From ace4c810b3f401286d836410a62a83a3acf86144 Mon Sep 17 00:00:00 2001
From: Zsolt Kolbay
 <121798625+zsolt-kolbay-sonarsource@users.noreply.github.com>
Date: Wed, 20 Mar 2024 10:27:42 +0100
Subject: [PATCH] Update RSPEC for 9.22 (again) (#8961)

---
 analyzers/rspec/cs/S2551.html                 | 17 ++++++++--------
 analyzers/rspec/cs/S3927.html                 |  4 ++--
 analyzers/rspec/cs/S5542.html                 | 13 +++++++-----
 analyzers/rspec/vbnet/S117.html               | 20 ++++++++++---------
 analyzers/rspec/vbnet/S2551.html              | 17 ++++++++--------
 analyzers/rspec/vbnet/S3927.html              |  4 ++--
 analyzers/rspec/vbnet/S5542.html              | 13 +++++++-----
 .../src/SonarAnalyzer.CSharp/sonarpedia.json  |  2 +-
 .../SonarAnalyzer.VisualBasic/sonarpedia.json |  2 +-
 9 files changed, 51 insertions(+), 41 deletions(-)

diff --git a/analyzers/rspec/cs/S2551.html b/analyzers/rspec/cs/S2551.html
index 520581969fb..c553d9fe975 100644
--- a/analyzers/rspec/cs/S2551.html
+++ b/analyzers/rspec/cs/S2551.html
@@ -1,14 +1,15 @@
 <h2>Why is this an issue?</h2>
 <p>A shared resource refers to a resource or data that can be accessed or modified by multiple <a
 href="https://en.wikipedia.org/wiki/Thread_(computing)">threads</a> or concurrent parts of a program. It could be any piece of data, object, file,
-database connection, or system resource that needs to be accessed or manipulated by multiple parts of a program concurrently.</p>
-<p>Shared resources should not be used for <a href="https://en.wikipedia.org/wiki/Lock_(computer_science)">locking</a> as it increases the chance of
-<a href="https://en.wikipedia.org/wiki/Deadlock">deadlocks</a>. Any other thread could acquire (or attempt to acquire) the same lock while doing some
-operation, without knowing that the resource is meant to be used for locking purposes.</p>
-<p>One example of this is a <code>String</code> <a href="https://en.wikipedia.org/wiki/Interning_(computer_science)">interned</a> by the runtime. This
-means that each <code>String</code> instance is immutable and stored, and then reused everywhere it is referenced.</p>
-<p>Instead, a dedicated private <code>object</code> instance should be used for each shared resource. Making the lock-specific object
-<code>private</code> guarantees that the access to it is as minimal as possible, in order to avoid deadlocks or lock contention.</p>
+database connection, or system resource that needs to be accessed or manipulated by multiple parts of a program at the same time.</p>
+<p>Shared resources should not be used for <a href="https://en.wikipedia.org/wiki/Lock_(computer_science)">locking</a> because it increases the chance
+of <a href="https://en.wikipedia.org/wiki/Deadlock">deadlocks</a>. Any other thread could acquire (or attempt to acquire) the same lock while doing
+some operation, without knowing that the resource is meant to be used for locking purposes.</p>
+<p>For example, a <code>string</code> should never be used for locking. When a <code>string</code> is <a
+href="https://en.wikipedia.org/wiki/Interning_(computer_science)">interned</a> by the runtime, it can be shared by multiple threads, breaking the
+locking mechanism.</p>
+<p>Instead, a dedicated private <code>object</code> instance should be used for each shared resource. This minimizes access to the lock instance,
+avoiding deadlocks and lock contention.</p>
 <p>The following objects are considered as shared resources:</p>
 <ul>
   <li> a reference to <a href="https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/this">this</a>: if the instance is publicly
diff --git a/analyzers/rspec/cs/S3927.html b/analyzers/rspec/cs/S3927.html
index 4cbb794c28a..6f9e4edca31 100644
--- a/analyzers/rspec/cs/S3927.html
+++ b/analyzers/rspec/cs/S3927.html
@@ -1,6 +1,6 @@
 <h2>Why is this an issue?</h2>
-<p>Serialization event handlers that don’t have the correct signature will not be called, bypassing augmentations to the automated
-de/serialization.</p>
+<p>Serialization event handlers that don’t have the correct signature will not be called, bypassing augmentations to automated serialization and
+deserialization events.</p>
 <p>A method is designated a serialization event handler by applying one of the following serialization event attributes:</p>
 <ul>
   <li> <a
diff --git a/analyzers/rspec/cs/S5542.html b/analyzers/rspec/cs/S5542.html
index fc357a0ecae..77f76e55e82 100644
--- a/analyzers/rspec/cs/S5542.html
+++ b/analyzers/rspec/cs/S5542.html
@@ -14,8 +14,10 @@ <h2>Why is this an issue?</h2>
 </ol>
 <p>For these reasons, as soon as cryptography is included in a project, it is important to choose encryption algorithms that are considered strong and
 secure by the cryptography community.</p>
-<p>For AES, the weakest modes are CBC (Cipher Block Chaining) and ECB (Electronic Codebook) because they are either vulnerable to padding oracles or
-do not provide authentication mechanisms.</p>
+<p>For AES, the weakest mode is ECB (Electronic Codebook). Repeated blocks of data are encrypted to the same value, making them easy to identify and
+reducing the difficulty of recovering the original cleartext.</p>
+<p>Unauthenticated modes such as CBC (Cipher Block Chaining) may be used but are prone to attacks that manipulate the ciphertext. They must be used
+with caution.</p>
 <p>For RSA, the weakest algorithms are either using it without padding or using the PKCS1v1.5 padding scheme.</p>
 <h3>What is the potential impact?</h3>
 <p>The cleartext of an encrypted message might be recoverable. Additionally, it might be possible to modify the cleartext of an encrypted message.</p>
@@ -78,7 +80,8 @@ <h4>Compliant solution</h4>
 <h3>How does this work?</h3>
 <p>As a rule of thumb, use the cryptographic algorithms and mechanisms that are considered strong by the cryptographic community.</p>
 <p>Appropriate choices are currently the following.</p>
-<h4>For AES: Use Galois/Counter mode (GCM)</h4>
+<h4>For AES: use authenticated encryption modes</h4>
+<p>The best-known authenticated encryption mode for AES is Galois/Counter mode (GCM).</p>
 <p>GCM mode combines encryption with authentication and integrity checks using a cryptographic hash function and provides both confidentiality and
 authenticity of data.</p>
 <p>Other similar modes are:</p>
@@ -89,8 +92,8 @@ <h4>For AES: Use Galois/Counter mode (GCM)</h4>
   <li> IAPM: <code>Integer Authenticated Parallelizable Mode</code> </li>
   <li> OCB: <code>Offset Codebook Mode</code> </li>
 </ul>
-<p>It is also possible to use AES-CBC with HMAC for integrity checks. However, it</p>
-<p>is considered more straightforward to use AES-GCM directly instead.</p>
+<p>It is also possible to use AES-CBC with HMAC for integrity checks. However, it is considered more straightforward to use AES-GCM directly
+instead.</p>
 <h4>For RSA: use the OAEP scheme</h4>
 <p>The Optimal Asymmetric Encryption Padding scheme (OAEP) adds randomness and a secure hash function that strengthens the regular inner workings of
 RSA.</p>
diff --git a/analyzers/rspec/vbnet/S117.html b/analyzers/rspec/vbnet/S117.html
index 0a7d010b846..6fcdd6f90b4 100644
--- a/analyzers/rspec/vbnet/S117.html
+++ b/analyzers/rspec/vbnet/S117.html
@@ -9,15 +9,17 @@ <h2>Why is this an issue?</h2>
 <h3>What is the potential impact?</h3>
 <p>Inconsistent naming of local variables can lead to several issues in your code:</p>
 <ul>
-  <li> Reduced Readability: inconsistent local variable names make the code harder to read and understand; consequently, it is more difficult to
-  identify the purpose of each variable, spot errors, or comprehend the logic. </li>
-  <li> Difficulty in Identifying Variables: local variables that don’t adhere to a standard naming convention are challenging to identify; thus, the
-  coding process slows down, especially when dealing with a large codebase. </li>
-  <li> Increased Risk of Errors: inconsistent or unclear local variable names lead to misunderstandings about what the variable represents. This
-  ambiguity leads to incorrect assumptions and, consequently, bugs in the code. </li>
-  <li> Collaboration Difficulties: in a team setting, inconsistent naming conventions lead to confusion and miscommunication among team members. </li>
-  <li> Difficulty in Code Maintenance: inconsistent naming leads to an inconsistent codebase. The code is difficult to understand, and making changes
-  feels like refactoring constantly, as you face different naming methods. Ultimately, it makes the codebase harder to maintain. </li>
+  <li> <strong>Reduced Readability</strong>: Inconsistent local variable names make the code harder to read and understand; consequently, it is more
+  difficult to identify the purpose of each variable, spot errors, or comprehend the logic. </li>
+  <li> <strong>Difficulty in Identifying Variables</strong>: The local variables that don’t adhere to a standard naming convention are challenging to
+  identify; thus, the coding process slows down, especially when dealing with a large codebase. </li>
+  <li> <strong>Increased Risk of Errors</strong>: Inconsistent or unclear local variable names lead to misunderstandings about what the variable
+  represents. This ambiguity leads to incorrect assumptions and, consequently, bugs in the code. </li>
+  <li> <strong>Collaboration Difficulties</strong>: In a team setting, inconsistent naming conventions lead to confusion and miscommunication among
+  team members. </li>
+  <li> <strong>Difficulty in Code Maintenance</strong>: Inconsistent naming leads to an inconsistent codebase. The code is difficult to understand,
+  and making changes feels like refactoring constantly, as you face different naming methods. Ultimately, it makes the codebase harder to maintain.
+  </li>
 </ul>
 <p>In summary, not adhering to a naming convention for local variables can lead to confusion, errors, and inefficiencies, making the code harder to
 read, understand, and maintain.</p>
diff --git a/analyzers/rspec/vbnet/S2551.html b/analyzers/rspec/vbnet/S2551.html
index 2a41f990e96..22fbe0e6c5f 100644
--- a/analyzers/rspec/vbnet/S2551.html
+++ b/analyzers/rspec/vbnet/S2551.html
@@ -1,14 +1,15 @@
 <h2>Why is this an issue?</h2>
 <p>A shared resource refers to a resource or data that can be accessed or modified by multiple <a
 href="https://en.wikipedia.org/wiki/Thread_(computing)">threads</a> or concurrent parts of a program. It could be any piece of data, object, file,
-database connection, or system resource that needs to be accessed or manipulated by multiple parts of a program concurrently.</p>
-<p>Shared resources should not be used for <a href="https://en.wikipedia.org/wiki/Lock_(computer_science)">locking</a> as it increases the chance of
-<a href="https://en.wikipedia.org/wiki/Deadlock">deadlocks</a>. Any other thread could acquire (or attempt to acquire) the same lock while doing some
-operation, without knowing that the resource is meant to be used for locking purposes.</p>
-<p>One example of this is a <code>String</code> <a href="https://en.wikipedia.org/wiki/Interning_(computer_science)">interned</a> by the runtime. This
-means that each <code>String</code> instance is immutable and stored, and then reused everywhere it is referenced.</p>
-<p>Instead, a dedicated private <code>object</code> instance should be used for each shared resource. Making the lock-specific object
-<code>private</code> guarantees that the access to it is as minimal as possible, in order to avoid deadlocks or lock contention.</p>
+database connection, or system resource that needs to be accessed or manipulated by multiple parts of a program at the same time.</p>
+<p>Shared resources should not be used for <a href="https://en.wikipedia.org/wiki/Lock_(computer_science)">locking</a> because it increases the chance
+of <a href="https://en.wikipedia.org/wiki/Deadlock">deadlocks</a>. Any other thread could acquire (or attempt to acquire) the same lock while doing
+some operation, without knowing that the resource is meant to be used for locking purposes.</p>
+<p>For example, a <code>String</code> should never be used for locking. When a <code>String</code> is <a
+href="https://en.wikipedia.org/wiki/Interning_(computer_science)">interned</a> by the runtime, it can be shared by multiple threads, breaking the
+locking mechanism.</p>
+<p>Instead, a dedicated private <code>Object</code> instance should be used for each shared resource. This minimizes access to the lock instance,
+avoiding deadlocks and lock contention.</p>
 <p>The following objects are considered as shared resources:</p>
 <ul>
   <li> a reference to <a
diff --git a/analyzers/rspec/vbnet/S3927.html b/analyzers/rspec/vbnet/S3927.html
index 9e254d0cd9c..f247a45e79c 100644
--- a/analyzers/rspec/vbnet/S3927.html
+++ b/analyzers/rspec/vbnet/S3927.html
@@ -1,6 +1,6 @@
 <h2>Why is this an issue?</h2>
-<p>Serialization event handlers that don’t have the correct signature will not be called, bypassing augmentations to the automated
-de/serialization.</p>
+<p>Serialization event handlers that don’t have the correct signature will not be called, bypassing augmentations to automated serialization and
+deserialization events.</p>
 <p>A method is designated a serialization event handler by applying one of the following serialization event attributes:</p>
 <ul>
   <li> <a
diff --git a/analyzers/rspec/vbnet/S5542.html b/analyzers/rspec/vbnet/S5542.html
index c00a19054ba..7f59d750de8 100644
--- a/analyzers/rspec/vbnet/S5542.html
+++ b/analyzers/rspec/vbnet/S5542.html
@@ -14,8 +14,10 @@ <h2>Why is this an issue?</h2>
 </ol>
 <p>For these reasons, as soon as cryptography is included in a project, it is important to choose encryption algorithms that are considered strong and
 secure by the cryptography community.</p>
-<p>For AES, the weakest modes are CBC (Cipher Block Chaining) and ECB (Electronic Codebook) because they are either vulnerable to padding oracles or
-do not provide authentication mechanisms.</p>
+<p>For AES, the weakest mode is ECB (Electronic Codebook). Repeated blocks of data are encrypted to the same value, making them easy to identify and
+reducing the difficulty of recovering the original cleartext.</p>
+<p>Unauthenticated modes such as CBC (Cipher Block Chaining) may be used but are prone to attacks that manipulate the ciphertext. They must be used
+with caution.</p>
 <p>For RSA, the weakest algorithms are either using it without padding or using the PKCS1v1.5 padding scheme.</p>
 <h3>What is the potential impact?</h3>
 <p>The cleartext of an encrypted message might be recoverable. Additionally, it might be possible to modify the cleartext of an encrypted message.</p>
@@ -87,7 +89,8 @@ <h4>Compliant solution</h4>
 <h3>How does this work?</h3>
 <p>As a rule of thumb, use the cryptographic algorithms and mechanisms that are considered strong by the cryptographic community.</p>
 <p>Appropriate choices are currently the following.</p>
-<h4>For AES: Use Galois/Counter mode (GCM)</h4>
+<h4>For AES: use authenticated encryption modes</h4>
+<p>The best-known authenticated encryption mode for AES is Galois/Counter mode (GCM).</p>
 <p>GCM mode combines encryption with authentication and integrity checks using a cryptographic hash function and provides both confidentiality and
 authenticity of data.</p>
 <p>Other similar modes are:</p>
@@ -98,8 +101,8 @@ <h4>For AES: Use Galois/Counter mode (GCM)</h4>
   <li> IAPM: <code>Integer Authenticated Parallelizable Mode</code> </li>
   <li> OCB: <code>Offset Codebook Mode</code> </li>
 </ul>
-<p>It is also possible to use AES-CBC with HMAC for integrity checks. However, it</p>
-<p>is considered more straightforward to use AES-GCM directly instead.</p>
+<p>It is also possible to use AES-CBC with HMAC for integrity checks. However, it is considered more straightforward to use AES-GCM directly
+instead.</p>
 <h4>For RSA: use the OAEP scheme</h4>
 <p>The Optimal Asymmetric Encryption Padding scheme (OAEP) adds randomness and a secure hash function that strengthens the regular inner workings of
 RSA.</p>
diff --git a/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json b/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json
index 3b1c51d2b5d..f0dedbc73d7 100644
--- a/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json
+++ b/analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "CSH"
   ],
-  "latest-update": "2024-03-15T12:11:31.487123200Z",
+  "latest-update": "2024-03-20T08:56:52.732098400Z",
   "options": {
     "no-language-in-filenames": true
   }
diff --git a/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json b/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json
index 274bf247898..5e95be941ff 100644
--- a/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json
+++ b/analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "VBNET"
   ],
-  "latest-update": "2024-03-15T12:11:49.495514500Z",
+  "latest-update": "2024-03-20T08:59:07.028699300Z",
   "options": {
     "no-language-in-filenames": true
   }