Skip to content

JAVASE-196 Update rule metadata#82

Merged
dorian-burihabwa-sonarsource merged 3 commits intobranch-8.16from
db/JAVASE-196
Apr 14, 2026
Merged

JAVASE-196 Update rule metadata#82
dorian-burihabwa-sonarsource merged 3 commits intobranch-8.16from
db/JAVASE-196

Conversation

@dorian-burihabwa-sonarsource
Copy link
Copy Markdown
Contributor

@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource commented Apr 10, 2026
edited
Loading

Updated rule metadata excluding changes for S2259 and S3518 that are now out of sync with the implementation in this analyzer.

@hashicorp-vault-sonar-prod
Copy link
Copy Markdown
Contributor

hashicorp-vault-sonar-prod Bot commented Apr 10, 2026
edited by atlassian Bot
Loading

JAVASE-196

@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource marked this pull request as ready for review April 13, 2026 13:18
@sonar-review-alpha
Copy link
Copy Markdown

sonar-review-alpha Bot commented Apr 13, 2026
edited
Loading

Summary

This PR updates rule metadata across the analyzer without changes to detection logic. Main updates include:

  • Formatting cleanup: Standardized HTML list item spacing in rule documentation (removing extra spaces in tags)
  • New security standards: Added OWASP Mobile Top 10 2024 mappings (M4, M8) to relevant rules (S2755, S6373, S6376)
  • Security reference updates: Updated STIG Viewer links from 2023 to 2024 versions, updated Oracle documentation links to newer Java versions, fixed STIG URL structure
  • Severity adjustment: Updated S2189 reliability impact from HIGH to BLOCKER
  • HTML improvements: Fixed heading hierarchy in S6377 (changed heading level from h2 to h3)

Rules S2259 and S3518 were intentionally excluded as noted in the description—they are currently out of sync with the implementation.

What reviewers should know

Where to focus: This is purely metadata maintenance—all changes are in .html and .json rule definition files under java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/. No code logic changes.

Key areas:

  1. HTML formatting (S2095, S2189, S2222, S2583, S2589, S2637, S2689, S2755, S3546, S3655, S3824, S3958, S4449, S6373, S6374, S6376, S6377): Whitespace cleanup in list items and links
  2. Standards mapping updates (S2755, S6373, S6376): JSON files now include OWASP Mobile Top 10 2024 categories
  3. Documentation references (S6376, S6377): Links updated to current versions
  4. Severity change (S2189): JSON reliability changed from HIGH to BLOCKER—verify this aligns with recent analysis

Gotchas: The whitespace-only changes are safe but will show as large diffs due to the number of affected files. Focus on the actual content changes: severity updates, new standards mappings, and reference links.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource marked this pull request as draft April 13, 2026 13:21
@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource marked this pull request as ready for review April 13, 2026 13:39
sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

aurelien-coet-sonarsource
aurelien-coet-sonarsource reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@aurelien-coet-sonarsource aurelien-coet-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the comments by the Sonar review bot need to be addressed, but other than that, LGTM

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next Bot commented Apr 14, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

aurelien-coet-sonarsource
aurelien-coet-sonarsource approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@aurelien-coet-sonarsource aurelien-coet-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource merged commit 8d1b73d into branch-8.16 Apr 14, 2026
10 checks passed
@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource deleted the db/JAVASE-196 branch April 14, 2026 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@aurelien-coet-sonarsource aurelien-coet-sonarsource aurelien-coet-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dorian-burihabwa-sonarsource @aurelien-coet-sonarsource