Update rule meta data for version 3.14. (#735)

Author: nils-werner-sonarsource

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S1075.html

@@ -6,6 +6,6 @@
 <p>This rule raises an issue when URI's or path delimiters are hard coded.</p>
 <h2>See</h2>
 <ul>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/qQCHAQ">CERT, MSC03-J.</a> - Never hard code sensitive information </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/OjdGBQ">CERT, MSC03-J.</a> - Never hard code sensitive information </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S1116.html

@@ -29,11 +29,11 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/NYA5">CERT, MSC12-C.</a> - Detect and remove code that has no effect or is never
-  executed </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/7gCTAw">CERT, MSC51-J.</a> - Do not place a semicolon immediately following an if, for,
-  or while condition </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/i4FtAg">CERT, EXP15-C.</a> - Do not place a semicolon on the same line as an if, for,
-  or while statement </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/5dUxBQ">CERT, MSC12-C.</a> - Detect and remove code that has no effect or is never executed
+  </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/IDZGBQ">CERT, MSC51-J.</a> - Do not place a semicolon immediately following an if, for, or while
+  condition </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/WtYxBQ">CERT, EXP15-C.</a> - Do not place a semicolon on the same line as an if, for, or while
+  statement </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S112.html

@@ -14,7 +14,6 @@ <h2>Compliant Solution</h2>
 <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/397.html">MITRE, CWE-397</a> - Declaration of Throws for Generic Exception </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/BoB3AQ">CERT, ERR07-J.</a> - Do not throw RuntimeException, Exception, or Throwable
-  </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/_DdGBQ">CERT, ERR07-J.</a> - Do not throw RuntimeException, Exception, or Throwable </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S1121.html

@@ -26,8 +26,7 @@ <h2>Exceptions</h2>
 <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/481.html">MITRE, CWE-481</a> - Assigning instead of Comparing </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/nYFtAg">CERT, EXP45-C.</a> - Do not perform assignments in selection statements </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/1gCTAw">CERT, EXP51-J.</a> - Do not perform assignments in conditional expressions
-  </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/ZNYxBQ">CERT, EXP45-C.</a> - Do not perform assignments in selection statements </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/ITZGBQ">CERT, EXP51-J.</a> - Do not perform assignments in conditional expressions </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S1172.html

@@ -24,7 +24,7 @@ <h2>Exceptions</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/NYA5">CERT, MSC12-C.</a> - Detect and remove code that has no effect or is never
-  executed </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/5dUxBQ">CERT, MSC12-C.</a> - Detect and remove code that has no effect or is never executed
+  </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S121.html

@@ -12,9 +12,7 @@ <h2>Compliant Solution</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/1QGMAg">CERT, EXP19-C.</a> - Use braces for the body of an if, for, or while statement
-  </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/3wHEAw">CERT, EXP52-J.</a> - Use braces for the body of an if, for, or while statement
-  </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/g9YxBQ">CERT, EXP19-C.</a> - Use braces for the body of an if, for, or while statement </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/MzZGBQ">CERT, EXP52-J.</a> - Use braces for the body of an if, for, or while statement </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S128.html

@@ -49,9 +49,9 @@ <h2>Exceptions</h2>
 <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/484.html">MITRE, CWE-484</a> - Omitted Break Statement in Switch </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/YIFLAQ">CERT, MSC17-C.</a> - Finish every set of statements associated with a case
-  label with a break statement </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/ewHAAQ">CERT, MSC52-J.</a> - Finish every set of statements associated with a case
-  label with a break statement </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/ldYxBQ">CERT, MSC17-C.</a> - Finish every set of statements associated with a case label with a
+  break statement </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/1DdGBQ">CERT, MSC52-J.</a> - Finish every set of statements associated with a case label with a
+  break statement </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S131.html

@@ -29,6 +29,6 @@ <h2>Compliant Solution</h2>
 <h2>See</h2>
 <ul>
   <li> <a href="http://cwe.mitre.org/data/definitions/478.html">MITRE, CWE-478</a> - Missing Default Case in Switch Statement </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/YgE">CERT, MSC01-C.</a> - Strive for logical completeness </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/RtYxBQ">CERT, MSC01-C.</a> - Strive for logical completeness </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S1313.html

@@ -5,23 +5,26 @@
 </ul>
 <p>Today's services have an ever-changing architecture due to their scaling and redundancy needs. It is a mistake to think that a service will always
 have the same IP address. When it does change, the hardcoded IP will have to be modified too. This will have an impact on the product development,
-delivery and deployment:</p>
+delivery, and deployment:</p>
 <ul>
   <li> The developers will have to do a rapid fix every time this happens, instead of having an operation team change a configuration file. </li>
-  <li> It forces the same address to be used in every environment (dev, sys, qa, prod). </li>
+  <li> It misleads to use the same address in every environment (dev, sys, qa, prod). </li>
 </ul>
 <p>Last but not least it has an effect on application security. Attackers might be able to decompile the code and thereby discover a potentially
-sensitive address. They can perform a Denial of Service attack on the service at this address or spoof the IP address. Such an attack is always
-possible, but in the case of a hardcoded IP address the fix will be much slower, which will increase an attack's impact.</p>
+sensitive address. They can perform a Denial of Service attack on the service, try to get access to the system, or try to spoof the IP address to
+bypass security checks. Such attacks can always be possible, but in the case of a hardcoded IP address solving the issue will take more time, which
+will increase an attack's impact.</p>
 <h2>Ask Yourself Whether</h2>
-<p>The disclosed IP address is sensitive, eg:</p>
+<p>The disclosed IP address is sensitive, e.g.:</p>
 <ul>
   <li> Can give information to an attacker about the network topology. </li>
   <li> It's a personal (assigned to an identifiable person) IP address. </li>
 </ul>
 <p>There is a risk if you answered yes to any of these questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
-<p>Don't hard-code the IP address in the source code, instead make it configurable.</p>
+<p>Don't hard-code the IP address in the source code, instead make it configurable with environment variables, configuration files, or a similar
+approach. Alternatively, if confidentially is not required a domain name can be used since it allows to change the destination quickly without having
+to rebuild the software.</p>
 <h2>Sensitive Code Example</h2>
 <pre>
 $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
@@ -45,6 +48,6 @@ <h2>See</h2>
 <ul>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure">OWASP Top 10 2017 Category A3</a> - Sensitive Data Exposure
   </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/qQCHAQ">CERT, MSC03-J.</a> - Never hard code sensitive information </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/OjdGBQ">CERT, MSC03-J.</a> - Never hard code sensitive information </li>
 </ul>
 

php-checks/src/main/resources/org/sonar/l10n/php/rules/php/S1314.html

@@ -18,8 +18,8 @@ <h2>Exceptions</h2>
 </pre>
 <h2>See</h2>
 <ul>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/_QC7AQ">CERT, DCL18-C.</a> - Do not begin integer constants with 0 when specifying a
-  decimal value </li>
-  <li> <a href="https://www.securecoding.cert.org/confluence/x/hYClBg">CERT, DCL50-J.</a> - Use visually distinct identifiers </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/atYxBQ">CERT, DCL18-C.</a> - Do not begin integer constants with 0 when specifying a decimal
+  value </li>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/7DZGBQ">CERT, DCL50-J.</a> - Use visually distinct identifiers </li>
 </ul>