List of Python sonar security rules categorized by OWASP TOP 10:2021
A01:2021-Broken Access Control
Vulnerability:
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5146/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2083/ (also A03)
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-6317/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5445/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-6321/
Security Hotspot:
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6333/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6329/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6304/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6302/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6270/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6265/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6281/ (also A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-5443/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-5042/ (also A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-4502/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6463/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-2612/ (also A04)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-3752/ (also A04)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-1313/
A02:2021-Cryptographic Failures
Vulnerability:
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5659/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5547/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5542/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5527/ (also A05 and A07)
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-4830/ (also A05 and A07)
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-4426/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-4423/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-3329/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2053/
Security Hotspot:
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-5332/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-4790/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-2257/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-2245/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6332/ (also A04 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6330/ (also A04 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6327/ (also A04 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6319/ (also A04 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6308/ (also A04 and A05)
A03:2021-Injection
Vulnerability:
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5496/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5334/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5147/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5131/ https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-3649/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2091/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2083/ (also A01)
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2078/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2076/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2631/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-6287/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5145/ (also A09)
Security Hotspot:
A04:2021-Insecure Design
Vulnerability:
Security Hotspot:
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6332/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6330/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6327/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6319/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6308/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6275/ (also A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-2612/ (also A01)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6245/ (also A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-3752/ (also A01)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-2092/ (also A05)
A05:2021-Security Misconfiguration
Vulnerability:
Security Hotspot:
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6281/ (also A01)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-5042/ (also A01)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6332/ (also A02 and A04)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6330/ (also A02 and A04)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6327/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6319/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6308/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6275/ (also A04)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6252/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-6245/ (also A04)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-5122/ (also A07)
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-4507/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-3330/
https://rules.sonarsource.com/python/type/Security%20Hotspot/RSPEC-2092/ (also A04)
A06:2021-Vulnerable and Outdated Components
Sonar doesn’t have an ability to detect this. There is available tool on OWASP site to check dependencies.
https://owasp.org/www-project-dependency-check/
Vulnerability:
Security Hotspot
A07:2021-Identification and Authentication Failures
Vulnerability:
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-6437/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2115/
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-5527/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-4830/ (also A02 and A05)
https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-4433/
Security Hotspot:
A08:2021-Software and Data Integrity Failures
Vulnerability:
Security Hotspot
A09:2021-Security Logging and Monitoring Failures
Vulnerability:
Security Hotspot:
A10:2021-Server-Side Request Forgery
Vulnerability:
Security Hotspot
List of JavaScript sonar security rules categorized by OWASP TOP 10:2021
A01:2021-Broken Access Control
Vulnerability:
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-6105/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-6096/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5146/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-2083/ (also A03)
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-6317/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-2819/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-6321/
Security Hotspot:
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6333/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6329/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6302/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6270/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6265/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6281/ (also A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5443/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5042/ (also A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-4502/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5604/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-2612/ (also A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5736/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-1313/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6304/
A02:2021-Cryptographic Failures
Vulnerability:
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5659/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5547/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5542/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5527/ (also A05 and A07)
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-4830/ (also A05 and A07)
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-4426/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-4423/
Security Hotspot:
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6249/ (also A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5332/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-4790/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-2245/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6332/ (also A04 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6330/ (also A04 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6327/ (also A04 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6319/ (also A04 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6308/ (also A04 and A05)
A03:2021-Injection
Vulnerability:
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5696/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5334/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5147/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5131/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-3649/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-2083/ (also A01)
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-2076/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-2631/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-6287/
https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5883/
Security Hotspot:
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6299/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6268/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5852/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-1523/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6350/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5247/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-4721/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-2077/
A04:2021-Insecure Design
Vulnerability:
Security Hotspot:
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6332/ (also A02 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6330/ (also A02 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6327/ (also A02 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6319/ (also A02 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6308/ (also A02 and A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6275/ (also A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-2612/ (also A01)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6245/ (also A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5732/ (also A05)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-2092/ (also A05)
A05:2021-Security Misconfiguration
Vulnerability:
Security Hotspot:
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6281/ (also A01)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6249/ (also A02)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5042/ (also A01)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6332/ (also A02 and A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6330/ (also A02 and A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6327/ (also A02 and A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6319/ (also A02 and A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6308/ (also A02 and A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6275/ (also A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5693/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5691/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6252/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-6245/ (also A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5759/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5743/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5742/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5739/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5734/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5732/ (also A04)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5730/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5728/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5689/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5148/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-5122/ (also A07)
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-4507/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-3330/
https://rules.sonarsource.com/javascript/type/Security%20Hotspot/RSPEC-2092/ (also A04)
A06:2021-Vulnerable and Outdated Components
Sonar doesn’t have an ability to detect this. There is available tool on OWASP site to check dependencies.
https://owasp.org/www-project-dependency-check/
Vulnerability:
Security Hotspot
A07:2021-Identification and Authentication Failures
Vulnerability:
Security Hotspot:
A08:2021-Software and Data Integrity Failures
Vulnerability:
Security Hotspot:
A09:2021-Security Logging and Monitoring Failures
Vulnerability:
Security Hotspot:
A10:2021-Server-Side Request Forgery
Vulnerability:
Security Hotspot