From: Philippe Perrin <philippe.perrin@sonarsource.com>
Date: Thu, 29 Sep 2022 14:47:19 +0000 (+0200)
Subject: SONAR-17393 E2E test for owasp-asvs security report
X-Git-Tag: 9.7.0.61563~118
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=119ddb45b87979b71df8afb8a6da6b6e9581da80;p=sonarqube.git

SONAR-17393 E2E test for owasp-asvs security report
---

diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
index 399e70c9d70..c15d84a32e8 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
@@ -251,6 +251,13 @@ public class XooRulesDefinition implements RulesDefinition {
         .addPciDss(PciDssVersion.V3_2, "10.1a.2c");
     }
 
+    if (version != null && version.isGreaterThanOrEqual(Version.create(9, 6))) {
+      hotspot
+        .addOwaspAsvs(OwaspAsvsVersion.V4_0, "3.1.1", "4.2.2");
+      oneVulnerabilityIssuePerModule
+        .addOwaspAsvs(OwaspAsvsVersion.V4_0, "11.1.2", "14.5.1");
+    }
+
     NewRule hotspotWithContexts = repo.createRule(HotspotWithContextsSensor.RULE_KEY)
       .setName("Find security hotspots with contexts")
       .setType(RuleType.SECURITY_HOTSPOT)