SonarSource · loris-s-sonarsource · May 14, 2025 · May 13, 2025 · May 13, 2025 · May 14, 2025
diff --git a/rules/S1079/cfamily/metadata.json b/rules/S1079/cfamily/metadata.json
@@ -33,9 +33,6 @@
       120,
       676
     ],
-    "OWASP": [
-      "A9"
-    ],
     "PCI DSS 3.2": [
       "6.5.2"
     ],

diff --git a/rules/S1079/cfamily/rule.adoc b/rules/S1079/cfamily/rule.adoc
@@ -47,7 +47,6 @@ If this code is given the word ``noncompliant`` as an input, ``noncompli␀`` wi
 
 === Standards
 
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input] ('Classic Buffer Overflow')
 * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function]
 * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks.

diff --git a/rules/S1081/cfamily/metadata.json b/rules/S1081/cfamily/metadata.json
@@ -33,12 +33,6 @@
       676,
       119
     ],
-    "OWASP Top 10 2021": [
-      "A6"
-    ],
-    "OWASP": [
-      "A9"
-    ],
     "CERT": [
       "STR07-C."
     ],

diff --git a/rules/S1081/common/resources/standards.adoc b/rules/S1081/common/resources/standards.adoc
@@ -1,8 +1,6 @@
 
 === Standards
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 - A06 - Vulnerable and Outdated Components]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function]
 * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer]
 * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks.

diff --git a/rules/S2070/see.adoc b/rules/S2070/see.adoc
@@ -1,6 +1,5 @@
 == Resources
 
-* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * CWE - https://cwe.mitre.org/data/definitions/328[CWE-328 - Reversible One-Way Hash]
 * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
-* https://shattered.io/[SHAttered] - The first concrete collision attack against SHA-1. 
+* https://shattered.io/[SHAttered] - The first concrete collision attack against SHA-1. 
diff --git a/rules/S2817/javascript/rule.adoc b/rules/S2817/javascript/rule.adoc
@@ -17,7 +17,6 @@ var db = window.openDatabase("myDb", "1.0", "Personal secrets stored here", 2*10
 == Resources
 
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 
 
 ifdef::env-github,rspecator-view[]

diff --git a/rules/S2976/java/rule.adoc b/rules/S2976/java/rule.adoc
@@ -34,9 +34,6 @@ File tempDir = tempPath.toFile();
 
 == Resources
 
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
-
-
 
 ifdef::env-github,rspecator-view[]
 

diff --git a/rules/S5435/python/metadata.json b/rules/S5435/python/metadata.json
@@ -18,11 +18,9 @@
   "scope": "Main",
   "securityStandards": {
     "OWASP": [
-      "A3",
-      "A9"
+      "A3"
     ],
     "OWASP Top 10 2021": [
-      "A6",
       "A7"
     ]
   },

diff --git a/rules/S5435/python/rule.adoc b/rules/S5435/python/rule.adoc
@@ -26,10 +26,8 @@ You are at risk if you answered yes to all those questions.
 
 == See
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components]
 * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation]
 * https://www.python.org/dev/peps/pep-0476/[PEP-476]
 * https://www.youtube.com/watch?v=4o-xqqidvKA[Benjamin Peterson - A Dive into TLS - PyCon 2015]

diff --git a/rules/S5445/common/resources/standards.adoc b/rules/S5445/common/resources/standards.adoc
@@ -1,7 +1,6 @@
 === Standards
 
 * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File]
 * CWE - https://cwe.mitre.org/data/definitions/379[CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions]
 * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions.

diff --git a/rules/S5445/metadata.json b/rules/S5445/metadata.json
@@ -32,9 +32,6 @@
       377,
       379
     ],
-    "OWASP": [
-      "A9"
-    ],
     "OWASP Top 10 2021": [
       "A1"
     ],

diff --git a/rules/S5679/java/rule.adoc b/rules/S5679/java/rule.adoc
@@ -96,9 +96,7 @@ public ParserPool parserPool() {
 
 == Standards
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components]
 * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[Top 10 2017 Category A2 - Broken Authentication]
 
 

diff --git a/rules/S5679/metadata.json b/rules/S5679/metadata.json
@@ -29,11 +29,9 @@
   "scope": "Main",
   "securityStandards": {
     "OWASP": [
-      "A9",
       "A2"
     ],
     "OWASP Top 10 2021": [
-      "A6",
       "A7"
     ],
     "PCI DSS 3.2": [

diff --git a/rules/S5782/cfamily/metadata.json b/rules/S5782/cfamily/metadata.json
@@ -36,12 +36,6 @@
       131,
       788
     ],
-    "OWASP": [
-      "A9"
-    ],
-    "OWASP Top 10 2021": [
-      "A6"
-    ],
     "CERT": [
       "STR50-CPP.",
       "ARR30-C."

diff --git a/rules/S5782/common/resources/standards.adoc b/rules/S5782/common/resources/standards.adoc
@@ -1,7 +1,5 @@
 === Standards
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 - A06 - Vulnerable and Outdated Components]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer]
 * CWE - https://cwe.mitre.org/data/definitions/131[CWE-131 - Incorrect Calculation of Buffer Size]
 * CWE - https://cwe.mitre.org/data/definitions/788[CWE-788 - Access of Memory Location After End of Buffer]

diff --git a/rules/S5801/cfamily/metadata.json b/rules/S5801/cfamily/metadata.json
@@ -32,15 +32,9 @@
     "CWE": [
       120
     ],
-    "OWASP": [
-      "A9"
-    ],
     "CERT": [
       "STR07-C."
     ],
-    "OWASP Top 10 2021": [
-      "A6"
-    ],
     "PCI DSS 3.2": [
       "6.5.2"
     ],

diff --git a/rules/S5801/cfamily/rule.adoc b/rules/S5801/cfamily/rule.adoc
@@ -50,8 +50,6 @@ int f(char *src) {
 
 == See
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')]
 * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation
 * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks.

diff --git a/rules/S5814/cfamily/metadata.json b/rules/S5814/cfamily/metadata.json
@@ -32,15 +32,9 @@
     "CWE": [
       120
     ],
-    "OWASP": [
-      "A9"
-    ],
     "CERT": [
       "STR07-C."
     ],
-    "OWASP Top 10 2021": [
-      "A6"
-    ],
     "PCI DSS 3.2": [
       "6.5.2"
     ],

diff --git a/rules/S5814/cfamily/rule.adoc b/rules/S5814/cfamily/rule.adoc
@@ -53,8 +53,6 @@ int f(char *src) {
 
 == See
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')]
 * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation
 * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks.

diff --git a/rules/S5815/cfamily/metadata.json b/rules/S5815/cfamily/metadata.json
@@ -32,15 +32,9 @@
     "CWE": [
       120
     ],
-    "OWASP": [
-      "A9"
-    ],
     "CERT": [
       "STR07-C."
     ],
-    "OWASP Top 10 2021": [
-      "A6"
-    ],
     "PCI DSS 3.2": [
       "6.5.2"
     ],

diff --git a/rules/S5815/cfamily/rule.adoc b/rules/S5815/cfamily/rule.adoc
@@ -51,8 +51,6 @@ int f(char *src) {
 
 == See
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')]
 * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation
 * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks.

diff --git a/rules/S5816/cfamily/metadata.json b/rules/S5816/cfamily/metadata.json
@@ -32,15 +32,9 @@
     "CWE": [
       120
     ],
-    "OWASP": [
-      "A9"
-    ],
     "CERT": [
       "STR07-C."
     ],
-    "OWASP Top 10 2021": [
-      "A6"
-    ],
     "PCI DSS 3.2": [
       "6.5.2"
     ],

diff --git a/rules/S5816/cfamily/rule.adoc b/rules/S5816/cfamily/rule.adoc
@@ -63,8 +63,6 @@ int f(char *src) {
 
 == See
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/120[CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')]
 * https://wiki.sei.cmu.edu/confluence/x/HdcxBQ[CERT, STR07-C.] - Use the bounds-checking interfaces for string manipulation
 * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks.

diff --git a/rules/S5824/cfamily/metadata.json b/rules/S5824/cfamily/metadata.json
@@ -32,16 +32,12 @@
     "CWE": [
       377
     ],
-    "OWASP": [
-      "A9"
-    ],
     "CERT": [
       "CON33-C.",
       "FIO21-C."
     ],
     "OWASP Top 10 2021": [
-      "A1",
-      "A6"
+      "A1"
     ],
     "PCI DSS 3.2": [
       "6.5.2",

diff --git a/rules/S5824/cfamily/rule.adoc b/rules/S5824/cfamily/rule.adoc
@@ -53,8 +53,6 @@ int f(char *tempData) {
 == See
 
 * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/377[CWE-377 - Insecure Temporary File]
 * https://wiki.sei.cmu.edu/confluence/display/c/CON33-C.+Avoid+race+conditions+when+using+library+functions[CERT, CON33-C.] - Avoid race conditions when using library functions
 * https://wiki.sei.cmu.edu/confluence/display/c/FIO21-C.+Do+not+create+temporary+files+in+shared+directories[CERT, FIO21-C.] - Do not create temporary files in shared directories

diff --git a/rules/S6069/cfamily/metadata.json b/rules/S6069/cfamily/metadata.json
@@ -33,15 +33,9 @@
       676,
       119
     ],
-    "OWASP": [
-      "A9"
-    ],
     "CERT": [
       "STR07-C."
     ],
-    "OWASP Top 10 2021": [
-      "A6"
-    ],
     "PCI DSS 3.2": [
       "6.5.2"
     ],

diff --git a/rules/S6069/cfamily/rule.adoc b/rules/S6069/cfamily/rule.adoc
@@ -49,8 +49,6 @@ sprintf(buf, "%s", message);{code}
 
 == See
 
-* OWASP - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/[Top 10 2021 Category A6 - Vulnerable and Outdated Components]
-* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
 * CWE - https://cwe.mitre.org/data/definitions/676[CWE-676 - Use of Potentially Dangerous Function]
 * CWE - https://cwe.mitre.org/data/definitions/119[CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer]
 * STIG Viewer - https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222612[Application Security and Development: V-222612] - The application must not be vulnerable to overflow attacks.
-Original file line number
+Diff line change
@@ Expand Up / @@ -33,9 +33,6 @@ @@
 ,
         ],
-        "OWASP": [
-          "A9"
-        ],
         "PCI DSS 3.2": [
           "6.5.2"
         ],
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
Expand Up		@@ -34,9 +34,6 @@ File tempDir = tempPath.toFile();

		== Resources

		* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]



		ifdef::env-github,rspecator-view[]

Expand Down