Update rule metadata (#1226)

Author: nils-werner-sonarsource

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2115.json

@@ -33,16 +33,8 @@
       "6.2.4"
     ],
     "ASVS 4.0": [
-      "2.1.1",
-      "2.1.11",
-      "2.1.12",
-      "2.1.2",
-      "2.1.3",
-      "2.1.4",
-      "2.1.7",
-      "2.1.8",
-      "2.1.9",
-      "2.10.3"
+      "9.2.2",
+      "9.2.3"
     ]
   },
   "quickfix": "unknown"

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4426.json

@@ -35,14 +35,7 @@
       "A2"
     ],
     "ASVS 4.0": [
-      "2.8.3",
-      "6.2.3",
-      "6.2.4",
-      "6.2.5",
-      "6.2.6",
-      "6.2.7",
-      "9.1.2",
-      "9.1.3"
+      "6.2.3"
     ]
   },
   "quickfix": "unknown"

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4433.json

@@ -31,16 +31,8 @@
       "6.2.4"
     ],
     "ASVS 4.0": [
-      "2.1.1",
-      "2.1.11",
-      "2.1.12",
-      "2.1.2",
-      "2.1.3",
-      "2.1.4",
-      "2.1.7",
-      "2.1.8",
-      "2.1.9",
-      "2.10.3"
+      "9.2.2",
+      "9.2.3"
     ]
   },
   "quickfix": "unknown"

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4792.json

@@ -34,10 +34,7 @@
     ],
     "ASVS 4.0": [
       "7.1.1",
-      "7.1.2",
-      "7.3.1",
-      "7.3.2",
-      "8.3.5"
+      "7.1.2"
     ]
   }
 }

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4828.html

@@ -1,34 +1,57 @@
-<p>Signalling processes is security-sensitive. It has led in the past to the following vulnerabilities:</p>
-<ul>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0390">CVE-2009-0390</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671">CVE-2008-1671</a> </li>
-</ul>
-<p>Sending signals without checking properly which process will receive it can cause a denial of service.</p>
+<p>Signaling processes or process groups can seriously affect the stability of this application or other applications on the same system.</p>
+<p>Accidentally setting an incorrect <code>PID</code> or <code>signal</code> or allowing untrusted sources to assign arbitrary values to these
+parameters may result in a denial of service.</p>
+<p>Also, the system treats the signal differently if the destination <code>PID</code> is less than or equal to 0. This different behavior may affect
+multiple processes with the same (E)UID simultaneously if the call is left uncontrolled.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
-  <li> the PID of the process to which the signal will be sent is coming from an untrusted source. It could for example come from a world-writable
-  file. </li>
-  <li> users who are asking for the signal to be sent might not have the permission to send those signals. </li>
+  <li> The parameters <code>pid</code> and <code>sig</code> are untrusted (they come from an external source). </li>
+  <li> This function is triggered by non-administrators. </li>
+  <li> Signal handlers on the target processes stop important functions. </li>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
-  <li> If the signal is sent because of a user’s request. Check that the user is allowed to send this signal. You can for example forbid it if the
-  user doesn’t own the process. </li>
-  <li> Secure the source from which the process PID is read. </li>
-  <li> Run the process sending the signals with minimal permissions. </li>
+  <li> For stateful applications with user management, ensure that only administrators trigger this code. </li>
+  <li> Verify that the <code>pid</code> and <code>sig</code> parameters are correct before using them. </li>
+  <li> Ensure that the process sending the signals runs with as few OS privileges as possible. </li>
+  <li> Isolate the process on the system based on its (E)UID. </li>
+  <li> Ensure that the signal does not interrupt any essential functions when intercepted by a target’s signal handlers. </li>
 </ul>
 <h2>Sensitive Code Example</h2>
 <pre>
 import os
 
-def send_signal(pid, sig, pgid):
-    os.kill(pid, sig)  # Sensitive
-    os.killpg(pgid, sig)  # Sensitive
+@app.route("/kill-pid/&lt;pid&gt;")
+def send_signal(pid):
+    os.kill(pid, 9)  # Sensitive
+
+@app.route("/kill-pgid/&lt;pgid&gt;")
+def send_signal(pgid):
+    os.killpg(pgid, 9)  # Sensitive
+</pre>
+<h2>Compliant Solution</h2>
+<pre>
+import os
+
+@app.route("/kill-pid/&lt;pid&gt;")
+def send_signal(pid):
+    # Validate the untrusted PID,
+    # With a pre-approved list or authorization checks
+    if is_valid_pid(pid):
+        os.kill(pid, 9)
+
+@app.route("/kill-pgid/&lt;pgid&gt;")
+def send_signal(pgid):
+    # Validate the untrusted PGID,
+    # With a pre-approved list or authorization checks
+    if is_valid_pgid(pgid):
+        os.kill(pgid, 9)
 </pre>
 <h2>See</h2>
 <ul>
   <li> <a href="https://cwe.mitre.org/data/definitions/283">MITRE, CWE-283</a> - Unverified Ownership </li>
+  <li> <a href="https://man7.org/linux/man-pages/man1/kill.1.html">kill(1) — Linux manual page</a> </li>
+  <li> <a href="https://man7.org/linux/man-pages/man2/kill.2.html">kill(2) — Linux manual page</a> </li>
 </ul>
 

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4828.json

@@ -1,5 +1,5 @@
 {
-  "title": "Signalling processes is security-sensitive",
+  "title": "Signaling processes is security-sensitive",
   "type": "SECURITY_HOTSPOT",
   "status": "ready",
   "tags": [