Releases: SonarSource/sonar-dotnet
Releases · SonarSource/sonar-dotnet
7.14
Adjust security hotspots before the release of SonarQube 7.8. You can read about the difference between a security hotspot and vulnerability in the docs.
Improvements
- 2394 - [C#] Rule S2077: Update rule by detecting only formatted or concatenated strings
- 2387 - [C#, VB.NET] Fix S2068 FP: should not raise for empty string
- 2386 - Rule S4784: Update implementation to target only hard-coded regex
- 2385 - Remove Security Hotspot rules which are not targeting developers
- 2384 - Update S2255: Remove Cookie reading from Rule S2255
- 2139 - Fix S4056: Rule recommends overload with completely different signature
Bug Fixes
- 2392 - [C#] Fix StringFormatValidator NRE due to array instantiation w/o initializer
7.13
Improvements
- 2357 - [C#] Fix S1075: should not report on virtual path on asp.net bundles
- 2352 - [C#] Update S4210: Rule should not suggest STAThreadAttribute for async main
- 2292 - [C#, VB.NET] Fix S4428: Rule should not raise an issue for derived attributes
- 2249 - [C#] Fix S1226: Variables that are passed as an argument to a method should be considered as read
- 2244 - Fix S3240: FP when using having lambdas within the IF-ELSE
- 2239 - [C#] Update S3249: Rule should not raise when the overrides only calls base and has attributes
- 2236 - [C#] Fix S3459: False Positive with interop methods
- 2195 - [C#, VB.NET] Fix S4275: FP when multiple assignments inside the setter
- 2140 - [C#, VB.NET] Fix S4275: FP when using MVVM frameworks
- 1865 - S1075 Refactor your code not to use hardcoded absolute paths or URIs - False Positive
7.12
Improvements
- 2354 - [C#] Update S4261: Rule should handle 'ValueTask'
- 2341 - [C#] Fix S4158: Rule should consider .NetCore 2.0+ 'Dictionary.TryAdd' method
- 2336 - [C#] S3900: Update documentation to mention protected methods
- 2313 - [C#] Update S3440: Allow property check before assignment
- 2306 - [C#] Update S1144: Rule should handle more unused types
- 2221 - [C#, VB.NET] Update S2551: Rule should raise an issue when locking on strings
Bug Fixes
- 2253 - [C#] Fix S3237: NullReferenceException with arrow expression of interface member
- 2252 - [C#] Fix S3237: NullReferenceException with arrow expression of interface member
- 2235 - [VB.NET] Fix S4143: AD0001 NullReferenceException
False Positive
- 2344 - [C#] Update S3874: FP with interface implementations
- 2314 - [C#] Fix S3247: FP when casting on different identifier
- 2312 - [C#] Fix S1144: False Positive when private member is only used in a generated file
- 2295 - [C#] Update S1905: False Positive with 'default'
- 2291 - [C#] Update S2933: Rule should not suggest adding readonly modifier for fields of type struct
- 2290 - [C#] Update S100: Allow two-letter acronyms
- 2285 - [C#] Update S2325: Rule should handle a whitelist of method names
7.11
New Rules
- 2062 - [VB.NET] Rule S126: "if ... else if" constructs should end with "else" clauses
- 2061 - [VB.NET] Rule S1125: Boolean literals should not be redundant
- 2060 - [VB.NET] Rule S1151: 'Select...Case' clauses should not have too many lines of code
- 2059 - [VB.NET] Rule S1145: Useless "if(true) {...}" and "if(false){...}" blocks should be removed
- 2058 - [VB.NET] Rule S107: Functions should not have too many parameters
- 2056 - [VB.NET] Rule S1110: Redundant parentheses should be removed
- 2055 - [VB.NET] Rule S2234: Parameters should be passed in the correct order
- 2054 - [VB.NET] Rule S1066: Collapsible "if" statements should be merged
- 2053 - [VB.NET] Rule S1172: Unused function parameters should be removed
- 2051 - [VB.NET] Rule S138: Procedures should not have too many lines of code
- 2047 - [VB.NET] Rule S108: Nested blocks of code should not be left empty
- 2042 - [VB.NET] Rule S1134: Track uses of "FIXME"
- 2041 - [VB.NET] Rule S1135: Track uses of "TODO"
Improvements
7.10
Improvements
- 2046 - SonarVB: Feed Cognitive Complexity metric
- 2044 - SonarVB: Feed metric 'executable_lines_data' when SQ >= 6.2
- 2202 - Update S2436: Rule should handle struct and interface types
- 2182 - Update S4039: protected members should not generate issues
- 2173 - Update all syntax walkers usages to be safe toward too big methods/classes
- 2169 - Update S1144: documentation should include all exceptions from the rule
- 2132 - TypeHelper.IsMatch should check OriginalDefinition as well to work with generics
- 2024 - Update S1144: Fade out / Dim code insteadof highlighting the full member
- 2196 - Fix S3937: FP for numbers with type suffixes (i.e. 1_000_000UL)
- 2161 - Fix S4069: Add more alternative names for operators
- 2123 - Update S1200: Rule should ignore 'nameof()' references
- 2043 - SonarVB: Compute public API metrics and public undocumented metrics
- 2219 - Update S2930: update message to correspond the RSPEC declaration
- 2217 - Update S1751: Update message and RSPEC metadata
- 2214 - Update S2551: Update message and RSPEC metadata
- 2213 - Update S3330: Rule should be in SonarWay
- 2212 - Update S2092: Rule should be in SonarWay
- 2211 - Update S1313: Rule should be in SonarWay
Bug Fixes
- 2203 - Fix S1144: Do not keep references to all type symbols
- 2192 - Fix plugin: Roslyn external issues can contain invalid locations
- 2191 - Fix S1192: Rule should display string as defined in the source code
- 2187 - SonarVB appears into 2 sections under the SQ admin page
- 2176 - Variable assignment are not counted as executable lines of code in VB
- 2172 - Cognitive complexity increment is not increasing for nested loops in VB
- 2151 - Fix Cognitive Complexity Metric for recursions
- 2144 - Undocumented public API metric should count only documentation comments
- 2130 - Fix S2699: Rule doesn't raise when the code contains any invocation
- 2117 - Fix S1144: AD0001 - System.InvalidCastException
- 2115 - AD0001 when analyzing lucene.net
- 2025 - Plugin should support C# and VB.NET pointing to the same coverage report
7.9.1
7.9
New C# Rules
- 1993 - Rule S4792: Configuring loggers is security-sensitive
- 1992 - Rule S4834: Controlling permissions is security-sensitive
- 1991 - Rule S4529: Exposing HTTP endpoints is security-sensitive
- 1990 - Rule S4507: Delivering code in production with debug features activated is security-sensitive
- 1989 - Rule S4829: Reading the Standard Input is security-sensitive
- 1988 - Rule S2077: Executing SQL queries is security-sensitive
- 1987 - Rule S1523: Dynamically executing code is security-sensitive
- 1986 - Rule S4823: Using command line arguments is security-sensitive
- 1985 - Rule S4818: Using Sockets is security-sensitive
- 1984 - Rule S4790: Hashing data is security-sensitive
- 1983 - Rule S3011: Changing or bypassing accessibility is security-sensitive
- 1982 - Rule S4825: Sending HTTP requests is security-sensitive
- 1981 - Rule S4817: Executing XPath expressions is security-sensitive
- 1980 - Rule S4787: Encrypting data is security-sensitive
- 1979 - Rule S4797: Handling files is security-sensitive
- 1978 - Rule S4721: Executing OS commands is security-sensitive
- 1905 - Rule S4784: Using regular expressions is security-sensitive
New VB.NET Rules
- 1993 - Rule S4792: Configuring loggers is security-sensitive
- 1992 - Rule S4834: Controlling permissions is security-sensitive
- 1991 - Rule S4529: Exposing HTTP endpoints is security-sensitive
- 1990 - Rule S4507: Delivering code in production with debug features activated is security-sensitive
- 1989 - Rule S4829: Reading the Standard Input is security-sensitive
- 1988 - Rule S2077: Executing SQL queries is security-sensitive
- 1987 - Rule S1523: Dynamically executing code is security-sensitive
- 1986 - Rule S4823: Using command line arguments is security-sensitive
- 1985 - Rule S4818: Using Sockets is security-sensitive
- 1984 - Rule S4790: Hashing data is security-sensitive
- 1983 - Rule S3011: Changing or bypassing accessibility is security-sensitive
- 1982 - Rule S4825: Sending HTTP requests is security-sensitive
- 1981 - Rule S4817: Executing XPath expressions is security-sensitive
- 1980 - Rule S4787: Encrypting data is security-sensitive
- 1979 - Rule S4797: Handling files is security-sensitive
- 1978 - Rule S4721: Executing OS commands is security-sensitive
- 1905 - Rule S4784: Using regular expressions is security-sensitive
- 1842 - Rule S2255: Using cookies is security-sensitive
Improvements
7.8
Improvements
False Positive
- 1964 - Fix S3427: Rule should not generated FPs for generic parameters
- 1914 - Fix S1450: Do not report fields that are read and written in the same expression bodied member
- 1906 - Fix S1450: False positive when using += operator
- 1875 - Fix S4261: rule should not report for MVC controller methods
- 1874 - Fix S2701: rule should ignore bool? assertions
- 1841 - Fix S1449: Rule should not report for objects when ToUpper is inside expression
- 1839 - Update S2325: should not report methods in classes that inherit from System.Web.HttpApplication
- 1820 - Fix S1450: false positive on expression body property
False Negative
7.7
7.6
Improvements
- 1852 - Update SonarC# and VB documentation to cover uploading issues for all Roslyn analzyers
- 1825 - Update SonarC# to allow import of other roslyn issues
- 1920 - Security Hotspots rules should only be displayed on SonarQube/SonarCloud
Bug Fixes
- 1891 - Fix plugin to use newer version of protobuf
- 1867 - Fix S3928: Rule should not throw NullReferenceException for ArgumentNullException with null parameter name
- 1804 - Fix S3881: Rule throws AD0001 with SyntaxTree not part of the compilation
- 1857 - Fix S4143: False positive when incrementing key using ++ operator
- 1851 - Fix S3457: should not report for Debug.WriteLine(message, category)
- 1847 - Fix S3168: Rule should ignore MSTest V1 cleanup and initialize attributes
- 1845 - Fix S4586: false positive with local function
- 1843 - Fix S4049: Do not raise issue when method is async or return Task/Task/ValueTask
- 1840 - Fix S3257: should not recommend removing explicit type for multidimensional array
- 1819 - Fix S4457: False positive when ArgumentException thrown after awaited call