From 18fcf3be2d9a9f0d54a2db8a7fc4cdebd3c3ea15 Mon Sep 17 00:00:00 2001
From: Ilia Kebets <104737176+ilia-kebets-sonarsource@users.noreply.github.com>
Date: Tue, 22 Nov 2022 16:21:09 +0100
Subject: [PATCH] Update rules metadata before new release (#3570)

---
 css-sonarpedia/sonarpedia.json                    |  2 +-
 .../l10n/javascript/rules/javascript/S5542.html   |  2 +-
 .../l10n/javascript/rules/javascript/S6303.html   | 15 ++++++++++-----
 .../l10n/javascript/rules/javascript/S6303.json   |  2 +-
 .../l10n/javascript/rules/javascript/S6304.html   |  5 ++++-
 sonarpedia.json                                   |  2 +-
 6 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/css-sonarpedia/sonarpedia.json b/css-sonarpedia/sonarpedia.json
index c6d0c556fec..a9cc54be6fe 100644
--- a/css-sonarpedia/sonarpedia.json
+++ b/css-sonarpedia/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "CSS"
   ],
-  "latest-update": "2022-11-03T12:53:02.211603Z",
+  "latest-update": "2022-11-22T14:32:56.265429Z",
   "options": {
     "no-language-in-filenames": true
   }
diff --git a/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5542.html b/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5542.html
index f34cc32eeae..289f0136e70 100644
--- a/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5542.html
+++ b/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S5542.html
@@ -1,4 +1,4 @@
-<p>Encryption operations should use a secure mode and padding scheme so that confidentiality and integrity can be guaranteed.</p>
+<p>Encryption algorithms should use secure modes and padding schemes where appropriate to guarantee data confidentiality and integrity.</p>
 <ul>
   <li> For block cipher encryption algorithms (like AES):
     <ul>
diff --git a/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6303.html b/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6303.html
index 09de118d07c..eeb06719244 100644
--- a/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6303.html
+++ b/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6303.html
@@ -1,6 +1,11 @@
-<p>Amazon Relational Database Service (RDS) allows to easily host and manage a relational database in the cloud. RDS databases can be encrypted,
-ensuring the security of data-at-rest. In the case that adversaries gain physical access to the storage medium they are not able to access the
-data.</p>
+<p>Using unencrypted RDS DB resources exposes data to unauthorized access to the underlying storage.<br> This includes database data, logs, automatic
+backups, read replicas, snapshots, and cluster metadata.</p>
+<p>This situation can occur in a variety of scenarios, such as:</p>
+<ul>
+  <li> a malicious insider working at the cloud provider gains physical access to the storage device and exfiltrates data. </li>
+  <li> unknown attackers penetrate the cloud provider’s logical infrastructure and systems for extortion. </li>
+</ul>
+<p>AWS-managed encryption at rest reduces this risk with a simple switch.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> The database contains sensitive data that could cause harm when leaked. </li>
@@ -8,8 +13,8 @@ <h2>Ask Yourself Whether</h2>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
-<p>It’s recommended to encrypt databases that contain sensitive information. Encryption and decryption are handled transparently by RDS, so no further
-modifications to the application are necessary.</p>
+<p>It is recommended to enable encryption at rest on any RDS DB resource, regardless of the engine.<br> In any case, no further maintenance is
+required as encryption at rest is fully managed by AWS.</p>
 <h2>Sensitive Code Example</h2>
 <p>For <a
 href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_rds.CfnDBCluster.html"><code>aws-cdk-lib.aws_rds.CfnDBCluster</code></a>:</p>
diff --git a/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6303.json b/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6303.json
index 744f7bac608..b17242ed07e 100644
--- a/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6303.json
+++ b/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6303.json
@@ -1,5 +1,5 @@
 {
-  "title": "Using unencrypted RDS databases is security-sensitive",
+  "title": "Using unencrypted RDS DB resources is security-sensitive",
   "type": "SECURITY_HOTSPOT",
   "status": "ready",
   "remediation": {
diff --git a/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6304.html b/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6304.html
index 5a08a67bf1d..a665978c9ab 100644
--- a/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6304.html
+++ b/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6304.html
@@ -42,7 +42,10 @@ <h2>Compliant Solution</h2>
 })
 </pre>
 <h2>Exceptions</h2>
-<p>No issue is reported when on Key policies in AWS KMS.</p>
+<ul>
+  <li> Should not be raised on key policies (when AWS KMS actions are used.) </li>
+  <li> Should not be raised on policies not using any resources (if and only if all actions in the policy never require resources.) </li>
+</ul>
 <h2>See</h2>
 <ul>
   <li> <a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/">OWASP Top 10 2021 Category A1</a> - Broken Access Control </li>
diff --git a/sonarpedia.json b/sonarpedia.json
index 20fce9c00e6..46dcbefeac3 100644
--- a/sonarpedia.json
+++ b/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "JS"
   ],
-  "latest-update": "2022-11-03T12:52:58.188044Z",
+  "latest-update": "2022-11-22T14:32:35.766299Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": true