous",
+    "owasp-a3"
   ],
   "standards": [
     "CWE",

sonaranalyzer-dotnet/rspec/cs/S2178_c#.html

@@ -1,5 +1,5 @@
 <p>The use of non-short-circuit logic in a boolean context is likely a mistake - one that could cause serious program errors as conditions are
-evaluated under the wrong circumstances.</p>
+evaluated under the wrong circumstances. </p>
 <h2>Noncompliant Code Example</h2>
 <pre>
 if (GetTrue() | GetFalse()) // Noncompliant; both sides evaluated

sonaranalyzer-dotnet/rspec/cs/S2187_c#.html

@@ -4,7 +4,7 @@
 <p>This rule will raise an issue when any of these conditions are met:</p>
 <ul>
   <li> For <strong>NUnit</strong>, a class is marked with <code>TestFixtureAttribute</code> but does not contain any method marked with
-  <code>TestAttribute</code>, <code>TestCaseAttribute</code> or <code>TheoryAttribute</code>. </li>
+  <code>TestAttribute</code>, <code>TestCaseAttribute</code>, <code>TestCaseSourceAttribute</code> or <code>TheoryAttribute</code>. </li>
   <li> For <strong>MSTest</strong>, a class is marked with <code>TestClassAttribute</code> but does not contain any method marked with
   <code>TestMethodAttribute</code>. </li>
 </ul>

sonaranalyzer-dotnet/rspec/cs/S2228_c#.html

@@ -11,7 +11,6 @@ <h2>Noncompliant Code Example</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure">OWASP Top Ten 2013 Category A6</a> - Sensitive Data Exposure
-  </li>
+  <li> OWASP Top 10 2017 Category A3 - Sensitive Data Exposure </li>
 </ul>
 

sonaranalyzer-dotnet/rspec/cs/S2228_c#.json

@@ -7,7 +7,7 @@
     "constantCost": "5min"
   },
   "tags": [
-    "owasp-a6"
+    "owasp-a3"
   ],
   "standards": [
     "OWASP Top Ten"

sonaranalyzer-dotnet/rspec/cs/S2278_c#.html

@@ -23,8 +23,7 @@ <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/326.html">MITRE CWE-326</a> - Inadequate Encryption Strength </li>
   <li> <a href="http://cwe.mitre.org/data/definitions/327.html">MITRE CWE-327</a> - Use of a Broken or Risky Cryptographic Algorithm </li>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure">OWASP Top Ten 2013 Category A6</a> - Sensitive Data Exposure
-  </li>
+  <li> OWASP Top 10 2017 Category A3 - Sensitive Data Exposure </li>
   <li> <a href="https://www.securecoding.cert.org/confluence/x/VwAZAg">CERT, MSC61-J.</a> - Do not use insecure or weak cryptographic algorithms </li>
   <li> Derived from FindSecBugs rule <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#DES_USAGE">DES / DESede Unsafe</a> </li>
 </ul>

sonaranalyzer-dotnet/rspec/cs/S2278_c#.json

@@ -9,8 +9,8 @@
   "tags": [
     "cwe",
     "cert",
-    "owasp-a6",
-    "sans-top25-porous"
+    "sans-top25-porous",
+    "owasp-a3"
   ],
   "standards": [
     "CWE",

sonaranalyzer-dotnet/rspec/cs/S2486_c#.html

@@ -28,5 +28,6 @@ <h2>Exceptions</h2>
 <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/391.html">MITRE, CWE-391</a> - Unchecked Error Condition </li>
+  <li> OWASP Top 10 2017 Category A10 - Insufficient Logging &amp; Monitoring </li>
 </ul>
 

sonaranalyzer-dotnet/rspec/cs/S2486_c#.json

@@ -9,6 +9,7 @@
   "tags": [
     "cwe",
     "error-handling",
+    "owasp-a10",
     "suspicious"
   ],
   "standards": [

sonaranalyzer-dotnet/rspec/cs/S3532_c#.html

@@ -53,4 +53,6 @@ <h2>Compliant Solution</h2>
   }
 }
 </pre>
+<h2>Exceptions</h2>
+<p>This rule doesn't raise an issue when there is a comment in the default clause as this indicates this is intentional.</p>
 

sonaranalyzer-dotnet/rspec/cs/S3649_c#.html

@@ -88,7 +88,7 @@ <h2>See</h2>
   <li> <a href="http://cwe.mitre.org/data/definitions/943.html">MITRE, CWE-943</a> - Improper Neutralization of Special Elements in Data Query Logic
   </li>
   <li> <a href="https://www.securecoding.cert.org/confluence/x/PgIRAg">CERT, IDS00-J.</a> - Prevent SQL injection </li>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A1-Injection">OWASP Top Ten 2013 Category A1</a> - Injection </li>
+  <li> OWASP Top 10 2017 Category A1 - Injection </li>
   <li> <a href="http://www.sans.org/top25-software-errors/">SANS Top 25</a> - Insecure Interaction Between Components </li>
   <li> Derived from FindSecBugs rules <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JPA">Potential SQL/JPQL Injection
   (JPA)</a>, <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JDO">Potential SQL/JDOQL Injection (JDO)</a>, <a

sonaranalyzer-dotnet/rspec/cs/S3871_c#.html

@@ -19,4 +19,8 @@ <h2>Compliant Solution</h2>
 <h2>Exceptions</h2>
 <p>This rule ignores Exception types that are not derived directly from <code>System.Exception</code>, <code>System.SystemException</code>, or
 <code>System.ApplicationException</code>.</p>
+<h2>See</h2>
+<ul>
+  <li> OWASP Top 10 2017 Category A10 - Insufficient Logging &amp; Monitoring </li>
+</ul>
 

sonaranalyzer-dotnet/rspec/cs/S3871_c#.json

@@ -8,7 +8,8 @@
   },
   "tags": [
     "error-handling",
-    "api-design"
+    "api-design",
+    "owasp-a10"
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-3871",

sonaranalyzer-dotnet/rspec/cs/S3972_c#.html

@@ -1,5 +1,5 @@
 <p>Code is clearest when each statement has its own line. Nonetheless, it is a common pattern to combine on the same line an <code>if</code> and its
-resulting <em>then</em> statement. However, when an <code>if</code> is placed on the same line as the closing <code>}</code> from a preceding
+resulting <em>then</em> statement. However, when an <code>if</code> is placed on the same line as the closing <code>} </code> from a preceding
 <code>else</code> or <code>else if</code>, it is either an error - <code>else</code> is missing - or the invitation to a future error as maintainers
 fail to understand that the two statements are unconnected.</p>
 <h2>Noncompliant Code Example</h2>

sonaranalyzer-dotnet/src/SonarAnalyzer.CSharp/RspecStrings.resx

@@ -712,7 +712,7 @@
     <value>CODE_SMELL</value>
   </data>
   <data name="S113_Category" xml:space="preserve">
-    <value>Sonar Code Smell</value>
+    <value>Minor Code Smell</value>
   </data>
   <data name="S113_Description" xml:space="preserve">
     <value>Some tools work better when files end with an empty line.</value>
@@ -2230,7 +2230,7 @@
     <value>Critical</value>
   </data>
   <data name="S2070_Tags" xml:space="preserve">
-    <value>cwe,owasp-a6,sans-top25-porous</value>
+    <value>cwe,sans-top25-porous,owasp-a3</value>
   </data>
   <data name="S2070_Title" xml:space="preserve">
     <value>SHA-1 and Message-Digest hash algorithms should not be used</value>
@@ -2323,7 +2323,7 @@
     <value>Blocker Code Smell</value>
   </data>
   <data name="S2178_Description" xml:space="preserve">
-    <value>The use of non-short-circuit logic in a boolean context is likely a mistake - one that could cause serious program errors as conditions are evaluated under the wrong circumstances.</value>
+    <value>The use of non-short-circuit logic in a boolean context is likely a mistake - one that could cause serious program errors as conditions are evaluated under the wrong circumstances. </value>
   </data>
   <data name="S2178_IsActivatedByDefault" xml:space="preserve">
     <value>True</value>
@@ -2635,7 +2635,7 @@
     <value>Minor</value>
   </data>
   <data name="S2228_Tags" xml:space="preserve">
-    <value>owasp-a6</value>
+    <value>owasp-a3</value>
   </data>
   <data name="S2228_Title" xml:space="preserve">
     <value>Console logging should not be used</value>
@@ -2743,7 +2743,7 @@
     <value>Blocker</value>
   </data>
   <data name="S2278_Tags" xml:space="preserve">
-    <value>cwe,cert,owasp-a6,sans-top25-porous</value>
+    <value>cwe,cert,sans-top25-porous,owasp-a3</value>
   </data>
   <data name="S2278_Title" xml:space="preserve">
     <value>Neither DES (Data Encryption Standard) nor DESede (3DES) should be used</value>
@@ -3418,7 +3418,7 @@
     <value>Minor</value>
   </data>
   <data name="S2486_Tags" xml:space="preserve">
-    <value>cwe,error-handling,suspicious</value>
+    <value>cwe,error-handling,owasp-a10,suspicious</value>
   </data>
   <data name="S2486_Title" xml:space="preserve">
     <value>Generic exceptions should not be ignored</value>
@@ -6031,7 +6031,7 @@
     <value>Critical</value>
   </data>
   <data name="S3871_Tags" xml:space="preserve">
-    <value>error-handling,api-design</value>
+    <value>error-handling,api-design,owasp-a10</value>
   </data>
   <data name="S3871_Title" xml:space="preserve">
     <value>Exception types should be "public"</value>

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S113.html

@@ -7,4 +7,4 @@
 +}
 \ No newline at end of file
 </pre>
-
+

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S2068.html

@@ -20,8 +20,7 @@ <h2>See</h2>
   <li> <a href="http://cwe.mitre.org/data/definitions/259">MITRE, CWE-259</a> - Use of Hard-coded Password </li>
   <li> <a href="http://www.sans.org/top25-software-errors/">SANS Top 25</a> - Porous Defenses </li>
   <li> <a href="https://www.securecoding.cert.org/confluence/x/qQCHAQ">CERT, MSC03-J.</a> - Never hard code sensitive information </li>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management">OWASP Top Ten 2013 Category A2</a> -
-  Broken Authentication and Session Management </li>
+  <li> OWASP Top 10 2017 Category A2 - Broken Authentication </li>
   <li> Derived from FindSecBugs rule <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD">Hard Coded Password</a> </li>
 </ul>
 

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S2070.html

@@ -22,8 +22,7 @@ <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/328">MITRE, CWE-328</a> - Reversible One-Way Hash </li>
   <li> <a href="http://cwe.mitre.org/data/definitions/327">MITRE, CWE-327</a> - Use of a Broken or Risky Cryptographic Algorithm </li>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure">OWASP Top Ten 2013 Category A6</a> - Sensitive Data Exposure
-  </li>
+  <li> OWASP Top 10 2017 Category A3 - Sensitive Data Exposure </li>
   <li> <a href="http://www.sans.org/top25-software-errors/">SANS Top 25</a> - Porous Defenses </li>
   <li> Derived from FindSecBugs rule <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#WEAK_MESSAGE_DIGEST">MessageDigest Is Weak</a> </li>
 </ul>

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S2178_cs.html

@@ -1,5 +1,5 @@
 <p>The use of non-short-circuit logic in a boolean context is likely a mistake - one that could cause serious program errors as conditions are
-evaluated under the wrong circumstances.</p>
+evaluated under the wrong circumstances. </p>
 <h2>Noncompliant Code Example</h2>
 <pre>
 if (GetTrue() | GetFalse()) // Noncompliant; both sides evaluated

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S2187.html

@@ -4,7 +4,7 @@
 <p>This rule will raise an issue when any of these conditions are met:</p>
 <ul>
   <li> For <strong>NUnit</strong>, a class is marked with <code>TestFixtureAttribute</code> but does not contain any method marked with
-  <code>TestAttribute</code>, <code>TestCaseAttribute</code> or <code>TheoryAttribute</code>. </li>
+  <code>TestAttribute</code>, <code>TestCaseAttribute</code>, <code>TestCaseSourceAttribute</code> or <code>TheoryAttribute</code>. </li>
   <li> For <strong>MSTest</strong>, a class is marked with <code>TestClassAttribute</code> but does not contain any method marked with
   <code>TestMethodAttribute</code>. </li>
 </ul>

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S2228.html

@@ -11,7 +11,6 @@ <h2>Noncompliant Code Example</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure">OWASP Top Ten 2013 Category A6</a> - Sensitive Data Exposure
-  </li>
+  <li> OWASP Top 10 2017 Category A3 - Sensitive Data Exposure </li>
 </ul>
 

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S2278.html

@@ -23,8 +23,7 @@ <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/326.html">MITRE CWE-326</a> - Inadequate Encryption Strength </li>
   <li> <a href="http://cwe.mitre.org/data/definitions/327.html">MITRE CWE-327</a> - Use of a Broken or Risky Cryptographic Algorithm </li>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure">OWASP Top Ten 2013 Category A6</a> - Sensitive Data Exposure
-  </li>
+  <li> OWASP Top 10 2017 Category A3 - Sensitive Data Exposure </li>
   <li> <a href="https://www.securecoding.cert.org/confluence/x/VwAZAg">CERT, MSC61-J.</a> - Do not use insecure or weak cryptographic algorithms </li>
   <li> Derived from FindSecBugs rule <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#DES_USAGE">DES / DESede Unsafe</a> </li>
 </ul>

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S2486.html

@@ -28,5 +28,6 @@ <h2>Exceptions</h2>
 <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/391.html">MITRE, CWE-391</a> - Unchecked Error Condition </li>
+  <li> OWASP Top 10 2017 Category A10 - Insufficient Logging &amp; Monitoring </li>
 </ul>
 

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S3532.html

@@ -53,4 +53,6 @@ <h2>Compliant Solution</h2>
   }
 }
 </pre>
+<h2>Exceptions</h2>
+<p>This rule doesn't raise an issue when there is a comment in the default clause as this indicates this is intentional.</p>
 

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S3649.html

@@ -88,7 +88,7 @@ <h2>See</h2>
   <li> <a href="http://cwe.mitre.org/data/definitions/943.html">MITRE, CWE-943</a> - Improper Neutralization of Special Elements in Data Query Logic
   </li>
   <li> <a href="https://www.securecoding.cert.org/confluence/x/PgIRAg">CERT, IDS00-J.</a> - Prevent SQL injection </li>
-  <li> <a href="https://www.owasp.org/index.php/Top_10_2013-A1-Injection">OWASP Top Ten 2013 Category A1</a> - Injection </li>
+  <li> OWASP Top 10 2017 Category A1 - Injection </li>
   <li> <a href="http://www.sans.org/top25-software-errors/">SANS Top 25</a> - Insecure Interaction Between Components </li>
   <li> Derived from FindSecBugs rules <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JPA">Potential SQL/JPQL Injection
   (JPA)</a>, <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JDO">Potential SQL/JDOQL Injection (JDO)</a>, <a

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S3871.html

@@ -19,4 +19,8 @@ <h2>Compliant Solution</h2>
 <h2>Exceptions</h2>
 <p>This rule ignores Exception types that are not derived directly from <code>System.Exception</code>, <code>System.SystemException</code>, or
 <code>System.ApplicationException</code>.</p>
+<h2>See</h2>
+<ul>
+  <li> OWASP Top 10 2017 Category A10 - Insufficient Logging &amp; Monitoring </li>
+</ul>
 

sonaranalyzer-dotnet/src/SonarAnalyzer.Utilities/Rules.Description/S3972.html

@@ -1,5 +1,5 @@
 <p>Code is clearest when each statement has its own line. Nonetheless, it is a common pattern to combine on the same line an <code>if</code> and its
-resulting <em>then</em> statement. However, when an <code>if</code> is placed on the same line as the closing <code>}</code> from a preceding
+resulting <em>then</em> statement. However, when an <code>if</code> is placed on the same line as the closing <code>} </code> from a preceding
 <code>else</code> or <code>else if</code>, it is either an error - <code>else</code> is missing - or the invitation to a future error as maintainers
 fail to understand that the two statements are unconnected.</p>
 <h2>Noncompliant Code Example</h2>

sonarpedia.json

@@ -3,5 +3,5 @@
   "languages": [
     "CSH"
   ],
-  "latest-update": "2017-11-14T09:02:18.753Z"
+  "latest-update": "2017-12-21T10:26:57.333Z"
 }