Skip to content

Update rule metadata#1673

Merged
nils-werner-sonarsource merged 1 commit intomasterfrom
bot/update-rule-metadata
Apr 10, 2026
Merged

Update rule metadata#1673
nils-werner-sonarsource merged 1 commit intomasterfrom
bot/update-rule-metadata

Conversation

@hashicorp-vault-sonar-prod
Copy link
Copy Markdown
Contributor

@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod Bot commented Apr 9, 2026

Rule Metadata Update Summary

Sonarpedia Rules to update Rules updated
./sonarpedia.json 245 1
Total 245 1

Rule API Version: 2.19.0.5763

This PR was automatically generated to update rule metadata across all supported languages.

@sonar-review-alpha
Copy link
Copy Markdown

sonar-review-alpha Bot commented Apr 9, 2026
edited
Loading

Summary

S2092 rule metadata update: Out of 245 rules available for synchronization, this PR updates a single rule — the cookie security check (S2092). The rule has been reclassified from SECURITY_HOTSPOT to VULNERABILITY, with an updated title ("Cookies should have the 'secure' flag"). The rule documentation was restructured to follow SonarSource's updated template format, replacing "Sensitive/Compliant" sections with "Why is this an issue? / How to fix it?" flow with expanded attack scenario details. The metadata change includes a "former-hotspot" tag to mark the transition. The sonarpedia.json timestamp was updated to reflect the sync date (2026-04-09).

What reviewers should know

Key files to review:

  • S2092.json — Metadata changes: type changed from SECURITY_HOTSPOT → VULNERABILITY, title updated, "former-hotspot" tag added
  • S2092.html — Documentation restructured with new section headings and expanded security impact explanation; comment labels changed from "Sensitive" to "Noncompliant"

What to watch for:

  • The vulnerability type change may affect how the rule is reported/prioritized in SonarQube UI
  • The "former-hotspot" tag indicates this rule no longer requires security review-level remediation (it's now a straightforward vulnerability)
  • Documentation changes are structural only — no logic or severity changes to the underlying rule implementation itself
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next Bot commented Apr 9, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: The metadata changes look correct — the reclassification from SECURITY_HOTSPOT to VULNERABILITY is appropriate since missing a secure flag on a cookie is a definitive issue (no false-positive review needed). One documentation gap needs attention before merge.

🗣️ Give feedback

Comment thread php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S2092.html
@nils-werner-sonarsource nils-werner-sonarsource enabled auto-merge (squash) April 10, 2026 06:02
@nils-werner-sonarsource nils-werner-sonarsource merged commit a5b1fdd into master Apr 10, 2026
21 checks passed
@nils-werner-sonarsource nils-werner-sonarsource deleted the bot/update-rule-metadata branch April 10, 2026 06:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@nils-werner-sonarsource nils-werner-sonarsource nils-werner-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nils-werner-sonarsource