From fa6881d128ce6b1de0a956d546774abe940dda38 Mon Sep 17 00:00:00 2001
From: Antonio Aversa <antonio.aversa@sonarsource.com>
Date: Tue, 3 Jun 2025 12:33:22 +0200
Subject: [PATCH 1/2] DART-260 Modify rule S5332: Add Dart language

---
 rules/S5332/dart/metadata.json | 47 +++++++++++++++++
 rules/S5332/dart/rule.adoc     | 95 ++++++++++++++++++++++++++++++++++
 2 files changed, 142 insertions(+)
 create mode 100644 rules/S5332/dart/metadata.json
 create mode 100644 rules/S5332/dart/rule.adoc

diff --git a/rules/S5332/dart/metadata.json b/rules/S5332/dart/metadata.json
new file mode 100644
index 00000000000..acd2cc6537a
--- /dev/null
+++ b/rules/S5332/dart/metadata.json
@@ -0,0 +1,47 @@
+{
+    "securityStandards": {
+    "CWE": [
+      200,
+      319
+    ],
+    "OWASP": [
+      "A3"
+    ],
+    "OWASP Mobile": [
+      "M3"
+    ],
+    "OWASP Mobile Top 10 2024": [
+      "M5"
+    ],
+    "MASVS": [
+      "MSTG-NETWORK-1"
+    ],
+    "OWASP Top 10 2021": [
+      "A2"
+    ],
+    "PCI DSS 3.2": [
+      "4.1",
+      "6.5.4"
+    ],
+    "PCI DSS 4.0": [
+      "4.2.1",
+      "6.2.4"
+    ],
+    "ASVS 4.0": [
+      "1.9.1",
+      "9.1.1",
+      "9.2.2"
+    ],
+    "STIG ASD_V5R3": [
+      "V-222397",
+      "V-222534",
+      "V-222562",
+      "V-222563",
+      "V-222577",
+      "V-222596",
+      "V-222597",
+      "V-222598",
+      "V-222599"
+    ]
+  }
+} 
diff --git a/rules/S5332/dart/rule.adoc b/rules/S5332/dart/rule.adoc
new file mode 100644
index 00000000000..ad2ec14ad36
--- /dev/null
+++ b/rules/S5332/dart/rule.adoc
@@ -0,0 +1,95 @@
+include::../description.adoc[]
+
+include::../ask-yourself.adoc[]
+
+include::../recommended.adoc[]
+
+== Sensitive Code Example
+
+Using `Uri.parse` from `dart:core`:
+
+[source,dart,diff-id=1,diff-type=noncompliant]
+----
+import 'dart:core';
+
+void main() {
+  Uri.parse(
+    'http://vulnerable.com', // Sensitive
+  );
+}
+----
+
+Using `Dio` from `package:dio`:
+
+[source,dart,diff-id=2,diff-type=noncompliant]
+----
+import 'package:dio/dio.dart';
+
+void main() {
+  final dio = Dio();
+  dio.get('http://vulnerable.com/api'); // Sensitive
+}
+----
+
+Using `InAppWebViewSettings` from `package:flutter_inappwebview`:
+
+[source,dart,diff-id=3,diff-type=noncompliant]
+----
+import 'package:flutter_inappwebview/flutter_inappwebview.dart';
+
+void main() {
+  InAppWebViewSettings(
+    mixedContentMode: MixedContentMode.MIXED_CONTENT_ALWAYS_ALLOW, // Sensitive
+  );
+}
+----
+
+=== Compliant Solution
+
+Using `Uri.parse` from `dart:core`:
+
+[source,dart,diff-id=1,diff-type=compliant]
+----
+import 'dart:core';
+
+void main() {
+  Uri.parse(
+    'https://secure.example.com',
+  );
+}
+----
+
+Using `Dio` from `package:dio`:
+
+[source,dart,diff-id=2,diff-type=compliant]
+----
+import 'package:dio/dio.dart';
+
+void main() {
+  final dio = Dio();
+  dio.get('https://secure.example.com/api');
+}
+----
+
+Using `InAppWebViewSettings` from `package:flutter_inappwebview`:
+
+[source,dart,diff-id=3,diff-type=compliant]
+----
+import 'package:flutter_inappwebview/flutter_inappwebview.dart';
+
+void main() {
+  InAppWebViewSettings(
+    mixedContentMode: MixedContentMode.MIXED_CONTENT_NEVER_ALLOW,
+  );
+}
+----
+
+include::../exceptions.adoc[]
+
+== See
+
+include::../common/resources/documentation.adoc[]
+
+include::../common/resources/articles.adoc[]
+
+include::../common/resources/standards-mobile.adoc[] 

From 8b0ec0264e2f52ea004754fe6a54f4b297a95a62 Mon Sep 17 00:00:00 2001
From: Antonio Aversa <antonio.aversa@sonarsource.com>
Date: Tue, 3 Jun 2025 14:05:30 +0200
Subject: [PATCH 2/2] Add API documentation and remove unnecessary import

---
 rules/S5332/dart/rule.adoc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/rules/S5332/dart/rule.adoc b/rules/S5332/dart/rule.adoc
index ad2ec14ad36..8b844394532 100644
--- a/rules/S5332/dart/rule.adoc
+++ b/rules/S5332/dart/rule.adoc
@@ -10,8 +10,6 @@ Using `Uri.parse` from `dart:core`:
 
 [source,dart,diff-id=1,diff-type=noncompliant]
 ----
-import 'dart:core';
-
 void main() {
   Uri.parse(
     'http://vulnerable.com', // Sensitive
@@ -50,8 +48,6 @@ Using `Uri.parse` from `dart:core`:
 
 [source,dart,diff-id=1,diff-type=compliant]
 ----
-import 'dart:core';
-
 void main() {
   Uri.parse(
     'https://secure.example.com',
@@ -90,6 +86,12 @@ include::../exceptions.adoc[]
 
 include::../common/resources/documentation.adoc[]
 
+* Flutter API Docs - https://api.flutter.dev/flutter/dart-core/Uri-class.html[Uri class]
+* package:dio Docs - https://pub.dev/documentation/dio/latest/dio/Dio-class.html[Dio class]
+* package:dio Docs - https://pub.dev/documentation/dio/latest/dio/BaseOptions-class.html[BaseOptions class]
+* package:dio Docs - https://pub.dev/documentation/dio/latest/dio/RequestOptions-class.html[RequestOptions class]
+* package:flutter_inappwebview Docs - https://pub.dev/documentation/flutter_inappwebview/latest/flutter_inappwebview/InAppWebViewSettings-class.html[InAppWebViewSettings class]
+
 include::../common/resources/articles.adoc[]
 
 include::../common/resources/standards-mobile.adoc[]