SONARJAVA-5182 Update rule metadata with new code impacts

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1147.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CONVENTIONAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1190.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CONVENTIONAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1219.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S128.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1309.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1314.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1451.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "LAWFUL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1845.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "IDENTIFIABLE"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2068.json

@@ -3,7 +3,7 @@
   "type": "SECURITY_HOTSPOT",
   "code": {
     "impacts": {
-      "SECURITY": "HIGH"
+      "SECURITY": "BLOCKER"
     },
     "attribute": "TRUSTWORTHY"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2096.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2168.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "COMPLETE"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2178.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2187.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "TESTED"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2188.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "COMPLETE"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2229.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "CONVENTIONAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2236.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2245.html

@@ -1,26 +1,35 @@
-<p>Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities:</p>
+<p>PRNGs are algorithms that produce sequences of numbers that only approximate true randomness. While they are suitable for applications like
+simulations or modeling, they are not appropriate for security-sensitive contexts because their outputs can be predictable if the internal state is
+known.</p>
+<p>In contrast, cryptographically secure pseudorandom number generators (CSPRNGs) are designed to be secure against prediction attacks. CSPRNGs use
+cryptographic algorithms to ensure that the generated sequences are not only random but also unpredictable, even if part of the sequence or the
+internal state becomes known. This unpredictability is crucial for security-related tasks such as generating encryption keys, tokens, or any other
+values that must remain confidential and resistant to guessing attacks.</p>
+<p>For example, the use of non-cryptographic PRNGs has led to vulnerabilities such as:</p>
 <ul>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386">CVE-2013-6386</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419">CVE-2006-3419</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102">CVE-2008-4102</a> </li>
+  <li> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386">CVE-2013-6386</a> </li>
+  <li> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419">CVE-2006-3419</a> </li>
+  <li> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102">CVE-2008-4102</a> </li>
 </ul>
 <p>When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that
-will be generated, and use this guess to impersonate another user or access sensitive information.</p>
-<p>As the <code>java.util.Random</code> class relies on a pseudorandom number generator, this class and relating <code>java.lang.Math.random()</code>
-method should not be used for security-critical applications or for protecting sensitive data. In such context, the
-<code>java.security.SecureRandom</code> class which relies on a cryptographically strong random number generator (RNG) should be used in place.</p>
+will be generated, and use this guess to impersonate another user or access sensitive information. Therefore, it is critical to use CSPRNGs in any
+security-sensitive application to ensure the robustness and security of the system.</p>
+<p>As the <code>java.util.Random</code> class relies on a non-cryptographic pseudorandom number generator, this class and relating
+<code>java.lang.Math.random()</code> method should not be used for security-critical applications or for protecting sensitive data. In such context,
+the <code>java.security.SecureRandom</code> class which relies on a CSPRNG should be used in place.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> the code using the generated value requires it to be unpredictable. It is the case for all encryption mechanisms or when a secret value, such
   as a password, is hashed. </li>
-  <li> the function you use generates a value which can be predicted (pseudo-random). </li>
+  <li> the function you use is a non-cryptographic PRNG. </li>
   <li> the generated value is used multiple times. </li>
   <li> an attacker can access the generated value. </li>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
-  <li> Use a cryptographically strong random number generator (RNG) like "java.security.SecureRandom" in place of this PRNG. </li>
+  <li> Use a cryptographically secure pseudo random number generator (CSPRNG) like "java.security.SecureRandom" in place of a non-cryptographic PRNG.
+  </li>
   <li> Use the generated random values only once. </li>
   <li> You should not expose the generated random value. If you have to store it, make sure that the database or file is secure. </li>
 </ul>
@@ -32,12 +41,14 @@ <h2>Sensitive Code Example</h2>
 </pre>
 <h2>Compliant Solution</h2>
 <pre>
-SecureRandom random = new SecureRandom(); // Compliant for security-sensitive use cases
+SecureRandom random = new SecureRandom();
 byte bytes[] = new byte[20];
 random.nextBytes(bytes);
 </pre>
 <h2>See</h2>
 <ul>
+  <li> OWASP - <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation">Secure
+  Random Number Generation Cheat Sheet</a> </li>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
   Exposure</a> </li>
@@ -50,9 +61,6 @@ <h2>See</h2>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/326">CWE-326 - Inadequate Encryption Strength</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/1241">CWE-1241 - Use of Predictable Algorithm in Random Number Generator</a> </li>
   <li> <a href="https://wiki.sei.cmu.edu/confluence/x/oTdGBQ">CERT, MSC02-J.</a> - Generate strong random numbers </li>
-  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/UNcxBQ">CERT, MSC30-C.</a> - Do not use the rand() function for generating pseudorandom numbers
-  </li>
-  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/2ns-BQ">CERT, MSC50-CPP.</a> - Do not use std::rand() for generating pseudorandom numbers </li>
   <li> Derived from FindSecBugs rule <a href="https://h3xstream.github.io/find-sec-bugs/bugs.htm#PREDICTABLE_RANDOM">Predictable Pseudo Random Number
   Generator</a> </li>
 </ul>

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2275.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2276.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2387.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2437.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2693.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "FOCUSED"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2695.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2699.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "TESTED"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2970.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "TESTED"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2975.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CONVENTIONAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3014.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH"
+      "MAINTAINABILITY": "BLOCKER"
     },
     "attribute": "CONVENTIONAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3046.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "COMPLETE"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3753.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "COMPLETE"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S4602.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5786.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5793.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "CONVENTIONAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5979.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S6208.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S6212.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "CLEAR"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S6418.json

@@ -3,7 +3,7 @@
   "type": "SECURITY_HOTSPOT",
   "code": {
     "impacts": {
-      "SECURITY": "HIGH"
+      "SECURITY": "BLOCKER"
     },
     "attribute": "TRUSTWORTHY"
   },

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S6539.json

@@ -3,7 +3,7 @@
   "type": "CODE_SMELL",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "LOW"
+      "MAINTAINABILITY": "INFO"
     },
     "attribute": "MODULAR"
   },