SONAR-13572 Add "Buffer Overflow" security category

author Jacek <jacek.poreda@sonarsource.com>

Thu, 6 Aug 2020 10:31:21 +0000 (12:31 +0200)

committer sonartech <sonartech@sonarsource.com>

Wed, 26 Aug 2020 20:06:43 +0000 (20:06 +0000)
author Jacek <jacek.poreda@sonarsource.com>
Thu, 6 Aug 2020 10:31:21 +0000 (12:31 +0200)
committer sonartech <sonartech@sonarsource.com>
Wed, 26 Aug 2020 20:06:43 +0000 (20:06 +0000)
diff --git a/server/sonar-db-dao/src/testFixtures/java/org/sonar/db/SQDatabase.java b/server/sonar-db-dao/src/testFixtures/java/org/sonar/db/SQDatabase.java

index 4a2b00fb6e75aaf355d35c5bcadd4f968b539fc8..60ecaba510b77cc500058db5b82fb417bd91d4e8 100644 (file)
--- a/server/sonar-db-dao/src/testFixtures/java/org/sonar/db/SQDatabase.java
+++ b/server/sonar-db-dao/src/testFixtures/java/org/sonar/db/SQDatabase.java
@@ -29,8 +29,8 @@ import org.apache.ibatis.io.Resources;
  import org.apache.ibatis.jdbc.ScriptRunner;
  import org.sonar.api.SonarEdition;
  import org.sonar.api.SonarQubeSide;
-import org.sonar.api.config.internal.Settings;
  import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.config.internal.Settings;
  import org.sonar.api.internal.SonarRuntimeImpl;
  import org.sonar.api.utils.System2;
  import org.sonar.api.utils.Version;
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java

index 89bb8ab155b8386726a2e54acbba266805b26d4f..705cbe7f7e0e850a0c33ad3b9a9c6232889c5405 100644 (file)
--- a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java
@@ -90,6 +90,7 @@ public final class SecurityStandards {
    }
  
    public enum SQCategory {
+    BUFFER_OVERFLOW("buffer-overflow", HIGH),
      SQL_INJECTION("sql-injection", HIGH),
      COMMAND_INJECTION("command-injection", HIGH),
      PATH_TRAVERSAL_INJECTION("path-traversal-injection", HIGH),
@@ -134,6 +135,7 @@ public final class SecurityStandards {
    }
  
    public static final Map<SQCategory, Set<String>> CWES_BY_SQ_CATEGORY = ImmutableMap.<SQCategory, Set<String>>builder()
+    .put(SQCategory.BUFFER_OVERFLOW, ImmutableSet.of("119", "120", "131", "676", "788"))
      .put(SQCategory.SQL_INJECTION, ImmutableSet.of("89", "564"))
      .put(SQCategory.COMMAND_INJECTION, ImmutableSet.of("77", "78", "88", "214"))
      .put(SQCategory.PATH_TRAVERSAL_INJECTION, ImmutableSet.of("22"))
diff --git a/server/sonar-web/src/main/js/helpers/standards.json b/server/sonar-web/src/main/js/helpers/standards.json

index 9ab3ece45b72e5baa9a4a0c13b04d6f11f1b4548..e6ffadaa70190de6c14e7513be1b6f3e68e384ca 100644 (file)
--- a/server/sonar-web/src/main/js/helpers/standards.json
+++ b/server/sonar-web/src/main/js/helpers/standards.json
@@ -3620,6 +3620,9 @@
      }
    },
    "sonarsourceSecurity": {
+    "buffer-overflow": {
+      "title": "Buffer Overflow"
+    },
      "sql-injection": {
        "title": "SQL Injection"
      },
author	Jacek <jacek.poreda@sonarsource.com>
	Thu, 6 Aug 2020 10:31:21 +0000 (12:31 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Wed, 26 Aug 2020 20:06:43 +0000 (20:06 +0000)
server/sonar-db-dao/src/testFixtures/java/org/sonar/db/SQDatabase.java		patch \| blob \| history
server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java		patch \| blob \| history
server/sonar-web/src/main/js/helpers/standards.json		patch \| blob \| history