NET-763 Update RSPEC before 10.4 release

Author: mary-georgiou-sonarsource

analyzers/rspec/cs/S1451.json

@@ -12,7 +12,9 @@
     "func": "Constant\/Issue",
     "constantCost": "5min"
   },
-  "tags": [],
+  "tags": [
+    "convention"
+  ],
   "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-1451",
   "sqKey": "S1451",

analyzers/rspec/cs/S1751.json

@@ -12,7 +12,10 @@
     "func": "Constant\/Issue",
     "constantCost": "5min"
   },
-  "tags": [],
+  "tags": [
+    "confusing",
+    "bad-practice"
+  ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-1751",
   "sqKey": "S1751",

analyzers/rspec/cs/S1764.json

@@ -12,7 +12,9 @@
     "func": "Constant\/Issue",
     "constantCost": "2min"
   },
-  "tags": [],
+  "tags": [
+    "suspicious"
+  ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-1764",
   "sqKey": "S1764",

analyzers/rspec/cs/S2201.json

@@ -12,7 +12,10 @@
     "func": "Constant\/Issue",
     "constantCost": "10min"
   },
-  "tags": [],
+  "tags": [
+    "suspicious",
+    "confusing"
+  ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-2201",
   "sqKey": "S2201",

analyzers/rspec/cs/S2325.html

@@ -25,6 +25,9 @@ <h3>Exceptions</h3>
   <li> <a href="https://learn.microsoft.com/en-us/dotnet/api/system.web.sessionstate.sessionstatemodule.end">Session_End</a> </li>
   <li> <a href="https://learn.microsoft.com/en-us/dotnet/api/system.web.sessionstate.sessionstatemodule.start">Session_Start</a> </li>
 </ul>
+<p>Event handler methods part of a <a href="https://learn.microsoft.com/en-us/dotnet/desktop/winforms">Windows Forms</a> or <a
+href="https://learn.microsoft.com/en-us/dotnet/desktop/wpf">Windows Presentation Foundation</a> class are excluded because they can’t be made
+<code>static</code>.</p>
 <h2>How to fix it</h2>
 <h3>Code examples</h3>
 <h4>Noncompliant code example</h4>

analyzers/rspec/cs/S3168.html

@@ -14,13 +14,16 @@ <h2>Why is this an issue?</h2>
 </ul>
 <h3>Exceptions</h3>
 <ul>
-  <li> Methods with the <a href="https://learn.microsoft.com/en-us/dotnet/api/system.eventhandler"><code>EventHandler</code></a> delegate signature.  Using <code>void</code> for <code>EventHandler</code> is compliant with the TAP model.  <pre>
+  <li> Methods implementing an interface </li>
+  <li> Methods overriding a base class method </li>
+  <li> Virtual methods </li>
+  <li> Methods with the <a href="https://learn.microsoft.com/en-us/dotnet/api/system.eventhandler"><code>EventHandler</code></a> delegate signature  Using <code>void</code> for <code>EventHandler</code> is compliant with the TAP model.  <pre>
 public async void button1_Click(object sender, EventArgs e)
 {
   await DoSomethingAsync();
 }
 </pre> </li>
-  <li> Methods name matching <code>On[A-Z]\w*</code> pattern.  Some frameworks may not use the same <code>EventHandler</code> method signature  <pre>
+  <li> Methods name matching <code>On[A-Z]\w*</code> pattern  Some frameworks may not use the same <code>EventHandler</code> method signature.  <pre>
 public async void OnClick(EventContext data)
 {
   await DoSomethingAsync();

analyzers/rspec/cs/S3981.json

@@ -12,7 +12,9 @@
     "func": "Constant\/Issue",
     "constantCost": "2min"
   },
-  "tags": [],
+  "tags": [
+    "confusing"
+  ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-3981",
   "sqKey": "S3981",

analyzers/rspec/cs/S6932.html

@@ -143,7 +143,6 @@ <h4>Noncompliant code example</h4>
     var name = Request.Form["name"];                           // Noncompliant: Request.Form
     var birthdate = DateTime.Parse(Request.Form["Birthdate"]); // Noncompliant: Request.Form
 
-    var origin = Request.Headers[HeaderNames.Origin];          // Noncompliant: Request.Headers
     var locale = Request.Query.TryGetValue("locale", out var locales)
         ? locales.ToString()
         : "en-US";                                             // Noncompliant: Request.Query
@@ -264,6 +263,17 @@ <h4>Compliant solution</h4>
         // ...
     }
 }
+
+public IActionResult Post()
+{
+    var origin = Request.Headers[HeaderNames.Origin];          // Compliant: Access via non-constant field
+    var nameField = "name";
+    var name = Request.Form[nameField];                        // Compliant: Access via local
+    var birthdate = DateTime.Parse(Request.Form["Birthdate"]); // Compliant: Access via constant and variable keys is mixed.
+                                                               // Model binding would only work partially in the method, so we do not raise here.
+    return Ok();
+    // ..
+}
 </pre>
 <h3>How does this work?</h3>
 <p>Model binding in ASP.NET Core MVC and ASP.NET MVC 4.x works by automatically mapping data from HTTP requests to action method parameters. Here’s a

analyzers/rspec/vbnet/S1451.json

@@ -12,7 +12,9 @@
     "func": "Constant\/Issue",
     "constantCost": "5min"
   },
-  "tags": [],
+  "tags": [
+    "convention"
+  ],
   "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-1451",
   "sqKey": "S1451",

analyzers/rspec/vbnet/S1751.json

@@ -12,7 +12,10 @@
     "func": "Constant\/Issue",
     "constantCost": "5min"
   },
-  "tags": [],
+  "tags": [
+    "confusing",
+    "bad-practice"
+  ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-1751",
   "sqKey": "S1751",

analyzers/rspec/vbnet/S1764.json

@@ -12,7 +12,9 @@
     "func": "Constant\/Issue",
     "constantCost": "2min"
   },
-  "tags": [],
+  "tags": [
+    "suspicious"
+  ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-1764",
   "sqKey": "S1764",

analyzers/rspec/vbnet/S2077.html

@@ -1,5 +1,5 @@
 <p>Formatted SQL queries can be difficult to maintain, debug and can increase the risk of SQL injection when concatenating untrusted values into the
-query. However, this rule doesn’t detect SQL injections (unlike rule {rule:vbnet:S3649}), the goal is only to highlight complex/formatted queries.</p>
+query. However, this rule doesn’t detect SQL injections, the goal is only to highlight complex/formatted queries.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> Some parts of the query come from untrusted values (like user inputs). </li>

analyzers/rspec/vbnet/S3981.json

@@ -12,7 +12,9 @@
     "func": "Constant\/Issue",
     "constantCost": "2min"
   },
-  "tags": [],
+  "tags": [
+    "confusing"
+  ],
   "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-3981",
   "sqKey": "S3981",

analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json

@@ -3,7 +3,7 @@
   "languages": [
     "CSH"
   ],
-  "latest-update": "2024-11-22T15:47:41.648301100Z",
+  "latest-update": "2024-12-17T16:28:59.313236800Z",
   "options": {
     "no-language-in-filenames": true
   }

analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json

@@ -3,7 +3,7 @@
   "languages": [
     "VBNET"
   ],
-  "latest-update": "2024-11-22T15:48:04.322624300Z",
+  "latest-update": "2024-12-17T16:29:24.459345100Z",
   "options": {
     "no-language-in-filenames": true
   }