SONARJAVA-6244 Update rule metadata

[hashicorp-vault-sonar-prod]

Rule Metadata Update Summary

Sonarpedia	Rules to update	Rules updated
./sonarpedia.json	683	20
Total	683	20

Rule API Version: 2.19.0.5763

This PR was automatically generated to update rule metadata across all supported languages.

[hashicorp-vault-sonar-prod]

Renovate Jira issue ID: SONARJAVA-6282

[sonar-review-alpha]

Summary

This PR updates metadata for 20 Java security and quality rules (SONARJAVA-6244). Each rule gets both its description (HTML) rewritten for clarity and its JSON metadata refreshed, including title updates, severity/type adjustments, and tag changes. For example, some rules transition from SECURITY_HOTSPOT type to VULNERABILITY or CODE_SMELL. The sonarpedia.json timestamp is also bumped to reflect the latest update. This is an automated generation sourced from Sonarpedia rule database (Rule API v2.19.0.5763) and follows consistent formatting across all 20 rules.

What reviewers should know

What to check:

• Verify the rule type changes are intentional — several rules shift from SECURITY_HOTSPOT to other types (e.g., S2257: SECURITY_HOTSPOT → VULNERABILITY; S1313: SECURITY_HOTSPOT → CODE_SMELL). Confirm these align with the new rule definitions.
• Review a few HTML descriptions (e.g., S1313, S2257) to ensure the rewording maintains accuracy and improves clarity vs. the originals.
• Confirm the new tags (e.g., former-hotspot additions) are appropriate for reclassified rules.

Structure: Changes follow a pattern—each of 20 rules has matching .html and .json updates. Spot-checking one rule per category (vulnerability-type, code-smell-type, etc.) should validate the whole set.

Non-functional: This is metadata/documentation only. No rule implementation or detection logic changes.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

This automated metadata update is consistent across 19 of the 20 rules, but there are two real issues that need fixing before merge: a missing former-hotspot tag on S1313, and a trailing period in the S5804 title.

S5042 deserves a separate callout: it is the only rule in this PR that moves to "status": "deprecated", drops its impact from SECURITY: HIGH to RELIABILITY: MEDIUM, and cuts severity from Critical to Minor. The HTML confirms this with an explicit deprecation notice. That is a meaningful behavioral change — SonarQube will stop raising it as a security issue and will eventually stop raising it at all. Reviewers should confirm this is intentional and not a side effect of the automated tooling.

🗣️ Give feedback

[sonar-review-alpha]

The title ends with a period: "Authentication mechanisms should not permit user enumeration.". All other 19 rule titles in this PR — and in the broader rule set — do not end with trailing punctuation. Rule titles are displayed as headings in the SonarQube UI.

Suggested change

	"title": "Authentication mechanisms should not permit user enumeration.",
	"title": "Authentication mechanisms should not permit user enumeration",

• Mark as noise

[sonar-review-alpha]

S5042 is the only rule in this PR marked "status": "deprecated". It also changes impact from SECURITY: HIGH to RELIABILITY: MEDIUM and severity from Critical to Minor. The HTML description now opens with "This rule is deprecated, and will eventually be removed." This is qualitatively different from the other 19 changes (which are promotions from hotspot to vulnerability). Please confirm this deprecation is intentional and that a replacement rule covers zip-bomb detection.

• Mark as noise