searching FindSecBugs findings in SonarQube API with cwe URL parameter

[lcapellino]

searching FindSecBugs findings in SonarQube API with cwe URL parameter

I was tyring to search for issues in a project in SonarQube via the API. Especially for those that are marked as sql-injections (CWE-89). For Example

http://localhost:9000/api/issues/search?componentKeys=projectkey&cwe=89

I noticed that FindSecBugs rules are not shown if you search by the CWE-89 id. The only way to display FindSecBugs rules is to use cwe=unknown as a url parameter.

Is there a way to add CWE details to FindSecBugs rules via the API?

I did some research and maybe found a solution to this:

For example: The default Java Rules are written in JSON and have additional elements that give information about the rule. e.g.:

//The standard Java rules have this 
  "securityStandards": {
    "CWE": [
      564,
      89,
      20,
      943
    ],
    "OWASP": [
      "A1"
    ]
  }

This example is from: https://github.com/SonarSource/sonar-java/blob/master/java-checks/src/main/resources/org/sonar/l10n/java/rules/java/S2077_java.json

The rules from FindSecBugs do not have this element, can you simply add this to the rules.xml?

Component	Version
SonarQube	Community EditionVersion 8.0 (build 29455)
Sonar-FindBugs	3.11.1

[gtoison]

Sorry for the belated answer
Correct me if I misunderstood but this is the same problem as what was discussed here: #392