spotbugs · LeGrandMaxime · Dec 21, 2018 · Jan 2, 2019 · Aug 26, 2019 · h3xstream
diff --git a/generate_profiles/BuildXmlFiles.groovy b/generate_profiles/BuildXmlFiles.groovy
@@ -122,41 +122,23 @@ def writeRules(String rulesSetName,List<Plugin> plugins,List<String> includedBug
                     configKey(pattern.attribute("type"))
                     description(pattern.Details.text().trim())
 
-                    //OWASP TOP 10 2013
-                    if (pattern.Details.text().toLowerCase().contains('injection') || pattern.Details.text().contains('A1-Injection')) {
+                    //OWASP TOP 10 2017
+                    if (pattern.Details.text().toLowerCase().contains('injection') || pattern.Details.text().contains('2017_A1-Injection')) {
                         tag("owasp-a1")
                         tag("injection")
                     }
-                    if (pattern.Details.text().contains('A2-Broken_Authentication_and_Session_Management')) {
-                        tag("owasp-a2")
-                    }
-                    if (pattern.attribute("type").contains("XSS") || pattern.Details.text().contains('A3-Cross-Site_Scripting')) {
-                        tag("owasp-a3")
-                    }
-                    if (pattern.Details.text().contains('A4-Insecure_Direct_Object_References') || pattern.Details.text().contains('Path_Traversal')) {
-                        tag("owasp-a4")
+                    if (pattern.attribute("type").contains("XSS") || pattern.Details.text().contains('2017_A7-Cross-Site_Scripting')) {
+                        tag("owasp-a7")
                     }
-                    if (pattern.Details.text().contains('A5-Security_Misconfiguration')) {
+                    if (pattern.Details.text().contains('Path_Traversal')) {
                         tag("owasp-a5")
                     }
                     if (pattern.attribute('type').equals('HARD_CODE_PASSWORD') ||
                             pattern.attribute("type") in cryptoBugs ||
-                            pattern.Details.text().contains('A6-Sensitive_Data_Exposure')) {
-                        tag("owasp-a6")
+                            pattern.Details.text().contains('2017_A3-Sensitive_Data_Exposure')) {
+                        tag("owasp-a3")
                         tag("cryptography")
                     }
-                    if (pattern.Details.text().contains('A7-Missing_Function_Level_Access_Control')) {
-                        tag("owasp-a7")
-                    }
-                    if (pattern.Details.text().toLowerCase().contains('A8-Cross-Site_Request_Forgery')) {
-                        tag("owasp-a8")
-                    }
-                    if (pattern.Details.text().toLowerCase().contains('A9-Using_Components_with_Known_Vulnerabilities')) {
-                        tag("owasp-a9")
-                    }
-                    if (pattern.Details.text().toLowerCase().contains('A10-Unvalidated_Redirects_and_Forwards')) {
-                        tag("owasp-a10")
-                    }
 
                     //Misc tags
 

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 
   <groupId>com.github.spotbugs</groupId>
   <artifactId>sonar-findbugs-plugin</artifactId>
-  <version>3.10.0-SNAPSHOT</version>
+  <version>3.11-SNAPSHOT</version>
   <packaging>sonar-plugin</packaging>
 
   <name>SonarQube SpotBugs Plugin</name>

diff --git a/src/main/resources/org/sonar/plugins/findbugs/rules-findbugs.xml b/src/main/resources/org/sonar/plugins/findbugs/rules-findbugs.xml
@@ -150,7 +150,7 @@ If SpotBugs found &lt;em&gt;any&lt;/em&gt;, you &lt;em&gt;almost certainly&lt;/e
 vulnerabilities that SpotBugs doesn't report. If you are concerned about cross site scripting, you should seriously
 consider using a commercial static analysis or pen-testing tool.
 &lt;/p&gt;</description>
-    <tag>owasp-a3</tag>
+    <tag>owasp-a7</tag>
     <tag>security</tag>
   </rule>
   <rule key='XSS_REQUEST_PARAMETER_TO_SEND_ERROR' priority='MAJOR'>
@@ -165,7 +165,7 @@ If SpotBugs found &lt;em&gt;any&lt;/em&gt;, you &lt;em&gt;almost certainly&lt;/e
 vulnerabilities that SpotBugs doesn't report. If you are concerned about cross site scripting, you should seriously
 consider using a commercial static analysis or pen-testing tool.
 &lt;/p&gt;</description>
-    <tag>owasp-a3</tag>
+    <tag>owasp-a7</tag>
     <tag>security</tag>
   </rule>
   <rule key='SW_SWING_METHODS_INVOKED_IN_SWING_THREAD' priority='MAJOR'>