Add support for STIG standard #9584
Conversation
|
|
| private static final String NO_TAGS_RULE_KEY = "S1048"; | ||
| private static final String SINGLE_PARAM_RULE_KEY = "S1200"; | ||
| private static final String MULTI_PARAM_RULE_KEY = "S110"; | ||
|
|
||
| private static final SonarRuntime SONAR_RUNTIME = SonarRuntimeImpl.forSonarQube(Version.create(9, 9), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY); | ||
| private static final SonarRuntime SONAR_RUNTIME = SonarRuntimeImpl.forSonarQube(Version.create(10, 10), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY); |
There was a problem hiding this comment.
I know this is cleaner - but the STIG are being raised only from SQ 10.7+ while OWASP from 9.9+ so I'd keep this tests seperate.
There was a problem hiding this comment.
SONAR_RUNTIME is used for all tests in this file. Only a few of them are related to security standards. I don't think using multiple runtime objects is worthwhile unless there are some breaking changes.
There was a problem hiding this comment.
Ok let's keep on single runtime - however I think we should split these tests to be on UT per standard.
...library/src/test/java/org/sonarsource/dotnet/shared/plugins/AbstractRulesDefinitionTest.java
Show resolved
Hide resolved
mary-georgiou-sonarsource
changed the title
mary-georgiou-sonarsource
changed the title
Fixes #9558