SonarSource C# Ruleset

hongyin.lim · October 9, 2019, 5:34pm

Hi,

I am testing the static security analysis for SonarC# for OWASP rules.
In the following link: https://rules.sonarsource.com/csharp/tag/owasp (C# Rules filtered by OWASP), it mentions that the number of rules are 40.

My current setup is SonarQube ver 7.9 & the SonarC# plugin is 7.17 (latest)

Under the Rules, when we select C# and filter by the Security Category: OWASP 10 -> the results only displayed 29 rules.Just some quick checks:

HTTP request redirections should not be open to forging attacks
I/O function calls should not be vulnerable to path injection attacks
etc …
The rules above which is defined in the link online are not available in the Rules filtered from the SonarQube tool.

I would like to clarify why the rules defined here in this link (https://rules.sonarsource.com/csharp/tag/owasp) is not the same as the ruleset displayed in the SonarC# plugin (ver 7.17) in the Sonarqube ?

Thanks in advance for your help.

Colin · October 9, 2019, 9:00pm

More advanced security rules (such as those detecting injection flaws) are available for the Developer Edition ($) and above.

Feel free to get in touch about a trial license!

Topic		Replies	Views
OWASP Top 10 Vulnerabilities for C# code SonarQube Server / Community Build sonarqube	1	1047	November 5, 2019
Not Equal Sonarqube Rule Count to SonarSource SonarQube Server / Community Build sonarqube	2	499	September 24, 2020
New rules for .NET New rules / language support dotnet	4	574	November 24, 2020
SonarQube security rules - Community, Developer, other editions SonarQube Server / Community Build security	5	4068	July 20, 2020
SonarQube OWAPS security rules update SonarQube Server / Community Build	3	5053	April 12, 2019

SonarSource C# Ruleset

Related topics