Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Security Hotspot rules which are not targeting developers #2385

Closed
nicolas-harraudeau-sonarsource opened this issue Apr 16, 2019 · 0 comments · Fixed by #2405
Closed

Remove Security Hotspot rules which are not targeting developers #2385

nicolas-harraudeau-sonarsource opened this issue Apr 16, 2019 · 0 comments · Fixed by #2405
Assignees
@duncanp-sonar
Milestone
7.14

Comments

@nicolas-harraudeau-sonarsource
Copy link

The following rules will be removed:

  • RSPEC-4797 Handling files is security-sensitive
  • RSPEC-4721 Executing OS commands is security-sensitive
  • RSPEC-4825 Sending HTTP requests is security-sensitive (will be replaced by RSPEC-5332 and the taint analysis rules using HTTP requests as sources and sinks)
  • RSPEC-4817 Executing XPath expressions is security-sensitive
  • RSPEC-4529 Exposing HTTP endpoints is security-sensitive
  • RSPEC-1523 Dynamically executing code is security-sensitive (because it only handles introspection, no eval or exec method in C#)
@andrei-epure-sonarsource andrei-epure-sonarsource added this to the 7.14 milestone Apr 17, 2019
Merged
@ghost ghost added the Status: Needs Review label Apr 29, 2019
@ghost ghost removed the Status: Needs Review label May 1, 2019
Merged
This was referenced May 11, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@duncanp-sonar duncanp-sonar

Labels
None yet
Projects
None yet
Milestone
7.14
Development

Successfully merging a pull request may close this issue.

Remove 6 Security Hotspots which are not targeting developers SonarSource/sonar-dotnet
3 participants
@duncanp-sonar @andrei-epure-sonarsource @nicolas-harraudeau-sonarsource