diff --git a/rules/S1079/cfamily/metadata.json b/rules/S1079/cfamily/metadata.json index 58cbd443dad..26173cf662f 100644 --- a/rules/S1079/cfamily/metadata.json +++ b/rules/S1079/cfamily/metadata.json @@ -33,9 +33,6 @@ 120, 676 ], - "OWASP": [ - "A9" - ], "PCI DSS 3.2": [ "6.5.2" ], diff --git a/rules/S1079/cfamily/rule.adoc b/rules/S1079/cfamily/rule.adoc index 5eb585d9163..e948786425d 100644 --- a/rules/S1079/cfamily/rule.adoc +++ b/rules/S1079/cfamily/rule.adoc @@ -47,7 +47,6 @@ If this code is given the word ``noncompliant`` as an input, ``noncompliā€`` wi === Standards -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input] ('Classic Buffer Overflow') * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S1081/cfamily/metadata.json b/rules/S1081/cfamily/metadata.json index 823bcc9e93c..44ed5d90348 100644 --- a/rules/S1081/cfamily/metadata.json +++ b/rules/S1081/cfamily/metadata.json @@ -33,12 +33,6 @@ 676, 119 ], - "OWASP Top 10 2021": [ - "A6" - ], - "OWASP": [ - "A9" - ], "CERT": [ "STR07-C." ], diff --git a/rules/S1081/common/resources/standards.adoc b/rules/S1081/common/resources/standards.adoc index 0743e3f8c21..8a6c8e9be18 100644 --- a/rules/S1081/common/resources/standards.adoc +++ b/rules/S1081/common/resources/standards.adoc @@ -1,8 +1,6 @@ === Standards -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 - A06 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S2070/see.adoc b/rules/S2070/see.adoc index 1322dded6e2..cd57085bd68 100644 --- a/rules/S2070/see.adoc +++ b/rules/S2070/see.adoc @@ -1,6 +1,5 @@ == Resources -* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/328[CWE-328 - Reversible One-Way Hash] * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm] -* https://shattered.io/[SHAttered] - The first concrete collision attack against SHA-1. \ No newline at end of file +* https://shattered.io/[SHAttered] - The first concrete collision attack against SHA-1. diff --git a/rules/S2817/javascript/rule.adoc b/rules/S2817/javascript/rule.adoc index bbb19932b1a..a5231677aea 100644 --- a/rules/S2817/javascript/rule.adoc +++ b/rules/S2817/javascript/rule.adoc @@ -17,7 +17,6 @@ var db = window.openDatabase("myDb", "1.0", "Personal secrets stored here", 2*10 == Resources * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] ifdef::env-github,rspecator-view[] diff --git a/rules/S2976/java/rule.adoc b/rules/S2976/java/rule.adoc index 451b1c284f7..d2ec930a9a0 100644 --- a/rules/S2976/java/rule.adoc +++ b/rules/S2976/java/rule.adoc @@ -34,9 +34,6 @@ File tempDir = tempPath.toFile(); == Resources -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] - - ifdef::env-github,rspecator-view[] diff --git a/rules/S5435/python/metadata.json b/rules/S5435/python/metadata.json index 9e94577085e..00e85a4cce9 100644 --- a/rules/S5435/python/metadata.json +++ b/rules/S5435/python/metadata.json @@ -18,11 +18,9 @@ "scope": "Main", "securityStandards": { "OWASP": [ - "A3", - "A9" + "A3" ], "OWASP Top 10 2021": [ - "A6", "A7" ] }, diff --git a/rules/S5435/python/rule.adoc b/rules/S5435/python/rule.adoc index 1b8f2679b9c..bddba889610 100644 --- a/rules/S5435/python/rule.adoc +++ b/rules/S5435/python/rule.adoc @@ -26,10 +26,8 @@ You are at risk if you answered yes to all those questions. == See -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation] * https://www.python.org/dev/peps/pep-0476/[PEP-476] * https://www.youtube.com/watch?v=4o-xqqidvKA[Benjamin Peterson - A Dive into TLS - PyCon 2015] diff --git a/rules/S5445/common/resources/standards.adoc b/rules/S5445/common/resources/standards.adoc index ad02f9a9357..a3c7772c2ed 100644 --- a/rules/S5445/common/resources/standards.adoc +++ b/rules/S5445/common/resources/standards.adoc @@ -1,7 +1,6 @@ === Standards * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] * CWE - https://cwe.mitre.org/data/definitions/379[CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions] * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions. diff --git a/rules/S5445/metadata.json b/rules/S5445/metadata.json index 7cb2bdc8898..30050b9ba60 100644 --- a/rules/S5445/metadata.json +++ b/rules/S5445/metadata.json @@ -32,9 +32,6 @@ 377, 379 ], - "OWASP": [ - "A9" - ], "OWASP Top 10 2021": [ "A1" ], diff --git a/rules/S5679/java/rule.adoc b/rules/S5679/java/rule.adoc index f16015b9da6..f1c4828a71b 100644 --- a/rules/S5679/java/rule.adoc +++ b/rules/S5679/java/rule.adoc @@ -96,9 +96,7 @@ public ParserPool parserPool() { == Standards -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication] diff --git a/rules/S5679/metadata.json b/rules/S5679/metadata.json index ee5b1530fd7..bbe723f0384 100644 --- a/rules/S5679/metadata.json +++ b/rules/S5679/metadata.json @@ -29,11 +29,9 @@ "scope": "Main", "securityStandards": { "OWASP": [ - "A9", "A2" ], "OWASP Top 10 2021": [ - "A6", "A7" ], "PCI DSS 3.2": [ diff --git a/rules/S5782/cfamily/metadata.json b/rules/S5782/cfamily/metadata.json index dd210af5d96..3f5c5de94fa 100644 --- a/rules/S5782/cfamily/metadata.json +++ b/rules/S5782/cfamily/metadata.json @@ -36,12 +36,6 @@ 131, 788 ], - "OWASP": [ - "A9" - ], - "OWASP Top 10 2021": [ - "A6" - ], "CERT": [ "STR50-CPP.", "ARR30-C." diff --git a/rules/S5782/common/resources/standards.adoc b/rules/S5782/common/resources/standards.adoc index 08427fccdbb..7bf5b0255bd 100644 --- a/rules/S5782/common/resources/standards.adoc +++ b/rules/S5782/common/resources/standards.adoc @@ -1,7 +1,5 @@ === Standards -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 - A06 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] * CWE - https://cwe.mitre.org/data/definitions/131[CWE-131 - Incorrect Calculation of Buffer Size] * CWE - https://cwe.mitre.org/data/definitions/788[CWE-788 - Access of Memory Location After End of Buffer] diff --git a/rules/S5801/cfamily/metadata.json b/rules/S5801/cfamily/metadata.json index e4b5b050e8e..dbc8576b2da 100644 --- a/rules/S5801/cfamily/metadata.json +++ b/rules/S5801/cfamily/metadata.json @@ -32,15 +32,9 @@ "CWE": [ 120 ], - "OWASP": [ - "A9" - ], "CERT": [ "STR07-C." ], - "OWASP Top 10 2021": [ - "A6" - ], "PCI DSS 3.2": [ "6.5.2" ], diff --git a/rules/S5801/cfamily/rule.adoc b/rules/S5801/cfamily/rule.adoc index 4cda9ce093a..f8c7e7dabfa 100644 --- a/rules/S5801/cfamily/rule.adoc +++ b/rules/S5801/cfamily/rule.adoc @@ -50,8 +50,6 @@ int f(char *src) { == See -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S5814/cfamily/metadata.json b/rules/S5814/cfamily/metadata.json index a2b8ce9f36e..2f19f2f516c 100644 --- a/rules/S5814/cfamily/metadata.json +++ b/rules/S5814/cfamily/metadata.json @@ -32,15 +32,9 @@ "CWE": [ 120 ], - "OWASP": [ - "A9" - ], "CERT": [ "STR07-C." ], - "OWASP Top 10 2021": [ - "A6" - ], "PCI DSS 3.2": [ "6.5.2" ], diff --git a/rules/S5814/cfamily/rule.adoc b/rules/S5814/cfamily/rule.adoc index 4b943b933b5..f3445866aa7 100644 --- a/rules/S5814/cfamily/rule.adoc +++ b/rules/S5814/cfamily/rule.adoc @@ -53,8 +53,6 @@ int f(char *src) { == See -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S5815/cfamily/metadata.json b/rules/S5815/cfamily/metadata.json index 824fb3b4abb..5db2162366d 100644 --- a/rules/S5815/cfamily/metadata.json +++ b/rules/S5815/cfamily/metadata.json @@ -32,15 +32,9 @@ "CWE": [ 120 ], - "OWASP": [ - "A9" - ], "CERT": [ "STR07-C." ], - "OWASP Top 10 2021": [ - "A6" - ], "PCI DSS 3.2": [ "6.5.2" ], diff --git a/rules/S5815/cfamily/rule.adoc b/rules/S5815/cfamily/rule.adoc index 7601f2a3746..cf5e75f19ba 100644 --- a/rules/S5815/cfamily/rule.adoc +++ b/rules/S5815/cfamily/rule.adoc @@ -51,8 +51,6 @@ int f(char *src) { == See -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S5816/cfamily/metadata.json b/rules/S5816/cfamily/metadata.json index d9c64219297..faca669ccce 100644 --- a/rules/S5816/cfamily/metadata.json +++ b/rules/S5816/cfamily/metadata.json @@ -32,15 +32,9 @@ "CWE": [ 120 ], - "OWASP": [ - "A9" - ], "CERT": [ "STR07-C." ], - "OWASP Top 10 2021": [ - "A6" - ], "PCI DSS 3.2": [ "6.5.2" ], diff --git a/rules/S5816/cfamily/rule.adoc b/rules/S5816/cfamily/rule.adoc index 0c33599a575..d79c4adfa1c 100644 --- a/rules/S5816/cfamily/rule.adoc +++ b/rules/S5816/cfamily/rule.adoc @@ -63,8 +63,6 @@ int f(char *src) { == See -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')] * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks. diff --git a/rules/S5824/cfamily/metadata.json b/rules/S5824/cfamily/metadata.json index 03e4b7a8b56..8cb183cd7c3 100644 --- a/rules/S5824/cfamily/metadata.json +++ b/rules/S5824/cfamily/metadata.json @@ -32,16 +32,12 @@ "CWE": [ 377 ], - "OWASP": [ - "A9" - ], "CERT": [ "CON33-C.", "FIO21-C." ], "OWASP Top 10 2021": [ - "A1", - "A6" + "A1" ], "PCI DSS 3.2": [ "6.5.2", diff --git a/rules/S5824/cfamily/rule.adoc b/rules/S5824/cfamily/rule.adoc index 5c32370ebfa..ae6004f0227 100644 --- a/rules/S5824/cfamily/rule.adoc +++ b/rules/S5824/cfamily/rule.adoc @@ -53,8 +53,6 @@ int f(char *tempData) { == See * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control] -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File] * https://wiki.sei.cmu.edu/confluence/display/c/CON33-C.+Avoid+race+conditions+when+using+library+functions[CERT, CON33-C.] - Avoid race conditions when using library functions * https://wiki.sei.cmu.edu/confluence/display/c/FIO21-C.+Do+not+create+temporary+files+in+shared+directories[CERT, FIO21-C.] - Do not create temporary files in shared directories diff --git a/rules/S6069/cfamily/metadata.json b/rules/S6069/cfamily/metadata.json index 56936d64ace..f1fba96076e 100644 --- a/rules/S6069/cfamily/metadata.json +++ b/rules/S6069/cfamily/metadata.json @@ -33,15 +33,9 @@ 676, 119 ], - "OWASP": [ - "A9" - ], "CERT": [ "STR07-C." ], - "OWASP Top 10 2021": [ - "A6" - ], "PCI DSS 3.2": [ "6.5.2" ], diff --git a/rules/S6069/cfamily/rule.adoc b/rules/S6069/cfamily/rule.adoc index 56c2e6c3e1f..e06c0ca51a7 100644 --- a/rules/S6069/cfamily/rule.adoc +++ b/rules/S6069/cfamily/rule.adoc @@ -49,8 +49,6 @@ sprintf(buf, "%s", message);{code} == See -* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components] -* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities] * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function] * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer] * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks.