From e422306c83041539a64816b14374a1480b0d77bd Mon Sep 17 00:00:00 2001 From: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> Date: Wed, 11 Jan 2023 13:46:12 +0100 Subject: [PATCH] Update rule metadata (#1028) --- .../org/sonar/l10n/php/rules/php/S4507.html | 4 ++-- .../org/sonar/l10n/php/rules/php/S5332.html | 16 ++++++++-------- .../org/sonar/l10n/php/rules/php/S6323.html | 5 +++-- sonarpedia.json | 2 +- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S4507.html b/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S4507.html index 9e5bc9ce0b..504f602d7f 100644 --- a/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S4507.html +++ b/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S4507.html @@ -8,8 +8,8 @@ detailed information on both the system running the application and users.

Ask Yourself Whether

There is a risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

diff --git a/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S5332.html b/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S5332.html index 552d88a2e2..6804594f80 100644 --- a/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S5332.html +++ b/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S5332.html @@ -69,21 +69,21 @@

Sensitive Code Example

Compliant Solution

-$url = "https://example.com"; // Compliant
-$url = "sftp://anonymous@example.com"; // Compliant
-$url = "ssh://anonymous@example.com"; // Compliant
+$url = "https://example.com";
+$url = "sftp://anonymous@example.com";
+$url = "ssh://anonymous@example.com";
 
-$con = ftp_ssl_connect('example.com'); // Compliant
+$con = ftp_ssl_connect('example.com');
 
 $trans = (new Swift_SmtpTransport('smtp.example.org', 1234))
-  ->setEncryption('tls') // Compliant
+  ->setEncryption('tls')
 ;
 
 $mailer = new PHPMailer(true);
-$mailer->SMTPSecure = 'tls'; // Compliant
+$mailer->SMTPSecure = 'tls';
 
-define( 'FORCE_SSL_ADMIN', true); // Compliant
-define( 'FORCE_SSL_LOGIN', true); // Compliant
+define( 'FORCE_SSL_ADMIN', true);
+define( 'FORCE_SSL_LOGIN', true);

Exceptions

No issue is reported for the following cases because they are not considered sensitive:

diff --git a/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S6323.html b/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S6323.html index 5a2a6b393f..2179b1ee32 100644 --- a/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S6323.html +++ b/php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S6323.html @@ -10,9 +10,10 @@

Compliant Solution

preg_match("/Jack|Peter/", "John"); // returns 0

Exceptions

-

One could use an empty alternation to make a regular expression group optional. Rule will not report on such cases.

+

One could use an empty alternation to make a regular expression group optional. Note that the empty alternation should be the first or the last +within the group, or else the rule will still report.

-preg_match("/mandatory(-optional|)/", "mandatory"); // returns 1
+preg_match("/mandatory(|-optional)/", "mandatory"); // returns 1
 preg_match("/mandatory(-optional|)/", "mandatory-optional"); // returns 1

However, if there is a quantifier after the group the issue will be reported as using both | and quantifier is redundant.

diff --git a/sonarpedia.json b/sonarpedia.json index 3f73a4b6c5..52e9061a00 100644 --- a/sonarpedia.json +++ b/sonarpedia.json @@ -3,7 +3,7 @@ "languages": [ "PHP" ], - "latest-update": "2023-01-03T15:30:07.256729179Z", + "latest-update": "2023-01-11T12:33:07.630347077Z", "options": { "no-language-in-filenames": true, "preserve-filenames": true