diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/ClassComplexity.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/ClassComplexity.json
index baa245b120..f8f0a7b929 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/ClassComplexity.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/ClassComplexity.json
@@ -1,5 +1,5 @@
 {
-  "title": "Classes should not be too complex",
+  "title": "Cyclomatic Complexity of classes should not be too high",
   "type": "CODE_SMELL",
   "status": "deprecated",
   "remediation": {
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/FunctionComplexity.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/FunctionComplexity.json
index 1707f240ce..36e6871cc1 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/FunctionComplexity.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/FunctionComplexity.json
@@ -1,5 +1,5 @@
 {
-  "title": "Functions should not be too complex",
+  "title": "Cyclomatic Complexity of functions should not be too high",
   "type": "CODE_SMELL",
   "status": "ready",
   "remediation": {
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1313.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1313.html
index f49c8a3158..c741911951 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1313.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1313.html
@@ -13,11 +13,16 @@
 <p>Last but not least it has an effect on application security. Attackers might be able to decompile the code and thereby discover a potentially
 sensitive address. They can perform a Denial of Service attack on the service at this address or spoof the IP address. Such an attack is always
 possible, but in the case of a hardcoded IP address the fix will be much slower, which will increase an attack's impact.</p>
-<h2>Recommended Secure Coding Practices</h2>
+<h2>Ask Yourself Whether</h2>
+<p>The disclosed IP address is sensitive, eg:</p>
 <ul>
-  <li> make the IP address configurable. </li>
+  <li> Can give information to an attacker about the network topology. </li>
+  <li> It's a personal (assigned to an identifiable person) IP address. </li>
 </ul>
-<h2>Noncompliant Code Example</h2>
+<p>There is a risk if you answered yes to any of these questions.</p>
+<h2>Recommended Secure Coding Practices</h2>
+<p>Don't hard-code the IP address in the source code, instead make it configurable.</p>
+<h2>Sensitive Code Example</h2>
 <pre>
 ip = '192.168.12.42'
 sock = socket.socket()
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1523.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1523.html
index b56d89b98c..6a1c678fb3 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1523.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1523.html
@@ -14,8 +14,7 @@ <h2>Ask Yourself Whether</h2>
   <li> the executed code may come from an untrusted source and hasn't been sanitized. </li>
   <li> you really need to run code dynamically. </li>
 </ul>
-<p>You are at risk if you answered yes to the first question. You are increasing the security risks for no reason if you answered yes to the second
-question.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <p>Regarding the execution of unknown code, the best solution is to not run code provided by an untrusted source. If you really need to do it, run the
 code in a <a href="https://en.wikipedia.org/wiki/Sandbox_(computer_security)">sandboxed</a> environment. Use jails, firewalls and whatever means your
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2068.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2068.html
index ce609dea7b..cb013c638e 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2068.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2068.html
@@ -15,7 +15,7 @@ <h2>Ask Yourself Whether</h2>
   <li> Credentials are used in production environments. </li>
   <li> Application re-distribution is required before updating the credentials. </li>
 </ul>
-<p>You are at risk, if you answered yes to any of these questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Store the credentials in a configuration file that is not pushed to the code repository. </li>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2077.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2077.html
index 1437ad0b89..906df9f783 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2077.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2077.html
@@ -23,7 +23,7 @@ <h2>Ask Yourself Whether</h2>
   <li> the SQL query is built using string formatting technics, such as concatenating variables. </li>
   <li> some of the values are coming from an untrusted source and are not sanitized. </li>
 </ul>
-<p>You may be at risk if you answered yes to this question.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Avoid building queries manually using formatting. If you do it anyway, do not include user input in this building process. </li>
@@ -65,6 +65,16 @@ <h2>Sensitive Code Example</h2>
         },
     )
 </pre>
+<h2>Compliant Solution</h2>
+<pre>
+cursor = connection.cursor(prepared=True)
+sql_insert_query = """ select col from sometable here mycol = %s and othercol = %s """
+
+select_tuple = (1, value)
+
+cursor.execute(sql_insert_query, select_tuple) # Compliant, the query is parameterized
+connection.commit()
+</pre>
 <h2>See</h2>
 <ul>
   <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A1-Injection">OWASP Top 10 2017 Category A1</a> - Injection </li>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2092.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2092.html
index 91e489135c..4bd95bc655 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2092.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2092.html
@@ -6,14 +6,14 @@ <h2>Ask Yourself Whether</h2>
   <li> it's not sure that the website contains <a href="https://developer.mozilla.org/fr/docs/S%C3%A9curit%C3%A9/MixedContent">mixed content</a> or
   not (ie HTTPS everywhere or not) </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> It is recommended to use <code>HTTPs</code> everywhere so setting the <code>secure</code> flag to <em>true</em> should be the default behaviour
   when creating cookies. </li>
   <li> Set the <code>secure</code> flag to <em>true</em> for session-cookies. </li>
 </ul>
-<h2>Sensitive Code Examples</h2>
+<h2>Sensitive Code Example</h2>
 <p>Flask</p>
 <pre>
 from flask import Response
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2245.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2245.html
index 5a3f1d410c..1638390a00 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2245.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2245.html
@@ -14,7 +14,7 @@ <h2>Ask Yourself Whether</h2>
   <li> the generated value is used multiple times. </li>
   <li> an attacker can access the generated value. </li>
 </ul>
-<p>You are at risk if you answered yes to the first question and any of the following ones.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Only use random number generators which are <a
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2275.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2275.html
index ba386ebd42..b1f99824dc 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2275.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2275.html
@@ -18,8 +18,10 @@ <h2>Compliant Solution</h2>
 
 print('User {a} has not been able to access {b}'.format(a='Alice', b='MyFile'))
 </pre>
-<h2>See also</h2>
+<h2>See</h2>
 <ul>
-  <li> {rule:python:S3457} - Strings should be formatted correctly. </li>
+  <li> <a href="https://docs.python.org/3/library/string.html#format-string-syntax">Python documentation - Format String Syntax</a> </li>
+  <li> <a href="https://docs.python.org/3/library/stdtypes.html#printf-style-string-formatting">Python documentation - printf-style String
+  Formatting</a> </li>
 </ul>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3330.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3330.html
index 66d810cf4e..abdfa59957 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3330.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3330.html
@@ -9,13 +9,13 @@ <h2>Ask Yourself Whether</h2>
   <li> the <code>HttpOnly</code> attribute offer an additional protection (not the case for an <em>XSRF-TOKEN cookie</em> / CSRF token for example)
   </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> By default the <code>HttpOnly</code> flag should be set to <em>true</em> for most of the cookies and it's mandatory for session /
   sensitive-security cookies. </li>
 </ul>
-<h2>Sensitive Code Examples</h2>
+<h2>Sensitive Code Example</h2>
 <p>Flask:</p>
 <pre>
 from flask import Response
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3457.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3457.html
index 84c893fda2..8066ca8a02 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3457.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S3457.html
@@ -8,7 +8,6 @@
 <ul>
   <li> A string formatted with <code>%</code> will not return the expected string because some arguments are not used. </li>
   <li> A string formatted with <code>str.format</code> will not return the expected string because some arguments are not used. </li>
-  <li> An "f-string" doesn't contain any replacement field, which probably means that some curly braces are missing. </li>
   <li> Loggers will log an error because their message is not formatted properly. </li>
 </ul>
 <p>Rule {rule:python:S2275} covers cases where formatting a string will raise an exception.</p>
@@ -18,10 +17,6 @@ <h2>Noncompliant Code Example</h2>
 
 "Error: User {} has not been able to access []".format("Alice", "MyFile")  # Noncompliant. Remove 1 unexpected argument or add a replacement field.
 
-user = "Alice"
-resource = "MyFile"
-message = f"Error: User [user] has not been able to access [resource]"  # Noncompliant. Add replacement fields or use a normal string instead of an f-string.
-
 import logging
 logging.error("Error: User %s has not been able to access %s", "Alice")  # Noncompliant. Add 1 missing argument.
 </pre>
@@ -31,10 +26,6 @@ <h2>Compliant Solution</h2>
 
 "Error: User {} has not been able to access {}".format("Alice", "MyFile")
 
-user = "Alice"
-resource = "MyFile"
-message = f"Error: User {user} has not been able to access {resource}"
-
 import logging
 logging.error("Error: User %s has not been able to access %s", "Alice", "MyFile")
 </pre>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4423.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4423.json
index e21dfea54d..82afcc7df2 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4423.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4423.json
@@ -20,7 +20,8 @@
   "securityStandards": {
     "CWE": [
       327,
-      326
+      326,
+      295
     ],
     "OWASP": [
       "A3",
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4502.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4502.html
index 74127be316..1cdb93be98 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4502.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4502.html
@@ -17,7 +17,7 @@ <h2>Ask Yourself Whether</h2>
   <li> The state / resources of the web application could be modified by doing HTTP POST or HTTP DELETE requests for example. </li>
   <li> The web application is not only a public API designed to be requested by external websites. </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Protection against CSRF attacks is strongly recommended:
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4507.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4507.html
index 6158aac499..45618f4ac4 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4507.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4507.html
@@ -11,11 +11,9 @@ <h2>Ask Yourself Whether</h2>
   <li> the code or configuration enabling the application debug features is deployed on production servers. </li>
   <li> the application runs by default with debug features activated. </li>
 </ul>
-<p>You are at risk if you answered yes to any of these questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
-<ul>
-  <li> Do not enable debug features on production servers. </li>
-</ul>
+<p>Do not enable debug features on production servers.</p>
 <h2>Sensitive Code Example</h2>
 <p>Django</p>
 <pre>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4721.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4721.html
index 55fcafbe39..e9d9f435d9 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4721.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4721.html
@@ -1,106 +1,94 @@
-<p>OS commands are security-sensitive. For example, their use has led in the past to the following vulnerabilities:</p>
+<p>Arbitrary OS commands can be executed by an attacker when:</p>
 <ul>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12465">CVE-2018-12465</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7187">CVE-2018-7187</a> </li>
+  <li> The OS command name to execute is user-controlled. </li>
+  <li> A shell is spawn rather than a new process, in this case shell meta-chars can be used (when parameters are user-controlled for instance) to
+  inject OS commands. </li>
+  <li> The executable is searched in the directories specified by the PATH variable (which can contain user-controlled or malicious directories).
+  </li>
 </ul>
-<p>Applications that execute operating system commands or execute commands that interact with the underlying system should neutralize any
-externally-provided input used to construct those commands. Failure to do so could allow an attacker to execute unexpected or dangerous commands,
-potentially leading to loss of confidentiality, integrity or availability.</p>
-<p> </p>
-<p>This rule flags code that specifies the name of the command to run. The goal is to guide security code reviews.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
-  <li> the executed command is constructed by input that is externally-influenced, for example, user input (attacker). (*) </li>
-  <li> the command execution is not restricted to the right users. (*) </li>
-  <li> the application can be redesigned to not rely on external input to execute the command. </li>
+  <li> OS command name or parameters are user-controlled. </li>
+  <li> The relative path of the OS command is specified. </li>
+  <li> OS commands are not executed in an isolated/sandboxed environment. </li>
+  <li> OS command are executed with high privileges. </li>
 </ul>
-<p>(*) You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <p> </p>
 <h2>Recommended Secure Coding Practices</h2>
-<p>Restrict the control given to the user over the executed command:</p>
-<ul>
-  <li> make the executed command part of a whitelist and reject all commands not part of this list. </li>
-  <li> sanitize the user input. </li>
-</ul>
-<p> </p>
-<p>Restrict which users can have access to the command:</p>
-<ul>
-  <li> use a firewall to protect the process running the code, and to protect the network from the command. </li>
-  <li> authenticate the user and allow only some users to run the command. </li>
-</ul>
-<p>Reduce the damage the command can do:</p>
 <ul>
-  <li> execute the code in a sandbox environment that enforces strict boundaries between the operating system and the process. For example: a "jail".
-  </li>
-  <li> refuse to run the command if the process has too many privileges. For example: forbid running the code as "root". </li>
+  <li> User-controlled inputs should not be used, for any reasons, to build a dynamically OS command (command name or even parameters when shell is
+  used). </li>
+  <li> Fully qualified/absolute path should be used to specify the OS command to execute. </li>
+  <li> If possible, set the lowest privileges to the new process/shell in which commands are executed. </li>
+  <li> If possible, execute the OS commands in an isolated environment. </li>
 </ul>
-<p> </p>
 <h2>Sensitive Code Example</h2>
 <p>Python 3</p>
 <pre>
-import subprocess
-import os
-
-params = ["ls", "-l"]
-
-subprocess.run(params)  # Sensitive
-subprocess.Popen(params)  # Sensitive
-
-# Older API
-
-subprocess.call(params)  # Sensitive
-subprocess.check_call(params)  # Sensitive
-subprocess.check_output(params)  # Sensitive
-
-cmd = "ls -l"
-os.system(cmd)  # Sensitive
-
-mode = os.P_WAIT
-file = "ls"
-path = "/bin/ls"
-env = os.environ
-os.spawnl(mode, path, *params)  # Sensitive
-os.spawnle(mode, path, *params, env)  # Sensitive
-os.spawnlp(mode, file, *params)  # Sensitive
-os.spawnlpe(mode, file, *params, env)  # Sensitive
-os.spawnv(mode, path, params)  # Sensitive
-os.spawnve(mode, path, params, env)  # Sensitive
-os.spawnvp(mode, file, params)  # Sensitive
-os.spawnvpe(mode, file, params, env)  # Sensitive
-
-mode = 'r'
-(child_stdout) = os.popen(cmd, mode, 1)  # Sensitive
-# print(child_stdout.read())
+subprocess.run(cmd, shell=True)  # Sensitive
+subprocess.Popen(cmd, shell=True)  # Sensitive
+subprocess.call(cmd, shell=True)  # Sensitive
+subprocess.check_call(cmd, shell=True)  # Sensitive
+subprocess.check_output(cmd, shell=True)  # Sensitive
+os.system(cmd)  # Sensitive: a shell is always spawn
+</pre>
+<p>Python 2</p>
+<pre>
+cmd = "when a string is passed through these function, a shell is spawn"
+(_, child_stdout, _) = os.popen2(cmd)  # Sensitive
+(_, child_stdout, _) = os.popen3(cmd)  # Sensitive
+(_, child_stdout) = os.popen4(cmd)  # Sensitive
 
-(_, output) = subprocess.getstatusoutput(cmd)  # Sensitive
 
-out = subprocess.getoutput(cmd)  # Sensitive
+(child_stdout, _) = popen2.popen2(cmd)  # Sensitive
+(child_stdout, _, _) = popen2.popen3(cmd)  # Sensitive
+(child_stdout, _) = popen2.popen4(cmd)  # Sensitive
+</pre>
+<h2>Compliant Solution</h2>
+<p>Python 3</p>
+<pre>
+# by default shell=False, a shell is not spawn
+subprocess.run(cmd)  # Compliant
+subprocess.Popen(cmd)  # Compliant
+subprocess.call(cmd)  # Compliant
+subprocess.check_call(cmd)  # Compliant
+subprocess.check_output(cmd)  # Compliant
 
-os.startfile(path)  # Sensitive
+# always in a subprocess:
+os.spawnl(mode, path, *cmd)  # Compliant
+os.spawnle(mode, path, *cmd, env)  # Compliant
+os.spawnlp(mode, file, *cmd)  # Compliant
+os.spawnlpe(mode, file, *cmd, env)  # Compliant
+os.spawnv(mode, path, cmd)  # Compliant
+os.spawnve(mode, path, cmd, env)  # Compliant
+os.spawnvp(mode, file, cmd)  # Compliant
+os.spawnvpe(mode, file, cmd, env)  # Compliant
 
-os.execl(path, *params)  # Sensitive
-os.execle(path, *params, env)  # Sensitive
-os.execlp(file, *params)  # Sensitive
-os.execlpe(file, *params, env)  # Sensitive
-os.execv(path, params)  # Sensitive
-os.execve(path, params, env)  # Sensitive
-os.execvp(file, params)  # Sensitive
-os.execvpe(file, params, env)  # Sensitive
+(child_stdout) = os.popen(cmd, mode, 1)  # Compliant
+(_, output) = subprocess.getstatusoutput(cmd)  # Compliant
+out = subprocess.getoutput(cmd)  # Compliant
+os.startfile(path)  # Compliant
+os.execl(path, *cmd)  # Compliant
+os.execle(path, *cmd, env)  # Compliant
+os.execlp(file, *cmd)  # Compliant
+os.execlpe(file, *cmd, env)  # Compliant
+os.execv(path, cmd)  # Compliant
+os.execve(path, cmd, env)  # Compliant
+os.execvp(file, cmd)  # Compliant
+os.execvpe(file, cmd, env)  # Compliant
 </pre>
 <p>Python 2</p>
 <pre>
-import os
-import popen2
+cmdsargs = ("use", "a", "sequence", "to", "directly", "start", "a", "subprocess")
 
-cmd = "ls -l"
-mode = "r"
-(_, child_stdout) = os.popen2(cmd, mode)  # Sensitive
-(_, child_stdout, _) = os.popen3(cmd, mode)  # Sensitive
-(_, child_stdout) = os.popen4(cmd, mode)  # Sensitive
+(_, child_stdout) = os.popen2(cmdsargs)  # Compliant
+(_, child_stdout, _) = os.popen3(cmdsargs)  # Compliant
+(_, child_stdout) = os.popen4(cmdsargs)  # Compliant
 
-(child_stdout, _) = popen2.popen2(cmd)  # Sensitive
-(child_stdout, _, _) = popen2.popen3(cmd)  # Sensitive
-(child_stdout, _) = popen2.popen4(cmd)  # Sensitive
+(child_stdout, _) = popen2.popen2(cmdsargs)  # Compliant
+(child_stdout, _, _) = popen2.popen3(cmdsargs)  # Compliant
+(child_stdout, _) = popen2.popen4(cmdsargs)  # Compliant
 </pre>
 <h2>See</h2>
 <ul>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4784.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4784.html
index a132891dcf..de1770961a 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4784.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4784.html
@@ -19,7 +19,7 @@ <h2>Ask Yourself Whether</h2>
   <li> the executed regular expression is sensitive and a user can provide a string which will be analyzed by this regular expression. </li>
   <li> your regular expression engine performance decrease with specially crafted inputs and regular expressions. </li>
 </ul>
-<p>You may be at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <p>Check whether your regular expression engine (the algorithm executing your regular expression) has any known vulnerabilities. Search for
 vulnerability reports mentioning the one engine you're are using.</p>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4787.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4787.html
index 32b22841a6..bcedb35add 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4787.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4787.html
@@ -101,4 +101,6 @@ <h2>See</h2>
   <li> <a href="http://cwe.mitre.org/data/definitions/327.html">MITRE, CWE-327</a> - Use of a Broken or Risky Cryptographic Algorithm </li>
   <li> <a href="https://www.sans.org/top25-software-errors/#cat3">SANS Top 25</a> - Porous Defenses </li>
 </ul>
+<h2>Deprecated</h2>
+<p>This rule is deprecated, and will eventually be removed.</p>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4787.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4787.json
index 168ca97bf9..5b617c7cdf 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4787.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4787.json
@@ -1,31 +1,12 @@
 {
   "title": "Encrypting data is security-sensitive",
   "type": "SECURITY_HOTSPOT",
-  "status": "ready",
+  "status": "deprecated",
   "tags": [
-    "cwe",
-    "owasp-a6",
-    "sans-top25-porous",
-    "owasp-a3"
+    
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-4787",
   "sqKey": "S4787",
-  "scope": "Main",
-  "securityStandards": {
-    "CWE": [
-      321,
-      322,
-      323,
-      324,
-      325,
-      326,
-      327,
-      522
-    ],
-    "OWASP": [
-      "A3",
-      "A6"
-    ]
-  }
+  "scope": "Main"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4790.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4790.html
index f465e4d91b..3e48ded6a7 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4790.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4790.html
@@ -9,7 +9,7 @@ <h2>Ask Yourself Whether</h2>
   <li> Security token generation (used to confirm e-mail when registering on a website, reset password, etc ...). </li>
   <li> To compute some message integrity. </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <p>Safer alternatives, such as <code>SHA-256</code>, <code>SHA-512</code>, <code>SHA-3</code> or <code>bcrypt</code> are recommended, and for password
 hashing, it's even better to use algorithms that not compute too "quickly", like <code>bcrypt</code> instead of <code>SHA-256</code>, because it slows
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4792.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4792.html
index 4d4cec277e..5516c0f16e 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4792.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4792.html
@@ -25,7 +25,7 @@ <h2>Ask Yourself Whether</h2>
   might filter out important information. They might not print contextual information like the precise time of events or the server hostname. </li>
   <li> the logs are only stored locally instead of being backuped or replicated. </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Check that your production deployment doesn't have its loggers in "debug" mode as it might write sensitive information in logs. </li>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4823.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4823.html
index 5aef7c8064..a13573683d 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4823.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4823.html
@@ -27,4 +27,6 @@ <h2>See</h2>
   <li> <a href="https://cwe.mitre.org/data/definitions/214.html">MITRE, CWE-214</a> - Information Exposure Through Process Environment </li>
   <li> <a href="https://www.sans.org/top25-software-errors/#cat1">SANS Top 25</a> - Insecure Interaction Between Components </li>
 </ul>
+<h2>Deprecated</h2>
+<p>This rule is deprecated, and will eventually be removed.</p>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4823.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4823.json
index 613caad9b5..e6601a6198 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4823.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4823.json
@@ -1,23 +1,12 @@
 {
   "title": "Using command line arguments is security-sensitive",
   "type": "SECURITY_HOTSPOT",
-  "status": "ready",
+  "status": "deprecated",
   "tags": [
-    "cwe",
-    "owasp-a1",
-    "sans-top25-insecure"
+    
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-4823",
   "sqKey": "S4823",
-  "scope": "Main",
-  "securityStandards": {
-    "CWE": [
-      88,
-      214
-    ],
-    "OWASP": [
-      "A1"
-    ]
-  }
+  "scope": "Main"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4828.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4828.html
index 1efb9ef1b1..03698927e9 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4828.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4828.html
@@ -7,7 +7,7 @@ <h2>Ask Yourself Whether</h2>
 <p> * the PID of the process to which the signal will be sent is coming from an untrusted source. It could for example come from a world-writable
 file.</p>
 <p> * users who are asking for the signal to be sent might not have the permission to send those signals.</p>
-<p>You are at risk if you answered yes to any of these questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <p> * If the signal is sent because of a user's request. Check that the user is allowed to send this signal. You can for example forbid it if the user
 doesn't own the process.</p>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4829.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4829.html
index 51387a6dc9..2b2770dadc 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4829.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4829.html
@@ -63,4 +63,6 @@ <h2>See:</h2>
 <ul>
   <li> <a href="https://cwe.mitre.org/data/definitions/20.html">MITRE, CWE-20</a> - Improper Input Validation </li>
 </ul>
+<h2>Deprecated</h2>
+<p>This rule is deprecated, and will eventually be removed.</p>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4829.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4829.json
index 2c84dee673..56c25bda46 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4829.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4829.json
@@ -1,17 +1,12 @@
 {
   "title": "Reading the Standard Input is security-sensitive",
   "type": "SECURITY_HOTSPOT",
-  "status": "ready",
+  "status": "deprecated",
   "tags": [
-    "cwe"
+    
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-4829",
   "sqKey": "S4829",
-  "scope": "Main",
-  "securityStandards": {
-    "CWE": [
-      20
-    ]
-  }
+  "scope": "Main"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4830.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4830.json
index a5efd016de..519217b807 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4830.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4830.json
@@ -10,6 +10,7 @@
     "cwe",
     "privacy",
     "owasp-a6",
+    "sans-top25-porous",
     "ssl",
     "owasp-a3"
   ],
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5042.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5042.html
index c24823bfbe..67fb27781d 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5042.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5042.html
@@ -16,7 +16,7 @@ <h2>Ask Yourself Whether</h2>
   <li> there is no validation of the size of the expanded archive entry </li>
   <li> there is no validation of the ratio between the compressed and uncompressed archive entry </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <p> </p>
 <h2>Recommended Secure Coding Practices</h2>
 <p>Validate the full path of the extracted file against the full path of the directory where files are expanded:</p>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5122.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5122.html
index 78d6c82299..8373ecfd35 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5122.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5122.html
@@ -15,7 +15,7 @@ <h2>Ask Yourself Whether</h2>
   <li> You access control policy is dynamically defined by a user-controlled input like <a
   href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin"><code>origin</code></a> header. </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> The <code>Access-Control-Allow-Origin</code> header should be set only for a trusted origin and for specific resources. </li>
@@ -33,6 +33,19 @@ <h2>Sensitive Code Example</h2>
 app = Flask(__name__)
 CORS(app, resources={r"/*": {"origins": "*", "send_wildcard": "True"}}) # Sensitive
 </pre>
+<h2>Compliant Solution</h2>
+<p>Django</p>
+<pre>
+CORS_ORIGIN_ALLOW_ALL = False # Compliant
+</pre>
+<p>Flask</p>
+<pre>
+from flask import Flask
+from flask_cors import CORS
+
+app = Flask(__name__)
+CORS(app, resources={r"/*": {"origins": "*", "send_wildcard": "False"}}) # Compliant
+</pre>
 <h2>See</h2>
 <ul>
   <li> <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">developer.mozilla.org</a> - CORS </li>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5247.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5247.html
index d51a8ad857..6d9c45d82b 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5247.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5247.html
@@ -18,7 +18,7 @@ <h2>Ask Yourself Whether</h2>
       <li> there is no local mechanism in place to sanitize or validate the inputs. </li>
     </ul> </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Enable auto-escaping by default and continue to review the use of inputs in order to be sure that the chosen auto-escaping strategy is the
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5300.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5300.html
index 471b5b09cb..eb3e308e18 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5300.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5300.html
@@ -64,4 +64,6 @@ <h2>See</h2>
   (Basic XSS) </li>
   <li> <a href="https://www.sans.org/top25-software-errors/#cat1">SANS Top 25</a> - Insecure Interaction Between Components </li>
 </ul>
+<h2>Deprecated</h2>
+<p>This rule is deprecated, and will eventually be removed.</p>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5300.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5300.json
index 95eea24af0..36fc46eaf6 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5300.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5300.json
@@ -1,23 +1,12 @@
 {
   "title": "Sending emails is security-sensitive",
   "type": "SECURITY_HOTSPOT",
-  "status": "ready",
+  "status": "deprecated",
   "tags": [
-    "cwe",
-    "owasp-a1",
-    "sans-top25-insecure"
+    
   ],
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-5300",
   "sqKey": "S5300",
-  "scope": "Main",
-  "securityStandards": {
-    "CWE": [
-      93,
-      80
-    ],
-    "OWASP": [
-      "A1"
-    ]
-  }
+  "scope": "Main"
 }
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5332.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5332.html
index 253b16c6e5..df79d84bb1 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5332.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5332.html
@@ -16,6 +16,12 @@
   <li> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-12327">CVE-2019-12327</a> </li>
   <li> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11065">CVE-2019-11065</a> </li>
 </ul>
+<h2>Ask Yourself Whether</h2>
+<ul>
+  <li> The confidentiality and integrity of data is necessary in the context of the web application. </li>
+  <li> The data is exchanged on an exposed network (Internet, public network etc). </li>
+</ul>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Use <code>ssh</code> as an alternative to <code>telnet</code> </li>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5443.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5443.html
index 50a5978bb9..06a12393c7 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5443.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5443.html
@@ -30,7 +30,7 @@ <h2>Ask Yourself Whether</h2>
   <li> Files are read from or written into a publicly writable folder </li>
   <li> The application creates files with predictable names into a publicly writable folder </li>
 </ul>
-<p>You are at risk if you answered yes to any of those questions.</p>
+<p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
 <ul>
   <li> Use a dedicated sub-folder with tightly controlled permissions </li>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5527.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5527.json
index 81cb79edaa..a1a6d85e31 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5527.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5527.json
@@ -10,6 +10,7 @@
     "cwe",
     "privacy",
     "owasp-a6",
+    "sans-top25-porous",
     "ssl",
     "owasp-a3"
   ],
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5542.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5542.json
index dbfc5bdbb8..b1abe17bee 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5542.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5542.json
@@ -12,7 +12,7 @@
   "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-5542",
   "sqKey": "S5542",
-  "scope": "All",
+  "scope": "Main",
   "securityStandards": {
     "CWE": [
       327,
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5547.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5547.json
index 19440a8d9c..41eb84cc51 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5547.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5547.json
@@ -12,7 +12,7 @@
   "defaultSeverity": "Critical",
   "ruleSpecification": "RSPEC-5547",
   "sqKey": "S5547",
-  "scope": "All",
+  "scope": "Main",
   "securityStandards": {
     "CWE": [
       327,
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5799.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5799.html
index 6e77ff4a84..92ee39cbd0 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5799.html
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5799.html
@@ -35,5 +35,7 @@ <h2>Exceptions</h2>
 <ul>
   <li> when the quotes used for both strings are different. This can be used to avoid escaping quotes </li>
   <li> when the strings or bytes have different prefixes, i.e. "f" for f-strings, "r" for raw, "u" for unicode and no prefix for normal strings. </li>
+  <li> when strings are visibly split to avoid long lines of code. (Example: the first string ends with a space, punctuation or <code>\n</code>).
+  </li>
 </ul>
 
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json
index b9e88103cc..72fbdd1465 100644
--- a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json
+++ b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json
@@ -80,17 +80,13 @@
     "S4502",
     "S4507",
     "S4784",
-    "S4787",
     "S4790",
     "S4792",
-    "S4823",
     "S4828",
-    "S4829",
     "S4830",
     "S5042",
     "S5122",
     "S5247",
-    "S5300",
     "S5332",
     "S5443",
     "S5445",
diff --git a/sonarpedia.json b/sonarpedia.json
index 894ca85c47..437cb546a0 100644
--- a/sonarpedia.json
+++ b/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "PY"
   ],
-  "latest-update": "2020-05-25T12:03:27.200Z",
+  "latest-update": "2020-06-10T09:50:27.037Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": true