SONARJAVA-4953 Update External Linters Metadata (#4779)

SonarSource · Apr 24, 2024 · a84a68d · a84a68d
1 parent 4f190d2
commit a84a68d
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 0 deletions.
diff --git a/...rnal-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/findsecbugs-rules.json b/...rnal-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/findsecbugs-rules.json
@@ -371,6 +371,12 @@
     "type": "VULNERABILITY",
     "url": "https://find-sec-bugs.github.io/bugs.htm#PLAY_UNVALIDATED_REDIRECT"
   },
+  {
+    "key": "POTENTIAL_XML_INJECTION",
+    "name": "An unsafe string is potentially injected into an XML string",
+    "type": "VULNERABILITY",
+    "url": "https://find-sec-bugs.github.io/bugs.htm#POTENTIAL_XML_INJECTION"
+  },
   {
     "key": "PREDICTABLE_RANDOM",
     "name": "Predictable pseudorandom number generator",
@@ -821,6 +827,18 @@
     "type": "VULNERABILITY",
     "url": "https://find-sec-bugs.github.io/bugs.htm#XXE_SAXPARSER"
   },
+  {
+    "key": "XXE_SCHEMA_FACTORY",
+    "name": "XML schema processing vulnerable to XXE",
+    "type": "VULNERABILITY",
+    "url": "https://find-sec-bugs.github.io/bugs.htm#XXE_SCHEMA_FACTORY"
+  },
+  {
+    "key": "XXE_VALIDATOR",
+    "name": "XML validation vulnerable to XXE",
+    "type": "VULNERABILITY",
+    "url": "https://find-sec-bugs.github.io/bugs.htm#XXE_VALIDATOR"
+  },
   {
     "key": "XXE_XMLREADER",
     "name": "XML parsing vulnerable to XXE (XMLReader)",

diff --git a/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/spotbugs-rules.json b/external-reports/src/main/resources/org/sonar/l10n/java/rules/spotbugs/spotbugs-rules.json
@@ -1623,6 +1623,13 @@
     "severity": "MAJOR",
     "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mc-overridable-method-call-in-constructor"
   },
+  {
+    "key": "MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT",
+    "name": "Malicious code - An overridable method is called from the readObject method.",
+    "type": "CODE_SMELL",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mc-overridable-method-call-in-read-object"
+  },
   {
     "key": "ME_ENUM_FIELD_SETTER",
     "name": "Bad practice - Public enum method unconditionally sets its field",
@@ -2876,6 +2883,48 @@
     "severity": "MAJOR",
     "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sic-threadlocal-deadly-embrace"
   },
+  {
+    "key": "SING_SINGLETON_GETTER_NOT_SYNCHRONIZED",
+    "name": "Correctness - Instance-getter method of class using singleton design pattern is not synchronized.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-getter-not-synchronized"
+  },
+  {
+    "key": "SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR",
+    "name": "Correctness - Class using singleton design pattern has non-private constructor.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-has-nonprivate-constructor"
+  },
+  {
+    "key": "SING_SINGLETON_IMPLEMENTS_CLONEABLE",
+    "name": "Correctness - Class using singleton design pattern directly implements Cloneable interface.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-implements-cloneable"
+  },
+  {
+    "key": "SING_SINGLETON_IMPLEMENTS_CLONE_METHOD",
+    "name": "Correctness - Class using singleton design pattern implements clone() method without being an unconditional CloneNotSupportedException-thrower.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-implements-clone-method"
+  },
+  {
+    "key": "SING_SINGLETON_IMPLEMENTS_SERIALIZABLE",
+    "name": "Correctness - Class using singleton design pattern directly or indirectly implements Serializable interface.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-implements-serializable"
+  },
+  {
+    "key": "SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE",
+    "name": "Correctness - Class using singleton design pattern indirectly implements Cloneable interface.",
+    "type": "BUG",
+    "severity": "MAJOR",
+    "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sing-singleton-indirectly-implements-cloneable"
+  },
   {
     "key": "SIO_SUPERFLUOUS_INSTANCEOF",
     "name": "Correctness - Unnecessary type check done using instanceof operator",