ACOMMONS-27 OWASP Mobile Top 10 2024

Author: Godin

commons/src/main/java/org/sonarsource/analyzer/commons/RuleMetadataLoader.java

@@ -40,6 +40,7 @@
 import org.sonar.api.server.rule.RulesDefinition.NewRule;
 import org.sonar.api.server.rule.RulesDefinition.OwaspAsvsVersion;
 import org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version;
+import org.sonar.api.server.rule.RulesDefinition.OwaspMobileTop10Version;
 import org.sonar.api.server.rule.RulesDefinition.PciDssVersion;
 import org.sonar.api.server.rule.RulesDefinition.StigVersion;
 import org.sonar.api.server.rule.RulesDefinitionAnnotationLoader;
@@ -66,6 +67,7 @@ public class RuleMetadataLoader {
   private final SonarRuntime sonarRuntime;
   private final EducationRuleLoader educationRuleLoader;
 
+  private static final String OWASP_MOBILE_2024 = "OWASP Mobile Top 10 2024";
   private static final String OWASP_2021 = "OWASP Top 10 2021";
   private static final String OWASP_2017 = "OWASP";
   private static final String PCI_DSS_PREFIX = "PCI DSS ";
@@ -258,6 +260,7 @@ private void setSecurityStandardsFromJson(NewRule rule, Map<String, Object> secu
     }
 
     addOwasp(rule, securityStandards);
+    addOwaspMobile(rule, securityStandards);
     addPciDss(rule, securityStandards);
     addOwaspAsvs(rule, securityStandards);
     addStig(rule, securityStandards);
@@ -281,6 +284,15 @@ private void addOwasp(NewRule rule, Map<String, Object> securityStandards) {
     }
   }
 
+  private void addOwaspMobile(NewRule rule, Map<String, Object> securityStandards) {
+    if (!isSupported(11, 4)) {
+      return;
+    }
+    for (String standard : getStringArray(securityStandards, OWASP_MOBILE_2024)) {
+      rule.addOwaspMobileTop10(OwaspMobileTop10Version.Y2024, RulesDefinition.OwaspMobileTop10.valueOf(standard));
+    }
+  }
+
   private void addPciDss(NewRule rule, Map<String, Object> securityStandards) {
     if (!isSupported(9, 5)) {
       return;

commons/src/test/java/org/sonarsource/analyzer/commons/RuleMetadataLoaderTest.java

@@ -77,6 +77,7 @@ public class RuleMetadataLoaderTest {
   private static final SonarRuntime SONAR_RUNTIME_10_1 = SonarRuntimeImpl.forSonarLint(Version.create(10, 1));
   private static final SonarRuntime SONAR_RUNTIME_10_10 = SonarRuntimeImpl.forSonarLint(Version.create(10, 10));
   private static final SonarRuntime SONAR_RUNTIME_10_11 = SonarRuntimeImpl.forSonarLint(Version.create(10, 11));
+  private static final SonarRuntime SONAR_RUNTIME_11_4 = SonarRuntimeImpl.forSonarLint(Version.create(11, 4));
 
   @Before
   public void setup() {
@@ -532,6 +533,20 @@ class TestRule {
       .containsExactlyInAnyOrder("cwe:311", "cwe:315", "cwe:614", "owaspTop10:a2", "owaspTop10:a3", "owaspTop10-2021:a4", "owaspTop10-2021:a5");
   }
 
+  @Test
+  public void test_security_standards_on_11_4() {
+    Set<String> securityStandards = getSecurityStandards(SONAR_RUNTIME_11_4);
+    assertThat(securityStandards).containsExactlyInAnyOrder(
+            "cwe:311", "cwe:315", "cwe:614",
+            "owaspTop10:a2", "owaspTop10:a3",
+            "owaspTop10-2021:a4", "owaspTop10-2021:a5",
+            "pciDss-3.2:1.1.1", "pciDss-3.2:1.1.2",
+            "owaspAsvs-4.0:2.1.1", "owaspAsvs-4.0:2.1.2",
+            "stig-ASD_V5R3:V-222612",
+            "owaspMobileTop10-2024:m3", "owaspMobileTop10-2024:m4"
+    );
+  }
+
   @Test
   public void test_security_standards_on_10_10_return_stig() {
     Set<String> securityStandards = getSecurityStandards(SONAR_RUNTIME_10_10);

commons/src/test/resources/org/sonarsource/analyzer/commons/S2092.json

@@ -36,6 +36,10 @@
       "A4",
       "A5"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M3",
+      "M4"
+    ],
     "PCI DSS 3.2": [
       "1.1.1",
       "1.1.2"